Speaking of Security – The RSA Blog and Podcast

“In silent bars, in silent rooms, in silent cars, you hide where you can. And me, I know just where you are, you see, I’m a bomber man”  -  From Bombers by Gary Numan This week President Obama released his plans for a “leaner” military.  There has been a lot of debate about whether or not this [...]

So Ok, you think you know security. Riddle me this one… What does Jennifer Lopez and computer hackers who’ve attacked America’s defense establishment have in common? If you answered both are featured in this September’s issue of Vanity Fair magazine, you’d be right, and a true member of the all knowing security club.

I have spent the past 6 years of my life running incidents of one flavor or another, whether it was a government or private sector system intrusion, a product vulnerability, or an infrastructure vulnerability or attack. Over the past two weeks I have participated in an incident and the response to the incident that was very different than anything I have personally dealt with before. This incident had two parts to handle: one, the protection offered by the security product RSA SecurID; two, the intrusion itself. This incident demonstrated a deliberate and responsible response by the company, RSA. RSA coordinated a collaborative effort involving the RSA customer community (both U.S. and International), the security community as a whole, law enforcement, and US-CERT.

Warlike tactics are employed by each of the factions; security companies and financial institutions – the main defensive arm of the faction – build barricades to stop attackers. The fraudsters, on the other hand, try to outflank them by finding ways to circumvent these defenses, whether those are based on technology or on social engineering. Another tactic that is often used in real-life wars is the targeting of the enemy’s infrastructure.

Only a select few have had a look at the script of the next James Bond feature film. It seems like Quantum, the secret criminal organization that in previous installments was busy short-selling the stock market by staging terrorist attacks and taking over water supplies to control the economy of South America, has a new [...]

After submitting the first blog on Stuxnet, I’ve been inundated with people who “get it.” One person in particular (Joe Weiss), highlighted for me a point to emphasize to really drive home to some folks who “need to get it.”

Our IT infrastructures are as real as any road, ship or city in the world today. They have the ability to directly influence and interact with the real world in as real and impactful a way as any object in the physical world. Let’s try saying that another way to be really clear: the world of information is as real and interchangeable and impactful to us as the world of guns, germs and steel…