Wednesday, January 23, 2008

HackerSafe pwned

Back in early 2000, Kevin Finisterre and I were talking about HackerSafe and the risks that it posed to its customers. Primarly, if hackers monitor all HackerSafe websites they will know when to attack a site based on the presence of the HackerSafe logo. Another issue that we have with HackerSafe like services is that we feel that people are getting a false sense of security. Automated tools like the ones used by HackerSafe (scanalert) do not identify the security holes that most hackers use to break into networks, instead they only identify the known issues.

Don't get us wrong, there is value in the services that are being offered by ScanAlert. Their services help businesses keep up to date with patches and prevent businesses from missing the obvious and low hanging fruit. For that very reason services like HackerSafe have a very good ROI. Just don't feel 100% because you've got the logo, you're never 100%. Here's an article where our CTO commented on the recent HackerSafe pwnage.

Saturday, January 19, 2008

Hackers attack power companies

For quite some time I've been giving speeches and talking about the physical damages that malicious hackers could cause with a well crafted cyber attack. I've discussed how vulnerable our (the world's) core infrastructure is and how easily it could be disabled. As a result many people have called me a conspiracy theorist, or accused me of exaggerating. Well, unfortunately now I can say "I told you so." This isn't the first time that hackers have attacked this kind of technology, the US Department of Defense did it during the Aurora Generator Test.

Friday, January 11, 2008

ZDNet Australia

Netragard's CTO was quoted in the following article titled "2007: How was it for Apple". Here's the article and here's the quote:

Adriel Desautels, chief technology officer for security company Netragard and founder of the SNOSoft research team, said: "If OS X had the same installed base as Windows, Linux and other systems, it would be less secure or at the very most, as secure as the other systems ... It's just a matter of what [attackers] focus on."