November 25

Branded Vulnerabilities

Today starts a new chapter for me, partly because last week I finally completed my Bachelor’s of Science in Cybersecurity and partly because I just started my Master’s in the same.  As part of one of my current courses, and from what I understand, many of the courses I will be taking over the next 18 months, I am to keep up a weekly blog.  This is good news for all of you that want some good reading, for the next 18 months (at least) I will be showering the world of security with my thoughts on security.  Enough about why I am writing my blog and onto the topic at hand, vulnerabilities with brand names.

In the last year we have seen a cascade of vulnerabilities announced that have spread their brand all over the media, well beyond the typical security and techie sites.  I think it is safe to say that this problem started with “Heartbleed”  in April of 2014.  This was, at the time, an anomaly it was a rather serious vulnerability but it was “released” with a logo and a website devoted to it.  I can’t remember a vulnerability being branded like this before and it sparked a trend that is starting to have a detrimental effect on those of us that actually work in IT security.  Since “Heartbleed” there has been Poodle, Unicorn, Shellshock to name a few.

The problem is that, while Heartbleed was pretty bad and it did help that the executives, and their wives, and our grandmothers all heard about it, it helped us in the industry to get the resources and visibility it needed.  But now these “less serious” vulnerabilities, like Unicorn for example, come out with a brand, get on CNN and suddenly something that professionals have decided are a medium risk at best, are suddenly becoming “drop everything and fix this NOW!” type issues.  Someone in the executive suite has seen the constantly repeating clips on CNN and now we have to drop more important things to “fix” the Poodle issue, or whatever the latest newsworthy vulnerability is.

So, in short, if you are good enough to discover a new vulnerability, please let us in the industry know before you give it a brand name and send a press release to CNN.

 

Check back next week for more.

John Nye

April 16

New Blog in the Works

We will start blogging in earnest now, here at EndisNye Security we have some unique and fresh views on the changing world of IT and physical security.  There are several different projects in the works some that are coming sooner, rather than later are listed below.

  • A new blog post will be here at a minimum of once a week.
  • New videos will be posted frequently, for the time being not as often as the written blogs because of time constraints and production takes a little longer.
  • Links to other great blog posts and articles.
  • We also plan to set up a Q&A forum where you can ask questions and get professional answers.

We will discuss everything from Penetration Testing and hacking techniques to new concepts we are working on for user awareness education.  Of course we will put our two-cents on the current IT and Security news and give updates from conferences that we attend.

We hope to see a lot of feedback, suggestions and general participation.  We also are more than happy to post stories, reviews, articles, and experiences from the community as well so please feel free to send us anything that you would like to see published.

Thank you for you interest and we look forward to a long and interesting road ahead.