A sophisticated new piece of malware that targets command-and-control software installed in critical infrastructures uses a known default password that the software maker hard-coded into its system. The password has been available online since at least 2008, when it was posted to product forums in Germany and Russia. The password protects the database used in Siemens’ Simatic WinCC SCADA system, …  Read More →

Recently I wrote a guest editorial for Virtual Strategy Magazine, although I have to admit I wasn’t made aware of my goofy picture – look away I’m hideous – until the article was published. You can find the full contents at Virtual Strategy Magazine From the article (here)… As I was pondering the challenges of  Read More →

I wouldn’t normally read Rolling Stone but strolling through the airport I noticed “The Biggest Cyber Crime in History – Sex, Drugs & Hackers Gone Wild” on the cover and like passing a train wreck you can’t help but stare at I had to buy a copy, that and it appears that Russel Brands armpit  Read More →

Michal Zalewski, a security researcher at Google, recently wrote a guest editorial for ZDNet entitled “Security Engineering: Broken Promises”. The article lays out a series of issues with the security industry, specifically looking at an inability to provide any suitable frameworks for software assurance or code security. We have in essence completely failed to come up with even the most  Read More →

Beijing, China – April 1, 2010 – The Chinese government announced that effective immediately all US based technology firms and associated products and services will be banned from all Chinese government and state-run agency IT environments. The ban is expected to include critical infrastructure, such as military, finance, utilities, and healthcare as well as education,  Read More →

From my recent posting on Computer World UK (here) Whenever I hear the phrase “identity theft,” I can only imagine what the late, great Rodney Dangerfield would have made of it: “Some guy in Moldova stole my identity. The FBI said, ‘…and you want it back?’ No respect!” Despite what seems to be a public fascination with  Read More →

I recently had an opportunity to discuss desktop virtualization with Bill Brenner from CSO online – you can listen to the podcast (here), you can also listen to the most recent Beyond the Perimeter podcast which focuses on Desktop Virtualization (here)  Read More →

We all know that IT security and operations is becoming a more challenging and untenable problem day by day – see “Top 10 Reasons Your Security Program Sucks and Why You Can’t Do Anything About it” – The reality is that we continue to build on top of inherently insecure and fundamentally weak foundations, such  Read More →

To economists, the term “Broken Windows” refers to the question that if a shopkeeper pays a glazier to repair a broken window at his store, does this deliver an economic benefit to society? Many people would say yes, because it generates demand for glass and work for the glazier. Have you ever been witness to the  Read More →

The world needs a treaty to prevent cyber attacks becoming an all-out war, the head of the main UN communications and technology agency warned Saturday. “A cyber war would be worse than a tsunami — a catastrophe,” the UN official said, highlighting examples such as attacks on Estonia last year Craig Mundie, chief research and strategy  Read More →

After what few probably realize was a tremendous amount of political posturing President Obama has finally appointed Howard Schmidt as US Cybersecurity Coordinator. Schmidt who also served as a cybersecurity adviser under President Bush will be responsible for establishing, defining and coordinating cybersecurity across public and private critical infrastructure. I have worked with Howard and  Read More →

Riddle me this: When one does not know what it is, then it is something; But when one knows what it is, then it is nothing…what is it? Recently we have witnessed a series of high-profile leaks, this in and of itself is nothing new we have been experiencing an orgy of disclosure since the early  Read More →

AT&T has openly admitted that their data coverage sucks (here) and all but admitted defeat in the telcom data wars. although they are the sole service provider of the iPhone – the world’s most pervasive handheld data device – AT&T has decided that for them to maintain the service quality (which already blows) they will  Read More →

From Computer World UK (here) Black Friday and Cyber Monday have come and gone. Now it’s time for Amrit Wednesday, or Thursday, or Friday—oh, whatever—to pay our industry back for all the dubious cheer it spread in 2009. Believe me, when it comes to this list, it’s much better to give than receive. Here goes: A Junior  Read More →

Image from United States Department of Veterans Affairs (here) We should all be extremely grateful for the commitment, the difficulties and the sacrifices those in our armed forces go through so that we all can enjoy and experience the freedoms of our great nation.  Read More →