May 20, 2009

Criminals force Google to change algorithms

According to reports Google is about to or has already changed their search algorithms as a response to the increased exploitation by criminals using black hat search engine optimization attacks. See article here.

That's great news, assuming they are successful, as I've been discovering and reading about so many black hat SEO attacks that I'm starting to worry about non-security users utilizing Google for search. I'm not satisfied with Google's response to these attacks because in my opinion they have been much too slow and in some cases don't tag the offending searches as a security risk.

Based on the typical information security cycle (or arms race) this won't be the last time they will have to change their algorithm but let's hope this makes it extremely difficult for the criminals to continue using Google as an attack platform.

May 11, 2009

New information security bill to replace FISMA

There's yet another cyber security bill introduced in the US Senate; this one is called the 2009 U.S. Information and Communications Enhancement Act. While the others affect both government and private industry this one aims to strengthen information security within government offices.

It's an update to FISMA which has long been criticized for the lack of requiring agencies to demonstrate compliance. This bill focuses more on measuring actual security rather than on report writing, which is FISMAs focus. It requires the Commerce Department to establish standards for securing government systems. It will take away information security management away from the DOD and NSA and limits DHS' role to incident response and defenses provided by US CERT. I'm not sure I agree with that as there are some talented folks at DHS and US CERT.

You can read the whole bill here