My latest blog for SC Magazine's Cybercrime Corner looked at the recent APT (Advanced Persistent Threat) attack on RSA, in the light of Uri Rivner's blog on the implementation of the attack. Unfortunately, the exact nature of the target and damage remains somewhat obscure, so while I certainly consider Rivner's blog worth reading, I also found myself
If you found my recent post on Public Access PCs Booby-Trapped of any use, you may also find a follow-up article by SC Magazine's Dan Raywood of interest. The article on Keyloggers found plugged into library computers quotes some further thoughts I sent him in a subsequent exchange of email, and also quotes Wilmslow police inspector Matt
…While there are those who think that I’ve been in the anti-virus industry since mammoths roamed the Surrey hills, most of my computing career has actually been in medical informatics, though as you might expect from what I do now, documentation, security and systems/user support played a large part most of that time….
Perhaps you're getting as tired of this thing as I am (though with the information still coming in, I'm not going to be finished with this issue for a good while, I suspect). But without wishing to hype, I figure it's worth adding links to some further resources. There's a very useful comment by Jake
Kim Zetter’s article for Wired tells us that “SCADA System’s Hard-Coded Password Circulated Online for Years” – see the article at http://www.wired.com/threatlevel/2010/07/siemens-scada/#ixzz0uFbTTpM0 for a classic description of how a password can have little or no value as a security measure. Zetter quotes Lenny Zeltser of SANS as saying that ““…anti-virus tools’ ability to detect generic versions of
SC Magazine's Dan Raywood reports that "To be completely patched requires an average of between 51 and 86 actions per year", quoting findings by Secunia that " in order for the typical home user to stay fully patched, an average of 75 patches from 22 different vendors need to be installed, requiring the user to
Verizon has just done something rather brave. The company has issued a report on "ICSA Labs Product Assurance Report" (http://www.icsalabs.com/sites/default/files/WP14117.20Yrs-ICSA%20Labs.pdf) that talks about the difficulties that most products have in meeting the requirements of ICSA Labs certification. Why is it brave? Because those companies provide ICSALabs with a healthy income, and might therefore be a
This is a research blog, not a marketing blog. Not that there isn’t a place for marketing (that’s what pays our salaries, in a sense!) and marketing blogs, but my guess is that most of our readers here would get bored quite quickly if we spent too much time on press-release type material, our latest