Tag: trends

Data Breach For Dummies: Simple Hacks, Hackers Are The Norm

In spite of widespread media attention to the problem of “advanced persistent threats” and nation-backed cyber espionage, most cyber attacks that result in the theft of data are opportunistic and rely on unsophisticated or non-technical means, according to Verizon’s 2013 Data Breach Investigations Report (DBIR). Verizon said that its analysis of 47,000 security incidents and 621 confirmed cases of data loss showed that three-quarters were “opportunistic” – not targeted at a specific company or individual – and financially motivated. Around 20 percent of attacks were linked to what Verizon termed “state affiliated actors” conducting cyber espionage. Verizon’s annual Data Breach Investigations Report presents the results of investigations conducted by Verizon’s RISK investigators, the U.S. Department of Homeland Security, US-CERT as well as by law enforcement agencies globally. In its sixth year, it is a highly regarded and oft-cited benchmark of malicious activity and threats to organizations. In a press release […]

The History Of Programming Languages – And Their Popularity

Our friends over at Veracode posted a great little infograph this week that explains the history of computer programming languages, starting with software development’s forefather foremother, the lovely Ada Lovelace, who is credited with developing the first programming language, an algorithm for a mechanical computer dubbed the Analytic Engine in 1883! The graphic describes the history of modern programming languages, including COBOL, FORTRAN and LISP in the 1950s and 60s, up to today’s dominant languages: Java, C and Objective-C. Check it out! Infographic by Veracode Application Security

The Security Ledger podcast

Podcast: Switch To IPV6 Demands A Security Re-Think

Podcast: Play in new window | Download () | EmbedSubscribe: Apple Podcasts | Google Podcasts | Stitcher | Email | TuneIn | RSS | https://www.securityledger.com/subscribeEditor’s Note: This  interview with Qualys CTO Wolfgang Kandek was originally recorded on March 29th. You’re probably not aware of it, but a major transformation is taking place on the Internet. We’ve exhausted the approximately 4.3 billion available addresses for IPV4 – Internet Protocol Version 4 – the Internet’s lingua franca. (Roughly 98% of all Internet traffic.)   With billions of new, intelligent devices set to join the global Internet in the next decade, a new addressing scheme was needed. Enter Internet Protocol Version 6 (IPV6), which will create a practically inexhaustible supply of new addresses and some much needed, new security features that can prevent man in the middle attacks, ARP poisoning and a host of other ills. But organizations that have the luxury of […]

Application Security ‘Precrimes’ Report: SQL Injection, Crypto Hacks in 2013

We have plenty of industry-provided reports that tell us what happened in the past. The annual Verizon Databreach Investigations Report is due out any day, providing data on breaches investigated by that company’s incident response professionals, as well as information from law enforcement agencies around the world. And, with the first quarter gone, its safe to assume that similar reports will follow from Symantec and others.   But what about the threats for 2013? That’s where Veracode’s State of Software Security (SoSS) report comes in. Released to the public today, SoSS documents the kinds of software vulnerabilities that company found during 2012. And, where there are vulnerabilities, there will be attacks, Veracode CTO Chris Wysopal says. So what’s on tap for 2013? SQL injection attacks are likely to be one of the main attack types against web-based applications this year, as they were last year, Veracode says. That’s because SQL […]

Painting of Flowers

One Reason Security Is So Hard? Really Bad Reports.

Security is hard. Everyone knows that. The question is: why? After all, our understanding of cyber threats improves with each day. The tools we use to secure our systems have also improved over time – antivirus software, firewalls, application firewalls, intrusion detection, data leak prevention, and so on. And yet, when we look at the data, there’s not much evidence that better understanding and better tools are leading to better security. According to Jonathan Grier, an independent security consultant, the answer to the question ‘Why aren’t we getting better at stopping attacks and protecting data?’ is that we’re not doing a good job of learning from the data we have. In a conversation with The Security Ledger, Grier, the founder of Grier Forensics,  said that, despite a wealth of security data, the security industry’s approach to analyzing it is immature. Grier likes working on the cutting edge of computer forensics and application security. […]