Directory —
Technology —
Blog Details for "RSA Security Blog: A Blog for Security Professiona"
RSA Security Blog: A Blog for Security ProfessionaRSA Security Blog: A Blog for Security ProfessionaThe RSA Security Blog, Speaking of Security, features a group of experts, each of whom has knowledge and interest in different areas of the industry: research, developer solutions, engineering and government policy. A Security Blog for anyone seriou Articles
Big Steps Toward Managing Security and Compliance for Virtual Infrastructur
2010-09-01 02:00:00 This week, the industry celebrates one of the most influential and explosive technologies influencing the world of information systems: Virtual ization. At VMWorld 2010, the focus on virtualization across the enterprise and cloud computing highlights some of the most interesting and impactful technologies that our industry is utilizing. We have had... More About: Security
Speaking of Security Podcast #197
2010-09-01 02:00:00 Click to Download/Listen This week's Speaking of Security podcast features an interesting discussion with Ira Winkler, a well-known expert on internet security and information-related crime investigation. More About: Podcast
The Cloud has a Silver Lining
2010-08-30 02:00:00 Talking with customers every day, I hear constant concerns about lack of visibility into (and control over) security and compliance in the virtual infrastructure, lack of guidance and orchestration tools and the high cost and difficulty of meeting audits and achieving compliance. More About: Silver Lining , Silver , Cloud
Popularity of automated stores in the black market increase as source code
2010-08-26 02:00:00 In my last post, I discussed the trend of automated credit card stores proliferating in the fraudster underground. In addition to the reasons I listed... More About: Market , Source , Black , Code , Stores
Speaking of Security Podcast #196
2010-08-18 02:00:00 Click to Download/Listen This week's Speaking of Security podcast discusses the upcoming RSA Archer eGRC Road Show. We also debut the Speaking of Security Newswire, featuring the latest security and technology headlines. More About: Podcast
Only You Can Prevent (Internet) Forest Fires: driving online safety and sec
2010-08-18 02:00:00 There's an important Messaging Convention around online consumer safety and security that wrapped up this month, put on by the National Cyber Security Alliance (NCSA), Anti-Phishing Working Group (APWG) and member organizations including RSA around communicating the central role of people in protecting themselves and, frankly... More About: Internet , Safety , Driving , Online , Fires
Nation States and Mobile Devices: It's Time to Listen
2010-08-13 02:00:00 The motivations, instincts and needs of Nation States, regardless of rhetoric, are largely the same for Akkadia, Sumeria, Rome and ancient Judea as they are for the modern USA, China or European state. The theaters in which nations can act and the tools and trade-offs among tactics are very different, and this has come to light recently with some activity and demands around features and requests for mobile endpoints. More About: Mobile , Time , Devices , Listen
Payment Security Insight from the Verizon 2010 Data Breach Investigations R
2010-08-13 02:00:00 This week, Verizon released their 2010 Data Breach Investigations Report. The report is a treasure trove of statistics that illuminate all facets of what’s happening in recent compromises. I wanted to focus on the insight around the current state of payment card data breaches, which continue to make up a majority of the breaches (54%) that Verizon’s RISK team investigates and writes about. More About: Security , Insight , Payment
Automated Credit Card Stores and the Business of Trading in the Fraud Under
2010-08-11 02:00:00 Innovation and evolution are two words that are not hard to find in blog posts and news articles about fraud. It seems that almost every day security researchers uncover new features and improvements in fraudsters’ tools and infrastructure. Many of these innovations stem from the availability of new services in the underground. More About: Business , Card , Credit , Fraud , Trading
Speaking of Security Podcast #195
2010-08-11 02:00:00 Click to Download/Listen The dog days of summer mean a chance to reflect on some hot industry topics with Sam Curry, Chief Technologist for RSA. More About: Security , Podcast
A choice of words
2010-08-06 02:00:00 Language is important. It is the manner in which we communicate intent and meaning to each other. Thus our choice of words is important, because words have specific meanings. That is an obvious statement, but one that is frequently forgotten. All too often, we use... More About: Words , Choice
The Wave of Cool
2010-08-04 02:00:00 What do the iPad, Cabbage Patches, Converse and The Matrix have in common? Well, to answer that we need to look at drivers for a moment, and I don't mean machine drivers and technology…I mean people drivers. Let's look at their urges, needs and wants. More About: Cool
Speaking of Security Podcast #194
2010-08-04 02:00:00 Click to Download/Listen RSA Conference Europe is fast approaching. This week's Speaking of Security podcast checks in on what to expect at this year's event. More About: Podcast
Social Trojaning
2010-07-28 02:00:00 I went to my favorite fraud underground forum, bought my favorite Trojan kit (I like Zeus), and then I looked through the Build-a-Trojan checklist for next steps. More About: Social
Fraudsters enjoy a summer holiday
2010-07-27 02:00:00 It’s now summer on Triton. Don’t pack your holiday gear though; the average temperature on Neptune’s major moon, which is about 30 times further from the sun than Earth, is... More About: Holiday , Summer , Enjoy
Looking at Visa's Tokenization Best Practices
2010-07-23 02:00:00 Last week, Visa issued their initial guidance on tokenization best practices. Overall, I think Visa presented a good start for the industry. Several other bloggers seem to agree. However, I do have a bone or two to pick with what they propose.
Revolutionary Fever: Humanity will win the battle, and Liberty will have a
2010-07-22 02:00:00 The pace of life continues to accelerate and become more-and-more distracting, and today RSA announced the latest SBIC report and new research results from IDG Research Services. The IDG data and SBIC report on the clash, the conflict really, between technologies in our lives bleeding into... More About: Liberty , Humanity
Cybercriminals Now Using Public Social Networks to Give Command and Control
2010-07-19 02:00:00 While malware updating via public resources is nothing new in itself, the RSA FraudAction Research Lab recently witnessed this hosting method being used to operate a banking Trojan; specifically a variant of... More About: Social , Social Networks , Networks , Public , Give
Call it What You Want: But it is Still the Black Market
2010-07-15 02:00:00 Unless you accidentally wandered here while searching for the Road Safety Authority, you’ve most likely been introduced with the “fraudster underground” or “underground economy.” A lot has been written about the criminal bowels of the Internet, either in... More About: Market , Black , Call
"You're gonna need a bigger boat"
2010-07-13 02:00:00 Have you ever felt like Sheriff Brody in the movie 'Jaws' when he finally saw the shark they were hunting and realized that it was a 25' 3-ton great white? If you've ever talked to someone in the IT security business right after they've experienced a major data breach what you'll generally hear them say is something to the effect of... More About: Boat
The Root Cause of Advanced Persistent Threats
2010-07-13 02:00:00 The term "Advanced Persistent Threat" (or APT) has been around for a long time in the non-computer world and for a decent amount of time in the computer world behind closed doors; but as I watch the use of certain words and phrases, APT is on the ascendancy.
Speaking of Security Podcast #193
2010-07-13 02:00:00 Click to Download/Listen A discussion on the current cyber security legislative landscape direct from Washington, DC on this week's Speaking of Security podcast. More About: Podcast
Paul the Octopus - He's done it again!
2010-07-13 02:00:00 You’ve got to love Paul the Octopus. To those of you living across the pond and not following football (soccer) news, that’s the cute octopus-turned-oracle that managed to predict each and every game Germany played in the World Cup, and foresaw that Spain would beat the Netherlands in the finals.
Helping the merchant
2010-07-13 02:00:00 I recently found myself in a conversation with the head of operations for a large, multinational retailer and we were discussing PCI. I made an observation that goes something like this...
PCI Doesn't Take Vacations
2010-07-09 02:00:00 I was lucky enough to spend some quality time away from the tubes last week, and while I am not part of a rogue PCI enforcement militia, I do tend to observe how organizations tackle security and compliance issues. For the first time, I found a rather unique disclaimer that was mere feet away from the Point of Interaction. It shocked me so much, I snapped a picture to make sure I got the wording correct. It plainly stated... More About: Vacations
VLANs and Segmentation
2010-07-08 02:00:00 I was following an email trail from a few colleagues and it dawned on me that I had not written about the use of VLANs with respect to PCI in this blog. If you purchased Anton & my book, you can get...
Physical to Virtual Disaster Recovery Planning: Considerations for the Clou
2010-07-08 02:00:00 How's your disaster recovery planning these days? If you’re reading this, it’s pretty safe to assume that either you or someone in your organization is “tuned in” enough to have well documented DR plans that enable your company's business operations to continue... More About: Recovery , Planning , Disaster , Physical , Virtual
Governance: The Big Problem
2010-07-06 02:00:00 I alluded to this a few weeks ago in Xanadu, but I got to thinking about the subject and realized it deserves a little more exploration and discussion. I mentioned an almost mythical "hunter-gatherer" society and the potential to... More About: Governance , Problem
The "Should" Rule of Cloud Computing
2010-07-06 02:00:00 I’ve been asked over the last few months quite a bit about virtualization and cloud computing. Virtualization is something most people understand, but cloud computing baffles many professionals because there is often not a clear nomenclature used to describe products and services in the space1. More About: Computing , Cloud
Card Checking is Still a Booming Business
More articles from this author:2010-07-02 02:00:00 For those who commit it, fraud is similar to a game of chess. You can’t reach a check-mate if you haven’t aligned all your pieces appropriately before making your big move. If you’re trying to defraud a bank through the online channel, you first need... More About: Business , Card 1, 2, 3, 4, 5, 6, 7 |
