Understanding current threats is key to ensuring that organizations and individuals are able to protect and sustain their (business/livelihood/add your own personal needs here). That being said I have noticed a few interesting items hit the news lately, and thought to share to make more people aware.
The second highlight is a company, and while I am not one to preach I thought this company had a very interesting product and approach. They have setup listeners around the internet (how or where is unclear) that act as targets for spam and attacks (honeypots). They then track through IP addresses and report to their clients what type of activity is originating in their owned address space. A very intriguing approach to a detective control, and one that is revolutionary. There are some technical challenges regarding spoofed IP addresses, and when black hatters use rogue wireless access points to burst spam traffic, but those restrictions aside – a very interesting approach in a very different world. Check them out here. Full Disclosure – I am not endorsing them, I am not paid to post this, and I have not used their technology, but find it an interesting approach and an educational adventure for those seeking creative approaches to challenging problems.
Finally to complete our Friday creative solution post I wanted to highlight “Evolution”. A crafty tool released at CanSecWest (by far the best conference for security professionals and not nearly as political or showy as a certain Vegas conference at the end of July – which is still fun). The tool searches the web and builds a database on individuals using public site information, social networks, and any other legal means possible. The tool can be exceptionally helpful in a social engineering attack, or for an HR department really concerned about a potential hire. In the end the tool takes the next step beyond ZoomInfo, and presents the true value of filtering information. These types of tools and those that are being developed strongly demonstrate the need for organizations to be aware of what information is available, by whom, where, and how if brought together could a competitor / terrorist / employee use the information.
Approaching the challenges of an interconnected society requires strong controls and exceptional thinking that embraces the medium that created the problems to begin with in the first place.