Stories by: Andreas M. Antonopoulos

+

Mobile malware will test Android and iPhone 13 January, 2010 07:59

2009 ushered in mobile malware with the first (and second) iPhone worm appearing just before Christmas.
+

iPhone security problems bring new risks 12 November, 2009 04:35

In just four days, not one but two worms targeting the iPhone have emerged. Both of the worms target the same vulnerability, a default password in the SSH server that is installed on jail-broken iPhones. While one worm is a mostly a nuisance, the second siphons personal information from the iPhone, which makes it a serious identity theft threat.
+

UC security: When the shoe won't fit, compress the foot 15 April, 2009 05:06

If your security model is location-centric and depends on keeping things separate, how do you respond to a disruptive technology like unified communications? This is a pattern that keeps repeating in many different areas: the security paradigm looked good until a technology comes along, changes the assumptions and reveals the inadequacy of the model.
+

The fantasy and reality of government security 05 March, 2009 11:09

In the movies the government has always got the best toys, the cutting-edge technology and the tightest security standards. Those who have worked on security projects within the government know that in real life government security standards and implementations can vary all across the range from quite serious to laughable.
+

Security predictions for 2009 06 January, 2009 08:34

My predictions for information security in 2009 are just predictions, not recommendations. I am trying to guess what will happen, not suggesting what should. As always, take these with a grain of salt.
+

How recessions make good people do bad things 13 November, 2008 10:49

Whom can you trust? In security, many of us nurture a healthy sense of paranoia and tend to be distrustful. But as human beings, as social beings, we form bonds of trust with those around us.
+

Can you keep users from importing their own applications? 01 October, 2008 10:15

There's IT, and then there's shadow IT.
+

The challenge of securing virtualization operations 08 September, 2008 09:00

I have been very interested in virtualization security since early 2004 and it now seems like it has become a mainstream topic. Most of the focus however is on securing the technology of virtualization (the hypervisor) and providing virtualized security (usually as virtual appliances). My focus nowadays is more on the operational impact of virtualized infrastructure and by extension the impact on security operations. After all, security controls (technology) are essential but without operational controls (people) they are not sufficient. So what is the operational impact of virtualization?
+

No excuses -- encrypt all laptops 23 July, 2008 09:53

Every year, more than 5,000 laptops are lost in taxis in London, New York, Chicago and other large cities. According to our research, in 2008 companies' topmost security investment was laptop encryption. Laptop hard drives are getting bigger and now can hold hundreds of thousand to hundreds of millions of sensitive records.
+

Which IT security skills are most important? 14 May, 2008 09:21

I often hear from IT executives that it is hard to recruit and retain "good security people." Many lament the shortage of skills in this area and cannot reconcile the skills offered with the positions that need to be filled. Is there really a shortage of good security people? Or just a mismatch in the skills and the jobs?
+

Attackers are thinking outside the box 17 April, 2008 11:19

In the adversarial environment of information security, new types of attacks emerge constantly. Just recently, a very highly targeted phishing attack against CEOs used the pretext of a federal grand jury subpoena to lure executives to a site hosting malware. Let's face it: Most of the innovation in this industry is on the other side, the "dark" side. We are unfortunately forced to keep reacting to new ingenious attacks every few years.