Beyond the Trends
In the News
Looking for Money
Women In IT
459_ Software as a Service (SaaS) Meets Software for Security (SfS)
Gerhardt Eschelbeck is the CTO and Senior Vice President of Engineering, at Webroot. Gerhardt is one of the first in the country, maybe the world, to deal with the SaaS model. That’s Software as a Service. This has been a significant transition which has been driven largely by the threat landscape. Today’s threat is fairly stealth and designed to stay undetected for as long a time as possible. The purpose of the thieves is financially motivated. Today’s threats are fundamentally designed to steal information from the user’s computer, the banking information, financial, health information and what not. Therefore, we clearly have to look at this from a protection standpoint. I think the technologies that we developed 10 and 15 years ago which were very effective when applied to the virus threat, are not as applicable for today’s threat. What the industry requires is an approach that is much more sophisticated. We have moved from a purely desktop approach to a multi tiered defense model. I think the goal here is that you need to use a leverage similar to what the bad guys are using to actually detect those spyware technologies. This is where Webroot has been pioneering and working as an organization over the past four years. We have been able to protect, prevent and detect infections for our customers; this is certainly our top priority. Steps that an organization can do to stay clean and healthy from a computer hygiene perspective are; First make sure you update your systems whenever patches become available. “Microsoft Tuesday”. Missing patches are very frequently used within the first 24 – 48 hours by hackers to take advantage of those security holes. Not just the Microsoft programs, but all of the other programs and systems that you use, be it iTunes or Adobe, etc. The Second Recommendation: Make sure that your malware protection is the latest, state-of-the-art, and is updated to the minute. Thirdly, there are typically areas of very sensitive data that you have on your computer. Take a look at that from an encryption perspective, to make sure it is protected properly. 3/24/08 Bytes: 21176636
Related Links: Webroot || E-Mail Security || On Demand Software || Cyber Security || Podcast Directory || Keywords: Gerhardt Eschelbeck, Webroot, SaaS, SfS, user’s computer, banking information, financial, health information, computer virus, malware
| 416_ Think Like a Hacker and We Can Beat Them
Most people don’t think like hackers. Today’s hacker isn’t the hobbyist or the kid taking a break from his Xbox. Now it’s a criminal and they just don’t give up – they work through the night until they break in. Roxanne (Roxy) Podlogar, VP Commercial Services, SysTest and Ron Wood, director of Business Development for our Security Practice, he’s certified CISSP cover issues from misperceptions to firewalls; from wireless to credit card fraud. Ron explains, "Here's an example of a a misperception. You put your firewall up and you feel safe. But once the wall is compromised, your applications are wide open. There are various ways to get through and that could be as easy as you open Port 80, the standard http access. When you open your website to customers on the Internet, it’s open doors. You’ve just opened a window to your application, so you want to know that your application is secure. It’s not enough just to have a firewall; you have to harden your application. It’s got to be hardened all the way through, your barriers of defense. First you build a wall, then you harden your apps, make a hardened OS all the way down to your desktop. I mean everything needs to be hardened." Larry cringed when he heard that one. There are many famous cases such as the TJ Maxx horror story. In that example over 45 million credit card user data was stolen. There was more money made and stolen in that one transaction than every bank robbery across the last 10 years. Ron and Roxy share some very important strategies.
Related Links: SysTest Labs || Hi-Tech Heist - CBS News || Cyber Security Channel || Software Channel || Keywords:Systest Labs, Ron Wood, Roxanne Podlagar, Firewall, TJ Maxx, CISSP, 12/3/07 Bytes: 27128563 LISTEN
354_ This is More Than a High-Level Alert for Your Computer
Trent Hein and Ned McClain, co-founders of Applied Trust discuss one of the scariest Internet subjects we have ever heard. They talk about the topic in a way that business people can understand and gives your IT staff some geart security ideas.
Their number one suggestion is to
check the Open Web Application Security Project or OWASP. "These guys publish a lot of interesting information about what’s going on with application security on the web. They publish a Top 10 Vulnerability list. The 2007 list is out and anyone who has a web site, large or small, should be aware of what’s on this list. There's also a wonderful guide that talks through how to mitigate and address the top ten vulnerabilities in your environment.
In 2007, Cross site scripting aka XSS, has risen to the number one spot of the top ten web security vulnerabilites. Sites that allow users to post content to the site might mean that a bad guy could post malicious code to the site.
No. 2 Threat: Injection Flaws. A lot of web sites have a data base behind them and any of those servers speak a language that you can use to say, “Hey, I would like to get information from the data base, or I’d like to put information into the data base.” This has been used for a whole variety of exploits.
No. 3 Malicious File Execution, really means having good website hygiene. Demo files that came with your computer, or a sample application should be cleaned up so that a ‘bad guy’ can’t take advantage of that file and take control of your computer.
Trent and Ned give a whole new meaning to TRUST.
Related Links: Applied Trust Engineering || OWASP Home || OWASP Top 10 || Cross Site Scripting || Channels: Safe Surfing, Women in IT, Software, Cyber Security >> Keywords: Applied Trust, Trent Hein, Ned McClain, OWASP, Open Web Application Security Project, Cross Site Scripting, XSS, Malicious Content> Bytes: 13761204 >8/6/07
292_ Looking Grim: “A State of Internet Security” Part 1 of 2
Your computer, money, and other assets might be controlled by others (the percentages are high)…and they are not your friends. There is a whole financial ecosystem that is behind this growing problem. T J Maxx being among the more recent targets, 100s of thousands of personal credit cards being compromised over an 18 month period, as the information was leaked out in whatever form they used – "This was classic use of spyware, installed that then captured information, and gradually leaked out the data. Done surreptitiously – not a virus like attack. The new CEO of Webroot, Peter Watkins and CFO, Josh Pace define the traps and tell us how we can avoid the growing dilemma. Related Links: Webroot || State of Internet Security || Cyber Security || Safe Surfing || Keywords: Spyware, Anti Virus, Peter Watkins, Josh Pace, Webroot, Security, Internet Security, Software || Channels: Security, Software || Bytes: 5446324 LISTEN 4/9/07 Part 1 of 2
295_ Drive by Downloads: Security is Too Complicated Part 2 of 2
Take the 360° Look – Block, Detect and Remove threats. Viruses are Internet graffiti, trying to get your attention, Spyware is not ! First and foremost you’d like to prevent any malicious code from getting on to your system. If we identify a code that is trying to get onto your system, we can block it, that’s the first step. Secondly if some code has already found its way onto your system it becomes very important to detect everything that might be on your system. The third piece is extremely important, because you want to be able to remove it. Some of these malicious codes are very sophisticated. The removal is a very complicated and important process. The new CEO of Webroot, Peter Watkins and CFO, Josh Pace explain all three dicey pieces. Related Links: Webroot || State of Internet Security || Cyber Security || Safe Surfing || Software || Keywords: > Channels:Save Surfing || Software > Bytes: 7716470 >> LISTEN 4/16/07
231 Is Someone Breaking Into and Breaching Your System?
Default setting has a nice ring to it for those that are not techies. Terry Morreale, a senior engineer at Applied Trust points out that people assume that default settings on their machines are safe and secure. For their convenience, vendors leave on lots of things you don't need. There are many examples and a common and dangerous one is having the system set up to allow someone to log into an account and it's not needed. That can be simply inviting trouble. Terry offers invaluable tips and a free link to the "Incident Handling Guide".
Related Links: Women in IT || Barking Seal Newsletter || Incident Handling Guide || Applied Trust || Keywords: Terry Morreale, IT, Applied Tust, Default Settings, Incident Handling || Bytes: 6186530 > LISTEN 1/1/07
214_ Big-Time Changes in All Respects at Webroot
In February 2003 there were 100 known spywares that were able to be detected and removed. Today that number has grown to over 200,000.The Webroot Phileas robot visits 10,000 websites per second to detect spyware challenges. That is a huge change and there are other changes coming to the Webroot family. A new partnership with Sophos adds anti-virus protection along with the powers of Spysweeper. David Moll, CEO and president, Josh Pace, CFO, discuss the role change for David. > Related Links: Top 10 Threats || About Phileas || Webroot || Software Channel || Webroot Press Release || Spyware Savvy || Keywords: Webroot, Spy Sweeper, Spyware, Anti-virus, Identity Theft, David Moll, Joshua Pace, Sophos - 11/20/06 LISTEN - Bytes 7706439
197_ Internet Security Hazards are on the Increase
An ounce of prevention is worth a pound of cure or maybe your ID, or your hard drive or other vital aspects of your business. Once again the state of Colorado has become a leader in the high-tech areana. Mark Weatherford, Colorado Chief Information Security Officer, said, “The State of Colorado acts as a resource for gathering information from the federal government and other states on cyber threats and provides two way sharing of information between and among the states and, ultimately, with local governments and the business community.” > 10/23/06 LISTEN
191_ Safe Surfing and Online Predators Spawning New Fears
There is a growing and historic partnership with the public and private sectors dealing with the epidemic affecting the youth. Yes this is an epidemic and many are closing their eyes and ears to this growing problem. Others are ignorant and don't have a clue as to what is happening. Thank goodness we are in a state that is proactively doing something about it. Colorado's Attorney General, John Suthers, Deputy AG, Jeanne Smith and Microsoft Attorney, Aaron Korn Blum kicked off a program with a couple hundred law enforcement officials to discussion the solutions. 10/09/06 LISTEN
Keywords: Online Predators, Cyber Crime, Safe Surfing, Law Enforcement, John Suthers, Colorado Attorney General, Jeanne Smith, Deputy Attorney General, Aaron Kornblum, Microsoft
193_ Internet Predators and Safe Surfing, Both a Crises
The stories are scary, growing in number and the Internet Predators are learning faster than we are. Patrick Sullivan, Jr., (former Sheriff for Arapahoe County) and presently Director of Safety and Security for the Cherry Creek School System shares three key points ALL parents should pay attention to. 1) Keep the computer in a common area (never in the kid's bedroom. 2) Parents learn the 'instant messaging' lingo. 3) Learn how to check the history on a computer and check it. Consider using computer monitoring and forensic tools. 10/1606 LISTEN
176_ Companies that Think They are Secure are into Denial ... LISTEN 9/18/06
Starting a new high-tech venture in 2000 seemed right on. Mitchell Ashley, CTO and VP of Customer Experience and Alan Shimel, Chief Strategy Officer of of Still Secure compare the challenges of today's startups compared to then and highlight some important keys. Some of their points are controversial, some common sense, but all need to be considered. They suggest that you need to show real traction and be realistic about your needs and forecast before raising money. >
180_ Does Technology Support or Hinder Good Customer Service?
Customer servive interviews are a very important component in growing their business claims Mitchell Ashley, CTO and VP of Customer Experience and Alan Shimel, Chief Strategy Officer of of Still Secure. The Still Secure office and development center is housed at the Mobius Venture Capital complex, but they don't take that for granted any more than they do their customers. They have received a number of awards and have some very good advice for organizations that are planning on expanding. Part 2 of 2 .> LISTEN 9/25/06
147_ Webroot... - Webroot's Story Explains Why ColoradoPart 1 of 3 > 6/12/06 LISTEN
The success of Webroot's Spy Sweeper starts right here in Colorado, covers the world and returns to Colorado. The The entrepreneurial spirit in Colorado is seeing the fruits of the survival spirit points out David Moll, CEO and President of Webroot Software. David recently hired a world-class CFO, Josh Pace right out of Silicon Valley. So you have to ask, "Why Colorado?" Back in 2002 Webroot was hit very hard and had some tough choices to make and David shares some The entrepreneurial lessons.
148_ Building a Winning Team and Customer Focus(Part 2 of 3)> LISTEN 6/19/06
"Business is not a one-person sport," says David Moll, CEO of Webroot Software. David and CFO, Joshua Pace discuss the value of team work and what it takes to build a winning team. Josh was recruited out of Silicon Valley about the same time Gerhard Eschelbeck was recruited for the CTO position. Formally Mike Irwin was the CFO and he became the COO, an example of tapping into the strenghths of the team. Listen for some critical team building aspects along with truisms such as, "What's important is to recognize what's important."
151_ Organized Crime Funded an International Attack (Part 3 of 3)> LISTEN 6/26/06
Theft and fraud motives aided by a trojan were focused on stealing bank account information. This good-guy/bad-guy scenario could have been a movie plot, but Webroot Software, Inc. was key to bringing the bad-guys down by supplying law enforcement with critical data. The Webroot Software usability lab made the difference. The lab is really expense, but the commitment to customer satisfaction is paying off for all of us. David Moll, Webroot CEO and Joshua Pace, CFO say that launching SpySweeper 5.0 was driven by usability. Listen to this entrepreneurial drama.
|You Would be Excited About Business Continuity 2/20/2006
When most people think of Homeland Security, they think of terrorists. Homeland Defense includes natural disasters like Katrina and other emergencies points out Murray Hamilton, Director of the Rocky Mountain Center for Homeland Defense Research Institute at DU. Business Continuity and homeland defense are now on the drawing board in conjunction with Daniels School of Business. LISTEN
|Related Links: RMCHD - Research Institute -
w3w3.com Cyber Security Channel
|Digital Currency with Creditz’s David Vaters 10/10/05
You can use it just like cash without the privacy and security concerns. It’s not a credit or debit card, it’s a free card that rewards you with digital currency you can spend explains David Vaters, President of Creditz. The Creditz system is built on an open and ubiquitous platform. It’s an inclusive model that works with business and for the consumers and is expanding to Colorado. - LISTEN
| Organizing Important Emails Your email “Subject” lines take on a whole new meaning since the new virus outbreak. Larry Nelson of w3w3® Media Network says blank or misleading Subject lines can lead to frustration, deleted messages and a lost-in-the-maze emails. This replay of “Annoying the Receiver” is a must listen for those who deal with Larry…the Top 5 Mistakes & Solutions.
ID, who has it? ID Theft is one of todays horror stories.
Gideon Samid, Cofounder and CEO of ClearBIT Systems
says the horror is growing. Gideon suggests that your ID is a sequence
of bits and thats all the bad guys need to capture. BioMetrics
is helping in the protection process but isnt the sole answer.
Can you identify me now?
is no longer an option. The rate of ID theft, E-fraud, Hack Attacks, Stock
Manipulation, Money transfer, E-extortion, Wireless vulnerabilities and
Online transactions are accelerating at an exponential rate. Hear what leading
experts like Valerie McNevin have to say and what to do.
Dr. Murray Hamilton,Dir.
Mountain Center for
Homeland Defense & Security
Dr. Murray Hamilton, director of the Rocky Mountain Center for Homeland
Defense and Security. Croatia, Canada, Denver University - what in the
world do they have to do with our Homeland Security? If the future means
anything, this man's mission is important to you!Listen
Colorado's Information Security / Privacy
Director Has A Lot On Her Mind !
McNevin is the Information Security Director
and Information Privacy Director for the State of Colorado Internet Security/Privacy.
Bob Schwab, editor of the Colorado
2003 Issuedrills Valerie
on the impact of a "Billion Dollars" potentially heading our
way to help Colorado deal with Cyber Terrorism and Homeland Security.
Pierce, president of Secure
Network Systems tells us the scary details of a possible (some
say it's only a matter of time) Cyber terrorist attack. Is homeland security
a fairy tail, or is there a solution? Hold on and LISTEN.
J. McNevin, Esq.,
is the Information Security Director and Information Privacy Director
for the State of Colorado Internet Security/Privacy.
Interviews and Information
leads the charge for Software Security Solutions. If you think viruses
and spam are bad, wait until you hear about pests. Odds are, you have
"pests" deep in your computer. You better listen.
Special Advisor to the President
on Cyberspace Security
America's Cyberspace Security Leader
Securing the Rockies
Ready or Not, You are a Citizen Foot Soldier.
A call to arms and a picture of what our region needs as it relates to
all forms of terrorism.
Big Brother is just around
Is he watching you? Jeff Finkelstein
of Customer Paradigm has some eye-opening information for you and your
*BBV - VIDEO*