Get In Touch
At the recent ShmooCon conference, industry leader James Arlen discussed the need for better business etiquette among security practitioners.
In the world of information security, complaining about the user is a sport as old as the profession itself. Users falling for phishing attacks. Users failing to install patches. The list of complaints goes on.
In the past several weeks, Akamai was in a unique position to witness a massively orchestrated attack, designed to map Internet facing web servers that are susceptible to certain specific vulnerabilities.
One of the big news items from ShmooCon 2014 was that the ISO 30111 Vulnerability Handling Processes is now published. The document, edited by Microsoft Senior Security Strategist Lead Katie Moussouris, has been a long time coming. Specifically, it outlines how vendors should investigate, triage, and resolve all potential vulnerabilities, whether reported from external finders or via the vendor's internal testing.
I've said it about other conferences: The most important activity -- even more so than attending talks -- is the networking that goes on in the lobby, something that's become popularly known as LobbyCon. It's especially true for those attending ShmooCon here in the nation's capital.
At Akamai, one of our security policies goes something like this: If you want to do instant messaging for personal matters, use whatever you want. If you want to discuss company business on IM, however, you have to use a specialized instant messaging program we've set up specifically for communication between colleagues.
As the second day of ShmooCon 2014 dawns over Washington DC, I'm reflecting on the talks that kicked off the weekend yesterday. Particularly useful was a presentation by security practitioner Rob Fuller called "Attacker Ghost Stories: Mostly Free Defenses That Give Attackers Nightmares."
After getting my badge for this weekend's ShmooCon conference in Washington DC, I excitedly emptied the contents of my bag on the table. Schwag. Lots of it. There was a wooden airplane kit. A harmonica. Stickers aplenty. All branded with the names of various security vendors and organizations.
Patch Tuesday is an important calendar item for Akamai customers, given how dominant Windows machines are in many companies. What follows is Microsoft's January 2014 Security Update.