Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

SecurityWeek Top 25 Picks for 2010

As the year comes to a close, we thought it would be appropriate to highlight some of the best stories and columns for 2010. Here is a selection of top picks for the year, based on several factors including number of reads, inbound links, tweets, and SecurityWeek staff selections. Enjoy this selection of top picks for 2010, listed in no particular order. Happy New Year!

As the year comes to a close, we thought it would be appropriate to highlight some of the best stories and columns for 2010. Here is a selection of top picks for the year, based on several factors including number of reads, inbound links, tweets, and SecurityWeek staff selections. Enjoy this selection of top picks for 2010, listed in no particular order. Happy New Year!

VM Introspection: Know Your Virtual Environment Inside and Out – Johnnie Konstantas – Knowledge is power and, when it comes to security – the more information you have about your environment – the more effective you can be at protecting it.

Top Security Stories for 2010

Defense Department’s Cyberwar Credibility Gap – Michael Stevens – IT pundits find it hard to believe that an incident which led to the Pentagon’s recognizing cyberspace as a new “domain of warfare” could have really happened as described.

Application Layers – The DNSSEC Chicken and Egg Challenge – Rod Rasmussen – There are obvious security benefits to adopting DNSSEC, but there are some severe downsides to being too early in the adoption curve. Should your organization implement DNSSEC yet?

The Rise of the Small Botnet – Ram Mohan Smaller botnets are cheaper and easier to build out and operate, and criminals have already realized that large-scale botnets attract unwanted attention

Meeting Compliance is Overrated—Manage Risk! Gary DavisMeeting Compliance is Overrated – Manage Risk! Efficient, Effective Risk Management is the Key to Ensuring the Possible Security Posture and, by Extension, Meeting Compliance

Stuck on Stuxnet – Are Grid Providers Prepared for Future Assaults? – Matt Hines – Not only will U.S. grid infrastructures see more of these types of campaigns, most experts seem to think that energy providers and other key backbone constituencies are woefully unprepared to ward off such assaults.

Deploying DNSSEC – Four Ways to Prepare Your Enterprise for DNSSECRam MohanRolling out DNSSEC is not entirely painless. Here are four things your organization should do to prepare for DNSSEC deployment.

An Inside Look at Hacker Business Models – Noa Bar-YosefThe industrialized hackers are intent on one goal–making money. They also know the basic rules of the business of increasing revenues while cutting costs.

The Evolution of the Extended Enterprise: Security Strategies for Forward Thinking OrganizationsDerek GabbardIn the world of information security during the ‘good old days’ of the late 1990s, enterprise boundaries were enterprise boundaries and operational risk to infrastructure was relatively easy to define, track, assess and remediate.

  The Increasing Importance of Securing The Smart Grid – SecurityWeek Research – Smart Meter technology can remotely control consumer electricity use. This can help utilities conserve energy, reduce costs, increase reliability and transparency, and make processes more efficient. However, the increasing use of IT-based electric power systems increases cyber security vulnerabilities, and this increases the importance of cyber security

The Implementation Challenges for DNSSECRod Rasmussen – Wide-spread DNSSEC adoption is still far from completion, even for critical domains and services. So what are some of the major the pitfalls of DNSSEC and how can they be avoided?

Customer or Fraudster: Tossed Your Cookies Lately? – Tom GrubbDetecting online fraud – The burning issue with cookies isn’t about privacy at all—it’s about the death of the cookie as a usable way to identify a device.

Routing on The Internet: A Disaster Waiting to Happen? – Ram Mohan For a number of years, many of the Internet’s leading architects have considered the rapid growth and fragmentation of core routing tables one of the most significant threats to the long-term stability and scalability of the Internet. As the number of Internet hosts and networks increases, the greater the challenge will be for networks running older or slower equipment.

Out of Band Authentication: How Fraudsters Circumvent Sophisticated Security MeasuresIdan AharoniCybercriminals are constantly going up against anti-fraud measures designed to stop their efforts and they need to bypass them in order to make a profit.

How Operation Payback and Hacktivism are Rocking the ‘Net – Noa Bar-Yosef – With all the pro-Wikileaks hactivity of the past week, it’s time and discuss the threat-scape defined for hacktivism and their methods.

Social Networks as an Attack Platform: Cybercriminals Love Social Media Too!Noa Bar-YosefNever before in human history has a population adapted to technology advancements as we currently are today. But we, the netizens, are not the only ones benefitting from these technologies. The hackers are sharing this high-speed ride with us and they’re not agreeing to sit in the back seat of the technology bandwagon.

The Anatomy of an Advanced Persistent Threat – Terry CutlerAttackers are Getting More Sophisticated – Here’s an Example of How they Work and Insight on How to Stop Them.

Unspoofable Device Identity Using NAND Flash Memory – Markus Jakobsson – In 1998, Intel announced the introduction of processor identities. Anti-fraud practitioners celebrated, security experts busied themselves thinking of the research implications, and privacy advocates were terrified.

What’s in your Extended Enterprise? – Rod RasmussenAnalyzing its make-up and what risks it carries. Enterprises today exchange information almost completely online with more providers and partners, in more ways and more places than ever – in order to keep your castle walls secure, you must make sure the village is secure as well.

Managing Security and Compliance – Seeing the Forrest Instead of the Trees – Eric Schou – Successfully managing security and compliance is difficult in any sized organization, but universally most people will suggest the place to start is by getting a detailed understanding of the standards and regulations that affect you.

Why Cloud Tenancy and Apartments Have More in Common Than You Think – Dimitri McKay One of the most common questions about cloud security is around privacy and regulatory compliance. Questions around government mandates and industry requirements abound from IT managers considering a shift to the cloud—most of which relate to multi-tenancy.

Web 2.0: Should Businesses Block or Embrace? – Alex Thurber Social Media Acceptable Usage Policy – Why Allow Web 2.0 to Be Used in Business?

Using Guilt Instead of Cryptography – Markus Jakobsson – Web site passwords are frustrating to many, especially on mobile devices, where entering them is time-consuming and error prone. Theory on Using Guilt Instead of Cryptography to Prevent “Friendly Fraud”

Hacker Uses XSS and Google Street View Data to Determine Physical Location – SecurityWeek Video –  Samy Kamkar demonstrates the ability to extract extremely accurate geo-location information from a Web browser, while not using any IP geo-location data.

• IT Salary Guide Shows Increase in Salaries for IT Security Professionals – SecurityWeek News – IT security professionals in the United States can expect starting salaries to increase in 2011, according to the Robert Half Technology Salary Guide for 2011. The guide suggests larger increases in base compensation expected in high-demand segments including information security related positions.

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Nation-State

The North Korean APT tracked as TA444 is either moonlighting from its previous primary purpose, expanding its attack repertoire, or is being impersonated by...

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.