Threatpost spent much of the last year chasing after Greg Hoglund, the founder and CEO of HB Gary. First, it was to get his reaction to the bruising encounter his firm had with the hacking group Anonymous. Then it was an endless series of requests on the aftermath of that hack, including the departure of HBGary Federal CEO Aaron Barr, and the company’s decision to pull out of the RSA Conference in 2011. When Greg finally did speak out it wasn’t to us.So we were happy when Hoglund, whose firm was recently acquired by the company Mantech International Corp., agreed to speak at the Kaspersky Lab Security Analysts’ Summit in Cancun, Mexico in February. His talk there on “Lateral Movement and Other APT Interaction Patterns Within the Enterprise” reinforced Hoglund’s reputation as one of the top experts on malicious code.Threatpost editor Paul Roberts caught up with Hoglund after the speech. And, while Anonymous and HBGary Federal were not up for discussion on the record, Hoglund offered some great insights into the delicate art of tracking down remote access trojans (or RATs) after they have a foothold in your network, as well as the mistakes companies make in trying to prevent and respond to security incidents.
Browsing Category: Cloud Security
What is the value of data privacy to online shoppers? About 65 cents, according to a new study of by researchers in Britain and Germany.
A fake Facebook profile for NATO Senior Commander James Stavridis, a US Navy Admiral, was used to trick senior officers in both the U.S. and British military to becoming friends.
Spammers have jumped on the Dropbox bandwagon to push rogue-pharmaceuticals and malware, according to a report by Symantec’s Nick Johnston.
Dennis Fisher talks with Paul Judge of Barracuda Labs about his new project, which uses data on the vendors and products on display at the RSA Conference to determine which topics and technologies are the hottest at the moment.
A security compromise at Linode, the New Jersey-based Linux cloud provider, has warned customers that hackers breached a Web-based customer service portal used by the company and emptied the Bitcoin accounts of eight Linode customers. One Linode customer reports the theft of Bitcoins totalling around $14,000.
It’s gotten to the point now where it’s almost easier to talk about the mobile apps and services that don’t ship your personal data off to some remote server for purposes unknown rather than discussing the ones that do. The latest discussion of privacy invading apps flowed from the discovery that Twitter and some other iPhone apps were uploading users’ contact lists without their knowledge. Now, a researcher at Veracode has written a small app that allows users to figure out exactly which iOS apps are doing what with their personal data.
Google is in the process of developing a tool to help users generate strong passwords for the various and sundry Web sites for which they need to register and authenticate. The password-generator is meant to serve as an interim solution for users while Google and other companies continue to work on widespread deployment of the OpenID standard.
Twitter has finally gotten on board the SSL train and made HTTPS the default login option for all of its users who sign in through the Web interface. The company had made secure login an option for users last year but hadn’t made it the default mechanism.