For the first time in nearly a year, Akamai researchers saw a drop in the number of DDoS attacks targeting customers. The details are outlined in the newly-released State of the Internet Report for the third quarter of 2013.
Get In Touch
Recently in Web Security Category
At the recent ShmooCon conference, industry leader James Arlen discussed the need for better business etiquette among security practitioners.
In the world of information security, complaining about the user is a sport as old as the profession itself. Users falling for phishing attacks. Users failing to install patches. The list of complaints goes on.
One of the big news items from ShmooCon 2014 was that the ISO 30111 Vulnerability Handling Processes is now published. The document, edited by Microsoft Senior Security Strategist Lead Katie Moussouris, has been a long time coming. Specifically, it outlines how vendors should investigate, triage, and resolve all potential vulnerabilities, whether reported from external finders or via the vendor's internal testing.
As the second day of ShmooCon 2014 dawns over Washington DC, I'm reflecting on the talks that kicked off the weekend yesterday. Particularly useful was a presentation by security practitioner Rob Fuller called "Attacker Ghost Stories: Mostly Free Defenses That Give Attackers Nightmares."