Last Day to Save $400 on SANS Security East 2015, New Orleans

Blog: SANS Security Trend Line:

Author - John Pescatore

Twelve Word Tuesday: Would ISPs As Common Carriers Lead to More/Less Carriage of Common Attacks?

Net neutrality shouldn't mean continued ISP threat neutrality - but regulatory dice roll.

FCC considering classifying some ISP services as "Common Carrier" services

Twelve Word Tuesday: "Buy Secure" - Will The Government Finally Use Buying Power, vs. BlahBlahBlah, to Drive Security HIgher?

Enough czars/frameworks: the Government finally using buying power to advance security?

Twelve Word Tuesday: Crypto Export Controls Helped Bad Guys More Than Law Enforcement - No Redux!

Encryption : data as vaults : cash - necessary protection, laws can allow legitimate access.

Twelve Word Tuesday: Internet Attack Cycles And Solar Cycles Have 11 Years in Common

2001 - 2003: - Windows vulnerabilities Windows enable worms

2012 - 2014: - Open Source vulnerabilities enable cybertheft

Simple Math: It Always Costs Less to Avoid a Breach Than to Suffer One

The Home Depot breach is the latest "largest ever," but it is really just another example of "you can pay me now, or you can pay me a lot more later" proving out once again as the details come out.

The root cause of the breach can be traced to Home Depot's failure to implement the first subcontrol under Critical Security Control 2:

Deploy application whitelisting technology that allows
systems to run software only if it is included on the whitelistand prevents execution of all other software on the system.


The whitelist may be very extensive (as is available from
commercial whitelist vendors), so that users are not
inconvenienced when using common software. Or, for some special-purpose systems (which require only

...