RIM's 'long, slow death spiral' is bad news for security

It’s ironic that Research in Motion (RIM), makers of the BlackBerry smartphone and its impressive supporting enterprise architecture, is apparently circling the drain at a time that mobile phone security is moving to the forefront. Until really quite recently, even in IT years (which are like dog years) “Blackberry” and...

Read more

Microsoft patches tame the SSL Beast

Microsoft's January security updates, released today (Patch Tuesday) are mainly a collection of fixes designed to stop the "SSL Beast" attack, which could exploit a weakness in the web encryption protocol to launch man-in-the-middle attacks to decrypt authentication tokens. The attack was demonstrated by two researchers in...

Read more

DigiNotar breach – 2011’s most important attack

DigiNotar was the most important security event of 2011, with profound implications for 2012 and beyond. I know that may be an overly dramatic statement in a year that saw the RSA hack, the Sony PlayStation Network DDoS and breach, and the rise and fall of LulzSec. But those other events were mere escalations of existing threat levels. The RSA...

Read more

Firewall managers lack confidence in their security posture

The majority of firewall managers are concerned their change management practices put their companies at risk, according to a recent survey. How does this happen? Firewalls are generally considered the first line of defense for most networks. A firewall is the first decision point that uses a set of rules to determine whether or not outside...

Read more

From SAS 70 to SSAE 16 (Part I): What does it mean?

(This is the first of two reports on SSAE 16, which replaces SAS 70 as the audit standard for service providers) I’m an old IT audit guy. I spent over a dozen years digging into enterprise data centers and business processes to find the weaknesses in controls and pointing out vulnerabilities so my clients could mitigate the risks before...

Read more

More Posts