Securosis Blog

Update: Here are links to the series as we post it:

• Post 1

• Post 2

• Post 3

• Post 4

• Post 5

Threat intelligence (TI) is hot because it promises to close the gap a bit between attackers and defenders. So we have done considerable research on TI over the past year. We started by talking about the Early Warning System, a monitoring concept that leverages threat intelligence feeds to look for emerging attacks. Then we dove into the kinds of TI you can extract from network traffic, the ability to identify malicious IPs and senders by gathering TI through email, and finally a view of the…

I realize this will shock many of you, but I hated beer in high school and the first couple years of college.

Holy crap, time flies! Especially when you mark years by making the annual pilgrimage to San Francisco for the RSA Conference. Once again we are hosting our RSA Conference Disaster Recovery Breakfast. It has been six frickin’ years! That’s hard to believe but reinforces that we are not spring chickens anymore.

I was on the phone last week with Jen Minella, preparing for a podcast on our Neuro-Hacking talk at this year’s RSA Conference, when she asked what my story is. We had never really discussed how we each came to start mindfulness practices. So we shared our stories, and then I realized that given everything else I share on the Incite, I should tell it here as well.

In this week’s Firestarter Rich, Mike, and Adrian discuss the latest in the Target relevations and whether over-reliance on antivirus is to blame once again. We aren’t out to blame the victim. We also pick our top prevention strategies for this sort of attack. Ain’t hindsight great?

Back in November I learned I will be giving a talk on Neuro-Hacking at RSA with Jennifer Minella. We will be discussing how mindfulness practices can favorably impact the way you view things, basically allowing you to hack your brain. But I am pretty sure you can’t sell my synapses on an Eastern European carder forum.

We have always been fans of making sure applications and infrastructure are ready for prime time before letting them loose on the world. It’s important not to just use basic scanner functions either – your adversaries are unlikely to limit their tactics to things you find in an open source scanner. Security Assurance and Testing enables organizations to limit the unpleasant surprises that happen when launching new stuff or upgrading infrastructure.

From Brian Krebs’ awesome reporting on the Target breach (emphasis added):

The source close to the Target investigation said that at the time this POS malware was installed in Target’s environment (sometime prior to Nov. 27, 2013), none of the 40-plus commercial antivirus tools used to scan malware at virustotal.com flagged the POS malware (or any related hacking tools that were used in the intrusion) as malicious. “They were customized to avoid detection and for use in specific environments,”…

I am currently polishing off the first draft of my Data Security for iOS 7 paper, and reached one fascinating conclusion during the research which I want to push out early. Apple’ approach is implementing is very different from the way we normally view BYOD. Apple’s focus is on providing a consistent, non-degraded user experience while still allowing enterprise control. Apple enforces this by taking an active role in mediating mobile device management between the user and the enterprise,…