This is a fairly scary view of the world…. Freie Universität Freiburg mapped the Internet accessible SCADA systems. Have a look on your own: https://www.scadacs.org/projects.html
Related articles Worldwide Map of Internet Connected SCADA Systems (cyberarms.wordpress.com) The SCADA security challenge (net-security.org) SCADA’s frighteningly exposed underbelly (blogs.techworld.com) Thousands of Finnish SCADA systems vulnerable to attack (asherwolf.net) . . . → Read More: Internet Accessible SCADA Systems
Depending on where I travel and with which customers I talk, patch management is still the number 1 issue coming up. Not only is the challenge to deploy the updates – much worse, there is still an awareness issue in a lot of markets. People know that they should patch but too often do not . . . → Read More: The Challenge of Patch Management
Typically January is the month where we are asked to make predictions on the trends for the New Year. I do not like this as I am an engineer and not a fortune tellerJ. But there are things we know and things we definitely need to drive this year. I would actually put it into . . . → Read More: Security in 2013 – the way forward?
In the recent months, we have seen more and more targeted attacks towards our customers. A lot of them use a technique called Pass the Hash. This made us publishing a paper, which explains Pass the Hash but much more important shows some fairly simple to implement mitigations against this type of attack. As they . . . → Read More: Mitigating Pass the Hash Attacks
A while ago, when I was travelling a journalist told me that he never pays for our software as he can easily download a tool to crack Windows XP (he was still running XP). We had an interesting discussion afterwards (besides the fact that he showed me how he steals our goods) about security. He . . . → Read More: Security Implications of Pirated Software
Yesterday I blogged about the Security Advisory – Update For Minimum Certificate Key Length. I would like to take the opportunity to give some more information on it.
The reaction on the advisory is interesting so far. Some customers expect mainly older applications to run into a problem. Others tell us that they mandated . . . → Read More: UPDATE: Security Advisory – Update For Minimum Certificate Key Length
As you know, I rarely blog about Security Advisories or updates but this time, I want to make sure that you saw that: We released the Microsoft Security Advisory (2661254) – Update For Minimum Certificate Key Length to make you aware of the fact that we will restrict usage of all certificates with RSA keys . . . → Read More: Security Advisory – Update For Minimum Certificate Key Length
Yesterday we all had a very long day: We hosted the EU Cybersecurity and Digital Crimes Forum in Brussels. At lot of government elites from all across Europe attended and were part of very intense discussions. It was obvious that people really are serious about cyber-whatever and that actions are being taken. I think that . . . → Read More: Tackling Cybersecurity Together
The Australian Defense Signals Directorate maintains a list of the Top 35 Mitigation Strategies against targeted intrusions. This is just a reference to the top strategies:
Patch Applications Patch the Operating System Minimize the use of local admin Application whitelisting …
Looking at these 35 strategies, the DSD claims that
While no single strategy can . . . → Read More: Implementing the Top 4 Defense Strategies