12/26/2007

CSO Magazine Online’s Top 10 Data Breaches for 2007

Here’s a link to an interesting story I saw today in the CSO Online newsletter.

The Top 10 Data Breaches of 2007
Stolen hard drives, websites infected with malware and Social Security numbers as passwords–the most brilliant lunacy of a year full of security disclosures.

By Scott Berinato

If there’s only one thing you’ll remember from 2007, it will be Britney Spears’ meltdown. But if there are two things you remember, it will be Britney and the thousands of data breaches that were reported in 2007, right? Right? Well, it’s what we’ll remember, and since we don’t necessarily do celeb gossip (unless you’ve got a good security angle…) we decided to offer up a review of the best and worst of Disclosure ’07.

[Read full article]

* Filed by Ken at 3:03 pm under Information Security
No Comments

10/30/2007

Astaro Global Market Survey Provides Insight into Future IT Security Trends

Here’s a press release that caught my eye since I’m always following IT security trends and issues.

Astaro Global Market Survey Provides Insight into Future IT Security Trends
Security experts identify WLAN security, vulnerability scanning, and web application firewalls as key market drivers


Burlington, Mass. (October 30th, 2007) – More than 65 percent of IT departments have identified WLAN security, vulnerability scanning, and web application firewalls as additional security investments to be made during the next fiscal year, according to the results of a global market survey conducted by Astaro Corporation, specialists in unified threat management (UTM) security appliances.

Over 2,800 IT professionals, representing diverse industries including manufacturing, healthcare, education and financial services, as well as Astaro’s channel partners participated in a market-trend survey on topics ranging from IT security tools, managed services, key challenges and planned investments.

Today, 100% of those surveyed said they relied on firewalls as their first line of defense against outside attacks. Anti-virus (91.5%) and anti-spam scanners (90%) are also listed among the top three security technologies in use, closely followed by VPN products (81%) and intrusion protection systems (74%).

The survey found that 70 percent of respondents are concerned with preventing unauthorized users from accessing the corporate network or confidential data. A similar number of respondents (72 percent) responded that keeping an overview of possible security weak points will be the biggest challenge for IT departments over the next five years. Other top concerns include protection against worms and hacker attacks.

“Today, companies are finding that they can’t rely on the basic network security they had in place just a few years ago”, said Jan Hichert, CEO at Astaro Corporation. “Network administrators are continuously faced with the task of updating and adding layers of protection in order to keep their networks secure against the latest threats”. “Astaro’s content inspection framework allows us to integrate best of breed, cutting-edge, security technology seamlessly into our security offering, giving Astaro users the piece of mind that they have the most up-to-date security tools available.”

With 22 percent of those surveyed already using email encryption, and over 67 percent saying that they are worried about how to prevent leakage of confidential company data, the survey suggests that the use of email encryption is poised to rise significantly in the near future.

About Astaro
Astaro Corporation is headquartered in Burlington, Mass. and Karlsruhe, Germany. The Astaro Security Gateway, simplifying Email, Web & Network Security, has won numerous industry awards and is protecting over 30,000 networks in 60 countries. Astaro products are distributed by a worldwide network of more than 1,000 solution partners who offer local support and services. For more information, please visit www.astaro.com

Technorati Tags: , ,

* Filed by Ken at 6:52 pm under Information Security
* 2 Comments

9/7/2007

Smart People Hire Smart People

My pal Dameon turns the tightest phrase I’ve seen with this question -

Who Will Be Smart Enough To Hire Dan York?
Inter-Tel and Mitel just recently finished merging. As is the case with many mergers, some people are let go. Unfortunately, Dan York was recently thrown overboard from the good ship Mitel.

I’ve been “laid off” in corporate reorganizations several times in my life. It’s never a good time. Even when handled well, it just plains hurts. As an outsider looking in - watching Mitel - I can’t help but believe they’ve made a serious mistake. But for a company in that mode, mistakes are common too.

Dan’s speaking at the ITExpo in Los Angeles next week, and frankly, I’ll be quite surprised if people there aren’t in pretty aggressive courting mode trying to woo Dan’s talent. He’s one of the sharpest knives in the technology drawer. He’s got uncommon breadth and depth, coupled with superb writing skills and stage presence that aren’t always present in a technologist.

I’m really interested to see who’s lucky enough to win Dan over. That’s going to be a company to watch.

Technorati Tags: , , ,

* Filed by Ken at 12:07 pm under InfoSec, Information Security, Technology, Unified Communications, VoIP/Unified Communications
No Comments

8/4/2007

More on Browser Dangers

Yesterday I posted Browsers and potential danger mentioning a talk by Dan Kaminsky. Dan graciously stopped by to let me know his slides are now online at his Doxpara Research site. His site is always a great resource and you can get directly to his slides for Black Ops 2007: Design Reviewing The Web.

Technorati Tags: , , , ,

* Filed by Ken at 2:53 pm under InfoSec, Information Security
* 1 Comment

8/3/2007

Browsers and potential danger

I’ve had this post tagged for comment for a couple of days, but time is something I just dont have much of right now. I’ve never met Dan Kaminsky. I’ve actually had some interaction in the past that wasn’t as favorable as most widespread stories, but that’s not relevant here. I will concur that Dan is one of the most technically savvy security professionals in the busines. Unquestionably.

Your browser is a tcp/ip relay
I’ve been a longtime fan of fellow hacker Dan Kaminsky, best known for his work in tracking down the spread of the sony rootkit. Recently I spoke with him about his current work, and he summed it up by saying, “I can turn your web browser into an VPN concentrator.” When I stared at him in disbelief he explained that using DNS rebinding he can get the browser to connect to any IP he chooses.
[Read full post]

You really do need to read the full post. Trust me. Go.

Scared yet. As one of my good friends said to me, we should go drink beer, then take the rest of the year off.

I have another friend who’s at Black Hat and I hope he’s in Dan’s session and comes back wit details. I’ll share them if and when I get more info.

Technorati Tags: , , ,

* Filed by Ken at 11:08 pm under InfoSec, Information Security
* 3 Comments

7/25/2007

Revisiting My Roots

There have always been several areas in networking technologies that I’ve focused on. Unified communications has always been central. Since we began using convergence as a descriptor of what’s happening in the worlds of voice and data services (and now application services as well), I’ve been heavily involved in integration strategies.

One of my other focal areas has always been information security (InfoSec). That interest has ranged from InfraGard to working with the Deparment of Homeland Security on cyber security exercises to a number of other discrete ventures.

Today I was invited to join the Executive Steering Council for the SecureWorld Expo that takes place each year in Seattle. These events take place in a number of different cities yearly, but they take an interesting localized approach to really targeting regional events that’s been very effective.

This year the Seattle Expo will be on October 30-31 at Meydenbauer Center. I’m sure to be there, and if any of you are in the area, I hope to see you there as well.

Technorati Tags: ,

* Filed by Ken at 12:11 pm under InfoSec, Information Security
No Comments

6/4/2007

Internet Telephony Expo Plans - Update

This morning I got confirmation that I’ll be moderating two panels at the Internet Telephony Expo this September at the Los Angeles Convention Center.

On Monday I’ll be doing the “Extending Security to the U.C. User Community” panel at 1:30. On Tuesday I’ll be moderating the “Introduction to Security” panel, also at 1:30. Last year at the San Diego event, the security panels were very well attended, so if you’re going to be there, please come join us.

At last year’s IT Expo, I also got tagged to sit in as a panelist for a couple of sessions. I always like to help contribute to the TCMnet team’s great work at conferences, so I won’t be surprised to find I’m doing more.

The ITExpo is the busiest conference for me every year. In addtion to the panels, I’m looking to do briefings/podcasts/videos with some folks I know and some new ones I’ll meet for the first time. Here are some of the companies I’m looking forward to getting updates from:

  • Acme Packet
  • Borderware
  • Cognio
  • Covad
  • Covergence
  • Getronics
  • iotum
  • Juniper Networks
  • KoolSpan
  • Pandora Networks
  • Siemens
  • SightSpeed
  • Sipera
  • Telephony2

And that doesn’t include my blogging friends like Jon Arnold, Bruce Stewart, Russell Shaw, Andy Abramson and all the rest. I’m hoping to see Luca Filigheddu in from Italy and Pat Phelan in from Ireland too.  It also doesn’t include the great gang fromTMCnet - Dave Rodriguez, Tom Keating, Greg Galatzine and Rich Tehrani.

Technorati Tags: , , ,

* Filed by Ken at 12:08 pm under InfoSec, Information Security, Technology, Unified Communications, VoIP/Unified Communications
* 3 Comments