Month: April 2024
Another week, another threat. This week dawned with a spate of twitchy fingers telling us about the latest monster to emerge from the closets: KRACK. KRACK stands for Key Reinstallation Attack. You can read the details of this one on a variety of sites including Arstechnica,1 Verge,2 and, as befitting the seriousness of this one, its own website.3…
Read MoreThe recently released F5 and Ponemon report, “The Evolving Role of CISOs and their Importance to the Business,” unearthed some disconcerting results about CISO effectiveness. In particular, the following survey question spoke to this point specifically: Are security operations aligned with business objectives? Fully – 26% Partially – 34% Not – 40% Surprisingly, only a quarter of…
Read MoreI recently had the opportunity to sit down with two of F5’s top threat researchers, Sara Boddy and Justin Shattuck, to pick their brains about IoT, its current state of “security,” and what we can expect to see in terms of threats, attacks, and mitigations in the future. Justin and Sara are co-authors of three IoT threat research…
Read MoreHelp Guide the Future of Apps – Ultimately Your Threat Landscape – By Responding to Our SOAD Survey!
Every year, we try to pull back the curtain on the future of application delivery by looking at those trends and technologies that impact it the most. Containers. Cloud. Digital Transformation. Automation. All have an impact on applications and their architectures, which in turn has significant implications for application delivery and the businesses that rely…
Read MoreDepending on third parties is inescapable. Every organization needs software, hardware, Internet connectivity, power, and buildings. It’s unlikely they’re going to do all those things themselves. That means that organizations must be dependent on others outside themselves. With that dependence comes risk. F5 recently partnered with Ponemon Institute to survey CISOs. In the report, The Evolving…
Read MoreThis isn’t your mama’s botnet. This is a proper botnet. If you were the world’s best IoT botnet builder and you wanted to show the world how well-crafted an IoT botnet could be, Reaper is what you’d build. It hasn’t been seen attacking anyone yet, and that is part of its charm. But, what is…
Read MoreFigure 1: Demonstration of a split-tunnel attack4 Email Retrieval attacks The two major protocols associated with email retrieval are Post Office Protocol 3 (POP3) and Internet Message Access Protocol (IMAP). Both protocols connect to an email server to download new messages over a TCP/IP connection.5POP3 is much simpler and easier to implement, but only allows…
Read MoreIn part I of this series, I explored some of the issues surrounding the fact that we have managed to build networks so large and complex that it is essentially impossible to grasp any significant fraction of network activities without asking for help from… the network itself. In this installment, I delve into some actual techniques…
Read MoreSo, what’s the issue when it comes to encryption and quantum computing? Today’s asymmetric encryption algorithms, which are primarily used for key exchanges and digital signatures, are considered vulnerable to quantum computers. For example, using today’s traditional, digital, transistor-based computers, it’s estimated it would take 6 quadrillion CPU years to crack a 2048-bit RSA decryption key.7 But,…
Read MoreDestruction, loss of data, intellectual property theft, fraud, embezzlement, disruption to business, restoration—globally, the costs of dealing with hacking, which were estimated at $3 trillion in 2015, are projected to double to $6 trillion annually by 2021.1 Yet under US law, it’s illegal to attack the hackers back. Way back in February, a Georgia Republican…
Read More