John Linkous

 John Linkous bio

Posts by John Linkous

SOPA And The Law of Unintended Consequences

By


As the pirates of Silicon Valley rage against each other – as they have for decades – with patent infringement suits, new technology introductions, verbal quips against competitive CEOs, and a host of other one-upsmanship activities that would make any Congressional Committee Chair proud, we’ve recently seen an interesting coalescence of solidarity among technology companies that hasn’t been seen in ages: a united – and ultimately successful – front against SOPA, the Stop Online Privacy Act.

While privacy-focused organizations such as the Electronic Frontier Foundation have been laser-focused on stopping technology-focused legislation that restricts privacy for some time, this is perhaps the first occasion since the NSA’s introduction of the ill-fated Clipper Chip in 1993 that has brought together so many industry competitors into what is being portrayed as a fight for their very survival. By proclaiming the House-driven SOPA and its sister bill in the Senate, PIPA, as “Blacklist Bills” that will stifle First Amendment speech, fail to curtail online piracy, and present a nightmare engineering scenario for everyone from ISPs, to corporate network managers, to federal agencies, corporations and public policy groups alike (such as the EFF) have killed this legislation. Internet stalwarts such as Wikipedia and Reddit went “black” for a 24-hour period in protest, and others (I’m looking at you, Craiglist and Google) displayed messages of solidarity with otherwise competitive organizations. Content providers kicked their P.R. and lobbying machines into high gear, and pulled hard on the ears of any Representative or Senator willing to listen. Keep reading →

 /  Published January 30, 2012 at 10:00 AM

When the Virtual Becomes Physical

By


Rarely does a week pass that yet another data breach appears on the Privacy Rights Clearinghouse website, and those are only the breaches that are publicly disclosed.

What’s interesting to note is that data breaches are exactly that: an egress of data. Of course, this is nothing new; for over a decade now, we’ve heard countless stories of bank accounts emptied through surreptitious keystroke loggers and successful phishing scams (who can forget such gems as, “I represent the Central Bank of Nigeria, and I have a lucrative proposal for you…”), healthcare data breached due to poor security controls, and systems brought down for extended periods via denial of service attacks from zombie hosts managed by vast-reaching command-and-control systems. Keep reading →

 /  Published January 20, 2012 at 7:00 AM

Closing The Gap Between Cybersecurity And Privacy

By


Cyber, cyber, cyber… everywhere we turn today, cybersecurity is at the forefront of enterprise data and technology management.

This is, of course, a good thing; for far too many years – decades, in fact – functionality has trumped security, to the point where today’s massive focus on cybersecurity has become a constant echo of post-development and (to a lesser degree) post-implementation activity. As we continue to build the cybersecurity wave, we as a nation have unfortunately lost focus of what is commonly pointed to (incorrectly, as we’ll point out shortly) as the “opposite” of information security: information privacy. Keep reading →

 /  Published October 24, 2011 at 9:00 AM

Feeding Frenzy: The Problem with Federal Cybersecurity

By


As a person who works with both the federal government and private industry, I’m lucky to be able to see the recent focus on federal cybersecurity not only from the perspective of lawmakers and agencies, but also from the outside looking in. Unfortunately, the view from both perspectives isn’t very pretty. Throughout the lifecycle of federally-mandated cybersecurity, there is inconsistency, overlap, and contradiction across the spectrum, from legislation, to implementation, to awareness and communication.

The federal government clearly wants to lead by example in cybersecurity; but a leader without direction, focus or communication skills is no leader at all.” Keep reading →

 /  Published October 19, 2011 at 3:00 PM

Shopping for Destruction: Minimizing the Threat of Online App Stores

By


After five-plus years of smartphones saturating the market, it’s become clear that mobile device applications are an unqualified phenomenon, and a boon to application developers and app store vendors.

Apple recently reported that it is currently selling more than 1 billion mobile apps every month from the Apple Store; that’s an average rate of 23,148 apps per minute! The number of available apps is also increasing at an almost exponential rate. As the Apple marketing campaign goes, “there’s an app for that”, and not just on Apple’s app store: Google’s Andriod Marketplace, Microsoft’s Windows Marketplace for Mobile, RIM’s Blackberry App World, Symbian’s Horizon, and many others provide instant, downloadable applications and content that range from absolutely free, to thousands of dollars. Keep reading →

 /  Published September 21, 2011 at 7:00 AM

Avoiding the Cookie Cutter: The Need For Outcomes-Based Cybersecurity Regulation

By


As I write this article, there are currently more than 10 different bills being evaluated in various Congressional committees, all of which address some aspect of cybersecurity.

Many of these bills are large, over-arching concepts – FISMA 2.0 and the like. But many others are being developed to address the specific risks and threats of certain types of systems, from “critical infrastructure” (generally regarded as assets that associated with energy production and distribution, the food supply, and national defense), to financial systems, healthcare and pharmaceuticals, and other industries. Many of these bills – if passed and signed into law – will mandate industry-specific security controls, risk calculations, and other requirements for private organizations. Keep reading →

 /  Published September 14, 2011 at 12:01 PM

The Weak Link: User Authentication and Security Awareness

By


If I were a betting man, I’d place a wager that some of you reading this article re-use the same password for multiple online services: online banking, enterprise email, your personal Gmail account, Twitter, Facebook, Google+, and Skype (to name but a few).

Don’t worry, you’re not alone: you share an affliction with many millions of people around the world – and even as a security professional, I’ll admit that until a few years ago, I was guilty of the same. Why do we do it? Well, that’s simple: it makes it easy to remember. Unfortunately, it also makes the job of the hacker much easier than if we had different passwords for each account. Keep reading →

 /  Published September 8, 2011 at 10:17 AM

Killing The Internet: Thoughts From DHS Security Summit

By

A few weeks ago, I was privileged to be a panelist on the panel, “Protection and the Moral Dilemma: Going Offline in the Name of Security”, the kickoff event of the DHS GFIRST summit in Nashville, Tennessee.

The panel itself included senior security experts from across the spectrum of the public sphere: DHS, the FBI, DoD, state government, and even well-known security author Winn Schwartau. Keep reading →

 /  Published September 2, 2011 at 1:45 PM

How To Fix A Leaking Wiki

By

Among all of the many breaches of data over the past year across both the public and private sector, none seems to strike more fear into the hearts of federal agencies, managers and security personnel more than Wikileaks. To be sure, the Wikileaks incidents have caused more than their fair share of reputational damage, embarrassment to federal officials, criminal response, and calls from angry Congressmen to establish yet another layer of regulation and auditing to help prevent this type of issue in the future.

But what’s really insidious about Wikileaks is the nature of the crime: unlike the external attacks perpetrated by Anonymous, LulzSec, and other third parties by breaching security controls, Wikileaks was allegedly committed by an insider who already had access to the information he is suspected of leaking to Wikileaks. Keep reading →

 /  Published August 16, 2011 at 3:10 PM

Mobile Mania: Securing The New Frontier

By


Mobile computing technologies represent a true paradigm shift for organizations, providing an unprecedented level of autonomy and productivity for users by eliminating geographical barriers.

The traditional model of centralized applications and data are rapidly fading away as users continue to exploit the value of on-demand information regardless of geographic boundaries. From the user’s perspective, mobile technology is fantastic. Keep reading →

 /  Published July 26, 2011 at 8:01 AM
Page 1 of 212