Security Advisor
Happy Birthday, Trustworthy Computing
Plus: Trojan worm attacking DoD smart cards, Internet censorship protests hit the Web.
Microsoft's Trustworthy Computing (TwC) just turned 10 years old.
The brainchild of Bill Gates, TwC's goals were to bring a new level of accountability to software distributors by dedicating time and effort to uphold best security practices, privacy and customer satisfaction.
A byproduct of the TwC has been those monthly Patch Tuesdays IT has to endure. But, better to take time every month updating software than to be left high-and-dry to defend discovered vulnerabilities all on your own.
While the TwC (which I just call "quality assurance") has had its bumps and growing pains, it has become somewhat the gold standard for handing software lifecycles. Speaking on how Adobe copied, I mean borrowed, from Microsoft, Brad Arkin, senior director of security at Adobe said his company watched TwC's birth and waited for the dust to settle before implementing it at Adobe. "In formalizing our own secure product lifecycle, we were eager to tap into that knowledge instead of reinventing the wheel," said Arkin. "This allowed us to spend more time on the actual implementation across all of our product teams."
As TwC adapts with emerging technology, the next challenge Microsoft sees with it is how to keep users' info safe and private, even in the world of cloud computing, government intervention (I'm looking in your direction SOPA and PIPA) and data scattered over multiple mobile devices.
"Security, privacy and reliability strategies must evolve to remain potent," wrote Scott Charney, corporate vice president of Trustworthy Computing. "There is still much work that our industry must do to make computing more trustworthy. Everyone at Microsoft and the entire computing ecosystem has a role to play."
What are your thoughts on TwC? Has it gone far enough to protect and support you and your software purchases? Let me know at [email protected].
Another Trojan Clone Making the Rounds
Last week I discussed how Kaspersky Lab is warning that 2012 will be a big year for Stuxnet clones making the rounds.
This week we have Alienvault Labs (seriously, who's coming up the names for these security labs?) warning that 2012 will also be a big year for Sykipot Trojan (again, names...) clones. One example of this is a baddie that has been targeting Department of Defense smart cards with the tried-and-true process of phishing and keylogging.
Sykipot was discovered trying to target and gain access to the military's unmanned aircraft in December, according to Alienvault. The more recent attacks against the DoD is the first time this worm has been seen deploying keylogging techniques. However, both attacks seem to be coming from the same group of people.
Internet On Strike
Sites like Reddit, Wikipedia and Imgr went black today to protest two bills currently working their way through Congress that are designed to shut down those sites distributing copyright content.
Those protesting the laws say the bills would give the government the power to shut down any site it finds violates copyright law without due process.
Google has also joined the protest. However, instead of shutting down, it covered the Google logo on the front page with a black bar to symbolize the censorship on the Internet and provided information on the bills.
While walking the line between protecting intellectual property and free speech online is a serious and complicated issue, lightening the mood with those freaking out over Web site black outs is one positive outcome of the protest. Take, for example, the Twitter account herpderpia (contains offensive language), which has been compiling those who have been crying and confused over the loss of Wikipedia.
Have you had to deal with any crazy client or employee reactions? And what do you think the impact of bills like SOPA and PIPA have on the enterprise? Share your thoughts and stories with me at [email protected].