Comodo Takes Security Seriously... Wait, What?
via Zach Whittaker, writing at Techcrunch, comes this interesting piece, describing a 'cybersecurity' company's (in this case - Comodo) abject faliure to protect it's own web presence (from a recently reported - and fixed-by-the-vendor flaw). A nearly perfect example of as to why security companies are generally distrusted (at least around here...).
Oh, and the ostensible cause? The highly reported on VBulletin Flaw (now fixed). However, the true cause was (and I assert still must be) gross incompetence displayed by Comodo, and of which, is certainly not the first time this company has appeared swimming in the murky sea of questionable practices, and behaviors indicative of criminality.
Webroot, The Latest SNAFU →
Iain Thomson, writng at El Reg, reports on Webroot's latest SNAFU. I'll leave it to his illustrative prose to tell the tale.
Self-Healing Endpoint
Apparently, this product is now embedded in a wide range of devices (ranging from Apple Inc. to Dell Computers and more). I do architect & advise end-point security efforts in my work (agnostic that I am - I do not recommend individual products), but certainly not an embedded product in BIOS or EFI. Could it be rightly called 'The Self-Healing Endpoint of Privacy'? Has a meme been created? You be the judge - Me?, I'm going back to paper and pencil, air-gapped (of course - dammit, air-gaps are no guaranty of secure platforms either...). What to do. Tip o' the Hat.
Bad Relationship, Technical Debt →
Technical Debt, and it's consequences... Illuminated for us - mere mortals - by Chris Hockings - IBM Master Inventor. Todays' MustRead.
In the worst-case scenario, an enterprise continues to invest in platforms that are no longer sufficiently effective, resulting in more personnel delivering currency rather than capability. Security debt is a term that has been coined to describe application vulnerabilities that result from such laggardly behavior. - via by Chris Hockings writing at SecurityIntelligence
Espionage, The Intelligence Files
News, via Lucian Constantin, writing at PCWorld, details the discovery of a targeted group of LinkedIn Corporation (NasdaqGS: LNKD) users (in this case information security professionals) unwittingly involved in a focused intelligence/espionage campaign to garner discrete corporate information. Another case of social networks as the baseline method for intelligence gathering by nations-states and illicit non-governmental organizations. Aye me buckos! A treasure-trove thee awaits!