Biscom Delivery Server Blog

Just got back from the RSA conference in San Francisco last week. It was quite a show — some heavy hitters were in attendance, including Secretary of the Department of Homeland Security Janet Napolitano, FBI director Robert Mueller, and a very cryptic NSA spokesperson. For you geeks out there, Whifield Diffie, Martin Hellman, Ron Rivest, Adi Shamir, and David Chaum played big parts in the keynotes and panels. It was interesting to see both the public and private sectors well represented here compared to previous RSA conferences, and there was definitely more openness between the two. The paranoia level was high, with many keynotes commenting on organized cybercrime, cyberwarfare, cloud security. Janet Napolitano actually tried to recruit hackers and other security talent for DHS in Hollywood-esque fashion!

The sessions were actually quite good, with tracks in application development, law, hackers and threats, data security, policy and government, and governance, risk and compliance. One session I attended on data breaches was interesting; the speaker asked the audience to raise their hands if they had experienced a data breach, and three quarters of the room raised their hands. Data breaches are occurring, and to their credit, companies seem to be aggressively pursuing a strategy of prevention over cure.

I talked to Kelly Jackson Higgins from Dark Reading for an article she was working on. She’s been covering IT for a number of years, and her latest article discusses one aspect of a growing threat — the dangers of malicious software capturing FTP credentials and using them to hack into legitimate web sites. Because FTP is prevalent for updating web sites, having the credentials gives hackers the opportunity to inject their own code into web pages unbeknownst to the site owner. These infected pages may redirect a visitor in a phishing scam, collect user credentials on login pages, or spread the malware or bot to increase the scope of infection. There are a number of other vulnerabilities in FTP that makes it hard to justify as a viable file transfer solution, and this is just one more nail in the FTP coffin.