Directory —
Technology —
Blog Details for "RSA Security Blog: A Blog for Security Professiona"
RSA Security Blog: A Blog for Security ProfessionaRSA Security Blog: A Blog for Security ProfessionaThe RSA Security Blog, Speaking of Security, features a group of experts, each of whom has knowledge and interest in different areas of the industry: research, developer solutions, engineering and government policy. A Security Blog for anyone seriou Articles
Are You a GRC Saboteur?
2010-07-01 02:00:00 We all have our own little secret hobbies that we use to escape from the craziness of our everyday life. Spend any time with someone, and most likely you will learn about their pets, their thimble collection, their penchant for...
Tokens and Standards
2010-06-30 02:00:00 In my last post, I discussed the interesting situation that the PCI council finds itself in, where they are in the process of providing guidance on use of a technology... More About: Standards
Not Another Agent!
2010-06-28 02:00:00 One of the most important principles in the security industry, and something that we are embracing wholeheartedly at RSA is to build in security rather than bolt on agents, protocols and capabilities as an afterthought. A good example of this is the recently announced relationship between... More About: Agent
Speaking of Security Podcast #192
2010-06-28 02:00:00 Click to Download/Listen David Kirkpatrick, author of the new book, "The Facebook Effect: The Inside Story of the Company that is Connecting the World" is the guest on a special edition of the Speaking of Security podcast. More About: Podcast
Good Times in Fraudland: Part II
2010-06-24 02:00:00 In my first of three entries summarizing 2009 online fraud trends, I suggested that there had never been a better time to be a cybercriminal, and talked about the high grade Trojans currently available to fraudsters. But to use a modern warfare analogy... More About: Part , Times , Good
Speaking of Security Podcast #191
2010-06-22 02:00:00 Click to Download/Listen A new Security Brief produced by RSA explains how advanced security technologies and emerging outsourced services can relieve merchants of the growing burden of storing electronic payment card information. Hear more on the Speaking of Security podcast. More About: Podcast
Xanadu: the new landscape of the payment card industry
2010-06-22 02:00:00 Sea change, paradigm shift and disruptive technologies are all phrases used to describe things that revolutionize society or part of society. They are often marked by... More About: Card , Industry , Landscape , Payment
And your total is...
2010-06-21 02:00:00 Twice in the last 2 months I've been privileged to present a session on security considerations for cloud computing at different industry events. In both instances there were plenty of questions and lots of detailed follow-up discussions. I got to sit down with...
Surprising surge of Phishing on nationwide banks
2010-06-21 02:00:00 In the last couple of months the RSA Anti Fraud Command Center witnessed a dramatic surge of Phishing on nationwide US banks. Ever since the good old days of the initial Phishing attacks in 2003-2004, the share of national banks – those that span across the entire US – has been declining, as the major banks implemented effective remedies against Phishing and the public became more aware of attacks where the fraudster posed as a major national bank. The heat moved to smaller targets: regional banks and small credit unions. More About: Banks , Surge
What is the Air Speed Velocity of an Unladen Swallow?
2010-06-18 02:00:00 I've previously written about asking the right questions, and I've had discussions about that issue with several customers. Originally I focused on asking about risk vs. compliance, with compliance being just another risk factor... More About: Speed
"Red Flags" Compliance Deadline Extended...Again!
2010-06-18 02:00:00 On May 28, 2010, the FTC announced that it would again delay enforcement of the Identity Theft Red Flags Rule that was enacted as part of the Fair and Accurate Credit Transactions Act of 2003 (FACTA). More About: Deadline
Universal Man-In-The-Middle: Next Generation Phishing Was Already Here
2010-06-17 02:00:00 Over the years, phishing attacks have changed and evolved. Around 2005, it was popular to add a Javascript code to the simple HTML pages that took advantage of a vulnerability in the browser. This allowed the fraudsters to spoof the URL of the phishing attack so it would appear as... More About: Phishing , Middle , Universal
Making the Cloud Private
2010-06-11 02:00:00 I did an interview with the guys from Wikibon (Mike Versace and David Vellante), and I wanted to sum it up in a nice written blog. Then I realized that there's so much in this one that it speaks for itself. So if you want to know what I look and sound like, and want to learn about Security and the Cloud , check out this interview! http://wikibon.org/blog/what-makes-privat e-cloud-private/ More About: Private
Computing as a Public Utility: Closer than Ever
2010-06-11 02:00:00 There is no question cloud/utility computing has arrived and is here to stay. But, something is afoot that deserves special attention. On May 6, the Federal Communications Commission (FCC) of the United States announced a plan to... More About: Public , Computing , Utility
Playing Catch-up
2010-06-11 02:00:00 The rise of point-to-point (or sometimes called end-to-end) encryption and tokenization has led to an interesting condition in the marketplace – the regulatory and standards bodies playing catch-up. This isn’t to say that technology adoption hasn’t predated a standard before. More About: Catch
Speaking of Security Podcast #190
2010-06-09 02:00:00 Click to Download/Listen Hear how a successful online jeweler is protecting customer transactions on this week's Speaking of Security podcast. More About: Podcast
Fraudsters Still Earn a Paycheck from Traditional Methods: From Phishing Ki
2010-06-03 02:00:00 Every fraud operation consists of two main stages. In the first stage, fraudsters use various tools and sources to obtain records of stolen identities, while in the second “cash out” stage, they turn those records into cold hard cash. More About: Phishing , Earn , Methods
42
2010-06-03 02:00:00 Those of you that are Hitchhiker fans will recognize the meaning of 42 - it's the Answer to Life, the Universe and Everything. And for the non-fans out there, you may be asking 'What's the question?'; well, that's the problem - you can't know both the question and the answer in the same universe...
Log Management: Catalyst for Vital Functions
2010-06-02 02:00:00 First, there was SEM: Security Event Management . SEM was about sitting on masses of data. I remember once meeting someone who worked with early IDS technologies (before Gartner pronounced the death of IDS), and I met an admin who could... More About: Functions , Vital
Preventing Fire Sales
2010-06-02 02:00:00 Recently a colleague of mine (thanks, Heidi!) reminded me that a major milestone in the evolution of the NERC standards was fast approaching. By July 12, 2010, all of the Critical Infrastructure Protection (CIP) requirements defined as part of the NERC standard transition from a required status of 'Compliant' (C) to 'Auditably Compliant' (AC). More About: Sales , Fire
Speaking of Security Podcast #189
2010-06-02 02:00:00 Click to Download/Listen What is a Man-in-the-Browser attack and how can enterprises combat them? Hear more on this week's Speaking of Security podcast. More About: Podcast
Speaking of Security Podcast #188
2010-05-26 02:00:00 Click to Download/Listen Hear how one of the top credit unions in the US has deployed the RSA enVision SIEM platform to help analyze internal processes and drive greater business value, on this week's Speaking of Security podcast. More About: Podcast
Utilities are Coming of Age...has your industry?
2010-05-20 02:00:00 I had a conversation with a utility recently in the United States that is rushing to roll out SmartMeters as part of their spending of the government stimulus package. I had one of those conversations again... More About: Utilities , Industry
BSIMM2 - A Very Useful Reference for Software Security Practitioners
2010-05-20 02:00:00 On May 12th, Gary McGraw and his teams from Cigital and Fortify Software released version 2 of the Building Security in Maturity Model (BSIMM). It triples the size of the software security practices analyzed by the study to a total of 30. EMC was part of the nine... More About: Reference
Phishing Persists - and Persistence Pays Parasites*
2010-05-18 02:00:00 Phishing persists. I was shocked to see that Cory Doctorow, a really technical author and blogger, was in fact phished recently and wrote about it this Locus article Persistence Pays Parasites More About: Phishing
Good Times in Fraudland: Part I
2010-05-18 02:00:00 Thirty years from now if I’ll ever look back and read my old blogs, I’m sure I’ll agree with what my current self is about to state: There was never a better time to be a cybercriminal than in good old 2009. More About: Part , Times , Good
Combined Arms and Defense in Depth against MITX (aka MITM)
2010-05-18 02:00:00 Defense-in-depth is the only sane answer in a world where threat is presented by an intelligent opponent in a persistent and sustained manner. Eventually, as I pointed out in Nothing Can Come of Nothing, the bad guys will find a way... More About: Defense , Arms
Online Security is Like Football - You Need a Defensive Front Line
2010-05-18 02:00:00 A recent blog by my colleague, Seth Geftic, discussed the inability of security education to prevent fraud. The issue of security education has always been a complex one. Until an empirical study comes along that... More About: Security , Football , Online , Front
How many Fortune 500 Companies Compromised? Answer Inside
2010-05-14 02:00:00 In the last few weeks I’ve been talking to some of the corporations hit by the infamous Operation Aurora; the attack that triggered the Google-China virtual war. The CISOs of these companies are facing a daunting task. These incidents reached board-level attention, and left many questions unanswered. How good are the traditional defense mechanisms? More About: Companies , Fortune , Answer , Fortune 500 , Inside
Journeys (or stripping away what we don't need and bringing only "CIA" to t
More articles from this author:2010-05-14 02:00:00 Here it is: a security guy saying it's not about security. I am a security guy, so here goes… It's not about security. Wow…that didn't hurt as much as I thought it would! 1, 2, 3, 4, 5, 6, 7 |
