DDoS defense and mitigation challenges:

In their quest to maximize downtime and damage, cyber criminals and hacktivists are using increasingly sophisticated Distributed Denial-of-Service (DDoS) attack methods to detect and circumvent enterprise defenses. Widely accessible DIY malware kits, such as Dirt Jumper, sell for as little as $150 in the black market and can be used to customize botnets capable of carrying out such sophisticated DDoS attacks. As the total number of DDoS attacks continues to increase, the evolution of DDoS botnet capabilities to bypass DDoS mitigation methods will likely fuel the already growing fire of DDoS attacks upon enterprises.

via Sophisticated DDoS Botnets Bypass Defenses – Cyveillance Blog – The Cyber Intelligence Blog.

I recommend taking a look at the references in the article.

In the old fable, the Boy Who Cried Wolf was capricious and stupid. He cried “wolf” the first two times because he wanted to see who would come. The third time, when the wolf actually appeared, he cried out and no one came. He became wolf chow.

But what if the Boy Who Cried Wolf had actually seen a wolf the first two times? Would help still have come the third time? What would have happened, in that wolf-infested forest, if he had cried five, six, seven times?

This is a question that IT security professionals face every day. And there isn’t always a clear answer.

via For Security Pros, Maintaining Credibility Means Walking A Fine Line | Dark Reading.

This is always a concern for InfoSec professionals. Another piece that goes with is a measured response. Running around claiming the sky is falling at the first blush of a security issue only to later learn it’s not as bad as the headlines made things out to be can also poison the audience to real threats.

I like this quote from the same article:

A security warning is only as good as the credibility of the professional who delivers it.

For five years now, a Ponemon Institute annual report has tried to put a number on the cost of data breaches. It creates benchmarks for direct costs such as regulatory fines and the cost of notifying customers, alongside estimates of indirect costs such as customer churn and lost business. In 2013, Ponemon pegged the cost of a data breach at $136 per lost record on average across the globe. Ponemon estimated the cost in the U.S. at $188 per record, and $277 per record when the breach came at the hands of malicious and criminal attacks such as outside hacking or insider theft.

via How To Cushion The Impact Of A Data Breach — Dark Reading.

Interesting numbers in the article with a strong emphasis on planning.

Posted in Uncategorized | Tagged


Given how much data the scientists at CERN have to crunch through, it’s not surprising that it take its computing power seriously. This video takes a look inside the massive computer center that allows the magic to happen.

In what is essentially the brain of the Large Hadron Collider it is noisy, hot—and incredibly powerful. Sit back and lust over the tech on show.

via Inside CERN’s Massive Computer Center.

It has been an eventful time in the mobile world with two recent breaking stories revealing vulnerabilities in the security infrastructure for Android and iOS respectively. While vastly different in their nature, both point to a fundamental lesson that CISOs in an increasingly mobile world cannot ignore – when it comes to encryption, read the fine print. Otherwise you may find yourself up the proverbial creek without a paddle (i.e., remediation strategy).

A sensible approach to mobile security is rooted in a clear identification of what needs protection. In general, CISOs want to protect access (i.e. who can login and get to company systems) and company data, both in transit and at rest. At the root of all protection strategies is strong encryption to protect data that is either input or consumed by the mobile user. Without strong encryption all mobile security strategies are nothing more than a game that hackers can play and win.

via What CISOs must learn from Bitcoin and a research team at Georgia Tech.

What can RDP intruders do? If you have administrative privileges assigned to the user they login as, they can take your computer for an unfettered spin around the block, ranging from turning it off, rebooting it, installing software (including malware), or just having a look around to find documents of files with your critical personal information in them like banking, accounting, or other information and then spirit them off across the network to their own computers for nefarious purposes.

via Remote Desktop (RDP) Hacking 101: I can see your desktop from here! – We Live Security.

As of Friday afternoon, a notice on NASA’s kepler.arc.nasa.gov website was reading “Down for Maintenance: The requested webpage is down for maintenance. Please try again later.”

The site is only one of what appear to be 14 hacked subdomains, hosted in the heart of Silicon Valley, that were defaced on Tuesday and stayed offline for some time.

via “Stop spy on us!” 14 NASA sites hacked | Naked Security.

Posted in Uncategorized | Tagged