I planned to make this a column about how the security vendors and PR flaks blew things way out of proportion with Conficker. I was ready to take them to task for predicting an Internet meltdown at the hands of what is no doubt the most prolific piece of malware we've seen in some time.
Instead, I feel the need to give them a little credit for showing more restraint than they've shown in the past.
Make no mistake about it: There was plenty of vendor-generated FUD circulating on this one, and my e-mail inbox was flooded with gems that included a pitch on how one vendor will show how easily Conficker can take down a virtual network at the upcoming RSA security conference.
"The virtualized data center presents an especially fertile habitat for Conficker because of the lack of visibility and control present within the virtualized environment," the e-mail pitch warned. "Communication between VMs on an ESX server doesn't touch the physical network, making it invisible to traditional network monitoring tools and unprotected by physical network security devices. As a result, it is easy for worms like Conficker to spread quickly in this environment."
Oh yeah, and don't forget to buy said vendor's virtual firewall. It's the first firewall of its kind, after all.
...
----------
New: Security Tool, Template & Policy Library
Sample policies with expert commentary; templates and checklists for security, business continuity, risk assessment and more. (Contributions and commentary welcome!)
Read more
----------
AP launches campaign against Internet "misappropriation"
about an hour ago - by Julian Sanchez Posted in: Law & Disorder
AP announces an aggressive new initiative to clamp down on "misappropriation" of news content—a concept that goes well beyond copyright.
Read more
----------
Web site host and domain name registrar Register.com has been the target of a sustained attack this week, disrupting service for thousands of customers.
The attacks began on Wednesday, causing a three-hour outage for many Web sites that rely on the company for hosting and/or use the company's domain name system (DNS) servers, said Roni Jacobson, executive vice president at Register.com.
Jacobson declined to say whether Register.com had received any extortion demands.
Permalink
----------
SWOT Matrix for Describing Security Posture
"Be brief, for no discourse can please when too long." Miguel de Cervantes
"When I try to be brief, I become obscure." Quintus Horatius Flaccus
----------
Elevator Pitch for Explaining Security Risks to Executives
... those pitches that catch your attention have a few characteristics in common:
They are brief. The listener has a limited attention span.
They are specific. The issues they bring up are easy to understand and visualize.
They differentiate. The speaker clarifies what his issue different from the rest.
They empathize with the listener. The listener needs to know why he should care.
They have a clear ending point. The speaker clarifies at the end what he wants the listener to do.
----------
Vulnerabilities in several security products
ClamAV, F-Prot and IBM's Proventia scanning engine are found to be vulnerable to being bypassed or exposed to a denial of service more…
----------
Security vulnerability in PowerPoint
Microsoft has warned of a vulnerability in PowerPoint that can be exploited with a specially crafted presentation file more…
----------
Windows 7 users can downgrade to XP
Mary Jo Foley: Microsoft and its PC partners are going to allow Windows 7 users to downgrade not just to Windows Vista, but also to Windows XP, Microsoft officials are confirming.
----------
IT failure contributes to UK bank collapse
Michael Krigsman: A failed business strategy involving a large IT blunder contributed to the collapse of Scotland's largest customer-owned lender, the Dunfermline Building Society.
Dunfermline made several key strategic blunders with respect to this project:
- Selecting a software vendor’s unproven product for a mission critical application
- Paying insufficient attention to substantial project risks
- Relying on the promise of customization to backfill functionality gaps in the off-the-shelf software
- Most significantly, becoming distracted away from the organization’s core banking business by attempting to convert itself into a specialized software vendor
New Neeris worm variant imitates spread methods of Conficker
Dan Kaplan April 06, 2009
The Conficker worm has not just infected millions of computers worldwide, but it also is serving as a model for other malware.
----------
No comments:
Post a Comment