Defcon in pictures
CIO.com goes undercover (sort of) at GrrCon, the Midwest's premier conference on penetration testing and software security, to learn about cloud security, hacking, lock picking and more.
Every year sees an increase in usage of the Internet. Broadband penetration rises. More websites are created. Business grows by sharing information with their partners. This desire to reach the masses and provide goods and service cheaper and faster than their competitors often means trade-offs are made. These trade-offs typically involve trading accessibility for security.
Hack week in Vegas
During the Black Hat and Defcon conferences in Las Vegas last week, researchers wheeled out their best new attacks on everything from browsers to automobiles, demonstrating ingenuity and diligence in circumventing security efforts or in some cases in exploiting systems that were built without security in mind. Here's a handful of the ones that deserve the most concern.
For two decades, the dominant security model has been location-centric. We instinctively trust insiders and distrust outsiders, so we build security to reflect that: a hard perimeter surrounding a soft inside. The model works best when there's only one connection to the outside, offering a natural choke point for firewall defense.
Sign up now »
Balancing the requirement for strong network security with the need to harness collaborative web technologies is essential for business growth.
Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).
- Have an incident response plan.
- Pre-define your incident response team
- Define your approach: watch and learn or contain and recover.
- Pre-distribute call cards.
- Forensic and incident response data capture.
- Get your users on-side.
- Know how to report crimes and engage law enforcement.
- Practice makes perfect.
I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.