Browsing Category: Critical Infrastructure

Government, Private Sector Must Have a ‘Need to Share’ Mindset on Threats

Former DHS secretary Tom Ridge said at the Kaspersky Lab Cybersecurity Summit that U.S. critical infrastructure will be a target as long as the public and private sector balk on sharing attack and threat data.

Read more...

Cyber Intelligence Asia 2014: CERTs and Industrial Security

In March I spoke at Cyber Intelligence Asia 2014, where CERTs from most Asians countries were presented. The fact is that only a few CERTs are now dealing in some way with industrial security, ICS and SCADA matters. One of the best of those is CERT of Japan, which is doing a great job here,[...]

Read more...

What Have We Learned: OpenSSL Heartbleed Bug

There’s nothing the Internet loves more than a fat, juicy story that it can sink its sharpened, yellowing canines into. And for the security community, the OpenSSL heartbleed vulnerability has been the equivalent of a 72-ounce steak. But an Internet-breaking vulnerability like this one is no good unless we can learn something from it (or[...]

Read more...

Difficulty of Detecting OpenSSL Heartbleed Attacks Adds to Problem

The list of products and sites affected by the OpenSSL heartbleed vulnerability continues to grow, and as security teams implement the patch and dig into the thornier work of revoking certificates, a new problem is emerging: It’s difficult to know whether an attacker has exploited the vulnerability on a given system.

Read more...

Siemens Ruggedcom Addresses BEAST Flaw in WiMax Products

The BEAST attack on some TLS implementations made major news when it was disclosed, showing that attackers could intercept and decrypt SSL-protected sessions in real time, breaking a significant portion of the confidentiality model of the protocol. Vendors rushed to patch and implement mitigations. That was in 2011. Nearly three years later, Siemens is pushing[...]

Read more...