|Hear from leading experts how third-generation fabric computing, new innovations delivered through Cisco UCS, meets changing business demands and provides companies with a competitive advantage.|
2012 Security Conferences Focus on Malware and the Cloud
Vendors and industry representatives at this year's biggest security conferences, the RSA conference, the CSU's CISOA/SecureIT Joint 2012 Conference, and the InfoSec World Conference & Expo 2012, are focused on security, as usual.
Lies, Damn Lies, Security Metrics, And Baseball
I fear that this may happen in the InfoSec world if we become more focused on metrics than strategy and on providing glowing reports to our superiors than truth telling. Too much focus on them will force your teams to manage to those metrics instead of ...
by Marcia Savage
When it comes to customer case studies, CloudFlare has one of the most unusual and dramatic I’ve ever heard.
Last summer, the LulzSec hacking group signed up its website for CloudFlare, drawing the website security service and accelerator company into one of the biggest cyber battles ever, as LulzSec created mayhem on the Internet while rivals and others tried to knock it offline. CloudFlare’s CEO and Co-founder Matthew Prince detailed the attacks in a presentation at RSA Conference 2012; I wasn’t able to attend, but he filled me in during a briefing at the show last week.
LulzSec registered for CloudFlare on June 2, 2011 after it a substantial DoS attack knocked its newly launched site – LulzSecurity.com — offline for 45 minutes, Prince said. “We had no idea who LulzSec was,” he said. As it turns out, the group had just published information it had allegedly stolen from Sony.
For the next 22 days, LulzSec waged battle on the Web as rivals and white hat hackers launched a volley of attacks against the group’s site. “It was like a gunfight and we were sitting in the middle of it,” Prince said.
The battle proved a mighty test for Palo Alto, Calif.-based CloudFlare, which protects websites against threats like DDoS, XSS and SQL injection attacks while also boosting site performance. “It was the most massive pen test ever,” Prince said. “We learned a ton from the fact that LulzSec was with us.”
He explained that CloudFlare’s system automatically looks for anomalies to detect attacks and once it does, adds protection for all the websites it protects. More than 250,000 websites, from Fortune 500 companies to individual blogs, use CloudFlare. Using the service doesn’t require any hardware installation, only a change to network settings to allow site traffic to pass through CloudFlare, which operates 14 data centers around the world.
“We’re like a smart, skilled router on your network,” Prince said.
The fact that LulzSec stayed online for the 22 days it was with CloudFlare illustrates the company’s core value proposition, Prince said. “Because we saw these threats our network got smarter,” he added.
Prince said CloudFlare never got a request from law enforcement to take LulzSec offline, but quickly added that it has no mechanism to do that anyway. He noted that CloudFlare wasn’t LulzSec’s hosting provider.
As to whether CloudFlare considered shutting off service for LulzSec – a group linked to a number of attacks on corporate government sites – Prince said his company’s role isn’t that of an Internet censor.
“There are tens of thousands of websites currently using CloudFlare’s network,” he said in a blog post last summer. “Some of them contain information I find troubling. Such is the nature of a free and open network and, as an organization that aims to make the whole Internet faster and safer, such inherently will be our ongoing struggle. While we will respect the laws of the jurisdictions in which we operate, we do not believe it is our decision to determine what content may and may not be published. That is a slippery slope down which we will not tread.”
Grassroots Tech Community Brings Symantec CEO And $10000 Hacker Contest To ...
Kansas City IT Professionals (KCITP), a grassroots community of 7500+ members in the Midwest, has partnered with Symantec for “InfoSec night”. The security-focused event, hosted by Johnson County Community College, will occur on March 21st from 4:30pm ...
Posted by InfoSec News on Mar 06http://www.csoonline.com/article/701565/iranian-nuclear-program-used-as-lure-in-flash-based-targeted-attacks
Posted by InfoSec News on Mar 06http://arstechnica.com/tech-policy/news/2012/03/stakeout-how-the-fbi-tracked-and-busted-a-chicago-anon.ars/
Posted by InfoSec News on Mar 06http://www.bankinfosecurity.com/articles.php?art_id=4556
Posted by InfoSec News on Mar 06http://www.infoworld.com/d/security/the-19-most-maddening-security-questions-187983
Posted by InfoSec News on Mar 06http://www.wired.com/threatlevel/2012/03/lulzsec-snitch/