Tag Archives: Fortinet

Browsing Security Predictions for 2013

The period between November and December is particularly interesting for the Infosec community, since nearly all the main security vendors use to unveil their predictions for the next year, trying to anticipate the trends and the issues that will trouble the system administrators’ sleeps.... Read More

Crime As A Self Service

One of the most visionary information security predictions for 2012, was the one issued by Fortinet which defined the term Crime As A Service: “Crime as a Service (CaaS), […] is just like Software as a Service (SaaS), but instead of offering legal and helpful services though the Internet, criminal syndicates are offering illegal and detrimental services, such as infecting large quantities of computers, sending spam and even launching direct denial of service (DDoS) attacks“. At first glance I marked this prediction as exaggerated but then I could not imagine that I should have witnessed a huge demonstration only few days after. Of course I am referring to the #OpMegaUpload when, immediately after the FBI takedown, the Anonymous redirected users towards a website when they could DDoS a large group of targets with a simple web click and most of all, without the need to install the Infamous LOIC.... Read More

What Security Vendors Said One Year Ago…

I did not resist, so after publishing the summary of Security Predictions for 2012, I checked out what security vendors predicted one year ago for 2011. Exactly as I did in my previous post, at the beginning of 2011 I collected the security predictions in a similar post (in Italian). I also published in May an update (in English) since, during the Check Point Experience in Barcelona held in May 2011, the Israeli security firm published its predictions. Even if the latters have been published nearly at the half of 2011, for the sake of completeness, I decided to insert them as well in this year-to-year comparison.... Read More

Browsing Security Predictions for 2012

Update 01/11/2012: Year-to-Tear comparison with 2011 Security Predictions... Read More

TCP Split Handshake: The (Never)ending Story…

[caption id="" align="alignright" width="240" caption="Image by Audric Leperdi via Flickr"]Cisco ASA 5510 Adaptive Security Appliance Cluster[/caption]

Update May 12: TCP Split Handshake: Why Cisco ASA is not susceptible... Read More

Some Random Thoughts On The Security Market

The intention by UK-headquartered company Sophos to acquire Astaro, the privately-held security company co-headquartered in Karlsruhe, Germany and Wilmington, Massachusetts (USA) is simply the last effect of the process of vendor consolidation acting in the information security market. It is also the trigger for some random thoughts…... Read More

Other Considerations On TCP Split Handshake

The storm unleashed by NSS Labs test for the TCP split handshake attack which affected 5 firewall vendors  is far from being quiet.... Read More

TCP Split Handshake Attack Explained

Update May 12: TCP Split Handshake: Why Cisco ASA is not susceptible... Read More

Application Security: What’s Next?

In the wake of the infamous LizaMoon which has flooded an impressive number of databases all over the world with SQL Injection, infecting more than 1,500,000 URLs according to Google Search, the next frontier of Information Security to which security vendors are likely to move, is the branch of application security. The last vendor in order of time to make an acquisition (just a couple of days before LizaMoon was detected) was Intel McAfee, which decided to enter the database security market (estimated more than $ 600 million in 2012) acquiring Sentrigo, a Santa Clara based company focused on database security, former member of the SIA Technology Partnership Program (McAfee Security Innovation Alliance) and currently linked to McAfee by an OEM partnerships.... Read More

Chronicles Of The Android

The title of this post recalls a science fiction novel, but actually summarizes well a couple of news concerning the Android, which bounced in these days. Even if they seem apparently disjoined I decided to insert them in the same post: there is a logical link which connects the commercial success of a platform and the attention it attracts by malicious, and this seems to be the destiny of Android, to which the market share reserves a bright future, which become much less bright if one considers the information security consequences.... Read More