Skip to main content

Home/ DirSec Security/ Contents contributed and discussions participated by Art Walker

Contents contributed and discussions participated by Art Walker

Art Walker

eWeek: Is Trust Dead in Enterprise Security? - 0 views

  •  
    Between insider threats and malware attacks, the idea of trust-but-verify is dead as a security model, according to a new report by Forrester Research. In its place, Forrester analyst John Kindervag contends enterprises should embrace the concept of zero trust, a model where insiders and outsiders are equally untrustworthy, and security administrators stop trusting packets as if they are people. The change, he said, is necessary due in part to the "innumerable instances" of trusted users going rogue on enterprise networks.
Art Walker

Following Stuxnet Trojan, NERC security chief calls for rugged software - 0 views

  •  
    [A]ddressing Stuxnet goes beyond using quality security controls, said Mark Weatherford, vice president and chief security officer at NERC. The industry, he said, needs to demand higher quality software that is free from defects. "This is not an indictment on [the] control system industry; it's an indictment on the IT business in general," Weatherford said. "We're still seeing products that come out that are susceptible to vulnerabilities that quite frankly have been in the wild for quite some time."
Art Walker

InfoWorld: How many enterprise admins is too many? - 0 views

  •  
    I'm also an advocate of third-party software that helps companies manage elevated accounts. I often run into Cyber-Ark's privilege identity manager solutions. It's pretty cool stuff and perfect for managing elevated accounts. Admin accounts can be locked into a digital vault, then protected by granular policies that enforce rules and checkout procedures in order for an elevated account to be used. One of my favorite features is the one-time-use passwords, where the password is changed for each user and occasion. You can also easily enable auditing of who used what accounts when.
Art Walker

WatchGuard: Always On The Job - Security - IT Channel News by CRN - 0 views

  •  
    Emerging as the sentinels of this modern scourge are companies like WatchGuard, the Seattle-based manufacturer of appliances dedicated to inoculating computer networks from the spread of viruses. The company in November unveiled three new models in its XCS series of 1U appliances to provide small and midsize businesses with always-on protection from spam, viruses, spyware, phishing and other threats borne by e-mail.
Art Walker

Krebs on Security: Using Windows for a Day Cost Mac User $100,000 - 1 views

  •  
    As such, I've frequently advised small business owners to avoid banking on Windows systems, since all of the malicious software currently being used by these criminals to steal e-banking credentials simply fails to run on anything other than Windows. What's more, the tools these crooks are using - mainly the Zeus Trojan - almost always outpace anti-virus detection at least by a few days, and by then it's usually too late.
Art Walker

Guidance Ships Upgraded, Integrated E-Discovery Package - 0 views

  •  
    The decade-old software provider, based in Pasadena, Calif., on Jan. 19 announced Version 4 of its EnCase eDiscovery platform. EnCase provides legal and IT teams with an integrated software package that includes all the necessary functions for in-house electronic discovery, such as legal hold, precollection analytics, and identification, preservation and collection. The latest news is that Guidance, in its Version 4, has added a couple of other important features: processing, analysis and early case assessment, and first-pass review.
Art Walker

ChannelWeb: Emerging Vendors: Altor Networks - 0 views

  •  
    Altor Networks' flagship Altor Virtual Firewall (VF) combines a VMware VMsafe firewall with virtual-aware IDS, designed to stop malware outbreaks that can rapidly infect virtual machines. The product is also designed to eliminate blind spots on the network caused by lack of visibility between host servers and VMs. Plus, it gives customers the ability to sail through compliance audits by providing the ability to filter, monitor and report virtual traffic.
Art Walker

CRN: Interop: Cloud Computing Adopters Ready To 'Trust, But Verify' - 0 views

  •  
    A panel of CIOs from state government, health care and the insurance sector told cloud providers from Microsoft (NSDQ:MSFT), Google (NSDQ:GOOG), Amazon (NSDQ:AMZN) and Joyent on Thursday that they no longer need to be sold on the benefits of cloud infrastructure -- they get them. But that doesn't mean they're ready to trust the cloud, either.
Art Walker

Washington Post: FBI says hackers targeting law firms, PR companies - 0 views

  •  
    Hackers are increasingly targeting law firms and public relations companies with a sophisticated e-mail scheme that breaks into their computer networks to steal sensitive data, often linked to large corporate clients doing business overseas.
Art Walker

Wall Street Journal: Litl Introduces Its Web-Based Netbook - 0 views

  •  
    An interesting take on a "netbook" device.
Art Walker

SearchSecurity: Web application firewall use goes beyond compliance, company finds - 0 views

  •  
    In addition to security and PCI compliance, WAF systems are also very useful for obtaining visibility of web applications and data flows in a network.
Art Walker

eWeek: Rapid7 Acquires Metasploit to Improve Security Testing - 0 views

  •  
    Rapid7 has acquired Metasploit to bring the open-source project's database of reliable exploits to bear in Rapid7's vulnerability management and penetration testing offerings.
Art Walker

eWeek: Symantec Reveals Rogue Antivirus Pulling Massive Profits - 0 views

  •  
    Such software, often referred to as "scareware," has gotten more attention in the past year as scammers continue to enjoy success tricking users into shelling out big bucks. In a report titled "Report on Rogue Security Software," Symantec officials uncovered that sales affiliates were pulling in staggering amounts of money.
Art Walker

The Invisible Things Lab's blog: Evil Maid goes after TrueCrypt! - 0 views

  •  
    Or: Disk encryption is only useful if the underlying system doing the encryption is trusted.
Art Walker

iTnews Australia: NSW seeks to build 'unhackable' netbook network - 0 views

  •  
    The NSW Department of Education is using asset-tracking software, RFID tags, and BIOS-embedded filtering smarts to roll out 240,000 netbook computers into what CIO Stephen Wilson calls "the most hostile environment you can roll computers into" - the local high school.
Art Walker

Information Security Magazine (Sep 2009) : Truth, lies and fiction about encryption - 0 views

  •  
    [T]here are assumptions, myths and even urban legends surrounding encryption. We'll debunk conventional wisdom and explain what is true, what is almost true and what is completely false.
Art Walker

Microsoft Tightens USB Flash Drive Security - 0 views

  •  
    Microsoft is finally getting serious about USB flash drive security. It recently disabled the AutoRun and AutoPlay features in Windows (all older versions plus Windows 7), meaning users will no longer have directory trees and execution options presented when they pop a flash drive into a PC. More significant, though, is Microsoft adding flash drive encryption to Windows 7. Through a few, albeit not so simple steps (see below), users can encrypt and manage the files on these small, portable storage devices.
Art Walker

eWeek - How a Phishing Attack Exposed an Energy Company to Hackers - 0 views

  •  
    The Intrepidus Group reveals some details behind a malware attack that exposed critical systems at an energy company. Using a Microsoft zero-day vulnerability and a bit of social engineering, hackers compromised a workstation and threatened critical SCADA systems, the security vendor says.
Art Walker

Windows Task Manager Targeted by Malware Writers - 0 views

  •  
    Malware writers seem to be targeting the Task Manager with increasing frequency. McAfee's Avert Labs wrote in its blog yesterday of the discovery of a new Trojan it dubbed QTaskMgr-1, which crawls into the registry and disables the Task Manager, Windows Update and Internet Explorer tool bars. Hitting Ctrl+Alt+Del will activate the Windows Security menu, but all functions including Change Password and Lock Computer are disabled.
  •  
    In reviewing several security articles and blogs about malware characteristics and workarounds, I see a recurring piece of advice: Don't click on any popup or dialog window; instead use the Windows Task Manager to end offending processes. It's good advice, since malware writers-particularly those spreading scareware or bogus applications designed to trick computer users into buying useless security software-are gaming the dialog windows. Users are often presented with the typical option, such as "do you wish to proceed? Yes/No." Hitting either button or even the "X" window closing button will initiate a background process as if the user agreed. Using the Task Manager is the safe way of disabling these processes to allow the anti-virus software to scan and remove the offending code. Or so we think. Malware writers seem to be targeting the Task Manager with increasing frequency. McAfee's Avert Labs wrote in its blog yesterday of the discovery of a new Trojan it dubbed QTaskMgr-1, which crawls into the registry and disables the Task Manager, Windows Update and Internet Explorer tool bars. Hitting Ctrl+Alt+Del will activate the Windows Security menu, but all functions including Change Password and Lock Computer are disabled.
Art Walker

TechCrunch: Google Points At WebFinger. Your Gmail Address Could Soon Be Your ID. - 0 views

  •  
    There's some excitement around the web today among a certain group of high profile techies. What are they so excited about? Something called WebFinger, and the fact that Google is apparently getting serious about supporting it. So what is it?
1 - 20 of 28 Next ›
Showing 20 items per page