Cloud Security: Does it Have to Go the Hacker Way?
All too often, cloud service providers (CSPs) fail to follow a systematic, comprehensive approach to security as they create and update their service rapidly. Using agile development practices, they gain productivity, but often fail in security diligence – that is,… Continue reading
My Heartbleed Resources
It’s gotten so that a couple times a day I see a new Heartbleed checker tool or list. I decided to separate a quick, running summary of these resources from my Heartbleed impact assessment blog post. The resources below… Continue reading
Net Quake: What to do about Heartbleed?
From Schneier on Security: “Heartbleed is a catastrophic bug in OpenSSL: ‘The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software.… Continue reading
Security Monitoring of FireEye Off-Target During 2013’s Big Retail Breach
Two week’s ago, Bloomberg Businessweek broke this news:
“The biggest retail hack in U.S. history wasn’t particularly inventive…It’s a measure of …how conventional the hackers’ approach [was] that Target was prepared for such an attack…As they uploaded exfiltration… Continue reading