Slow app layer DoS attacks can bring your servers down quickly

To paraphrase Alice (with apologies to Lewis Carroll and all my high school and college English teachers), denial-of-service attacks are getting “insidiouser and insidiouser.” The latest proof-of-concept “slow” application layer DoS attack is yet another demonstration that attackers don’t need huge botnet armies...

Read more

Feeling isolated? Wisegate social network connects senior-level security professionals

Sara Gates, founder of the social networking service Wisegate, is creating an invitation-only private community of security and IT professionals. Gates believes that senior executives, such as CIOs and CISOs, need other people at their peer level to share war stories and get firsthand feedback on what works and...

Read more

Bad business: LinkedIn criminals get connected

We have been down this road before. A popular interactive service passes over a peak on its way to universality and the spammers pile on. Sometimes the service fails — remember network news? Sometimes it recovers — think email. Sometimes, there is a constant battle to keep spam down, as in SMS spam in Japan. LinkedIn is a target...

Read more

RIM's 'long, slow death spiral' is bad news for security

It’s ironic that Research in Motion (RIM), makers of the BlackBerry smartphone and its impressive supporting enterprise architecture, is apparently circling the drain at a time that mobile phone security is moving to the forefront. Until really quite recently, even in IT years (which are like dog years) “Blackberry” and...

Read more

Microsoft patches tame the SSL Beast

Microsoft's January security updates, released today (Patch Tuesday) are mainly a collection of fixes designed to stop the "SSL Beast" attack, which could exploit a weakness in the web encryption protocol to launch man-in-the-middle attacks to decrypt authentication tokens. The attack was demonstrated by two researchers in...

Read more

More Posts