After reading this article and piecing through the motivations of the hactivist group illustrated in the story, I couldn’t help but think how the world of an information security professional is changing.read more
Distributed Denial of Service (DDoS) is unique in the sense that these attacks actually consist of many legitimate individual requests. It is only the large volume of simultaneous requests that turns those legitimate requests into an attack. Consequently, one of the biggest challenges in mitigating DDoS attacks is distinguishing between malicious and legitimate traffic.read more
Last night, the Wall Street Journal ran a story around the Food and Drug Administration’s (FDA) warning to makers of medical devices that the gear they’re producing is at risk of being infected with computer viruses that can endanger patients.read more
This past weekend, Security Week ran a byline I wrote regarding Long Term Evolution (LTE).
Although this brings the promise of relieving traffic jams for mobile operators, it also brings new security risks. As traffic generated by smartphones grow, LTE networks’ fast mobile broadband will assist handling the increased traffic.
However, mobile operators will have to learn how to handle the new threats. New Advanced Persistent Threats (APT) are emerging and mobile carriers and mobile user will find themselves struggling with similar APTs that we see at Enterprises today. For Long Term Evolution networks not to fall short on security, mobile operators must realize the increased threats from malware, fraud, distributed denial of service (DDoS) attacks and many other attacks, and adopt more comprehensive and innovative security strategies.
Although LTE, which is commonly referred as mobile network 4th generation (4G), provides a solid infrastructure to deliver advanced, content-rich applications in real-time, I discuss a few security challenges that should be addressed in order to protect the network from overload and declining quality of service.
The article can be found here. I invite you to read it, and feel free to share any comments or questions you may have for me.read more
The naïve and still common perception of DoS/DDoS attacks is that to be destructive, attacks must use brute force and generate massive traffic. Low & Slow DDoS application attacks prove otherwise. Similar to guerilla warfare tactics, Low & Slow application attacks create significant damage with minimal resources. What’s more? Detecting and preventing these attacks presents a significant challenge. The following post goes in-depth to break down why Low & Slow application level attacks are difficult to detect and mitigate.read more
AnonGhost – A hacking group affiliated with Anonymous announced a new cyber-attack campaign against US websites named #OPUSA. The attack is scheduled for May 7th, 2013.read more