Security News

<< Next Post - Previous Post >>

Weekly Digest #2 – Interesting Articles

WPA Cracking
An interestingreference on Schneier’s blog to an article describing a “in the cloud” service to crack WPA keys.It is the realisationofthe concept of distributed security cracking mentioned in 2008 by Chad Perrin, not sure if he was the first to introduce that idea.
http://blogs.techrepublic.com.com/security/?p=4097

WPA2 Vulnerability – Hole 196
A new man-in-the-middle attack for WPA2 seems to have been found and recently demonstrated at the Defcon 18
http://www.airtightnetworks.com/WPA2-Hole196

World’s Top Malware
FireEye has produced a nice colourful report on the 20 top malware they found on the net with their technology. Although this could be guess, it is interesting that the top4 types of malwareare 1) Information gathering/stealing, 2) Generic Malware dropper, 3) Rogue Anti-virus and then Spam.
http://blog.fireeye.com/research/2010/07/worlds_top_modern_malware.html

Cisco 2010 Midyear Security Report
This is a good report published by Cisco on security risks and trends. Below is a very brief summary of what I found interesting in that report:
– An enterprise security landscape which is shifting in 3 areas: 1) A technological shift (mobile devices), 2) An economic shift (Virtualization of Operations) and 3) a Demographic shift (collaboration and social network)
– For each of those shifts, the report describes the associated security risks and provide some clear “generic” security steps to help address the risks(read here, non Cisco specific!)
– An interesting projection of number of “connected” devices by person… from 5 today to a prediction of 140 in 2013!! which push even more the need to move to IPv6 (if not for security reasons!)
– The logic behind what an attacker decides to focus on
– SecurityAttacks focus for 2010: 30% increase of spam compare to 2009, increase of attack on legitimate websites (i.e.: The Apple store) and social networks.

So, all in all a very interesting report where only the last few pages offer references to Cisco specific products.
http://www.cisco.com/en/US/prod/collateral/vpndevc/security_annual_report_mid2010.pdf

<< Next Post - Previous Post >>