Tag: Vulnerabilities

Handling Windows XP End-of-Support – Feed it, kill it, but don’t starve it.

As you all know by now, on April 8th 2014, Microsoft will stop supporting some variants of Windows XP. The software industry for years has operated this way with every system on your network having a predetermined service life, but given the current threat landscape, I would like to propose a change. What I’d like to see happen when any information technology reaches End-of-Support – meaning no fixes will be issued for newly found security vulnerabilities – is that it stops working. READ MORE

Premature vulnerability disclosures and the collateral damage done

This week I’m in Berlin, Germany for Virus Bulletin, the premier technical conference for the anti-malware industry. I have the honor of appearing twice on the conference agenda this year. The first event is a joint presentation with Microsoft regarding the ethics of public vulnerability disclosure. The second appearance is on a panel about collateral damage in cyber conflict. READ MORE

The Changing Nature of Incident Response, Part 2

We have become too reliant upon fully automated systems to detect and stop computer security breaches. People naturally desire a solution that will prevent all security incidents from occurring in the first place, but is it really reasonable to expect fully automated solutions to stop sophisticated attacks? READ MORE