B.K. DeLong

Threats From Third Party Vendors Demand Vigilance

by B.K. DeLongWikileaks’ decision this week to post the first of five million emails from Texas-based strategic intelligence firm Stratfor shone a spotlight on what experts say is a serious and growing problem: lax data, network and physical security at third party vendors and service providers.  But organizations that think they can wash their hands of the security mess caused by business partners and contractors may be in for a rude awakening.

How the Google-Motorola Deal May Affect Android Security

By B.K. DeLongWith this morning’s acquisition of Motorola Mobility, Google has made the move to bring in a solid hardware component for their Android mobility platform and fired another shot across the bow of Apple. But one big questions remains: What does this acquisition mean for those trying to better secure the Android platform for their users?

OPINION: Are Anonymous Members Forged in the Crucible of IT Compliance?

By B.K. DeLongWith alleged Anonymous leadership such as Sabu and opponents such as th3j35t3r tweeting about their supposed shenanigans in Las Vegas, the question on everyone’s mind this week is whether Anonymous is truly walking the halls of this week’s Black Hat and DEFCON hacker conferences.  Some believe the answer to that question is almost certainly ‘yes’ but not for the reasons you might think – here’s my opinion based on several discussions I’ve had throughout the week.


By B.K. DeLongThe ever increasing list of breaches appearing on the Open Security Foundation’s DataLossDB Web site as well as companies being targeted by the AntiSec movement made up of groups including recently-raided Anonymous, AnonOps, TeaMp0isoN, and now-dormant LulzSec continues to show that no organization is immune to successful penetration from cyberthreats.

By B.K. DeLongWe have heard variations on the argument that within the context of information security, the “advanced persistent threat” (APT) is not really all that advanced or new, that it is being made too big a deal of (or FUD) and that it is no more than marketing hype though more of an effort needs to be put into protecting against it. The problem is that many industry practitioners (with the help of uninformed or marketing-driven vendors) are being misled to believe that the APT involves nearly any adversary that pulls off a large-scale attack or breach of security.

By B.K. DeLong

In following the Apple
iPhone location tracking conversation, I’ve thought of another interesting
point not quite raised or being examined, similar to the issue of making
potential high-value targets out of high-profile executives at Fortune 500
firms simply by using
email addresses and other information contained within the Epsilon breach.

By B.K. DeLongThere has been a lot of online venting and hand-wringing in the week since customers of email services provider Epsilon began informing millions of individuals in North America and Europe that their name and e-mail address had  been stolen in a massive data breach. In the week since the breach, there have been emphatic warnings about the potential for phishing attacks against the customers of Epsilon clients like Citi, Mariott, MoneyGram and Dell.  But does the theft of names and e-mail addresses constitute a major breach of personal privacy that consumers should be concerned about? I believe it does.