Archive

Archive for the ‘Security/Exploits’ Category

Simplifying Security – An Interview with SC Magazine

A recent video I filmed while on a press tour of the east coast – Dan Kaplan of Secure Computing Magazine was kind enough to interview me and ask me questions about why securing IT is so complex.

Advertisements
Categories: Security/Exploits

Decrypt Full Disk Encryption products for $299 – Well, it got cheaper at least

December 21, 2012 Leave a comment

Many people have contacted my team and I over the last few days about the recent announcement by ElcomSoft, that they offer a tool to decrypt Bitlocker, PGP and Truecrypt volumes.

This $299 tool is advertised as getting you access to this encrypted data quickly and easily…

Now, this may sound exciting, but as they say, there’s always a catch – you need a memory dump from the machine from when it was authenticated to use this tool – yes, no recovery if you find a cold machine. You have to get access to it while it’s on and the user has logged in, then, after they switch it off, you can recover the data..

Sounds familiar? Well it should, it’s exactly the same idea Passware.com released to the world back in 2010 – I even blogged about it then… Read more…

Evil Twitter… Finding malware amongst the maelstrom..

December 16, 2011 Leave a comment

Would it surprise you to know that yesterday, more than 5000 tweets were posted with URLS which would have dropped you on sites which distribute malware?

It was only a small portion of the total number of tweets containing URLs, around 2.5 million or so, and there were an additional ~200,000 that went to sites about which McAfee was not too sure about the status (we are busy scanning them, as we do all sites which come to our attention where we don’t have a “reputation”). Still – there were 5000 tweets, guaranteed to get you in trouble.

You can guess perhaps, that for a while now McAfee, or rather my Innovation Team has been working on a project to generate some deep analytic evidence from the Twitter fire hose – We’re trying to answer the question “how do you apply the concept of reputation to a social media system?”  Knowing how cyber-criminals use Twitter to entice people to visit their sites is just the first step in the process. Read more…

Speaking at ASIS International Orlando, 20th September

September 14, 2011 Leave a comment

For those in the Orlando area, you’ll find me presenting at ASIS International on the 20th – I’m talking about mobile security and consumerization, a topic close to most IT leaders hearts.

If you’re going to be there, please say hello, and of course my standing offer of a vanity http://mcaf.ee url in exchange for a good joke still holds.

Piggybacking WiFi at 60mph

September 7, 2011 Leave a comment

I was in Madrid speaking at a conference a couple of months ago, and arriving after one of my favorite trans-Atlantic flights (you know the ones, where the ratio of screaming children to adults is not conducive to rest or even playing Angry Birds) I was excited to take one of the citi-cabs which have free wifi onboard to my hotel, a 45 minute journey away.

It was an interesting experience to say the least – though getting completely car-sick in the process, I managed to clear my inbox, answer a dozen questions on Community.mcafee.com, and also catch up with the news care of Google and the BBC. All in all, it was a most productive journey. Read more…

Categories: Exploits, Mobile

Mobile Device or Not? That is the question…

June 9, 2011 1 comment

For the last couple of weeks I’ve been presenting around the U.S. at events such as Secure360 in St. Paul, and the McAfee Executive Summits in Boston and New York.

One question I was asked at every event, was “What is a mobile device?”

The flippant answer of course which after two weeks of middle seats and hours of flight delays comes easily to my lips, is “A device which moves from place to place” – but is that strictly true any more? Read more…

Categories: Mobile

Underground Economies – The rise of Intellectual Capital Theft.

March 28, 2011 Leave a comment

By now I hope readers have seen the latest latest report from McAfee that I was involved in – “Underground Economies” where McAfee and SAIC collaborated to investigate perceptions around intellectual capital – the “secret sauce” of companies. The report surveyed over 1,000 senior IT decision makers across the world, getting their opinion on where they thought their valuable data was, their attitude to outsourcing control of it, and questions around how it was protected and the risk of it being “misplaced”.

You can read more from the actual report, or see my corporate blog. There’s been a lot of press on this report, such as

http://news.cnet.com/8301-1009_3-20047876-83.html

http://www.digitalninjastl.com/blog/2011/03/28/intellectual-property-theft-fuels-underground-cyber-economy/

http://www.bbc.co.uk/news/technology-12864666