Jan 10 2013
It’s been an interesting week and start to the year. Between the Ruby on Rails vulnerability and the Java zero day released today, we have some serious patching issues on our plates. And if history is any indicator of future performance, the security technorati are already in the process of patching, which only leaves the other 98% of the population to get patched. I’ve also had some interesting talks with folks about the idea of honey tokens, honey nets and other detective measures for the network. On to the stories …
- I’ve been saying for a couple years now that we need to change the way we think about security from the foundations up. Apparently Art Coviello agrees and says we need to move to an intelligence-driven security model. A lot of other professionals believe we need to rethink security architecture as well, according to Tim Wilson over at Dark Reading. Always challenge the assumptions the leaders of the last generation made, especially in a profession as young as security.
- The topic of honey tokens and all other things ‘honey’ started in part due to a lot of discussion around ‘offensive security models’. The Washington Post has an article on salting databases with fake data, which if done right is exactly what a honey token is. CSO Online says that deception is better than a counterattack; I don’t know if it’s ‘better’ but it’s something that you should be doing whether you’re considering offensive tactics or not. And a fun new little tool to do some of this has been released, called HoneyDrive. It’s a collection of tools on a VM, which is always a good toy to play with.
- Continuing on the them of Monday’s post, Computerworld has an article on how to talk about security to everyone else. I’m sure we’ll be talking about this again, since it’s one of the basics we seem to have a hard time with.
- And finally, Cyber attack timelines from the second half of December. There’s a few errors in the dates here, but I only know that because of my day job. Let’s just say that there have only been two waves of QCF attacks so far, and that they started a little earlier than is being represented. But overall, this is good data to keep aware of, especially with the recent rise in attacks.
And finally, for something completely different, a Linux-powered sniper rifle. I’m sorry, ‘hunting rifle’.