Author Archives: Tom Henderson

You want to be more responsible about IT security in your organization, but where do you start? May I suggest your first step be understanding these topics more thoroughly. This is list isn’t exhaustive. It’s only a beginning:

1. DNS and DNSSEC: The biggest games in cyber war are hitting DNS providers. DNS can be compromised in many simple ways, but Domain Name System Security Extensions (DNSSEC) thwarts these—at the cost of understanding how it works, how to deploy it and how it’s maintained. There are ways to understand if your own organization is threatened with DDoS attacks. Study them. 

To read this article in full or to leave a comment, please click here

Rich Santalesa, a programmer turned writer and lawyer, brought an interesting turn of events to my attention last week. We need to pay heed: 

A litigant can have standing in a U.S. Federal breach case where no personal fraud or identity theft has yet occurred.

Usually, a litigant has to have suffered injury—a breech caused them identity theft or other fraudulent activity based upon information released in a security breach. 

This means if you’re cracked, you can be liable if personally identifiable information is released, exfiltrated, absconded, whatever. It also means that should you believe the axiom that currently most of us are hacked, we’re in for a litigious treat. 

To read this article in full or to leave a comment, please click here

There is a huge problem with the ugly Internet of Things (IoT). Many IoT thingies have the security of wet tissue paper, and they’re being used in large swarms and masses to wreak havoc.

A colleague of mine, Stephen Satchell, says misbehaving IoT devices should bear the full front of the Consumer Product Safety Commission and be recalled, every last one of them. 

Recalled.

Why won’t this happen? Let me speculate.

It’s because our own government, that is to say the more covert parts of the U.S. government, has its own cadre of botnets and control vectors that allows them interesting windows into foreign lands. 

To read this article in full or to leave a comment, please click here

I traveled from VMworld to the lab last Wednesday, and during that time, something infected two websites I control.

I suspect the servers were used as part of a Syn Flood attack. The servers, both using WordPress, would come up and serve their web pages, but then they would quickly run out of cache by processes that were difficult to track.

+ Also on Network World: Analyzing real WordPress hacking attempts +

They initially made contact with some IPs located conveniently in Russia, then lots of syn traffic, and interesting session waits and listens. It took about two minutes before the sites cratered from resource drainage, and the errantly injected processes dominated then effectively cratered the servers from their intended use.

To read this article in full or to leave a comment, please click here

There was a time when Cisco routers were unstoppable, and their deviations into proprietary protocols and constructions were accepted because Cisco could do no wrong. They were the smartest kids in networking protocols.

But there is a crack in their armor, a glitch in the Teflon. Cisco may not be the only networking infrastructure vendor to now face an attack ostensibly from their own government, just the largest.

Just as the U.S. government has taken Huwaei to task for an accusation of hidden code benefiting the Chinese government, other governments across the planet now know that their Cisco infrastructure can be cracked open—and no, it’s not easy, and requires an additional step of having hacked in from some place else.

To read this article in full or to leave a comment, please click here

Going to security conferences always stimulates my imagination. It makes me think outside of the box and remove the cruff that develops when I sit inside my lab too long—staring at vCenter monitors, 10 open bash sessions, security consoles, and emails from colleagues swallowing Xanax.

+ Also on Network World: Cyber attacks are on the rise +

If advanced persistent threats (APTs), certificate authorities (CAs) with IQs of 77, vendor patches bordering on oxymoronic, and hyper-aggressive agile development weren’t enough, I’ll summarize what I believe are your next 10 security pain points.

To read this article in full or to leave a comment, please click here

Yes, history repeats itself. I’m looking at the July 20-27, 2009, issue of Network World.

The front page headlines are:

– Black Hat to expose attacks

– Microsoft’s embrace of Linux seen as strategic

– Data Loss Prevention Clear Choice Test

– Burning Questions:

1) Are mobile Web apps ever going to grow up?
2) How much longer are you going to hang onto that Ethernet cable?
3) Do you have any idea how much money you’re wasting on international wireless services?

I saw Network World’s Tim Greene, author of the 2009 Black Hat article, sitting in the working press area, seven years later, typing furiously.

To read this article in full or to leave a comment, please click here

If you deal with enterprise systems security, you likely have an idea what your annual expenditure for security and forensic security is. It’s huge. It’s a time and resource suck like few others. 

The licensing costs will vary, but they’re a considerable fraction of most organizations’ annual IT spend. Ready-made modular costs are platform-dependent. In Windows, it might be a framework from Symantec, Intel Security, or a host of others. Integration into Active Directory isn’t so much difficult as it is tedious. If you start or add Linux, the cost shifts towards any number of frameworks that require at least a moderate amount of labor costs in customization, maintenance and ongoing platform mods.

To read this article in full or to leave a comment, please click here

The many new DNS top-level domains (TLDs) were heralded as a way to take pressure off the older DNS TLDs. It seems, however, the new TLDs are almost uniformly the source of spammers and malware launchers.

There might be valid web resources in the new TLDs. They seem rarely referenced beyond a handful of sites, though, as .com, .org, .net and even .co have common usage aside from country-specific addresses such as .us, .uk, .de, .jp, etc.

But .xyz? Spam. I get about four dozen spam emails from that domain most days. The .click TLD? I’ve gotten about 400 embedded malware emails from there so far this year. Then there’s .xxx, .website and dozens of other new TLDs that are nothing more than difficult-to-block and nearly-impossible-to-kill spam/malware sources. It’s frustrating, and admins don’t have much chance to stanch the spam.

To read this article in full or to leave a comment, please click here