DNS Security....

What the heck is DNSSEC? This article does a darn good job of explaining it.  If your company isn't using it might be time to get it roll-out. When you can this is a great way to secure your DNS and still let users work.

Fedora Project and others have been hacked recently...

We found an article that discusses the fact that the Fedora Project was hacked on 1/22.  It seems that they aren't alone in the problem here of late.  Both the Free Software Foundation and Proftpd have also recently been hacked into.  To our knowledge no real damage has been done but it is a great reminder to change your passwords and make the tough.  Also updating/changing SSH Keys also helps since the Fedora hack used the users SSH Key.

Ponemon Institute says Cybercrime costs companies 3.8Mill/year

Network World is reporting on a Ponemon Institute report sponsored by Arcsight.  Remember when reading this that Arcsight makes some really good security monitoring software.  The headline is that the 45 companies surveyed spent an average of 3.8 million dollars per year on Cyber Security.  The range of the companies is pretty large as the smallest was 1 million dollars and the largest was 52 million dollars.  The company size was an equally wide split with the smallest being 500 people and the largest being over 105,000 people.  The nit-picking aside the article is interesting.  They talk about how they came up with the numbers and some of the observations the auditors made.  What makes the numbers the most interesting is that this average dollar amount only includes the participating companies expenses related to actual attacks.  This is not things like firewalls or antivirus software.

The quote of the article was this one on the last page: "The eye-popping thing we found is a lot of organizations are very disorganized in even understanding the environments they're dealing with," Ponemon says.  Ponemon is the director of the institute.  The full article is a quick read and worth sharing with colleges.