Darin Andersen
Latests Posts by Darin Andersen
Understanding Hacker Strategies – Part 2
Many security teams think that if they have a couple of firewalls, an IPS and antivirus software implemented, they’re home free. The servers get patched, the team is alerted when network traffic behaves badly and viruses are quickly killed. Hackers know, however, there are many ways to probe, some do … Read More
Understanding Hacker Strategies
I’m always amazed at how easy it can be to obtain company information. SearchSecurity has an excellent series to help us better understand hacker attack techniques and tactics. Serious hackers typically perform extensive reconnaissance prior to hacking into a network. Often, employees will make this work much easier than it … Read More
Significant SCADA Breaches Are Not Inevitable
I was struck by one of the surveys that emerged from RSA. When asked about the likelihood of a significant SCADA breach in 2012, 48 percent replied, “yes.” Patrick Miller, the Founder, CEO and President of EnergySec, and principal investigator for NESCO, a DOE- funded partnership focused on enhancing cybersecurity … Read More
Using a VPN Doesn’t Mean Your Information Is Safe When You Travel
In another twist that demonstrates the ingenuity of hackers, iBahn, a broadband service provider to hotels such as Marriott, has suffered cyberattacks that potentially expose millions of emails and other confidential information. A recent article in Bloomberg BusinessWeek provides details. By breaking into iBahn, hackers can use traveling employees as … Read More
It’s Time to Focus on Prevention versus Disclosure
The Global Payments security breach has rapidly fallen out of the news and that’s too bad. On last report, Visa had dropped the company as a payment processor and the final tally of accounts that may have been breached topped 1.5 million. But the bigger and ongoing question is, what … Read More
Make Your Defense-in-Depth Strategy a Differentiator
Widespread coverage appeared starting last Friday that Global Payments, one of the many firms that handles credit card payment processing for the likes of Visa and MasterCard, suffered a security breach in late-January through late-February. More seriously, the breach exposed Track 1 and Track 2 credit card information, meaning names, … Read More
Hat’s Off to Another Successful Black Hat Europe
Black Hat Europe didn’t disappoint this year, with many high-quality sessions in a venue somewhat smaller than the U.S. counterpart. As with RSA a couple of weeks ago, SCADA protection seems to be at top of mind with many speakers and participants. Many were also discussing Stuxnet, and increasing attacks … Read More
The Energy Level Was High at RSA
I would like to touch on the RSA Conference while it is still fresh in everyone’s mind. It was clear to me right away the show has regained its swagger after a few lean years. The louder buzz was clear even as I was walking the floor before the show … Read More
Today’s Power Grid Is a Powerful Target
Remember last November’s supposed cyberattack on an Illinois water utility? While it gave editors and bloggers excellent fodder for content in the quiet week leading up to Thanksgiving, it turned out to be a false alarm. But, the threat to U.S. utilities and other major infrastructure is very real. A … Read More
Malware, Software Piracy and Defense in Depth
Piracy remains an enormous issue for software companies for many obvious and less obvious reasons. However, one significant, but less discussed, concern is the ability of hackers to infect pirated software with malware, with potentially disastrous consequences. That means that software piracy, once just the domain of the software industry, … Read More
Norman Blog Archive
- May 2012 (10)
- April 2012 (17)
- March 2012 (16)
- February 2012 (20)
- January 2012 (19)