Blogs

Showing Blog Posts: 1–10 of 33 by John Linkous

  • Social Engineering 2.0: Old-Fashioned Targets, Cutting-Edge Techniques

    by John Linkous on November 14, 2014

    Back in 2006, a large company in Chicago contracted my company to conduct an advanced information security controls assessment. In addition to looking for technical vulnerabilities—unpatched servers, web app vulnerabilities, open ports that should be closed, and the like—we were also contracted to conduct a social engineering assessment. On the first day of our technical assessment, our team…

  • Source Code: The Last Frontier of Security Threats

    by John Linkous on November 13, 2014

    My consulting firm is increasingly receiving requests from customers to help them address what seems to be the last frontier of security analysis: source code. As an analyst, I have a lot of tools at my disposal for identifying problems in both compiled code and p-code. Security, after all, started out as a black box-oriented approach to figuring out answers to problems; we know what the specs of…

  • The Bright Future of Mobile Payments

    by John Linkous on November 7, 2014

    Cashless payment for goods and services continues to evolve, and mobile payments are quickly becoming the battleground for new products and technologies that drive consumer and merchant convenience. Such payments ensure rapid payment for credit issuers and other constituents in the transaction chain. Some of these technologies are still evolving and represent truly revolutionary approaches, while…

  • The Evolution of Data Mining for Security Operations

    by John Linkous on November 6, 2014

    One of the more depressing pieces of information from Verizon's 2014 Data Breach Investigations Report is the fact that, over the past five years, the time difference between when a data breach occurs and when it is discovered has been on the rise. Yes, that's right: despite investing in countless security tools to detect security threats, we're actually getting worse at the job. This is largely…

  • And Then There Were None: Europe, the Internet, and the Right to Be Forgotten

    by John Linkous on October 20, 2014

    The European Court of Justice's ruling in May said that individuals have the "right to be forgotten" could fundamentally change Internet privacy and security. The case involved a Spanish attorney, Mario Costeja González, who was troubled that public notices were being posted in his local newspaper regarding the repossession and auction of his home. He appealed to the Court, which ruled that, …

  • Critical Infrastructure Security Isn't Keeping Up with Threats

    by John Linkous on October 9, 2014

    The next time you turn on the faucet in your home, ask yourself: "How do I know this water is safe?" This may seem an odd way to begin a blog post on security, but it’s important to realize that water, electricity, food, and transportation are all part of the critical infrastructure that provides these conveniences—and in some cases, the lifeline—of our world. Technology is making these systems…

  • Modern-Day Intrusion Detection: Of Needles, Haystacks, and Cybercrime

    by John Linkous on October 7, 2014

    After a corporation discovers a data breach, there is a flurry of law enforcement activity. From the FBI, Department of the Treasury, and Secret Service to state and local police, a cadre of law enforcement officials will be part of the investigation into how the data breach occurred, how detection technologies could have been more effective, and who was criminally responsible. One of the hardest…

  • Bitcoin and the Future of Crypto-Currency

    by John Linkous on September 23, 2014

    Break out your cryptographically-signed digital wallet and lay your bets: Where is Bitcoin going? As perhaps the best-known—but certainly not the sole—crypto-currency around, Bitcoin has certainly seen its share of media coverage in recent months. And like other hot-button subjects, Bitcoin seems to elicit strong reactions both for and against it. Some view it as a universal currency, free from…

  • The Once and Future Network Security Appliance

    by John Linkous on September 16, 2014

    In the early 2000s, the network security appliance became ubiquitous. Beginning with Web application firewalls (WAFs), and eventually extending through all seven layers of the network model, security appliances were being popped into server racks like candy. "Need to filter spam? There's an appliance for that!" "Do you want to analyze the flow data generated on your firewalls? There's an…

  • Security Audit: The Pitfalls of Third-Party Assessments

    by John Linkous on September 9, 2014

    Everyone is aware of last year’s data breach at Target. Millions of records of cardholder data were stolen and Target is still recovering, with current costs at $148 million. What's not well-known, or openly discussed, is the behind-the-scenes conversations the company has had with its PCI assessor and the standards organization. The PCI Security Standards Council (SSC), consisting of major credit…

This document was retrieved from http://www.rsaconference.com/blogs/by/102/linkous on Sun, 23 Nov 2014 13:39:09 -0500.
© 2014 EMC Corporation. All rights reserved.