Whether it is an exit interview upon termination or resignation, or just a simple question-and-answer session during an investigation, employee interviews are critical to handling insider incidents, IT forensics experts say.
“If you [don’t have] a procedure to formally interview people and to do it properly and record it, you’re not doing your job right,” says Steve Santorelli, director of global outreach at Internet security research group Team Cymru. Continue reading The Importance Of Interviews In Insider Investigations
Researchers at Trend Micro have discovered a malicious PowerPoint file circulating via email, which if executed, installs a backdoor on the victim’s system. The backdoor is made possible thanks to a vulnerability in Flash Player. Continue reading Malicious PowerPoint File Targeting Flash Player Vulnerability
Are cyber-security risks:
- a genuine threat;
- the result of shoddy math; or
- a management consulting conspiracy?
Judging from recent articles, surveys and reports, the answer is “all of the above.” There is a lot of confusion and incomplete and/or inaccurate information regarding cyber-security circulating out there.
Investigative reporter Seymour Hersch has argued that national cyber-risk threats are overstated, perhaps intentionally, by firms that make good money bolstering the country’s cyber defenses: Continue reading Cyber Risks Economics 101
Researchers offer a new way to deal with cyberattacks on critical infrastructure like power and water utilities and banking networks: slow down Internet traffic, including the malicious code, when an attack is suspected; this would allow networks time to deal with the attacks
One of the striking special effects in the film The Matrix occurs during the scene in which Keanu Reeves’ character Neo, sways and bends to dodge bullets as time appears to slow to a crawl. Now, that scene has inspired researchers to develop a way to deal with cyberattacks on critical infrastructure, like power and water utilities and banking networks. Continue reading Slowing time as a way to counter cyberattacks
If You No Longer Know What You’re Looking for, You Can’t Protect Yourself Against It.
In my previous column I wrote about the concept of Information Superiority. The premise is fairly straightforward: In the battle for network security, whoever can bring superior intelligence to bear on network and device security problems, wins. Continue reading Continuous Capability – The Next Frontier
A trio of Indian researchers have proposed a method of steganography which hides messages in by using non-random distribution of letters with or without straight lines.
Steganography is a group of techniques for hiding messages in plain sight. Microdots, tiny text written inside a full stop and only legible when magnified, are one steganography technique. Steganography is hard to detect and decrypt, so much so that this paper from the US National Science and Technology Council (PDF) wrings its hands about it’s potential use by terrorists. Continue reading New steganography technique relies on letter shapes