Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

The IT industry needs to share more information on hacker's attacks

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

August 23, 2016

According to Centrify's security expert David McNeely, it's a well-known fact in the IT industry that hackers like to re-use code, but hardware and various security vendors don't find out about specific attacks because they don't share the information.

At this year's Gartner 2016 Security and Risk Management Summit in Sydney Australia, McNeely said that this realization was driven home to him during the recent Black Hat conference in Las Vegas.

Just like anybody working with any kind of software, black-hats prefer the tried-and-true to creating something new. No problem there.

But 2016's point-of-sale security horrors are a good example-- “Attackers tend to re-use their technologies,” McNeely asserted. “If they work out something in a point-of-sale system, they try it again and again. The IT industry needs to share more information about what is happening, how the attack worked, and most important, how to prevent it from happening again.”

That simply means overcoming the all-too-common shyness and shame. Vendors routinely dislike being “outed” and are fearful of going public in case knowledge enables more attacks. And that's understandable.

“People are shy about how they secure things, in case they give away too much information about how a security breach happened,” added McNeely.

Naturally, we listened closely to McNeely talk about the National Institute of Science and Technology (NIST) recommendation that its community (U.S. federal government IT) deprecate the use of SMS for two-factor authentication.

While the recommendation has been controversial, criticism mostly misses NIST's role. Its recommendation is not something that influences other bodies like PCI which regulates security of payment cards.

McNeely added that the NIST publication is “Good news-– people are talking about it, and working through a lot of the different use examples. In some cases, SMS might be a satisfactory way to identify a person.”

Centrify said the document made it take a look at its own identification and access management products.

The decision they came to was that SMS should be separated from the act of identifying the user. That means going from SMS as carrying the token, to SMS delivering a link to something else, he asserted.

Source: Centrify Internet Security Inc.

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.


Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer