About
Dennis Fisher is a journalist with more than 13 years of experience covering information security.
From The Register (Dan Goodin)
A targeted attack against a U.K.-based Web hosting company has destroyed the data of an estimated 100,000 of the company’s customers’ sites. Vaserv.com was hit by an attack this weekend that exploited a flaw in a virtualization application the company was running, leading to the erasure of mass amounts of customer data.
T-Mobile is now saying that the information that was posted to the Full Disclosure security mailing list this weekend is in fact the company’s data. But the company stopped short of confirming that the anonymous hackers have access to customer data and other sensitive information, as they have claimed.
One of the few things that most people in the security community seem to agree on is that there is a dire need for better security around Web applications. That need begins with the lack of security training for most Web developers and extends through the inconsistent use of Web-application testing, both pre-deployment and post-deployment. But one issue that has been overlooked for years probably belongs at the top of the list of Web application security woes: the haphazard use of cryptography.
Dennis Fisher talks with Securosis founder Rich Mogull about Mac security, Obama’s cybersecurity plan and his Project Quantpatch-management work with Microsoft.
While much of the reaction to President Obama’s speech on Internet security last week has centered on who Obama will name to the newly created cybersecurity coordinator position, that may be a moot point unless there is a dramatic change in the way that security is handled at the highest levels in Washington, experts say.
President Obama on Friday presented his long-awaited cybersecurity plan, which included the establishment of a new White House office headed by a cybersecurity “coordinator” who would oversee and advise Obama on this issue. He also proposed hiring a separate official dedicated to privacy and civil liberties concerns. The proposal, which bears a striking resemblance to the six-year-old National Strategy to Secure Cyberspace, is ambitious in its scope and scale and it likely will face many of the same roadblocks that previous efforts in this area have faced.
From The New York Times (David E. Sanger and Thom Shanker)
The Pentagon plans to create a new military command for cyberspace, administration officials said Thursday, stepping up preparations by the armed forces to conduct both offensive and defensive computer warfare.
The military command would complement a civilian effort to be announced by President Obama on Friday that would overhaul the way the United States safeguards its computer networks. Read the full story [NYTimes.com].
Dennis Fisher talks with former White House cyber security adviser Howard Schmidt about the need for a cyber security czar, the rise of cybercrime and how to fix federal cyber security.
From SearchSecurity.co.uk (Ron Condon)
Simple mistakes by organisations can cause data loss, and those errors are making it easy for cybercriminals to flourish on the Internet, according to a forensics expert who investigated some of the world’s biggest security breaches.
Even for the most experienced security professionals, understanding complex attacks and vulnerabilities sometimes can be a serious challenge. A perfect example is the recent Microsoft IIS WebDAV vulnerability, which surfaced last week and has yet to be patched by Microsoft. It’s a complicated issue, which some experts say was made more so by the guidance that the software maker released about it. Luckily, Steve Friedl of Unixwiz.net has taken the time to make some sense of it all.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
