Menu

Blogs

Showing Blog Posts: 1–10 of 40 by John Linkous

John Linkous

John Linkous

Technology Advisor

  • Hijacking Made Easy: Ransomware, Bitcoin, the Dark Web, and Intellectual Property Theft

    by John Linkous on May 27, 2015

    The FBI may have shut down CryptoLocker last year, but researchers report new variants of Cryptolocker have already started infecting users. Other ransomware families continue to make its way into corporate networks. Unlike other, stealthier malware focused on committing intellectual property theft without being seen, CryptoWall and its malware brethren flaunt their presence right in your face. …

  • Data Privacy (or the Lack Thereof) in the Internet of Things

    by John Linkous on January 28, 2015

    At this year's Consumer Electronics Show (CES) in Las Vegas, new technologies ran the gamut from incremental changes for existing technologies to full-blown new market segments (here's looking at you, drones). While technologies such as drones and connected cars have significant implications for geo-positioning privacy and even kinetic threats, an even bigger threat comes from the impact they may…

  • Lockdown: Information Security Threats on the Edge of 2015

    by John Linkous on December 26, 2014

    As we look forward to 2015, this is a good time to take stock of how the information security threats and attack landscape have been changing. Let’s see: major data breaches at global, brand-name organizations, state-sponsored hacking activity, revelations of our own government's attempts to access personal data. It would be easy to proclaim 2014 as the "Year of the Security Threat," but that's…

  • The Muddled State of Security Standards

    by John Linkous on December 22, 2014

    One of my favorite quotes—attributed to either Admiral Grace Hopper or computer science professor Andy Tanenbaum—goes something like this: "The nice thing about standards is that there are so many to choose from." It’s true in the information security world, too. Standards, Standards Everywhere! Let’s first settle what we mean by security standards. There's no shortage of recommendations on how to…

  • The Future of Electronic Attacks, and the End of the Network Perimeter

    by John Linkous on December 16, 2014

    JPMorgan Chase was one of the latest Fortune 500 companies to fall victim to an electronic attack in 2014. On Aug. 28, the company said it was the target of a broad-scale attack which, based on its alleged complexity and breadth, may well have been state-sponsored. Bank records were altered and deleted, potentially impacting thousands of bank customers. It also appears that up to seven different…

  • A Morality Tale: The Good and Bad of DDoS Attacks, and What to Do About Them

    by John Linkous on December 8, 2014

    It's 4:55 p.m. on a Friday afternoon, and your phone rings. You're a CISO of a large company selling products online. It's your lead SOC analyst calling with a big problem. The moment that you've successfully avoided for your tenure so far has finally arrived: web-facing applications are slowing to a crawl, and customers are calling and complaining. You are under attack—it’s a distributed…

  • New Standards and Protocols Introduce Wireless Security Threats

    by John Linkous on December 3, 2014

    When I hear the term "wireless security," the first thing I think of is my 802.11 Wi-Fi-enabled router, humming along with WPA2 (and Wi-Fi Protected Setup disabled, naturally). There is a relatively low risk that anyone will be able to get to my data—at least until it routes to the Internet. What I—like many of you, probably—tend to forget about are the other, lesser known protocols and standards…

  • Social Engineering 2.0: Old-Fashioned Targets, Cutting-Edge Techniques

    by John Linkous on November 14, 2014

    Back in 2006, a large company in Chicago contracted my company to conduct an advanced information security controls assessment. In addition to looking for technical vulnerabilities—unpatched servers, web app vulnerabilities, open ports that should be closed, and the like—we were also contracted to conduct a social engineering assessment. On the first day of our technical assessment, our team…

  • Source Code: The Last Frontier of Security Threats

    by John Linkous on November 13, 2014

    My consulting firm is increasingly receiving requests from customers to help them address what seems to be the last frontier of security analysis: source code. As an analyst, I have a lot of tools at my disposal for identifying problems in both compiled code and p-code. Security, after all, started out as a black box-oriented approach to figuring out answers to problems; we know what the specs of…

  • The Bright Future of Mobile Payments

    by John Linkous on November 7, 2014

    Cashless payment for goods and services continues to evolve, and mobile payments are quickly becoming the battleground for new products and technologies that drive consumer and merchant convenience. Such payments ensure rapid payment for credit issuers and other constituents in the transaction chain. Some of these technologies are still evolving and represent truly revolutionary approaches, while…

This document was retrieved from http://www.rsaconference.com/blogs/by/102/linkous on Fri, 28 Aug 2015 03:29:00 -0400.
© 2015 EMC Corporation. All rights reserved.