Monday, November 21, 2011

Here's my latest article in Search Security Magazine


Over the past few years, information security has become a top-level concern to enterprise senior management. Many organizations by now have created information security departments to secure themselves from the threats they’re facing, but in today’s environment, it’s no longer enough. Hence the reasons why a paradigm shift is needed regarding the ways security departments are being structured. No longer should one department manage security from cradle to grave.

Take a look here for the rest.

http://searchsecurity.techtarget.com/tip/Modern-security-management-strategy-requires-security-separation-of-duties

Saturday, November 19, 2011

Testing the Waters (Illinois Water System Hacked!!)

There is reason to believe that an Illinois water system has been compromised, and the source of the attack has been traced back to a computer in Russia (no surprise). Supposedly, the intruders burned out a pump by utilizing access to stolen credentials that gave them access to there SCADA software.

Its widely known that critical infrastructure in America is severely insecure. There's been a call from many security professionals over the past decade to tighten security on these systems, and protect our infrastructure. With highly sophisticated malware being created to attack SCADA equipment, like Stuxnet and Duqu, its only a matter of time before these hacks start taking place more frequently.

Its seems like the hackers were only "testing the water", sorry about the pun, with what they could do with their access. What if they wanted to do something more malicious to these systems besides breaking them? The water supply would reach thousands if not millions of people. What if they hit the power grid, and turned off power to parts of the country? These things, as unbelievable as they may seem, are what we're facing now.

The government is downplaying what happened here in Illinois, but they need to start securing their systems before innocent people die. This isn't a trojan thats going to steal your banking credentials. These hacks have the capability to stop a town and or state, and potentially harm the citizens living in them.

The time to act it now.

Saturday, November 5, 2011

Anonymous vs. Mexico's Zetas Cartel: This One's Real

Anonymous seems to have met their match: The Zeta Cartel, or have they?

Over the past week anonymous has been threatening to release a list of "servants",(journalists, taxi drivers, government workers, etc.) that are on the payroll for the Zeta cartel. This is in response to the Mexican's kidnapping an anonymous member earlier in the week. The Zeta cartel is one of the most infamous and powerful cartels in Mexico, are extremely violent, and not shy about bloodshed.

Anonymous has demanded the kidnapped member be released, or they'd dump the classified information they have on the cartels "servants". As of this morning its been noted that the kidnapped member has been freed, but they threatened if anonymous leaked any information on their "servants" they'll kill the members family and 10 people for every name released.

This is where it gets real. Anonymous is an internet group and debated heavily on on the release of this data. This isn't law enforcement or governments getting involved, its random people in a chat forum. If they were to dump a couple hundred names on the internet thousands of people could have died. Its one thing to setup a sit-in at parks (#occupy), but getting started in a gang war is over their heads.

Both of these groups don't like being told what to do, but its evident the cartel dosen't want their servants exposed, and anonymous were slightly concerned with a real backlash. Their response to this event was much more real than a DDOS or web attack, and I think they eventually realized that.

Anonymous, for the sake of human life drop this one.