News, analysis and context on enterprise technology for the CTO
Editor's note: the post below by Anup Ghosh first appeared on the Invincea blog and is republished here with the author's permission. bg Prediction 2012: Hackers Will Find New Fertile Ground to Pharm Posted by Anup Ghosh on November 29, 2011 Invincea is on record that the year 2011 will go down as the year the fundamental underpinnings of Internet security fell. In fact, it is the bloodiest year on record for Internet security. Not only did we … [Read more...]
A very interesting (OK, it was pretty cool) vulnerability in the TCP stack of Windows Vista and above (including 32-bit and 64-bit versions and Windows Server 2008) was recently announced and patched. This vulnerability is of particular note not just because of the wide range of products that it affected, but because of how the vulnerability worked. Microsoft published this in its advisory on the vulnerability: "A remote code execution vulnerability … [Read more...]
Everything that you need to know about Duqu: Duqu was reported to antivirus vendors around the 14th of October, 2011, but it has been in the wild since November of 2010. Since then there have been varients (updated copies with additional features or upgrades to code) released. It has been billed as the next Stuxnet, the son of Stuxnet, or a Stuxnet clone. In reality, Duqu is actually more like a payload of Stuxnet rather than the entire attack … [Read more...]
This week's Android/Windows/iOS/MacOS application of the week is Dropbox. I use Dropbox all the time, for both work and play. The premise behind Dropbox is configurable cloud storage that is yours to use and share, as you see fit. You can mount it to your Windows PC and use it as an additional drive, use the mobile client to access files, or use it entirely from the browser. Additionally, the most recent Dropbox update for Mac, offers Lion support, … [Read more...]
The US Department of Commerce is home to the National Institute of Standards and Technology (NIST). One of the many virtuous things done by NIST is coordination of best practices for enterprise IT, especially practices dealing with ensuring both security and functionality of IT. NIST provides configuration checklists relevant to enterprise software and hardware at their repository at: http://web.nvd.nist.gov/view/ncp/repository A review of that … [Read more...]
It may be stating the obvious to say that the hardware you use has a direct impact on the functionality of your IT. That is so fundamental of a statement it really goes without saying. But for some reason decision-makers gloss over the importance of hardware to security design. Why? The hardware you pick has a direct impact on the security of your enterprise. This matters at even layer of your enterprise. From devices to networks to servers and … [Read more...]
Much has been made of Microsoft Windows 7; however, not enough has been written on their successes in the area of computer security. This post hits that topic. A rule of thumb among Microsoft watchers is that every other operating system will be a smash hit. Vista was, well, not so hot. Windows 7, however, has hit it out of the park. Microsoft created their most successful and polished operating system to date. Part of Microsoft’s challenge was … [Read more...]
The following article by renowned security capability developer Dr. Anup Ghosh was was originally posted at the Invincea blog and is reposted here with the author's permission. ============= Question: what is the most significant cyber event of 2010? Answer: Stuxnet. While security analysts continue to marvel over Stuxnet’s capabilities, one disturbing aspect to Stuxnet is current defenses would not defend against the next Stuxnet type threat. … [Read more...]