Get a MacBook Air with Online Courses Now

Blog: SANS Security Trend Line:

Author - John Pescatore

Twelve Word Tuesday: "Buy Secure" - Will The Government Finally Use Buying Power, vs. BlahBlahBlah, to Drive Security HIgher?

Enough czars/frameworks: the Government finally using buying power to advance security?

Twelve Word Tuesday: Crypto Export Controls Helped Bad Guys More Than Law Enforcement - No Redux!

Encryption : data as vaults : cash - necessary protection, laws can allow legitimate access.

Twelve Word Tuesday: Internet Attack Cycles And Solar Cycles Have 11 Years in Common

2001 - 2003: - Windows vulnerabilities Windows enable worms

2012 - 2014: - Open Source vulnerabilities enable cybertheft

Simple Math: It Always Costs Less to Avoid a Breach Than to Suffer One

The Home Depot breach is the latest "largest ever," but it is really just another example of "you can pay me now, or you can pay me a lot more later" proving out once again as the details come out.

The root cause of the breach can be traced to Home Depot's failure to implement the first subcontrol under Critical Security Control 2:

Deploy application whitelisting technology that allows
systems to run software only if it is included on the whitelistand prevents execution of all other software on the system.


The whitelist may be very extensive (as is available from
commercial whitelist vendors), so that users are not
inconvenienced when using common software. Or, for some special-purpose systems (which require only

...

Twelve Word Tuesday: Browsers Should Be Like Car Windshields, Not Car Rental Agreements

More browser security popups are as useful as more drug side-effect warnings.

Google plans Chrome pop-ups for sites using SHA-1