Email Address:
Methods for countering botnets will increasingly exploit techniques used by botnets themselves. One approach is to disrupt command and control communications between bots; this can be effective but can require tampering with already compromised devices. Other methods improve the resiliency of communications in the presence of denial of service attacks but require a more complex communications infrastructure. Both approaches are described and discussed in this podcast.
Malware like Storm is highly adaptive and resilient. Combating and controlling the latest forms of malware will take new techniques. This podcast examines the characteristics of super strength threats, looks at the Storm botnet as an example, and discusses new types of techniques for disrupting and limiting the detrimental effects of malware.
Search engines, regulators, legislators and privacy advocates continue to try to balance competing interests of online advertisers and consumers. In this podcast we look into evolving regulations on search engines and how they track users browsing habits and collect personally identifying information. One of the problems with current efforts is too much emphasis on technical details (Is an IP address personally identifying?) and too little on policy-level issues (Should healthcare information warrant greater privacy protection than other information?). The podcast concludes with a look at the need to balance user experience and privacy and describes some options for improving your privacy protections today.
Anti-phishing measures like customer selected site-images and Extended Validation SSL green bars are not the panacea we may have hoped for. Why? Partly because of the adaptive behavior of computer users and partly because of a lack of information about anti-phishing measures. This podcast describes some research which sheds some light on the problem and then goes on to discuss next steps for improving anti-phishing effectiveness.
There are now more compromised Web sites distributing malware than sites established just for that purpose. How are we supposed to protect ourselves from these unwitting pushers of malware? There are no easy answers but a combination of steps to lock down your browser plus content filtering and reputation based monitoring can help. This podcast starts with an overview of the problem of compromised Web sites and why they are such an appealing target for attackers. It then shifts to specific steps you can take to secure your browser and your network.
Spyware and other potentially unwanted programs can lead to data loss, poor system performance and increased service desk costs. This podcasts describes the various forms of spyware, the threats they pose, and methods for protecting users from impact of spyware infection.
Full disk encryption is a key tool for preventing data loss but we must understand its weaknesses. Modern encryption algorithms are strong enough that our biggest concerns should be about managing keys and that is no easy task. This podcast looks at the kinds of processes we need in place to manage and recover encryption keys; it also examines the newly discovered cold boot attack that takes advantage of the physical properties of DRAM to compromise disk encryption.
E-discovery is the process of identifying, securing and analyzing electronic data for legal reasons. IT professionals may be called on to assist their colleagues in the legal profession. This podcasts examines what we can do from an IT perspective to help attorneys and other legal professionals get the data they need, focus on relevant information, and review it efficiently. E-discovery processes are discussed and parallels are drawn with similar operations,such as data loss prevention. The widely discussed Qualcomm v Broadcom case and its e-discovery issues are also briefly discussed.
Malware is becoming more resilient, in part, because of increasingly sophisticated infrastructure for distributing and controlling malware. This podcasts looks at these themes especially with regard to distribution mechanisms for malware, techniques for protecting compromised devices like fast flux, the use of trusted Web sites to spread malware, and the role of this malware in broader cybercrime efforts.
With the widespread adoption of iPhones and, to a lesser degree the iTouch, the Mac OS is likely to become a more appealing target for malware developers, phishers and identity thieves. In this podcast, we discuss the Mac platforms vulnerability to malware, the current state of Mac malware as well as how the adoption of the Mac OS on mobile devices could influence cybercriminals interest in the platform. The podcast concludes with a discussion of social engineering attacks some of which are independent of operating system and browsers.
In this podcast we examine ways to reduce the risk of leaking sensitive and private data through software test procedures. Three key areas are discussed: policies and procedures governing testing and test data; securing test environments; and data anonymization.
Cybercrime is a business and this podcast shows just how business like it is . The talk starts with an overview of the characteristics of cybercrime networks that parallel features of the business world and then provides examples. The podcast concludes with a discussion of public policy measures for dealing with cybercrime.
Brandjacking (using brands and trademarks in unauthorized ways) is a growing problem for businesses with valuable brands. In this podcast, we examine how domain squatting and domain kiting can be used by brandjackers to exploit the value of a brand and what companies can do about it.
Web 2.0 technologies can be exploited for identity theft in a couple of different ways. First, there is a harvest model of collecting information that is voluntarily posted to sites, such as MySpace, Facebook and LinkedIn; and second, there is a Trojan-based model in which malware distributed through Web 2.0 sites is used to collect and transfer information to attackers. In this podcast, we discuss how these techniques work and what you can do to minimize the risk of losing information through them.
The short answer to the question in the title is "yes" but the more important part of this podcast is how to do it. Here we focus on relatively simple steps to improve service management, infrastructure management and software development. The goal in each area is to make small, incremental changes in how we do things so that we improve security without incurring a great deal of extra cost. Most of the tips discussed do not require additional hardware or software, only changes to how we use them.
The holiday season brings is a busy time for all of us and phishers are no exception to the rule. This is a prime time to target online shoppers and others online. The last year has had good news in the battle on phishing and some bad news. This podcast takes a look at some of the key phishing topics of the past year and ponders some of the things to watch out for in the coming year.
Businesses have more options to outsource IT operations and services. If you are wondering how to get started, this podcast will help. The podcast describes six steps to understanding if outsourcing IT services is right for your company and how to start the process if it is. Topics include: services and functionality needed, cost, legal reviews, managing risk, evaluating with a prototype and formulating a migration plan.
Low cost computing devices can change the way applications and network resources are used. More users running a variety of platforms may be accessing your systems. How will this change the potential threats to your network, servers, and data? This podcast examines these questions and discusses some ways to improve security in response to the rise of low cost computing devices.
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine