Menu

Blogs

Showing Blog Posts: 1–10 of 36 by John Linkous

John Linkous

Technology Advisor

  • The Future of Electronic Attacks, and the End of the Network Perimeter

    by John Linkous on December 16, 2014

    JPMorgan Chase was one of the latest Fortune 500 companies to fall victim to an electronic attack in 2014. On Aug. 28, the company said it was the target of a broad-scale attack which, based on its alleged complexity and breadth, may well have been state-sponsored. Bank records were altered and deleted, potentially impacting thousands of bank customers. It also appears that up to seven different…

  • A Morality Tale: The Good and Bad of DDoS Attacks, and What to Do About Them

    by John Linkous on December 8, 2014

    It's 4:55 p.m. on a Friday afternoon, and your phone rings. You're a CISO of a large company selling products online. It's your lead SOC analyst calling with a big problem. The moment that you've successfully avoided for your tenure so far has finally arrived: web-facing applications are slowing to a crawl, and customers are calling and complaining. You are under attack—it’s a distributed…

  • New Standards and Protocols Introduce Wireless Security Threats

    by John Linkous on December 3, 2014

    When I hear the term "wireless security," the first thing I think of is my 802.11 Wi-Fi-enabled router, humming along with WPA2 (and Wi-Fi Protected Setup disabled, naturally). There is a relatively low risk that anyone will be able to get to my data—at least until it routes to the Internet. What I—like many of you, probably—tend to forget about are the other, lesser known protocols and standards…

  • Social Engineering 2.0: Old-Fashioned Targets, Cutting-Edge Techniques

    by John Linkous on November 14, 2014

    Back in 2006, a large company in Chicago contracted my company to conduct an advanced information security controls assessment. In addition to looking for technical vulnerabilities—unpatched servers, web app vulnerabilities, open ports that should be closed, and the like—we were also contracted to conduct a social engineering assessment. On the first day of our technical assessment, our team…

  • Source Code: The Last Frontier of Security Threats

    by John Linkous on November 13, 2014

    My consulting firm is increasingly receiving requests from customers to help them address what seems to be the last frontier of security analysis: source code. As an analyst, I have a lot of tools at my disposal for identifying problems in both compiled code and p-code. Security, after all, started out as a black box-oriented approach to figuring out answers to problems; we know what the specs of…

  • The Bright Future of Mobile Payments

    by John Linkous on November 7, 2014

    Cashless payment for goods and services continues to evolve, and mobile payments are quickly becoming the battleground for new products and technologies that drive consumer and merchant convenience. Such payments ensure rapid payment for credit issuers and other constituents in the transaction chain. Some of these technologies are still evolving and represent truly revolutionary approaches, while…

  • The Evolution of Data Mining for Security Operations

    by John Linkous on November 6, 2014

    One of the more depressing pieces of information from Verizon's 2014 Data Breach Investigations Report is the fact that, over the past five years, the time difference between when a data breach occurs and when it is discovered has been on the rise. Yes, that's right: despite investing in countless security tools to detect security threats, we're actually getting worse at the job. This is largely…

  • And Then There Were None: Europe, the Internet, and the Right to Be Forgotten

    by John Linkous on October 20, 2014

    The European Court of Justice's ruling in May said that individuals have the "right to be forgotten" could fundamentally change Internet privacy and security. The case involved a Spanish attorney, Mario Costeja González, who was troubled that public notices were being posted in his local newspaper regarding the repossession and auction of his home. He appealed to the Court, which ruled that, …

  • Critical Infrastructure Security Isn't Keeping Up with Threats

    by John Linkous on October 9, 2014

    The next time you turn on the faucet in your home, ask yourself: "How do I know this water is safe?" This may seem an odd way to begin a blog post on security, but it’s important to realize that water, electricity, food, and transportation are all part of the critical infrastructure that provides these conveniences—and in some cases, the lifeline—of our world. Technology is making these systems…

  • Modern-Day Intrusion Detection: Of Needles, Haystacks, and Cybercrime

    by John Linkous on October 7, 2014

    After a corporation discovers a data breach, there is a flurry of law enforcement activity. From the FBI, Department of the Treasury, and Secret Service to state and local police, a cadre of law enforcement officials will be part of the investigation into how the data breach occurred, how detection technologies could have been more effective, and who was criminally responsible. One of the hardest…

This document was retrieved from http://www.rsaconference.com/blogs/by/102/linkous on Sat, 20 Dec 2014 14:26:42 -0500.
© 2014 EMC Corporation. All rights reserved.