Optimal Security : the Lumension Blog

As I’ve discussed before, one of the requirements of the HITECH Act is for the Secretary of the Department of Health & Human Services (HHS) to publish a list of all breaches of healthcare data covered by the HIPAA security rule on a yearly basis. The first such publication has been made, covering the period [...]

Having a security problem on the front page of the Wall Street Journal is never a good thing for the companies involved, but it can be instructive for everyone else. Unfortunately, many will ignore the high-profile coverage of China’s spear phishing attack on Google, Adobe and over thirty other businesses. They will think that this [...]

Last winter and spring we all watched with interest the headlines heralding the spread of the Confickr botnet.  The under-reported part of the story was that fact that well-patched enterprise networks were largely unaffected by Confickr’s bloom.  In some circles, this seems to have lead to a complacency or belief that botnet infections are not [...]

The recent attacks on U.S. and South Korean IT infrastructure has once again raised awareness around national cybersecurity issues here in the States. While I certainly agree with my security colleagues that it is high time that President Obama finally appoint a cybersecurity czar to head up the overarching public-private initiatives that have been promised, [...]

A quick note on some interesting news/tidbits I’ve run across whilst trying to keep up with/clean out my RSS feed before I head out for the 4th of July weekend…
The Iceman Goeth. Saw where Max Ray Vision (nee Butler), aka “Iceman,” has plead guilty to two counts of wire fraud stemming from the theft of [...]

Security researchers have long used dedicated reporting websites to highlight the need to secure specific applications or services by hosting hacking challenges for members of the research and hacking communities to publicly post discovered vulnerabilities. The latest challenge called “Twitpwn” will highlight newly discovered vulnerabilities and proof of concept code that involve Twitter, a micro-blogging site, but will [...]

Miscellaneous interesting news / tidbits I’ve run across whilst trying to keep up with/clean out my RSS feed …
Cyberczar. Lots of discussion about the “Cyber Czar” appointment in the US (apparently the EU is contemplating something similar) … who is it going to be? [some are suggesting Scott Charney, head of Microsoft's cybersecurity division] what [...]

While Microsoft may believe that its Internet Information Services 6 Web-server software issues are only limited to a data leakage issue and not necessarily a larger immediate threat, Microsoft should consider other aspects of this issue and accelerate a solution to protect the community at large.
The Bigger Picture
At first glance, the issue with IIS 6 [...]

A Q&A with Pat Clawson and Mike Jacobs
As the nation’s cyber defenses continue to face attack by sophisticated, well-organized efforts to disrupt vital systems and steal critical, confidential information, our government is facing greater pressure to create a governing body that can establish and enforce mandates to protect critical networks and systems. Cyber criminals have graduated [...]

SQL injection attacks have been in the news lately given two recent highly publicized attacks against security vendors.  According to a recent IBM report, SQL injection attacks increased 30X between this past summer and the end of 2008 and resulted in a 50 percent increase in the number of malicious URLs hosting exploits. The report [...]