Inside the World of Insider Threats, Part II: More on Motivation

One area the CMU CERT researchers looked into was the chain of events that cause a law-abiding employee to become an insider menace. For those who want to learn about the models the CMU team came up with, they’re welcome to read this fascinating paper on the topic. But I think I can summarize the…

In_the_office_1

Inside the World of Insider Threats, Part I: Motivation

As someone once said in a different context, never let a good crisis go to waste. While we still don’t have definitive proof, there’s good evidence that employees were in some way involved in the Sony meltdown—see Did North Korea Really Attack Sony? from Schneier. The larger point is that the Sony breach opens the…

campbell-logo

Varonis Keeps Client and Company Data Protected and Private at Campbell Global

Campbell Global is a leader in sustainable timberland and natural resource investment. The company manages approximately 3.1 million acres of land globally and about $6.1 billion in assets. Based in Portland, Oregon, its 300 employees are spread throughout 25 offices. The company critically needed a reliable way to closely document, track and manage activity associated…

Interview With NYU-Poly’s Professor Justin Cappos: Security Lessons From Retail Breaches

I had the chance to talk with cyber security expert Justin Cappos last month about the recent breaches in the retail sector. Cappos is an Assistant Professor of Computer Science at NYU Polytechnic School of Engineering. He’s well known for his work on Stork, a software installation utility for cloud environments. In our discussion, Professor…

Ticket_booth_at_Jenkinson's_Boardwalk_Amusement_Park

Microsoft Fixes Kerberos Silver Ticket Vulnerability

The Kerberos Golden Ticket already had a mythic status in the hacking world even before this summer’s Black Hat conference rolled around. In theory, a hacker could create a universal authentication ticket and lurk forever in an organization’s IT system.  The how-to-accomplish part, though, was always a little murky. At the conference a lot of…

ipswich logo

Ipswich Hospital Chooses DatAnywhere

Ipswich Hospital NHS Trust is a busy district general hospital in Suffolk, England. Its 3,500 employees serve the medical needs for a community of over 350,000 people. The Ipswich IT Team was recently faced with an information security challenge. How do you share sensitive, internal documents from the hospital file system with third-party organizations (insurance,…

Alex Is Smarter Than a Hacker [Contest]

We had a strong feeling that our Metadata Era readers were up to our hashing challenge. And they certainly came through. After reviewing many solutions, our judges have chosen Alex Bessonov of New Jersey as the contest winter. And his victory came just in the nick of time: his son’s Nexus 7 had recently stopped…

new-york-world_s-fair-1964-1

Privacy Predictions 2025!

After posting our IT predictions for next year, we decided to assign ourselves an even more challenging task. Using recent headlines from the tech press as a baseline, we tried to extrapolate ahead to the year 2025. Where might today’s stories about technology and privacy lead to in ten years if we don’t change how…

800px-Ancient_warded_lock_key_transparent

Crypto’s Fatal Flaw: Stealing the Master Key

At the beginning of the year, Cindy and I attended a crypto workshop held at a local college in NYC. We heard experts talk about a fact of life well known in the security world, less so in the IT space: crypto is not very healthy. The prime culprits are a slew of advanced persistent…

Are You Smarter Than a Hacker? [CONTEST]

They’ve broken into the largest retailers, key government agencies, and major social media companies, stealing tens of millions of credit card numbers, email addresses, and sensitive data. They’re experts at cracking codes, penetrating firewalls, and placing stealthy malware on our most guarded servers. Can the hackers be stopped? Maybe, but it helps if you can…