Kent Woodruff

Convenience Store News: Don't Get Breached

Originally in Convenience Store News, 10-14-2014, 
Written by Kent Woodruff

2014 started with a bang as the ramifications and breadth of Target Corp.'s security breach came to light. Word of many more breaches followed, including the latest: Kmart. Each breach is different. The Target breach revealed the challenges of maintaining a secure monolithic network within the changing retail environment, and the value of a sound wireless strategy at the point of configuration to create individual networks.

Tame that POODLE: Managing the Latest SSL Vulnerability

Last week the OpenSSL project released an advisory that describes a new SSL vulnerability. Now commonly known as “POODLE” ("Padding Oracle On Downgraded Legacy Encryption"), this vulnerability is less dangerous that its predecessor, the Heartbleed bug—primarily because of the conditions needed to exploit it (see below). 

POODLE is essentially an attack on the SSLv3 protocol. It was discovered in September (and published on October 14) by Google employees Bodo Möller, Thai Duong, and Krzysztof Kotowicz.

Cybersecurity as Seen from the Flight Deck

In my previous blog post (7 Technologies that Impact PCI), I gave an overview of Steven Orfei’s presentation at the PCI Security Standards Council’s 2014 North American Community Meeting in Orlando, Florida. In this post, I’ll talk about another presentation from that same event.

7 Technologies that Impact PCI

A few weeks ago I had a chance to attend the PCI Security Standards Council’s 2014 North American Community Meeting in Orlando, Florida. (PCI is shorthand for the Payment Card Industry Data Security Standard, a guideline to help organizations that process, store or transmit card payments.) Two highlights for me were presentations by the PCI’s new general manager Stephen W. Orfei, and another by Adm.

When it Comes to InfoSec, Share and Share Alike

As in my previous post (Sharing Our Way to Information Security), I’d like to describe a speech I heard at a recent InfoSec conference. This one, CyberSecurity as Realpolitik, was Dan Geer’s keynote address at the 2014 Black Hat USA on August 6 in Las Vegas.

Sharing Our Way to Information Security

In my previous blog post, Specializing and Generalizing in the World of InfoSec, I mentioned the BSidesLV opening address by Adam Shostack, “Beyond Good and Evil: Toward Effective Security.” I’d like to pick up on his theme of information sharing as the ultimate act of self-preservation.

Guest Blog Post from Kent Woodruff on Internet World

Post Heartbleed, those of us involved in network security could take a lesson from the CDC. One of the biggest barriers to stopping the repeated threats of an Avian Flu pandemic is the resistance on the part of many nations to share information when the flu takes hold in their country. We saw this in May 2013 when China refused to release English-language versions of relevant statistics and facts about an outbreak in their country of a new bird flu called H7N9.

Network Security Part 3: What are Parallel Networks and How are They Used?

In this post I’m going to show by example how parallel networking works. Before I do, let me just make one point: CradlePoint didn't invent parallel networking or another way of protecting data: “air-gapped” networks.

Network Security Part 2: How a Monolithic Network Opened the Door to Target Data

On Thursday, Dec. 19, 2013, Target revealed that data from 40 million of its customers’ credit and debit card accounts had been accessed by hackers. I’d like to discuss how and why this happened. But before I do, I want to make it clear that I’m not singling out Target as having done anything wrong. I’m using what happened to them simply to illustrate the kind of situation many companies are facing—even those with very good security systems and personnel.

Network Security Part 1: Is Your Company Depending on a Monolithic Network?

CradlePoint got its start six years ago by providing redundancy for companies with multiple remote locations. A good example is how, after Hurricane Katrina, one of the largest insurance companies in the nation bought 18,000 of our devices and installed them in every single one of their branch offices. By utilizing CradlePoint to provide a cellular network-based failover solution to back up their primary Internet connection, the company took a big step forward toward protecting its business continuity.