Skip to main content


Showing posts from January, 2010

Targeted Attacks - 2010 Predictions

It doesn't seem long into the new year and we already have two really high-profile targeted attacks, The one reported at the end of December was a targeted attack on Google and a few other companies using some 0-day code. - Google's release The other is a new report of defense contractors being targeted using a only-recently patched exploit for adobe acrobat reader. - F-secure's writeup Not surprisingly, motivation of would-be attackers continues to move from targets of opportunity to targets of value, the surprising thing about it is how quickly this trend is progressing.

Security Updates - 2009/2010

Sorry about the hiatus between posts - its been a busy holiday season and isn't showing any signs of slowing down in the next few weeks. I've posted a few tweets here and there for some quick updates but nothing major, so here are a few links that have really caught my eye over the last month or so (some really good stuff here!). Best Practice / Research updates NIST has published a draft revision of an important risk management framework which guides the implementation and compliance approaches with FISMA. In my opinion this strengthens the guidance and makes it easier to implement - NIST's SP 800-37 Rev. 1 - DRAFT Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach. The draft was open for comment until the end of December, so look for a release sometime in January. ISACA has published two new sets of documents for members, updated guideline on implementing and improving IT governance, and a new framework and p