Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Top security incidents of 2011

Marsh Ray, senior software development engineer at PhoneFactor | Dec. 22, 2011
Everyone will agree that 2011 was a busy year in the field of data security, so as the year draws to a close it seems appropriate to begin the process of distilling our experiences into "lessons learned" that we can take into 2012.

What we learned:

* We are dependent on our vendors.

* Even the most well-regarded technology companies can be "pwned" by an Adobe Flash zero-day.

* Continuous monitoring is essential.

* An attacker may seek to use you as merely a stepping stone in a larger plan.

Of course there were plenty of other noteworthy incidents from 2011 that there simply isn't space here to discuss: the (former) Tunisian government's man-in-the-middle attack on Facebook's login authentication, the breach of Syria's BlueCoat logs, kernel.org, and so on.

Perhaps 2012 will bring us less interesting times!

Ray is a senior software development engineer at PhoneFactor, where he is a core developer of the PhoneFactor authentication system. In 2009, he discovered the TLS renegotiation flaw, co-wrote the disclosure paper, and was an author of RFC 5746, TLS Renegotiation Extension, in 2010. Also in 2010, he disclosed the NTLM authentication forwarding flaw. He is a regular participant in the IETF TLS working group, and participates in other IETF and non-IETF security and cryptography groups.

PhoneFactor is a leading provider of multi-factor authentication services. Its award-winning platform leverages a device every user has -- a phone -- to strongly authenticate logins and transactions. PhoneFactor offers out-of-band security, a better user experience, and a lower total cost of ownership via a simple, automated phone call, text message, or smart phone app.

 

Previous Page  1  2  3 

Sign up for CIO Asia eNewsletters.