Friday, October 16, 2009

Security Smorgasbord, Vol 1, No. 4

The two best reporters on security issues are the Washington Post's Brian Krebs and USA Today's Byron Acohido (both blogrolled here). Acohido has a great article on the turkey shoot that is the Bad Guys' attack on the corporate workplace.

Court records reveal that those record-setting break-ins were almost too easy. Even more surprising: The thieves were able to take their sweet time extracting the data, in each case going undetected for more than a year.

What happened to TJX and Heartland was not unusual. And details unveiled in the prosecution of gang members involved in both thefts have shed fresh light on a business truism demanding more scrutiny: Workplace networks have turned out to be much more porous and difficult to defend than anyone ever anticipated.

Be thankful you're not one of the guys who has to try to keep them out. Both my regular readers know that I'm frequently harsh about the Main Stream Media. Not here - this is journalism as it should be: accessible, accurate, and important. Well done to USA Today.

Microsoft wasn't the only company releasing a monster set of security patches this week - Adobe has a bumper crop as well. John Pescatore has a typically accessible analysis of what's going on:

Not only did Microsoft come out with a huge list of critical vulnerabilities yesterday (including a critical Windows 7 patch), but Adobe joined in with a whooper list of their own – 29 individual CVE numbers. Many of the Adobe vulnerabilities have had active exploits out already, so patch pushing is high priority. If your patch pushers work on commission, big checks going out this month…

To their credit, Microsoft has a very strong process in place for warning about coming patches, providing detailed information on the vulnerabilities and the risks and so on. Announcing 34 flaws in your products is generally not thought of as an exciting opportunity for a corporate press release, but long ago Microsoft did the right thing and really does make sure everyone is aware that it is Vulnerability Tuesday.

Adobe (like many other software vendors)is not quite there yet. They are getting better in making information available, but still in pull mode – if you look, you will find it. Time for that to change – patches are really just product safety recall events. When Maytag realized that some relay in my refrigerator was a fire hazard, they publicized it and reached out to contact everyone who might have a vulnerable product, they didn’t just place information on their website.

Not much to add there, other than "yup." Oh, and if you missed either Microsoft's or Adobe's patches, clicky through to the security goodness.

And for any Twitter aficionados ("Twits"?), you have incoming malware:

How much should you trust Tweets?

Much less so, after a swarm of tainted micro-postings inundated Twitter this past week. Popular social networks have become a major focal point for cyber scammers.

“We’re definitely seeing old email scams migrating over to Twitter and generally being adapted to all of the popular social networks,” says Matt Marshall, VP of Security at Redspin, told LastWatchdog.

This one is a little old (I'm sorry, OK? I've been a little busy), but gives me the opportunity to post the most delicious Denial Of Service news, EVER:

There are those moments in the business cycle of a young dynamic brand when people look back and say: "If only that hadn't happened."

And so it is with Twitter. And so it is with Miley Cyrus.

You see Miley, she who is sometimes Hannah Montana, was rapidly becoming one of Twitter's most trusted Swiss Guards. She had almost 2 million followers.

Now the sheep have lost their shepherdess. For Miley Cyrus has silenced her tweets, starved her Twitter feed, and drifted off into the uncertain socially not-working darkness from which some stars never return.

This is clearly a disaster for Twitter. Microblogging needs micro people to bring in the macro crowds. Cyrus, who is possibly only four or five years old in real life, was one of Twitter's most durable pre-pubescent predilections.

It's not every day you see a "Good-bye" rap. Heh.

1 comment:

NotClauswitz said...

The Adobe updates are pretty opaque.
That's par for the course for them though.