3GPP Long Term Evolution – new threats or not?
3GPP Long Term Evolution (LTE), is the latest standard in the mobile network technology tree that produced the GSM/EDGE and UMTS/HSPA network technologies. It is a project of the 3rd Generation Partnership Project (3GPP), operating under a name trademarked by one of the associations within the partnership, the European Telecommunications Standards Institute. The question is, what will be […]
ניהול אבטחת מידע בענן – על תבונה ורגישות
ניהול אבטחת מידע בענן – על תבונה ורגישות ,ממשל נתונים הוא דרישה הכרחית להגנה על נתונים כשעוברים למחשוב בענן. קביעת מדיניות ממשל נתונים היא בעלת חשיבות מיוחדת במודל העבודה של מחשוב ענן שמבוסס על אספקת שירותים בתשלום ליחידת צריכה, בניגוד למודל המסורתי של מערכות מידע המבוסס על התקנה, שילוב מערכות ותפעול מוצרים. יחד עם ההיצע […]
What if al-Qaeda Got Stuxnet?
Speaking at this years RSA Security conference in San Francisco, Deputy Defense Secretary William Lynn was worried about al-Qaeda getting Stuxnet: al-Qaeda operates as a network comprising both a multinational, stateless army and a radical SunniMuslim movement calling for global Jihad…Characteristic techniques include suicide attacks and simultaneous bombings of different targets…beliefs include that a Christian–Jewish alliance is conspiring to destroy […]
Attacking the network via Rich Internet Applications
Vulnerabilities in rich Web 2.0 applications are definitely a problem when you start deploying more of your business to the cloud. Here is a good article from a Norwegian developer and security researcher – Erlend Oftedal on exploiting crossdomain.xml and clientaccesspolicy.xml in RIAs (rich internet applications). Unrestricted crossdomain.xml and clientaccesspolicy.xml files can be abused by […]
Moving your data to the cloud – sense and sensibility
Data governance is a sine qua non to protect your data in the cloud. Data governance is of particular importance for the cloud service delivery model which is philosophically different from the traditional IT product delivery model. In a product delivery model, it is difficult for a corporate IT group to quantify asset value and data […]
Configuring email notifications to be friendly but secure
I have commented in the past on the generally low security level of Microsoft ASP.Net web applications which stems from the closed Microsoft monoculture and a product strategy that prioritizes ease of use over security and privacy by hiding features and functionality from the user. In the course of a security audit/penetration test of a […]
Mobile device security challenges
It has been said that there is nothing new under the sun and that every generation forgets or never learned the hard-earned lessons from the spilled blood of the previous generation. Reviewing the security and compliance issues of a new mobile medical device recently, I was struck by how familiar many of the themes are. […]
Practical advice for SME to use ISO 27001
ISO 27001 certifications are growing rapidly because of compliance regulation and increased awareness of information security risk. The ISO organization recently (October 2010) took measures to make ISO more accessible by “providing practical advice for small and medium-sized enterprises (SMEs) on how to achieve the benefits of implementing an information security management system (ISMS) […]
Why data security is like sex
We all think about sex – men (most of the time), women (some of time) and teenagers (all the time). Sex – despite the huge volume of content in the digital and print media, is one of those phenomena that demonstrate an inverse relationship between substance and talk. The more talk, chances are, the […]
Medical device security trends
Hot spots for medical device software security I think that 2011 is going to be an exciting year for medical device security as the FDA gets more involved in the approval and clearance process with software-intensive medical device vendors. Considering how much data is exchanged between medical devices and customer service centers/care givers/primary clinical care teams and […]
