Thursday, December 22, 2011

China Hackers Hit U.S. Chamber of Commerce

According to this WSJ report, the attacks breached computer systems and stole email. And the story gets better.

"The Chamber continues to see suspicious activity, they say. A thermostat at a town house the Chamber owns on Capitol Hill at one point was communicating with an Internet address in China, they say, and, in March, a printer used by Chamber executives spontaneously started printing pages with Chinese characters."

A thermostat communicating with an IP address in China?! The interconnected, M2M, IoT world--what's not to love?

Thursday, December 15, 2011

Feds Investigate Carrier IQ Phone Tracking

Too little, too late; too reactive. Carrier IQ's problem is likely that they didn't contribute enough to Congress, or spread enough samolians around K Street.

In the latest CRYPTO-GRAM, Bruce Schneier wonders if Apple's dropping Carrier IQ has more to do with Apple now doing the tracking itself than with Apple trying to do the right thing. We all know they would never do that.

Tuesday, December 13, 2011

IT Governance Discussion Group

Dan Swanson has organized IT Governance discussion group with numerous senior people on it. It has been operational since November 2006. He's learned a lot and highly recommends it as truly a great learning vehicle. On average, the group has between two and five emails per day, and sometimes more for particularly important issues, but it's always great content. Traffic does vary widely. Participation is always on a best efforts basis, and many people go silent around their quarter ends and year ends, and then pipe back up when an issue is on interest. Email Dan at if you'd like to join.

Monday, December 12, 2011

Dallas convicts no longer shred confidential data

This is a really great one, especially in light of the prevalence of cell phones in prisons, which enables inmates to continue to conduct business will in the hoosegow. What's next? Having them process visa applications?

Wednesday, December 7, 2011

Jim Tiller's latest book, "CISO's Guide to Penetration Testing: A Framework to Plan, Manage, and Maximize Benefits," publishes

Presenting the underlying methodologies and concepts required for successful penetration testing, CISO's Guide to Penetration Testing discusses the process of penetration testing from both consultative and technical perspectives. Jim provides an overview of the common tools and exploits used by attackers along with the rationale for why they are used. He depicts attack scenarios to show the complete cycle of attack from the hacker’s perspective. His methodology provides a comprehensive solution to meeting the objectives of penetration testing. Jim covers the deliverables, including the final report, explaining how to use the information from the text. The book includes a six-panel fold out process map.

Tuesday, December 6, 2011

Symantec November 2011 Intelligence Report

Symantec released another of its threat reports. I have to admit. I really enjoy reading these. There concise and informative, even if they do occasionally scare the stuffing out of me. Among the findings are the number of daily targeted attacks has increased four-fold compared to January this year; the public sector has been identified as the most frequently targeted industry during 2011, with approximately 20.5 targeted attacks blocked each day; and large enterprises consisting of more than 2,500 employees received the greatest number of attacks.

Friday, December 2, 2011

Symantec's Top Trends in IT Security from 2011 and for 2012

With the end of the year close at hand, Symantec has taken a look back at the top trends in IT security from 2011 that we think will continue throughout 2012. No surprises here. Advance persistent threats and smart mobile devices top the list.

Shameless plea: I'm still looking for someone to write an book about APTs.