Cybersecurity

Software Exploits Running Wild

Moving assuredly, if not swiftly, through <a href="http://www.counterhack.net/who_am_i_.html">Ed Skoudis's</a> "Most Dangerous Attack Vectors" list brings us to third-party client-side software exploits. Translated to English, attackers exploit all those programs that make your life easier (Word, Excel, Powerpoint) or make your computing experience more fun (iTunes, Real Player, QuickTime). Any third-party software running on top of Windows or Mac operating systems, especially document viewing tools like Adobe Reader, is vulnerable to this kind of attack. Additionally, attackers often launch these exploits on the same day the vulnerability becomes generally known--before a vendor has released a patch.

Cybersecurity

Most Dangerous Attacks - Day 1

I cross paths with the world's best and brightest cybersecurity minds everyday. So, when <a href="http://www.inguardians.com/">Ed Skoudis</a>, a founder and senior security consultant with InGuardians, provided me with a list of today's most dangerous attack vectors for a project we're working on, I knew it deserved exposure.

Cybersecurity

FISMA 2.0 Picks Up Steam

A <a href="http://thomas.loc.gov/cgi-bin/query/z?c111:H.R.4900:">bill</a> that rewrites the 2002 Federal Information Security and Management Act (FISMA) was <a href="http://www.house.gov/apps/list/press/ca33_watson/2010324.html">introduced</a> by Rep. Diane E. Watson, D-Calif., o n Wednesday. Vivek Kundra, federal chief information officer for the Obama administration, didn't state his approval for any specific measures in the bill but did reiterate his disdain for the ongoing paper-based compliance measures supported by current law.

Cybersecurity

The Beginning of the End for FISMA?

Tomorrow could likely be the first day of a new era for cybersecurity in the United States. The Obama administration is expected to unveil new information that will end security by wasteful paper-based compliance measures.

Cybersecurity

March Attackness

One of the great joys of March is working from home, windows cracked, with the NCAA tournament broadcast in the background. And rest assured when the big upset inevitably occurs, basketball fans will flock to the Internet to see how it happened. Enter hacker.

Cybersecurity

Navy Scholarships Up the Ante on Recruitment

A series of cool competitions is starting to revolutionize the field of cybersecurity. The <a href="http://www.sans.org/uscc/">U.S. Cyber Challenge</a> began as an outlet for young Americans to use their computer defense and hacking skills and for the really talented ones to fill the ranks of security practitioners, researchers and warriors. What started as a big idea took a big step forward with the announcement this month of a <a href="http://www.navy.mil/search/display.asp?story_id=51745">scholarship program</a> from the Navy.

Cybersecurity

The Case for Information Sharing

I moderated a webinar last week for <a href="http://www.govexec.com/">Government Executive</a>, and the conversation unsurprisingly began with the important topic of information sharing versus information protection. Former Transportation Department Chief Information Officer <a href="http://twitter.com/technogeezer">Dan Mintz</a> led this part of the discussion, and his message was direct: Information sharing has to win out over protection because security should be part of everything users do online.

Cybersecurity

Anti-Minus Protection?

Computer security is a fairly new endeavor for me, so I find myself asking basic questions about basic protections. Like should I install virus protection software on my computer? The answer seems obvious, but I've learned some pretty disturbing facts about the effectiveness of this "protection."

Cybersecurity

Screaming 'Come Rob Me'

With the explosion of social media usage, self infatuation is now considered an accepted form of sharing. But posting photos alongside the intimate details of your daily activities may be making you vulnerable to unrealized cyberattacks. In a metaphorical sense, the seemingly harmless photos you've been sharing might as well be nude shots.

Cybersecurity

Kicking It Off

Welcome to the Cybersecurity Report, a joint effort from the SANS Institute and Nextgov. This blog will become a source of information to different kinds of computer users. Policy, breaking news, and emerging attack vectors will be a few of the many areas touched here.