The Register shows that crackers still employ simple and easy techniques (exploiting administrative laziness) to breach computers.
With all the talk about zero day exploits and sometimes esoteric vulnerabilities its easy to lose sight of the role of older, less sophisticated techniques as a mainstay of cracker activity.
Here is a snippet describing the Dynamic Duo which I mentioned a couple of days ago.
According to a this study, trust is keeping companies from outsourcing security. I definitely agree with this, most clients prefer that only I do the work. They have no problem delaying a project in order to reduce access/exposure to their systems. Can't say that I blame them.
As the realisation dawns that outsourcing security could reduce costs by eliminating network security staffing problems, reduce technological costs to implement the security measures and create benefits by releasing IT resources to focus on core business activities, prospects in the European MSS market will brighten.
Is China planning to attack US computers? According to the CIA, it's a possibility. This will be an interesting story to track over the coming weeks. It doesn't appear to be a typical FUD article.
Recent U.S. intelligence indicates, the official said, "that the Chinese government is actively and aggressively working on their cyber-war capability. They have a lot of people and a lot of brainpower, and they're smart enough to appreciate that a significant aspect of any future armed conflict is going to be cyber in nature."
A refreshing revelation from CNN: viruses are overhyped. Nice to see an accurate story from a mainstream outlet.
"I think it is a scare campaign, but it's a necessary scare campaign," Wiggins says. "Until things like the 'I Love U' virus and so on, many people just thought, 'It won't happen to me.'"
Perfect quote - we need to take precautions, but a virus is not going to destroy the Internet.
Not much coming off the wire today. I am seeing a bunch about the so-called Dynamic Duo, which seems to be targetting airline related sites. They are on a cracking spree to prove a point about the lack of security. I'll post a link when I find a solid story.
Only one thing caught my eye this morning - this story on wireless security. It can bring you up to speed if you're new to the technology or considering it for a project.
Wireless LAN security is a work in progress. The protocols are evolving to meet the needs of serious users. Until the protocols have proven themselves, the best course of action for network engineers is to assume that the link layer offers no security. Treat wireless stations as you would treat an unknown user asking for access to network resources over an untrusted network.
Salon has a piece on computer forensics - a booming niche in security. The guy quoted in the article sounds cocky, but there aren't a lot of people in his line of work.
Never mind all the paper shredding in that case; the real smoking gun will be made of ones and zeros. In a corporate world where everything is increasingly digitized, but in which equipment is also increasingly obsolete, both the industry of computer forensics and people with arcane knowledge like Lee Tydlaska are ever more important.
Found some more information on the virus I mentioned last week. It's called Klez and I'm still receiving several emails from infected users each day.
I promise some relevant material will be up in the next day or so. I'll be online tomorrow, but have some print reading to catch up on. We'll be back in the swing of things before you know it.