How Secure is the Cloud?
When Microsoft named Windows XP in the Internet Explorer zero-day browser vulnerability patch the company issued last week, many industry observers were stunned. Did Microsoft decide to backtrack on its assertion that the company would no longer support XP? Did Microsoft knuckle under to user pressure? The answer is no! Redmond has decided not to backtrack on killing support for Windows XP; it simply made a one-time exception.
Have you ever heard the term "The Forbidden Experiment"? If you are not familiar with it, it's a concept originating in the behavioral sciences field, which relates to challenges in understanding human language development. Specifically, the "experiment" in question refers to actually testing empirically what would happen if a child were raised without language. Information technology is that child. Computers by their nature can perform tasks in many different ways and that flaw is what makes them vulnerable to attacks.
The use and scope of information technology has grown dramatically since 2000 -- and along with that growth have come ever greater cybersecurity threats to businesses, government agencies and consumers. The need to prevent actual threats, as well as to stop potential cybersecurity problems, calls for sharing information among vulnerable parties. If that information is stored securely in a well-designed cloud, that information will be reasonably safe.
Smarting from speculation that the U.S. intelligence community hoarded knowledge about the Heartbleed bug, which placed millions of servers and devices that access the Internet at risk, the White House recently gave the public some insight into how it decides to release information about computer vulnerabilities. Disclosing them is generally in the national interest, the Whitehouse said.
AOL on Monday released a statement that confirmed a "significant number" of user accounts had been hacked, confirming rumors swirling around the issue for a week and denying its week-ago statement that users' email accounts were being spoofed. The hackers stole users' email and postal addresses, address book contacts, encrypted passwords and encrypted answers to security questions, and "certain employee information."
Microsoft's Internet Explorer Web browser has a flaw that allows hackers to commandeer control of computers, FireEye reported on May 2. Although the never-seen-before vulnerability can be found in all versions of Internet Explorer, hackers are targeting IE versions 9 through 11, according to a blog post by the three security researchers who made the discovery.
Cybersquatting is an unethical practice that's as old as dot-com, but the upcoming expansion of domain names could be breathing new life into the practice, while offering seamier elements on the Net an invitation for mischief. In the early days of the Internet, nimble squatters would register domain names of brands, and then sell them back to the owners for tidy sums.
The Web has been abuzz with discussion of the HeartBleed flaw. Security vendors and experts have been falling all over themselves to offer advice on detecting or mitigating the flaw, and consultants have been offering businesses advice on how to deal with the problem. The NSA has been accused of having known about and exploiting this particular vulnerability.
Ninety-two percent of more than 100,000 incidents reported by 50 companies over the past 10 years fall into nine basic patterns, according to Verizon's 2014 data breach investigations report. An advance copy was released to the media on April 29. Point-of-sale intrusions, Web app attacks, cyber espionage and card skimmers are the most concern for data disclosure, it says.
One of the oldest concepts in business states when there is a need a vacuum is created. When vacuums are created they must be filled. The question for our readers relates to the best way this vacuum can be filled by an information technology professional looking for gainful employment. Certifying for Internet security is one way to help companies, organizations and individuals deal with these dangerous threats. For example: the Certified Internet Security Systems Professional or CISSP is in high demand by companies who feel securing their data is a primary concern. The Certified Ethical Hacker sponsored by EC Counsel is gaining recognition across the spectrum of Fortune 1000 companies.
Credentials that add to your credibility as Internet securities professional include: CompTIA’s A+, Microsoft’s MCSE, Cisco CCNA and the Linux certification from LAMP.
No comments:
Post a Comment