Tuesday, January 26, 2010

The State of My Blog Address

Readers, distinguished bloggers, various feeds - A year ago this week, I crossed over into double-digit blog entries (a whopping 10 stories at the time but a relative blog newcomer) and was wondering what magical rant would make this Blog Go to Eleven.  Fidgeting with the keyboard and watching the blinking curser as nothing came to mind, I decided to dedicate January 30th as ‘Blog About Your Blog Day.’   The day that all bloggers would share stories, tips and other musings about their own blog.  Since I don’t see it as a #trendingtopic on Twitter, it might not have stuck.  Annual rituals often need a few years to take, so here’s the State of My Blog address in honor of my own made up writing holiday.

Last week, my good buddy Michael Sheehan of GoGrid (@HighTechDad on Twitter) wrote about the detailed process he goes through when creating a blog post.  I gotta give him credit for both having a process and actually documenting it since I typically just see a topic/story, fire up Live Writer and tap away.  Often stories come to mind while I’m walking the dog the evening before I post.  I think it has to do with clearing my mind of all the day’s clutter and suddenly it’s like, ‘There it is!!.’  I’ll get home, quickly jot some notes or create a title, sleep on it and write it the next day.  This was one of them.  I typically try to post at least once a week and it’s usually around mid-week.  This blog talks about how Thursday is the best day to post and this one backs it up with some statistical charts.  I’ve read a couple that indicate that Monday’s are not great since everyone is getting back into the work routine, at least for business blogs.  And speaking of Personal vs. Business blogs – Michael’s entry describes his method for personal blogs.  I really don’t have a ‘personal’ blog since most, if not all, my entries are work related and published on F5’s DevCentral.  I do feed WordPress, Ulitzer, Blogger, Posterous and others for greater coverage but our DevCentral community is my main audience.   Even with a business blog, I do tend to incorporate personal stories since what I do as a career does mix with who I am as a person.  I still remember years ago when I worked at the Milwaukee Repertory Theater an Art Director saying, ‘I am not my art!’  Always thought that was funny but interesting.
Even though this is a F5 branded blog, I do try to keep it focused on technology, trends, ideas and other industry topics instead of a ShamWow ad for BIG-IP.  Most of our readers are familiar with BIG-IP (and learning about the new BIG-IP Edge Gateway announced this week) and I just like to compliment what they already know, offer some new ideas or bring attention to market/technology trends and how F5 solves some of these.  Nothing too technical, security focused, a bit of humor, some personal insight and our daily lives – that’s the State of My Blog 2010.  How about yours?

And here are a few other stories I considered writing about this week:
Until next time…

Technorati Tags: Pete Silva,F5,security,application security,network security,blogging,blogs
Digg This

Monday, January 18, 2010

Cybercrime, the Easy Way

The Dummies series is a great collection of ‘How to’ instructions on a wide array of topics and while they have not published a ‘Cybercrime for Dummies®’ booklet (and don’t think they will), DYI Cybercrime Kits are helping drive Internet attacks.  Gone are the days when you had to visit a dark alley to get a crook’s cookbook.  You don’t need to be an expert or tied to some sophisticated crime ring but now you can infect, spam, phish and generate other dastardly deeds with the best of them.  Similar to downloading and using iTunes, P2P applications, IM services, Skype and others to accomplish those specific tasks, you can get a Cybercrime toolkit to go with your black ski mask, getaway car and evil lair hideout.  You don’t really need any technical knowledge since all you do is install the program, tell it what you want, customize the message, send the infection and wait for the program to tell you when you’ve hit gold.  The early ‘hacking’ sites like www.2600.com or www.L0pht.com use to allow you to download your favorite virus to send to friends.  Granted, many organizations used their malicious code to test their own systems and they’ve since become more industry friendly and still provide great insight into the ‘black-hat’ing’ community.  I’ve even used L0phtcrack several times over the years.  Remember, downloading a root kit isn’t necessarily a crime, it’s what you do with it that might be.
The initial data breach numbers for 2010 are already staggering.  In just a couple weeks, around 1,233,432 records have already been breached according to Privacy Rights Clearinghouse – that’s an average of over 68,000 a day.  During 2009, Panda Labs saw a 77% increase in banking theft Trojans compared to 2008 which directly corresponded with the increase in available kits.  As this trend continues, the ‘Kids with Kits’ will be competing with the ‘Established Mobs’ for your passwords, money, identity and any other valuable items/info to sell or use themselves. 
Certainly, users need to be extra vigilant when receiving suspicious emails with ‘Click Here:’ boldly pronounced and organizations need to realize that their systems will be poked, prodded and tapped even more this year.  On the web facing front, deploying a Web Application Firewall, like BIG-IP ASM, not only protects against the typical, well known attacks like SQL Injection, DoS, Brute Force and Web Scraping; but can also help with identifying that bad-boy with IP Geolocation and ASM has always helped to keep you compliantBIG-IP GTM v10.1, with the new DNSSEC feature, secures your web property against DNS Cache Poisoning and other malicious redirects.  The FirePass SSL VPN and other BIG-IP products offer End Point inspection to ensure that the requesting host abides by your security policy prior to gaining access and Encryption to keep the traffic secure.  The BIG-IP MSM takes a bite out of unwanted spam.  Even BIG-IP LTM with it’s virtualization capabilities among other security features provides some network firewall functionality and with BIG-IP PSM, you get powerful security services for HTTP(s), SMTP, and FTP at BIG-IP speeds.
Now that it’s gotten easier for anyone to become a cybercriminal, your defenses must be also be easy and quick to deploy.  F5’s BIG-IP systems give you the control, power and ease of use to thwart both the organized crime syndicates and those rookies just getting into the game.

Technorati Tags: Pete Silva,F5,security,application security,network security,virus
Digg This

Wednesday, January 6, 2010

New Decade, Same Threats?

Do I call it Twenty-Ten or Two Thousand Ten?  Just not Two Thousand and Ten since that pesky decimal takes us back 10 years.  Eh, either way, the new year and decade brings out all the predictions for the coming year with this one taking the cybercriminal approach.   The various 'Year in Reviews' also make appearances since we need to understand where we came from to know where we’re going.  These are always interesting due to the various points of view even if many of the predictions are the same: social media threats, not necessarily more but smarter malware/botnets, using the cloud for crime, financial DDoS, rogue software, Mac and Mobile malware, more breaches and a whole host of others.  Compliance and Health Care, while not threats, seem to be the areas of security focus in the coming year along with online banking.

From a government perspective, while much has been written about compromised drones and Warplanes, the real concern at the Pentagon is Electronic Espionage – breaching the network.  Being able to not only see data, such as intelligence reports, but manipulate the data.  Imagine if an ammo request was intercepted and changed to reflect a new delivery location.  That would be bad.  I’ve written about Corporate Espionage as part of the 26 Short Series and do think it’ll continue.  Trade Secrets, product plans and customer data are all tasty treats to the cybercriminal.  One of the reasons I think that this type of data is a target is due to regulatory compliance, but maybe not in the way you  think.  I look at it from a more ‘human nature’ position.  The more locked up, secret, hidden or protected something is, creates a perception of greater value or worth.  If you see a door with 5 locks on it verses one with just a single lock, you’d probably think that Door Number 1 has the good stuff since more protection was deployed.  If you’ve ever walked through the Tower of London to see the Crown Jewels, you’ve also seen the huge, thick vault doors that keep them safe at night.  With all that security, it must be extremely valuable. 

In some ways I think compliance creates the same ‘perception’ and increases the attack potential.  Companies are required by law to protect, store, encrypt and generally safeguard certain private/sensitive data – the crown jewels so to speak.  Don’t get me wrong, I’m not advocating to ignore compliance and current regulations – such as PCI – are needed.  I even think some could go a little further in prescribing security protections but it also tells cybercriminals – this is the good stuff.  If you want a huge score, hit here.  We might see an increase in Gas Station terminal thefts as we get closer to the July 2010 PCI deadline for unattended, Point-of-Sale PIN entry devices as thieves probably want to beat the deadline too.  2009 proved that while little scams and thefts will continue, it’s the big breach of regulated data that gets the biggest payout and the most news coverage.  That’s what I see coming in 2010.


Related Resources

Digg This