Access "Marcus Ranum chat: Network threat detection and wireless attacks"
This article is part of the Dec. 2012/Volume 14 / No. 10 issue of Market for vulnerability information grows
Marcus Ranum: The other day over lunch you were telling me about a rather amazing incident that you were dealing with. I understand that you can’t get too detailed about some parts of it, but what can you tell us? Aaron Turner: I guess the first surprising thing we found was that there were at least three different adversaries on the network, each attacking a different aspect of the infrastructure. One group was after the crown jewels—and was very focused and organized—another was picking up the crumbs of the ‘A Team,’ and another was running a payment card harvesting operation focused on the organization’s P-Cards [purchasing cards] associated with the organizations bank accounts. The most interesting thing about the ‘A Team’ is that essentially, we found evidence that this group of sophisticated attackers was using wireless communications capabilities to not only bypass the organization’s security controls, but they were doing so to accelerate the exfiltration of information from the organization. Think of it as the attackers got impatient with the ... Access >>>
Premium Content for Free.
Firm pushes software security testing with fugitive tracking system
by Robert Westervelt
System that helps law enforcement track down fugitives was tested thoroughly to prove to CTOs and IT teams that the company is serious about security.
Critical infrastructure protection hindered by difficulties, experts say
by Robert Westervelt
Information Security magazine discussed critical infrastructure protection with three experts and explore whether any near-term solutions can be implemented to bolster network defenses.
- Firm pushes software security testing with fugitive tracking system by Robert Westervelt
Private market growing for zero-day exploits and vulnerabilities
by Robert Lemos, Contributor
Exploitable vulnerabilities are becoming harder to find in popular software, but information on such flaws is increasingly valuable, and many security researchers are no longer willing to give it up for free.
Biometric authentication methods: Comparing smartphone biometrics
by David Jacobs, Contributor
Biometric authentication helps ensure only authorized smartphone users can access a network. David Jacobs weighs the pros and cons of three methods.
- Private market growing for zero-day exploits and vulnerabilities by Robert Lemos, Contributor
Emerging vulnerability markets, mobile biometrics prompt security concerns
by Robert Richardson
Information Security Magazine examines key security concerns in the field of critical infrastructure protection and explores options for mobile biometric authentication because you’ll need to think about a new security strategy as mobile devices outnumber desktops in the enterprise.
Chief information security officer skills go beyond customary technical roles
by Matthew Todd
A trusted advisor and a strong communicator and promoter, a good CISO should be a jack-of-all-trades to rally the IT security team to support the business needs by minimizing risk.
Marcus Ranum chat: Network threat detection and wireless attacks
by Marcus Ranum
Security expert and Information Security magazine columnist goes one-on-one with Aaron Turner, co-founder of security consulting firm N4Struct.
- Emerging vulnerability markets, mobile biometrics prompt security concerns by Robert Richardson
More Premium Content Accessible For Free
Strategies for a successful data protection program
Deploying data protection technologies properly requires a lot of time and patience. While most firms can get started by using preconfigured policies...
Devices, data and how enterprise mobile management reconciles the two
The bring your own device (BYOD) movement, which has flooded the enterprise with employee-owned smartphones, tablets, phablets and purse-sized ...
Putting security on auto-pilot: What works, what doesn't
For so long penetration testing meant hiring an expert to use skill and savvy to try to infiltrate the company system. But, as with most ...