News, analysis and context on enterprise technology for the CTO
[Editor's note: this analysis predates any official announcements by NASA] Recently, some news of a NASA hack-and-dump passed my twitter deck. I decided after watching a few of my friends re-tweet the news that it might be worth checking out. At least I'd see if I could perform some password analysis on any dumped credentials, or even test out the new Crucialpoint Cloudera Hadoop password cracker on any leftover hashes. What follows is a … [Read more...]
The technology writer Langdon Winner wrote an interesting book 30 years ago that has a lot of relevance to technologists today--especially when thinking about enterprise security. His core idea is one of technological autonomy. As the good folks at Cyborgology define it: Technological autonomy is a shorthand way of expressing the idea that our technologies and technological systems have become so ubiquitous, so intertwined, and so powerful that they are … [Read more...]
While virtualization offers many benefits to enterprise such as lower costs and greater flexibility, it also creates new challenges. One of the greatest concerns with switching over to virtualized infrastructure, espeically in government, is security and compliance in a complex and dynamic environment which legacy software can no longer handle. Catbird offers automated security solutions tailored to virtualized data centers and has recently unveilled the … [Read more...]
CTOs , CIOs, and technology reporters are very familiar with the idea of the network. Think of networks and tech and the terms network-centric warfare, netwar, social networks, the wealth of networks, and a host of other terms and ideas immediately roll off the tongue. The network is the defining metaphor of the information age. But while the network is important, so is the swarm. Swarming in warfare has been fairly well analyzed by David Ronfeldt and … [Read more...]
Editor’s note: We have asked each of our researchers to pull together considerations meant to help in your planning for 2012. We solicit your feedback on all these predictive posts. bg Come explore the future with me, but be warned, the future is a big place, and 2012 is a small slice of time. It's hard to be sure what the future holds, or how quickly the tech world will change. While I see all of the bellow predictions coming to pass sooner rather … [Read more...]
While popular attention in cyber issues often focuses on the exotic APTs, enterprise security is being rocked by an unpleasant truth. Activist hackers have become a major problem, and not just for obvious targets such as the Church of Scientology or the United States government. Political risk company STRATFOR was recently hacked by elements of Anonymous as part of the AntiSec campaign. The reason why STRATFOR was targeted? [The attack] appeared to … [Read more...]
A very interesting (OK, it was pretty cool) vulnerability in the TCP stack of Windows Vista and above (including 32-bit and 64-bit versions and Windows Server 2008) was recently announced and patched. This vulnerability is of particular note not just because of the wide range of products that it affected, but because of how the vulnerability worked. Microsoft published this in its advisory on the vulnerability: "A remote code execution vulnerability … [Read more...]
Editor's note: We have asked each of our researchers to pull together considerations meant to help in your planning for 2012. We solicit your feedback on all these predictive posts. bg Prediction is a messy game. Especially in a field that is often characterized by a state of punctuated equilibrium---long periods of stasis and then rapid disruptions. However, I will toss my hat into the ring. The geopolitics of cybersecurity will take center … [Read more...]
USB is a wonderful technology -- it allows us to be platform-agnostic, gives us compatibility, ease of use, and more durability than some previous connectors we have used in the past. It also presents a very difficult security challenge to security professionals. USB devices have become so ubiquitous, we don't think twice about just plugging one into a computer. We have USB plasma balls, drink refrigerators, coffee heaters, thumb drives, keyboards, … [Read more...]
Here at CTOVision, we often write quite a bit about the problems of the insider threat, social engineering, and other threats to the enterprise. Amidst the seemingly endless array of security problems a given CTO faces (from overly generous Nigerians to Visitors from the Land of the Panda *cough cough* APTs), it's easy to forget that the bad guys have security issues too. Control of information is a key element in the Mexican cartel war. Slip up, and … [Read more...]