Archive
Simplifying Security – An Interview with SC Magazine
A recent video I filmed while on a press tour of the east coast – Dan Kaplan of Secure Computing Magazine was kind enough to interview me and ask me questions about why securing IT is so complex.
Decrypt Full Disk Encryption products for $299 – Well, it got cheaper at least
Many people have contacted my team and I over the last few days about the recent announcement by ElcomSoft, that they offer a tool to decrypt Bitlocker, PGP and Truecrypt volumes.
This $299 tool is advertised as getting you access to this encrypted data quickly and easily…
Now, this may sound exciting, but as they say, there’s always a catch – you need a memory dump from the machine from when it was authenticated to use this tool – yes, no recovery if you find a cold machine. You have to get access to it while it’s on and the user has logged in, then, after they switch it off, you can recover the data..
Sounds familiar? Well it should, it’s exactly the same idea Passware.com released to the world back in 2010 – I even blogged about it then… Read more…
Evil Twitter… Finding malware amongst the maelstrom..
Would it surprise you to know that yesterday, more than 5000 tweets were posted with URLS which would have dropped you on sites which distribute malware?
It was only a small portion of the total number of tweets containing URLs, around 2.5 million or so, and there were an additional ~200,000 that went to sites about which McAfee was not too sure about the status (we are busy scanning them, as we do all sites which come to our attention where we don’t have a “reputation”). Still – there were 5000 tweets, guaranteed to get you in trouble.
You can guess perhaps, that for a while now McAfee, or rather my Innovation Team has been working on a project to generate some deep analytic evidence from the Twitter fire hose – We’re trying to answer the question “how do you apply the concept of reputation to a social media system?” Knowing how cyber-criminals use Twitter to entice people to visit their sites is just the first step in the process. Read more…
Speaking at ASIS International Orlando, 20th September
For those in the Orlando area, you’ll find me presenting at ASIS International on the 20th – I’m talking about mobile security and consumerization, a topic close to most IT leaders hearts.
If you’re going to be there, please say hello, and of course my standing offer of a vanity http://mcaf.ee url in exchange for a good joke still holds.
Piggybacking WiFi at 60mph
I was in Madrid speaking at a conference a couple of months ago, and arriving after one of my favorite trans-Atlantic flights (you know the ones, where the ratio of screaming children to adults is not conducive to rest or even playing Angry Birds) I was excited to take one of the citi-cabs which have free wifi onboard to my hotel, a 45 minute journey away.
It was an interesting experience to say the least – though getting completely car-sick in the process, I managed to clear my inbox, answer a dozen questions on Community.mcafee.com, and also catch up with the news care of Google and the BBC. All in all, it was a most productive journey. Read more…
Mobile Device or Not? That is the question…
For the last couple of weeks I’ve been presenting around the U.S. at events such as Secure360 in St. Paul, and the McAfee Executive Summits in Boston and New York.
One question I was asked at every event, was “What is a mobile device?”
The flippant answer of course which after two weeks of middle seats and hours of flight delays comes easily to my lips, is “A device which moves from place to place” – but is that strictly true any more? Read more…
Underground Economies – The rise of Intellectual Capital Theft.
By now I hope readers have seen the latest latest report from McAfee that I was involved in – “Underground Economies” where McAfee and SAIC collaborated to investigate perceptions around intellectual capital – the “secret sauce” of companies. The report surveyed over 1,000 senior IT decision makers across the world, getting their opinion on where they thought their valuable data was, their attitude to outsourcing control of it, and questions around how it was protected and the risk of it being “misplaced”.
You can read more from the actual report, or see my corporate blog. There’s been a lot of press on this report, such as
Two charged with data theft from June ’10s AT&T hack…
Reported today by infosecurity-us and others, the two men (Andrew Auernheimer, 25, of Fayetteville, Ark., and Daniel Spitler, 26, of San Francisco, California) who had fleeting fame after publishing insecurities in the AT&T iPad website in June 2010 have been arrested and charged with one count of conspiracy to access a computer without authorization, and one count of fraud in connection with personal information. Each count carries a maximum penalty of five years in prison and a fine of $250,000.
You can find the formal press release on the Justice.gov site.
The original hack involved farming the subscriber details off AT&Ts site by presenting it with random ID codes. Unfortunately, while demonstrating a weakness in a site is often not prosecuted, the pair went on to retrieve 120,000 subscriber details and then passed them on Gawker, who published a redacted list amongst much fanfare. This distribution of personal data will probably get them into a lot of hot water. Read more…
McAf.ee Launched!
A pet project of mine for a couple of months now, McAfee’s secure-short URL service went through a viral launch last week and has taken flight!
Leveraging McAfee Global Threat Intelligence, McAf.ee lets you create short url’s which are checked against our databases of known spammy, dangerous, malware hosting, bot control etc sites prior to being show. A while ago there was a glut of dangerous short links circulating around Twitter, Facebook etc – this is something McAfee can proactively do to help offer a little more safety in our online lives.
You can create a short URL for any site, but when someone clicks on it, if the site is flagged as dangerous we throw up a warning page to give users a chance to back out before visiting.
This service was created by the McAfee Office of the CTO, which I am part of – the team is charged with looking into and creating innovative test projects, which, if successful can be rolled into the more traditional McAfee Business Units. It means we have a little more freedom to go out on a limb and try new ideas out.
You can find more information, and of course comment and add feature suggestions, or report issues on our forum http://mcaf.ee/about
I’d love to have your feedback, and, as of now I’m proud to say you can find my blog at http://mcaf.ee/simon (smile!).
Update – Larry Magid from CNET NEws called me to interview me about the service, he was very gracious and published a great writeup of the service. He also recorded the interview and made a podcast available. Boy, I hate hearing recordings of myself.
I got a virus in my email? Me?!?…
Who?
 | EVP Cyber Product Innovation for Mastercard. Formally the Chief Technology Officer for Intel Secure Home Gateways, CTO for McAfee Enterprise Endpoint, CTO McAfee Innovation team, and Founder/CTO SafeBoot Corp. |
Simon Says - Musings of a Technology CTO 
Comments