by B.K. DeLongWikileaks’ decision this week to post the first of five million emails from Texas-based strategic intelligence firm Stratfor shone a spotlight on what experts say is a serious and growing problem: lax data, network and physical security at third party vendors and service providers. But organizations that think they can wash their hands of the security mess caused by business partners and contractors may be in for a rude awakening.
By B.K. DeLongWith this morning’s acquisition of Motorola Mobility, Google has made the move to bring in a solid hardware component for their Android mobility platform and fired another shot across the bow of Apple. But one big questions remains: What does this acquisition mean for those trying to better secure the Android platform for their users?
By B.K. DeLongWith alleged Anonymous leadership such as Sabu and opponents such as th3j35t3r tweeting about their supposed shenanigans in Las Vegas, the question on everyone’s mind this week is whether Anonymous is truly walking the halls of this week’s Black Hat and DEFCON hacker conferences. Some believe the answer to that question is almost certainly ‘yes’ but not for the reasons you might think – here’s my opinion based on several discussions I’ve had throughout the week.
By B.K. DeLongThe ever increasing list of breaches appearing on the Open Security Foundation’s DataLossDB Web site as well as companies being targeted by the AntiSec movement made up of groups including recently-raided Anonymous, AnonOps, TeaMp0isoN, and now-dormant LulzSec continues to show that no organization is immune to successful penetration from cyberthreats.
By B.K. DeLongWe have heard variations on the argument that within the context of information security, the “advanced persistent threat” (APT) is not really all that advanced or new, that it is being made too big a deal of (or FUD) and that it is no more than marketing hype though more of an effort needs to be put into protecting against it. The problem is that many industry practitioners (with the help of uninformed or marketing-driven vendors) are being misled to believe that the APT involves nearly any adversary that pulls off a large-scale attack or breach of security.
By B.K. DeLong
In following the Apple
iPhone location tracking conversation, I’ve thought of another interesting
point not quite raised or being examined, similar to the issue of making
potential high-value targets out of high-profile executives at Fortune 500
firms simply by using
email addresses and other information contained within the Epsilon breach.
By B.K. DeLongThere has been a lot of online venting and hand-wringing in the week since customers of email services provider Epsilon began informing millions of individuals in North America and Europe that their name and e-mail address had been stolen in a massive data breach. In the week since the breach, there have been emphatic warnings about the potential for phishing attacks against the customers of Epsilon clients like Citi, Mariott, MoneyGram and Dell. But does the theft of names and e-mail addresses constitute a major breach of personal privacy that consumers should be concerned about? I believe it does.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
