Encryption
Encryption
In cryptography, encryption is the process of obscuring information to make it unreadable without special knowledge. While encryption has been used to protect communications for centuries, only organizations and individuals with an extraordinary need for secrecy had made use of it. In the mid-1970s, strong encryption emerged from the sole preserve of secretive government agencies into the public domain, and is now employed in protecting widely-used systems, such as Internet e-commerce, mobile telephone networks and bank automatic teller machines.
Definitions provided by Wikipedia - The Free Encyclopedia
Encryption Related Products
The GB-250 and GB-250e Firewall UTM Appliances are GTA's entry level systems that provide big security for smaller business offices. Designed and priced to meet the needs of smaller organisations, the GB-250 and GB-250e include the same security and UTM features of our larger enterprise firewall UTM appliances, but scaled to fit the needs of offices with fewer than 50 employees.
More information
The Rajant BreadCrumb LX is a rugged multiradio wireless transmitter-receiver that forms a mesh network (using InstaMesh) when used in conjunction with other BreadCrumb devices. This portable wireless mesh network node contains two radios and supports open-standard IEEE 802.11 a/b/g protocols to enable data, voice and video applications. Available radio configurations are 2.4GHz/900MHz, 2.4GHz/2.4GHz, 2.4GHz/4.9GHz and 2.4GHz/5.8GHz. This full featured LX can operate in extreme conditions and has several mounting options.
More information
Sensitive Document Vault is a feature-rich secure repository and sharing platform for securing, storing and managing your organisation's most highly senstive information. Sensitive Document Vault places your most important files into discrete vaults that can be viewed via a web-enables interface. With more than ten layers of security working together, these Digital Vaults create an impenetrable electronic vault, or safe haven, in a network.
More information
Venafi Client Encryption Manager protects information that is stored and transmitted on user devices through centralised encryption management. It automatically configures files and folders, email, VPN, and other applications for encryption based upon centrally defined policies and user identities.
More information
Anytime, Anywhere, WLAN Monitoring and Troubleshooting. AirMagnet's WiFi Analyzer is the industry's most popular mobile field tool for troubleshooting enterprise Wi-Fi networks. WiFi Analyzer helps IT staff make sense of end-user complaints to quickly resolve performance problems, while automatically detecting security threats and other network vulnerabilities. Although compact, WiFi Analyzer has many of the feature-rich qualities of a dedicated, policy-driven wireless LAN monitoring system.
More information
3e525A-3 Wireless Access Point Maximum security and flexibility with outdoor or indoor use. The 3e525A-3 Wireless Access Point is packaged in a rugged NEMA 4/IP 67 weatherproof enclosure and conforms to 802.11a, 802.11b and 802.11g wireless standards.
More information
The 3e-010F-C-2/3e-010F-A-2 Crypto Client software provides advanced interoperable 802.11i wireless data security with AES and 3DES encryption. These advanced security options include the standards as established by FIPS 140-2 Level 1 - the Federal Information Processing Standards mandated by the US Department of Defense for use in wireless environments.
More information
The RA510 Series of rack-mountable proxy appliances provides small to mid-sized sites with the power to extend remote access to employees, partners, and customers while delivering on demand endpoint security and information protection features.
More information
RSA SecurID hardware tokens provide 'hacker-resistant' two-factor authentication, resulting in easy-to-use and effective user identification. Based on RSA's patented time synchronization technology, this authentication device generates a simple, one-time authentication code that changes every 60 seconds.
More information
The RA8100 Series of rack-mountable proxy appliances provides large-sized sites with the power to extend remote access to employees, partners, and customers while delivering on demand endpoint security and information protection features.
More information
The Rajant BreadCrumb SE is a rugged pair of wireless transmitter-receivers that form a mesh network (using InstaMesh) when used in conjunction with other BreadCrumb devices. This portable batteryoperated wireless mesh network node supports pen-standard IEEE 802.11 protocols to enable data, voice and video applications.
More information
Voltage SecureMail lets you reclaim email as a trusted communications tool, enabling policy-compliant communications through a secure, easy-to-use channel with industry-best manageability.
More information
Protect your most sensitive information - wherever it goes. Voltage SecureFile uses persistent encryption to protect sensitive files and documents, whether in storage, in use or in transit.
More information
Voltage SecureData delivers a comprehensive solution for data encryption, de-identification, and masking that does not require costly and time-consuming data schema and data format changes in existing systems.
More information
Lumension Device Control (formerly Sanctuary) enforces organisation-wide usage policies for removable devices, removable media, and data (such as read/write, encryption) using a whitelist. Lumension Device Control enables organisations to embrace productivity-enhancing tools while limiting the potential for data leakage and its impact.
More information
Protect your confidential information and comply with regulatory mandates - safely and securely - with SafeGuard Enterprise solution. SafeGuard Enterprise is a modular information protection control solution that enforces policy-based security for PCs and mobile devices across mixed environments. It is fully transparent to end users and is easy to administer from a single central console.
More information
Protecting customer and other confidential data from malicious and accidental leaks is one of the top business and IT security challenges facing organisations today. Compounding this problem, CIOs and CSOs must protect their data amid pressure from regulatory and corporate compliance requirements, customer and competitive pressures, and the rising cost and publicity of data leaks. Websense Data Security Suite is the leading solution for preventing data loss.
More information
Websense Hosted Email Security (formerly SurfControl MailControl) provides protection at the internet level, eliminating spam and malware before they reach your network. The hosted deployment model provides centralized security with built-in redundancy, failover, and business continuity, while easing administration and optimizing network operating and capacity planning costs. Guaranteed by industry-leading SLAs, Hosted Email Security reduces business costs, eliminates the complexity and uncertainty of managing email threats, and provides the highest possible degree of protection.
More information
GTA Mobile VPN Client provides the vital ability for remote users to initiate VPN communications with corporate resources. Using VPNs, 'road warriors' or telecommuters can safely access corporate networks from unsecured public networks or un-trusted local networks. A VPN Connection can also be used to connect end users that need a secure 'end user to host' connection to transmit sensitive information over an intranet. GTA Mobile VPN Client used in conjunction with firewall-to-firewall gateway VPN Connection provides a total IPSec VPN solution. GTA Mobile VPN Client meets IPSec standards.
More information
The Rajant BreadCrumb ME is a rugged wireless transmitter-receiver that forms a mesh network (using InstaMesh) when used in conjunction with other BreadCrumb devices. This portable battery-operated wireless mesh network node supports open-standard IEEE 802.11 protocols to enable data, voice and video applications. This lightweight portable unit can support one or two radios and requires only a single switch to operate.
More information
The Rajant BreadCrumb ME2 is a rugged wireless transmitter-receiver that forms a mesh network (using InstaMesh) when used in conjunction with other BreadCrumb devices. This portable wireless mesh network node supports an open-standard IEEE 802.11 b/g radio with up to two antennas to enable data, voice and video applications and requires only a single switch to operate. A military version of ME2 device will supports FIPS 140-2.
More information
The Rajant BreadCrumb XL is a rugged pair of wireless transmitter-receivers that form a mesh network (using InstaMesh) when used in conjunction with other BreadCrumb devices. This portable wireless mesh network node supports open-standard IEEE 802.11 protocols to enable data, voice and video applications. This portable unit includes two (2) radios and requires only a single switch to operate.
More information
The Rajant BreadCrumb XLE is a rugged pair of wireless transmitter-receivers that form a mesh network (using InstaMesh) when used in conjunction with other BreadCrumb devices. The XLE includes an integrated video CODEC and external BNC connector for video. This portable wireless mesh network node supports open-standard IEEE 802.11 protocols to enable data, voice and video applications. This portable unit includes two (2) radios and requires only a single switch to operate.
More information
The Rajant BreadCrumb XLV is a rugged pair of wireless transmitter-receivers that form a mesh network (using InstaMesh) when used in conjunction with other BreadCrumb devices. This portable wireless mesh network node is specifically designed for vehicle use and can accept unfiltered power in the range of 6 to 40 volts DC. The XLV supports open-standard IEEE 802.11 protocols to enable data, voice and video applications. This portable unit includes two (2) radios and requires only a single switch to operate.
More information
The Rajant BreadCrumb XLR is a rack mountable pair of wireless transmitter-receivers that form a mesh network (using InstaMesh) when used in conjunction with other BreadCrumb devices. This portable wireless mesh network node is specifically designed for rack mounting and can accept unfiltered power in the range of 6 to 40 volts DC. The XLR supports open-standard IEEE 802.11 protocols to enable data, voice and video applications. This rack mountable unit includes two (2) radios and requires only a single switch to operate.
More information
Palo Alto Networks' next-generation firewalls enable enterprises to see and control applications, users, and content - not just ports, IP addresses, and packets - using three unique identification technologies: App-ID, User-ID, and Content-ID.
More information
Becrypt DISK Protect full disk encryption is Becrypt’s Data at Rest solution to secure an organisation’s data, whether on desktops or laptop PCs. With greater amounts of data being stored on PCs the risks and impacts of data loss increase. DISK Protect ensures that all data is safely encrypted, with no change in performance to the user.
More information
PDA Protect is the most comprehensive and secure pda encryption product available for Personal Digital Assistants (PDAs). PDA Protect is a pda encryption software solution that secures a PDA by encrypting its removable memory, enforcing strong user authentication, restricting data transfer, and optionally preventing the use of high-risk features, allowing an enterprise to impose controls on PDA use. PDA Protect 4.1 pda encryption software provides support for the Microsoft Windows Mobile 5.0 operating system. This includes compatibility with the Windows messaging pack that supports Direct Push email.
More information
The threat of data loss incidents is highest when your data is being moved outside of the physical boundary of the organisation. CDs and USB sticks containing critical data without file encryption can easily be mislaid or stolen, exposing the organisation to potentially damaging data loss incidents.
More information
Becrypt Enterprise Manager is a security management suite that leverages open standards for the centralised management of scalable, approved data security solutions and device encryption. Combining comprehensive assurance for end-point and infrastructure. Enterprise Manager allows for device encryption and total data secutiy and offers low cost-of-ownership through a simplified management console.
More information
AEP Net is an independently assured encryptor that protects IP traffic across networks. AEP Net provides both data confidentiality and source authentication for network traffic enabling high confidence Virtual Private Network (VPN) communications. AEP's solution has a proven track record of protecting National and International classified networks.
More information
The AEP Net Remote extends the security, functions and features of AEP Net into the remote access domain. Like its big brother the AEP Net Remote provides both data confidentiality and source authentication for IP network traffic.
More information
Historically, in order to enjoy the security benefits of an advanced device control solution, System Center customers would have to deploy a secondary infrastructure (server, console, agents) and incur the delays, disruption, and costs associated with implementing a solution from scratch. Now System Center customers can easily enforce device/port control and data encryption policies without requiring new infrastructure and without additional administration overhead.
More information
Trend Micro Email Encryption Gateway provides policy-based encryption to protect intellectual property and to help achieve regulatory compliance. Enterprise gateway encryption augments email security by providing policy-based encryption and integration with messaging security infrastructure.
More information
Trend Micro Email Encryption efficiently secures email delivered to anyone with an email address. Client-based encryption allows the end user to select which emails should be encrypted by merely clicking a button on the desktop.
More information
The Simple Encryption Platform is based on the notion that no company wishes to purchase the full 'suite' of functionality at any given time. With the SEP Platform installed, you choose when and if you deploy a module, such as File/Folder, or Email encryption.
More information
Keep your data confidential and your employees safe while interacting with rich Internet content. Trend Micro Enterprise Security for Gateways integrates virtualized web and messaging gateway security - proven to maximise protection while minimising complexity and lowering total cost up to 40 percent.
More information
Trend Micro Mobile Security protects smartphones and PDAs from data loss, infections, and attacks from a central enterprise console that can also manage desktop protection. Encryption and authentication defends data integrity on lost or stolen devices. The anti-malware features block viruses, worms, Trojans, and SMS text message spam. Built-in firewall and IDS protects against hackers, intrusions, and denial-of-service attacks - potential threats to the increasing number of Wi-Fi-enabled mobile devices.
More information
Small to mid-sized businesses don't need to pay high prices for powerful email security. WatchGuard XCS 170, 370 and 570 Appliances are affordable, complete email security solutions that defend against inbound threats including viruses, spam, blended threats, phishing, spyware and network attacks. Block 98% of unwanted traffic at the perimeter and boost your email security and performance without breaking the bank.
More information
Designed with the most demanding messaging networks in mind, WatchGuard XCS 770, 970 and 1170 Extensible Content Security Appliances are easy-to-use, enterprise-class email security, privacy and compliance solutions that protect against inbound threats and control outbound information to prevent data loss. They offer the most effective enterprise-class messaging security solution for protection from spam, viruses, malware, blended threats, spyware, phishing, and network attacks, as well as automated content security of outbound communications to prevent data leakage across email and web.
More information
The 3e-636S-2 Inline Encryptor contains a FIPS 140-2 Level 2 compliant 3e- 636S-1 module which is intended to provide inline encryption and per-packet data integrity.
More information
Venafi Encryption Director is an enterprise-wide encryption management system that centralises and automates the management of encryption assets (keys and certificates) throughout the IT infrastructure, across diverse encryption systems, operating environments and applications.
More information
Encryption Related Product Families
Voltage Security, Inc., an enterprise security company, is the global leader in information encryption. Voltage solutions, based on next generation cryptography, provide encryption that just works for protecting valuable, regulated and sensitive information persistently and based on policy. Voltage delivers power, simplicity and the lowest total cost of ownership in the industry through the use of award-winning Voltage Identity-Based Encryption™ (IBE).
More information
Becrypt provides market leading data security, media encryption, disk encryption software and remote access products that can be configured to the individual needs of your organisation.
More information
Venafi solutions are used to manage mission-critical encryption systems at some of the world's most prestigious organisations in industries, including financial services, insurance, high tech, telecommunications, government, airline, aerospace, healthcare, food services and retail.
More information
Encryption Related Industry News
Appliances, standards boost WLAN security When we looked at wireless LAN security last October in a previous Roundup, we painted a fairly bleak picture. At that time, virtual private networks (VPNs) were the best way to fix the well-known vulnerabilities in the Wireless Encryption Protocol (WEP), which guards most wireless LANs. But VPNs cost as much as $1,500 per wireless access point (AP) and often forced you to lock yourself into one vendor's gear.
Since then, we've seen progress on both......
[more] Ten steps to low-cost wireless LAN security Let me guess: Despite your best efforts to stop them, users are hooking low-cost 802.11b (Wi-Fi) access points (APs) to the corporate network. And, despite your best efforts, your CFO has zero interest in buying the tools you really need to secure these wireless LANs.
Here, then, are some relatively simple, low-cost ways to boost the security of your wireless LANs. They're not perfect, but they do provide at least a first line of defense. And if a......
[more] BT says: Protect your network from professional hackers It's not just the warchalkers you need to worry about... BT Openworld has this week thrown its weight behind the fight against 'Warchalking' - the practice of scrawling chalk marks on the outside of buildings with Wi-Fi networks to encourage passers by to surf on companies' unprotected bandwidth.
However, the UK ISP has warned that it's not just bandwidth pirates you need to worry about. Warchalkers have also drawn attention to the very......
[more] '$1m hacking challenge' product is flawed AlphaShield's "unhackable" consumer security device isn't unhackable, Spanish white hat hackers claim.
In a post to BugTraq, Infohacking.com reports that AlphaShield's appliances are prone to a flaw that could allow a cracker to inject packets into an established session. Potentially, this compromises the security of the device.
Infohacking.com recently evaluated the AlphaShield device. Faced with little technical information it took AlphaShield......
[more] Wireless PDAs and Smartphones: A Hacker's Heaven A real security threat is looming with wireless PDAs , WiFi devices and smartphones . These are the electronic marvels that are pushing the goal of wireless telecommunications to new limits. Industry watchers report that people are dropping their older PDAs like hot potatoes and snapping up the latest generation of wireless devices like crazy. The new PDAs and smartphones can receive e-mail and text messages just like desktop and laptop computers......
[more] Getting a grip on WLAN futures The wireless LAN world is a pretty bad offender when it comes to Alphabet Soup, what with 802.11b preceding 802.11a, and neither being the same type of thing as 802.11e*. So it was useful to hear Jan Haagh, a senior product manager in Proxim's WLAN division, talk through some of latest acronyms.
One to watch out for is WPA, or WiFi Protected Access. This will replace the original WEP wireless security standard, which turned out to be not very secure after all.......
[more] The Wireless-Security Balancing Act If you choose an EAP that doesn't gain de facto standard status, the access point will be to other EAP clients what a two-hole electrical outlet is to three-pronged plugs. Wireless LANs have been billed as the great security wasteland. But thanks to the 802.11b Wi-Fi community's frenetic activity in the last year, an abundance of good security choices now exist, with more on the way.
Wi-Fi security efforts have focused on encryption and authentication, wi......
[more] City sees the benefits of wireless networks Survey shows more businesses are convinced but security is still lax The third annual Wireless Security Survey of London has highlighted a significant increase in the use of wireless networks by businesses.
In the two years since the survey was first undertaken, the number of wireless networks used in the City has increased from 124 in 2001, to 328 in 2002 and 1078 in 2003.
The benefits of the technology appear to have convinced companies, and th......
[more] Wi-fi networks step up security The security of wireless networks used by businesses in London has improved significantly over the last 12 months, says a survey RSA Security found that 66% of the networks surveyed use the encryption system built-in to the wi-fi standard to help them prevent unauthorised access.
This is a big change since the last survey which found that only 37% had the security system turned on.
Despite this improvement, RSA said many firms were still making basic mista......
[more] Opportunities for Wi-Fi hackers on the increase London home to rogue access points IT managers are catching up to the dangers of Wi-Fi, but opportunities for drive-by hackers in London may actually be increasing. New wireless LANs are popping up very fast, and many of them are insecure 'rogue' access points.
This year, only two-thirds of the City's Wi-Fi networks have WEP (wired equivalent privacy), the basic Wi-Fi security standard turned on. That's not a great record, but it is better than l......
[more] Is the Superworm a Mere Myth? Terrorists are not using superworms and other network attacks because they don't reach their target that way," Mikko Hyppönen, director of antivirus research at Finland-based F-Secure, told TechNewsWorld. "Terrorists want to cause fear and panic. You still cause more fear and panic by killing people than by taking down Web sites If one thing is definite about Internet security and worm attacks, say experts, it is that cyber attacks are on the rise in 2004.
Conside......
[more] Vernier WLAN System 'Best Wireless LAN Solution' of 2004 The Vernier gateway IS 6500p wireless local area networks (WLAN) Integrated System earned Technology of the Year Recognition from InfoWorld Magazine. Flexible management and unparalleled scalability earned the wireless local area networks solution the ‘Best Wireless LAN Solution’ 2004 award. Vernier Networks(TM), the leader in secure managed access for the enterprise wireless local area networks (WLAN), announces that the Vernier gateway I......
[more] Is the Superworm a Mere Myth? If one thing is definite about Internet security and worm attacks, say experts, it is that cyber attacks are on the rise in 2004.
Consider the worldwide effect of highly publicized worms like last year's SoBig series and the recent Sinit Trojan and MyDoom outbreaks. Given the potency of some of these worms, security experts are bracing for what some say is an inevitable attack aimed at certain geographically based IP blocks, like those associated with the United......
[more] Security Still Reigns as Wireless 'Weakest Link' The flexibility of being virtually anywhere is the draw of wireless networks, but the back end of that benefit is the need for security. Although companies are tightening the security of Windows-based servers, they face some unknown risks when corporate data takes to the streets. After all, wireless Internet connectivity on notebook computers and PDAs carries all of the risks seen within corporate walls, but the dangers are magnified when security......
[more] F-Secure Antivirus Sales Record High During The Last Quarter of 2003 F-Secure reported revenues of 10.8 million euros for the 4th quarter of 2003 and 39.0m for the full year. The operating result was EUR 1.3 million positive for the fourth quarter. For the full year of 2003 the operating result was EUR 1.5 million positive and Profit Before Tax 4.3 m positive. The antivirus sales were record high and revenues increased by 40% in Q4 and by 21% in 2003. The good progress was due to positive develo......
[more] Is security getting any easier? Although governments and companies appear to be making significant headway on many security problems, don't expect headaches like spam to disappear anytime soon, according to security experts. Human error, combined with the increasing technical sophistication of malicious hackers, creates a situation in which security, ultimately, can never be perfect, security specialists on the cryptographer's panel at the RSA Conference here said Tuesday.
Invariably, indiv......
[more] Will IM be the next security culprit? Might instant messaging become the next preferred propagation method for computer worms and viruses? It's not such a remote prospect. The past year has witnessed the rise of several high-impact worms and viruses that shared three common transmission media: e-mail, network scanning or file sharing. While good patch policies and strong security postures minimized massive infections, a few attacks invariably slipped through the cracks and caused network havoc.......
[more] Row over how to junk spam Microsoft is proposing to stop spam by checking that messages are being sent by the person they claim to come from. The Caller-ID for e-mail idea is one of several proposals floated as a way to stem the rising tide of junk mail.
The internet's engineering body has set up an emergency meeting to sift through the different proposals and draw up a network-wide solution.
But some fear the competing proposals could cause confusion and spell the end of some widely-use......
[more] The Net Has An 'Insecurity' Complex RSA's second annual assessment of online security leaves little doubt that corporations have a long way to go. "Frustration" can pretty much sum up the feeling of Internet users in 2003 as the IT sector scrambled to thwart a barrage of hacks, attacks and flaws that compromised networked computers around the globe.
According to online encryption firm RSA Security, the outlook for easing those frustrations in 2004 is not very encouraging.
As part of its......
[more] Five new Bagles spreading Five new variants of the Bagle worm were released into the wild over the weekend, with two causing particular problems for enterprise antivirus software scanner technology, say experts Bagle versions C, D, E, F and G started propagating over the weekend and although the first three are very similar to the original Bagle--being spread through e-mail and infecting PCs of users who open the attachment--Bagle.F and Bagle.G are designed to slip past most enterprise antivirus......
[more] Firms Look to Limit Liability for Online Security Breaches In the face of ongoing attacks by computer hackers, some companies that store their customers' personal data are adopting a new defensive tactic: If your information is stolen, they're not legally responsible.
Across the Internet, retailers and other service providers that handle consumer transactions are requiring customers to sign agreements waiving any right to sue the companies if the businesses are hacked, regardless of how secu......
[more] Technology solution to slicing spam lags Lawsuits filed by some of the Web's biggest players against junk e-mailers have portrayed an industry united in the war against spam--but there are few signs of collaboration in developing technology standards that could be more effective in slowing the deluge. America Online, EarthLink, Microsoft and Yahoo scored a major publicity coup earlier this month, when they launched their first joint legal assault against spammers. The suits claim that hundreds......
[more] China wireless policy a "concern" The United States said China's attempt to impose its own technical security standard for wireless computer chips was "a matter of grave concern" that could result in a complaint to the WTO.
The US Trade Representative's Office, in a report on global barriers to trade, weighed in on the dispute, which is expected to shut US-based Intel out of the Chinese market for the fast-growing wireless data network technology.
Intel has said it would not comply with th......
[more] Universities, research centers retrench after hacks Academic supercomputing labs continue to clean up Linux and Solaris servers targeted by unknown attackers over the last month, as law enforcement officials investigate the crimes. The attacks compromised servers at several supercomputing labs and universities, including the San Diego Supercomputing Center, the National Center for Supercomputing Applications and Stanford University. While the attacker, or group of attackers, had access to many......
[more] How Secure Is Your Handheld? Your PDA may be more vulnerable than you realize, but protection is available. The number one threat to the sensitive data stored on your PDA or smart phone remains physically losing the device, but other threats are looming on the handheld horizon.
"When you send a defective PDA to the manufacturer for tech support, they usually give you a new one and then resell the old one," says John Girard, vice president and research director at Gartner. "Buying dead machin......
[more] China Downplays Wireless Security Delay The Chinese government downplayed Thursday a decision to delay adoption of new security standards for wireless communications as part of a key trade deal.
U.S. manufacturers had complained the new standards for wireless phone and computer transmissions would unfairly disadvantage them, and, in a broad trade agreement announced Wednesday with the United States, China said it temporarily would hold off on instituting any changes.
Chinese officials d......
[more] 'Blaster-type event' forecast for summer Source code has been released that makes it easy to control PCs without critical Windows patches Program files designed to exploit two major vulnerabilities in Microsoft software are being used to attack computers, but security experts worry that worse -- such as an MSBlast-type worm -- could be ahead.
The warning comes after several security programmers released source code that makes it easy for an attacker to take control of any Windows computer th......
[more] THE A to Z of wireless terms and technologies Everything you need to know about Wireless Jargon 802.11a
54Mbps wireless Ethernet operating in the 5GHz band.
802.11b
The industry standard 11Mbps wireless Ethernet operating at 2.4GHz.
802.11e
Defines quality-of-service for wireless local area networks, to support voice-over IP for example.
802.11g
Successor to 802.11b, providing up to 54Mbps over the same 2.4GHz spectrum used by 802.11b.
802.11h
A supplement to 802.11a to ensure t......
[more] Don't let e-mail be your Achilles' heel Throwing money at a problem doesn't guarantee that it will go away. Sometimes the answer is to throw around a little common sense.
At the recent Enterprise Messaging Decisions 2004 conference, Kevin Beaver, founder and principal at Kennesaw, Ga.-based Principle Logic LLC, offered some plain-spoken advice to IT professionals on how to protect against messaging-system vulnerabilities without busting their budgets.
Beaver discussed common mistakes th......
[more] Secure E-Mail Specs Could Merge Microsoft meets with SPF author to craft a technology standard. After submitting its Caller ID e-mail authentication specification to a standards body, Microsoft is discussing merging its spec with another, called Sender Policy Framework, or SPF.
E-mail experts from Microsoft will spend a weekend meeting with SPF author Meng Weng Wong of Pobox.com, looking for ways to merge the closely-related Caller ID and SPF standards, according to Wong.
"Basically, we'......
[more] F5 Networks Makes $29M Security Splash With eyes fixed on the red-hot application security market, Seattle-based F5 Networks (Quote, Chart) will shell out $29 million in cash to acquire firewall specialist MagniFire WebSystems and fold it into a newly created security business unit.
F5 Networks, which markets server appliances to handle load balancing, said the new business unit will handle research and development, marketing, sales and services in the application security market.
The M......
[more] Backdoor program gets backdoored The author of a free Trojan horse program favored by amateur computer intruders found himself with some explaining to do to the underground last month, after his users discovered he'd slipped a secret backdoor password into his popular malware, potentially allowing him to re-hack compromised hosts.
The program in question is Optix Pro (Backdoor.OptixPro.12), a full-featured backdoor that allows an intruder to easily control a compromised Windows machine remo......
[more] Wardriving for WLAN security The 4th Annual Worldwide Wardrive (WWWD) is under way this week, with volunteers scanning the airwaves in a neighborhood near you for wireless LAN access points.
This year's WLAN discovery effort began June 12 and runs through June 19.
The WWWD is organized by a mixed group of security professionals and hobbyists who cruise areas to document the location of access points and how many of them have even minimal security. The goal is to boost awareness of the n......
[more] Father of the internet says email ID will cure spam If your name's not down, you're not coming in… Making mass emailers identifiable is the first step toward curing the epidemic of spam, said Vint Cerf, one of the architects of the internet.
Cerf, who co-created the TCP/IP (Transmission Control Protocol/Internet Protocol) of the internet and now works as chief corporate strategist for MCI, delivered opening remarks at the first inaugural Email Technology Conference.
The chief topic of de......
[more] ISPs Gang Up on Spammers Even unwitting spammers could lose Internet access under tough proposal. An industry organization representing heavyweight e-mail providers Yahoo, Microsoft, America Online, and EarthLink have teamed on recommendations for ending spam, including cutting off the senders' Internet access.
A Statement of Intent, released Tuesday by the Anti-Spam Technical Alliance (ASTA), lists suggestions and "best practice" recommendations for ISPs, e-mail service providers, governmen......
[more] Wireless security must improve in Europe Around 34% of businesses in London, Paris, Frankfurt and Milan are still leaving their wireless networks open to attack, according to the latest survey commissioned by RSA Security. Many install the networks without changing risky default settings.
The survey also recorded explosive growth in the number of wireless networks across the four financial centres, with the number in London rising 770% since 2001.
Wireless networks – also known as Wi-Fi......
[more] Stronger WLAN security standard approved The IEEE 802.11i specification, the latest set of rules to bolster security on wireless LANs, has received final approval, according to a co-author of the standard.
The IEEE 802.11i subcommittee signed off on the standard Thursday, according to a statement from Trapeze Networks that was attributed to Dan Harkins, a software engineer at the Pleasanton, Calif., WLAN equipment vendor. Harkins was a co-author of several portions of the specification.......
[more] Experts predict Wi-Fi explosion
Now that 802.11i is an official IEEE standard, paving the way for more secure Wi-Fi products, industry experts predict the business community's interest in the technology will skyrocket in the next year or two.
Frank Hanzlik, managing director of the Austin-based Wi-Fi Alliance, said the next step comes in September. That's when his group will start certifying products with WPA2, an update of Wi-Fi Protected Access, which the alliance introduced last year as......
[more] Security concerns still plague wireless take-up Wireless has many benefits, provided companies minimise the risks and rein in ad hoc networks 'Be afraid, be very afraid' is the attitude of many companies when faced with the prospect of using a wireless network.
Because wireless is about broadcasting data that often goes beyond company perimeters, businesses worry that it won't be secure enough. And who can blame them, with a regular stream of surveys highlighting gaping security holes?
Secur......
[more] Bulk mailer faces criminal charges A bulk e-mailer in Florida has been charged with electronically breaking into a massive data warehouse and stealing gigabytes of personal information on Americans, federal prosecutors said Wednesday. Scott Levine, 45, of Boca Raton was indicted by a federal grand jury in Arkansas for allegedly breaking into Acxiom's servers and downloading 8.2 gigabytes of data in what the U.S. Justice Department called one of "the largest cases of intrusion of personal data t......
[more] Wireless Laptops At Democratic Convention Pose Big Risk Next week, thousands will gather in Boston for the Democratic National Convention, many of them armed with wireless-enabled laptops that could present major security problems, a Boston-area firm said Thursday.
Although the convention itself will rely on a wired network, there are hundreds of unsecured wireless access points and cards around and about the FleetCenter, home to the convention, according to tests done by Newbury Networks, a......
[more] Norwegian hacker takes a bite out of Apple's iTunes The Norwegian hacker who broke the DeCSS DVD encryption has now cracked Apple's AirPort technology, which encrypts music sent between iTunes and wireless base stations Jon Lech Johansen, the Norwegian hacker famous for cracking DVD encryption, has cracked Apple AirPort Express.
Johansen has revealed the public key that Apple AirPort Express, a wireless networking protocol, uses to encrypt music sent between iTunes and a wireless base station.......
[more] Intel formally introduces tri-mode Wi-Fi chip Processor supports 802.11a, b and g As expected, Intel introduced its tri-mode wireless chip Thursday with several software enhancements to the product to help improve security and reliability, it said during a Webcast.
The Intel Pro/Wireless 2915ABG Network Connection allows laptops based on Intel's Centrino platform to connect to the three most commonly used wireless networks found in enterprises and homes. The first notebooks with the chip will b......
[more] Wi-fi nets get security makeover The security systems built into wireless networks have had an overhaul. The update uses stronger encryption and does a better job of letting only authorised users join wireless nets.
The improvements have been made to re-assure businesses that wi-fi networks can be made safe enough to be really useful and widely deployed.
However, with a lot of older, insecure wireless technology already installed, it could be a while before all networks are upgraded and mad......
[more] First Wi-Fi products get security certificate The Wi-Fi Alliance got its next certification programme off to a flying start, issuing WPA2 badges to a bunch of products that comply with the 802.11i security specification. The Alliance is readying other programmes for quality of service and the 802.11n fast Wi-Fi standard due next year.
The WPA2 certified products include generic designs from Atheros Communications and Broadcom, so customers can expect to buy products with the badges on by the en......
[more] First 'warspamming' case reaches court A landmark case in America could establish that spammers really do take advantage of insecure wireless networks A US citizen is thought to have become the first person to be accused of hacking a wireless network in order to send spam.
Nicholas Tombros, 37, is charged under the US CAN-SPAM act, which aims to clamp down on unsolicited junk mail. Prosecutors allege that Tombros used a laptop to sniff out insecure residential wireless access points in a Los An......
[more] Wireless security risk highlighted in student project New Zealand wireless network users might be exposing themselves to an invasion. With the growing use of wireless networking technology comes an increasing opportunity for security breaches if people don’t put precautionary measures in place.
An informal survey of homes and businesses in Palmerston North that identified 176 wireless networks found only about a quarter had security measures in place. “I was really surprised,” says fourth-yea......
[more] 802.11i: The next big thing The IEEE standard called Robust Security Networking is a force to be reckoned with. As an amendment to the original 802.11 WLAN standard, 802.11i replaces the original meager 10-page WEP discussion with more than 200 pages of detailed protocol on how to lock unwanted users out of your wireless network.
Approved in July, 802.11i products have started to appear in the market. Even though we received our test equipment before the final draft of the standard was ratifi......
[more] Gaps remain in Wi-Fi security Sadly the new WPA2 security spec won't make your wireless LAN invulnerable Here's some good news - the Wi-Fi Protected Access 2 (WPA2) spec is finally with us, and the Wi-Fi Alliance has begun certifying compliant products. "Hurrah," I hear you shout, "finally we can have secure wireless networks."
Now the bad news; starting with the fact that WPA2 is not so much a standard as an interoperability stamp for wireless encryption and authentication technologies conform......
[more] Some WLANs open to dictionary attack A dictionary attack tool designed to exploit a weakness the Wi-Fi Protected Access security for wireless LANs has been published on the Web.
The software, called WPA Cracker, exploits one option that can be used in WPA, usually in consumer applications or residential WLANs: a pre-shared encryption key. This key is simpler to use and deploy than using the more complex 802.1x for authentication.
With the pre-shared key, a common shared pass phrase is set f......
[more] WLAN Security Adoption Still Trailing Despite Widespread Use of Wireless in the Workplace Around 70 percent of British organisations are either already using or planning to use wireless connectivity as part of everyday business. Yet security remains top of the list when it comes to wireless networking concerns, with more than a third of companies admitting that they would have no way of knowing if their wireless security measures were breached. These are some of the main findings of an independ......
[more] Google Stumbles With New Desktop Tool Google wants to help you effectively access the piles of information you store in the documents, e-mail messages, Web pages, and contact lists stuffed on your PC. And who better to help you than the most popular search engine on the Net, right? Not so fast.
Though it lacks a few features, the beta version of Google Desktop Search does give the same satisfying results for your PC that Google.com provides for the Web. But as it's designed now, GDS also deliv......
[more] A guide to proactive network security Behind our daily barrage of hacker attacks, announcements of new viruses and worms, and frequent risk of downtime is an opportunity. This is your opportunity to step away from the noise, for a moment, and take steps to build a more proactive network security model for your organization.
Countermeasures like firewalls or anti-anything (antivirus, anti-spam, anti-spyware, etc.) are all reactive security tools. They are necessary countermeasures and a part of......
[more] Security is just a mouse click away Next time an e-card with a jolly message drops into your computer's inbox, think before you click it open – it could be a virus which will implant itself in your machine and spread before you even realise it.
Computer users across the world are struggling against a rising tide of viruses and spam which corrupt data, slow down or take over systems and fill inboxes with junk. Viruses are mutating and spreading so fast that anti-virus software cannot keep up.......
[more] Police granted powers to install spyware and Trojans The Australian police have been given the power to install spyware and Trojans on suspected criminals' computers under the new Surveillance Devices Act. The Surveillance Devices Act allows both Federal and State police to use keylogging and tracking software when investigating Commonwealth offences that carry a maximum sentence of three years, according to the Sydney Morning Herald.
Neil Campbell, the national security manager of IT services......
[more] Airwave hackers spark computer alert Almost two-thirds of wireless computers installed in offices, homes and public buildings have no basic security safeguards and can be snooped on by amateur hackers, according to a Sunday Times investigation.
The lack of protection means that e-mails and sensitive computer files can be accessed by hackers using little more than a laptop and an antenna.
The revelation has sparked concern among the police and will come as a shock to tens of thousands of......
[more] Access all areas Doubts about security have long discouraged many firms from deploying mobile computing. But wireless technology has moved on When many companies find it hard enough to control the IT use of office-based employees, how do you convince them that giving staff remote access is a good idea?
This is the dilemma that faces all notebook, wireless networking and remote-management software manufacturers and resellers. There are a lot of variables to consider. The process of providing a m......
[more] Wi-Fi Alliance to Promote WLAN Security The Wi-Fi alliance will use its pull in the industry to improve security measures in wireless LAN hardware over the next year.
The Austin, Texas, trade organization, which confers the right to use the Wi-Fi label on hardware, plans to increase encryption requirements for certification. But members of the security task groups within the alliance stress that the onus of WLAN security still lies with the customer.
Last fall, the group quietly made support......
[more] Why standards are important for wireless security Industry standards play a critical role in R&D, product development and marketing initiatives which in turn help organizations meet their business objectives. Standards simplify product development and reduce non-value-adding costs, thereby increasing a user's ability to compare competing products. Standards also represent fundamental building blocks for international trade and communications.
Successful businesses benefit from standards both......
[more] Microsoft Warns of New Security Threat System monitoring programs, called rootkits, may pose a serious danger to your PC. Microsoft security researchers are warning about a new generation of powerful system monitoring programs, or "rootkits," that are almost impossible to detect using current security products and that could pose a serious risk to corporations and individuals.
The researchers discussed the growing threat posed by kernel root kits at a session at the RSA Security Conference in S......
[more] MS and security: good effort but no cigar Last week I watched the webcast of Bill Gates speaking at the RSA conference in San Francisco. He talked about Microsoft's plans to build upon the progress it's already made in security. These plans included better protection against spyware and spam. Gates also announced Microsoft's intention to release Internet Explorer 7, complete with a number of security improvements, by the end of this year.
Looking back, the company has indeed made notable progr......
[more] AirMagnet to complete a comprehensive Wireless solution for the US Government AirMagnet, Inc., announced today its participation in iGov's one-of-a-kind, turnkey, secure wireless networking solution that ensures interoperability among multiple wireless technologies and the wired network. iGov's new comprehensive solution, iSolutions for Wireless, combines sales, marketing, and engineering resources from 10 partners, including AirMagnet, that iGov has identified as industry leaders within the Fe......
[more] Wireless security still lax Report finds 36 per cent of the City's wireless networks left open to attack More than a third of businesses using wireless networks in the City of London are overlooking basic security, leaving themselves exposed to drive-by hackers.
The fourth annual Wireless Security Survey of London shows the number of wireless local area networks (WLans) increased by 62 per cent in 2004, with access points rising from 1,078 to 1,751.
But the research, conducted by security spec......
[more] Handheld Security Too Expensive For Enterprise? If your enterprise relies on PDAs and smartphones to get business done, you may be paying too much to secure it, according to a report issued Monday.
An analyst at IT research firm Burton Group found that the cost of a complete set of security products (antivirus, VPN, device security and management) can be higher than the cost of the device itself.
In his research report, "Handheld Device Security," Eric Maiwald surveyed the market of busines......
[more] CyberGuard Provides Ten Tips for Corporations to Protect Customer Information from Identity Theft In the wake of the increasing cases of identity theft, Paul Henry, a leading security industry expert and Senior Vice President with CyberGuard Corporation, has developed ten recommended tips for corporate IT managers and Security Officers to protect customer information from identity theft. Mr. Henry has served as an expert commentator for a variety of media outlets, including NBC Nightly News, CN......
[more] Microsoft finally acknowledges wi-fi security standard Year's delay - but Window XP supports WPA2 Microsoft has released native support for the IEEE 802.11i wireless security specification in Windows XP and its variants, nearly a year after the standard's ratification. The update, made available on Friday, gives Windows compatibility with WPA2 - the certification based on 802.11i - as well as a standard designed to help laptops connect to secure public hotspots.
The Wi-Fi Alliance's WPA2 is de......
[more] Dutch hacker love-in faces the chop A distinguished hackers' gathering scheduled to take place in July faces a ban by the local municipality. The mayor of Boxtel, in the Netherlands, cites "fear of breaches of law and order and danger to public safety". The organisers of What the Hack have been told they now need a permit for the event to happen.
Organiser Rop Gonggrijp, co-founder of the first ever Dutch Internet provider XS4ALL and former editor-in-chief of the 1980's hacker magazine Hack-Ti......
[more] Miscreants encrypt files, hold them for ransom In a new type of online attack, extortionists remotely encrypt user files and then demand money for the key to decode the information. In a case documented by San Diego-based Web security company Websense, the attack occurs after a user visits a Web site containing code that exploits a known flaw in Microsoft's Internet Explorer Web browser. The flaw is used to download and run a malicious program that in turn downloads an application that encrypts......
[more] How safe is your wireless network? Last week's security seminar in Croke Park kicked off with a nod to nostalgia: things used to be much simpler. The sentiment is certainly true for wireless networking. Eoghan Johnson, Irish sales manager for conference organiser Global Secure Systems (GSS), remarked 10 years ago networks were self-contained. Now, as wireless networks become more prevalent, they carry an additional security overhead.
Johnson introduced the results of a recent survey conducted......
[more] Citibank admits: we've lost the backup tape The retail finance division of Citigroup has admitted that a backup tape containing personal information on almost 4 million customers has gone missing. The United Parcel Service lost the tape on May, and it hasn't been seen since. CitiFinancial only noticed the tape was missing on May 20. The tape contains Social Security numbers and transaction histories on both open and closed accounts at the bank’s lending branches.
Citigroup says it has no reaso......
[more] Wireless perils are nothing new A short history of security hazards of wireless communications When wireless telephone handsets (ordinary phones useful for short-range wandering around the house and garden, not cellular telephones) were introduced into the home market years ago, teenagers very quickly discovered that it was the handset that controlled connection to the public switched telephone network. In other words, putting the handset down on the cradle or picking it up had nothing to do wit......
[more] Man Charged With Stealing Wi-Fi Signal Police have arrested a man for using someone else's wireless Internet network in one of the first criminal cases involving this fairly common practice.
Benjamin Smith III, 41, faces a pretrial hearing this month following his April arrest on charges of unauthorized access to a computer network, a third-degree felony.
Police say Smith admitted using the Wi-Fi signal from the home of Richard Dinon, who had noticed Smith sitting in an SUV outside Dinon's h......
[more] Caught in a Web of Viruses, Spyware, Hoaxes, Spam, Phishers, Pharmers and Every Other Scam? Online Shopping Still Beats Going to the Mall Research shows that eCommerce trends are moving upward. With so many good security products available and better security awareness, people are taking charge of their online shopping experiences and coming back for more. Consider this scenario for a moment: You are at the mall and standing in line to purchase a few items. As you mindlessly wait your turn and f......
[more] U.K. cops want to attack terrorism Web sites British police want to launch DoS attacks on terrorism sites and to make it an offense to fail to disclose encryption keys. A list of antiterror recommendations from the Association of Chief Police Officers has been handed to Members of Parliament in the wake of the London bombings this month, as the government reviews laws on how to tackle terrorism.
Under the proposals, it would become an offense to fail to disclose encryption keys and to use the......
[more] Wireless hijacking under scrutiny A recent court case, which saw a West London man fined £500 and sentenced to 12 months' conditional discharge for hijacking a wireless broadband connection, has repercussions for almost every user of wi-fi networks. It is believed to be the first case of its kind in the UK, but with an estimated one million wi-fi users around the country, it is unlikely to be the last.
"There are a lot of implications and this could open the floodgates to many more such cases,......
[more] The Case of the Stolen Wi-Fi Whether you're unwittingly sharing your wireless LAN or poaching, be aware of the risks. Benjamin Smith III and Gregory Straszkiewicz both were arrested for allegedly stealing something no one could see, hear, or feel. That thing was valuable enough for victims to press charges in both cases. But the arrests were over something many consumers throw out their windows every day: a Wi-Fi signal.
The idea of a police car roaring down the street to catch a roving "Doom"......
[more] Most Spyware Born in The USA Spyware purveyors are developing and deploying new tactics to deliver infectious malware to corporate PC's faster than IT executives can enlist solutions to block them.
And most of the malicious code is coming from within United States, according to a study released today.
Spurred by the increasing potential for big profits, spyware developers are successfully pushing new tactics at rates that are overwhelming many businesses, according to the "State of Spyware"......
[more] Spammers Add Use of Legitimate Katrina Relief Websites to Growing Arsenal of Tools, Warns SurfControl SurfControl, a world leader in enterprise threat protection, today issued a security advisory to enterprise IT departments and individuals about an alarming rise in unsolicited Spam e-mail messages carrying URLs of legitimate donation websites. SurfControl's Global Threat and Analysis Center believes this is an attempt to condition people to respond to unsolicited e-mail without fear of harm, i......
[more] Microsoft Beefs Up IE 7 Security Microsoft will dump SSL 2.0 encryption in the upcoming Internet Explorer 7 for a stronger security protocol, TLS 1.0, the IE 7 development team has revealed.
The default settings for the HTTPS protocol in IE 7 will be for TLS (Transport Layer Security) 1.0. In the current Internet Explorer, TLS must be enabled by the user, via the Tools/Internet Options/Advanced menu.
IE 7 will also block access to Web sites that offer up a problematical digital certificate.......
[more] AirMagnet Introduces BlueSweep Utility for Bluetooth AirMagnet, Inc., the leader in wireless LAN (WLAN) security and performance solutions, today introduced its BlueSweep software, designed to identify nearby devices with Bluetooth wireless technology and alert users to potential Bluetooth security risks. The AirMagnet software identifies and tracks devices up to 300 feet away and lets users know what their own Bluetooth devices are doing. BlueSweep runs on laptop computers that support Windows......
[more] Sober Virus Clones Taunt AV Vendors A new batch of Sober virus clones has been spammed around the world to seed botnets for malicious use, anti-virus vendors warned Tuesday.
The appearance of the latest threat comes 24 hours after law enforcement authorities in Germany predicted the Sober mutants would appear as e-mail attachments in German or English.
According to F-Secure Corp., an anti-virus vendor based in Finland, at least four new versions of the virus have been detected. All are capabl......
[more] AirMagnet's WLAN analyzer goes remote The latest version of a wireless LAN analyzer from AirMagnet announced Monday, allows remote scanning over any LAN or Internet connection and can run on a Centrino-equipped laptop without a separate Wi-Fi card.
AirMagnet Laptop Analyzer is software that roving network administrators and installers can load on a notebook PC and use to study activity on an enterprise wireless LAN. Among other things, it can detect radio wave interference and security violati......
[more] Police investigate charity credit card data hack Police at Scotland Yard's computer crime squad are investigating the hacking of a UK charity website that has resulted in the theft of almost 3,000 credit card details.
Hackers breached the security of the Aid to the Church in Need website on Sunday 27 November and stole the credit card details, names and addresses of 2,800 charity donors held on the system.
The fraudsters have already used the stolen credit card details and have even telephone......
[more] Hackers snatch users' info from online store 'Your money or your data' A maker of popular role-playing games was forced to shut down its online store for four days after hackers pilfered email addresses, user names and encrypted passwords.
White Wolf Publishing, creator of video and table-top games such as World of Darkness and Vampire: The Requiem, received a message from an "international group of hackers" on 11 December saying they had penetrated the company's online security defence, said a......
[more] Idealstor Launches Ibac 3.0 Idealstor, a leading manufacturer of removable disk-to-disk backup solutions, has announced that Ibac 3.0, a new version of its data protection software, is now available to customers. Ibac 3.0 introduces target folder encryption and Idealstor’s Quick System Recovery (QSR) disk.
Protecting sensitive information from prying eyes even after it has been backed up has become increasingly important. Encryption is increasingly recommended and may eventually be mandated a......
[more] Idealstor Bolsters Encryption for Disk Backup Idealstor is introducing new encryption and system restore capabilities to coincide with the company's upgraded Ibac 3.0 removable disk-to-disk backup appliance.
Currently shipping, the new version of Ibac marks the debut of Idealstor's target folder encryption and QSR (Quick System Recovery) disk options.
Target folder encryption allows administrators to choose specific data which is to be encrypted using 128-bit DESX or Triple-DES encryption t......
[more] IPsec dead by 2008, says Gartner The IPsec protocol that has served remote access so well for the last decade is now in its death throes, Gartner has prophesised.
In a new report, it predicted that by 2008, the use of IPsec will have been swept away by its younger technological rival, SSL, for much of the market. By that year, two-thirds of teleworking remote access employees - and 90 percent of casual access users - will have adopted SSL.
In the last three years, SSL has attracted three mill......
[more] Is Your Laptop Connecting to a Malicious Wi-Fi Network? Microsoft downplays Windows Wi-Fi 'anomaly' reported this week. Exploiting a design flaw in Windows XP and Windows 2003 systems with built-in wireless capabilities, hackers could lure Wi-Fi users into connecting to malicious wireless networks, according to Microsoft, which recently completed an investigation of the issue.
Mark Loveless, a senior researcher at Vernier Networks in Mountain View, California, raised questions about the flaw la......
[more] Security fears over London's blanket Wi-Fi Security company McAfee on Tuesday raised security concerns over the City of London's plan to install a Wi-Fi network throughout the Square Mile. The system will be constructed by The Cloud, and should give most of The City's workers always-on wireless access within six months.The Wi-Fi network will be installed in existing street furniture including lamp posts and street signs, and will "allow City workers and visitors with Wi-Fi enabled devices......
[more] Convicted data thief gets eight years A bulk e-mailer who looted more than a billion records with personal information from a data warehouse has been sentenced to eight years in prison, federal prosecutors said Wednesday. Scott Levine, 46, was sentenced by a federal judge in Little Rock, Ark., after being found guilty of breaking into Acxiom's servers and downloading gigabytes of data in what the U.S. Justice Department calls one of the largest data heists to date. Acxiom, based in Little Rock,......
[more] IT warned against Skype hype A new report has warned businesses to take security into account before deciding to allow the Skype VoIP service to run free on a company network.Debunking the Hype About Skype, from the Butler Group, agrees that the service can cut long-distance calling charges for many businesses, but only at expense of messing with security policies.Security issues include the difficulty of managing the application from a central point, and the fact that call encryption makes it......
[more] SurfControl Enables Detection and Control Over Unauthorized Skype Implementations SurfControl, the world leader in Internet content protection, today announced its ability to detect and control unauthorized Skype usage on the corporate network.Skype is a subscription-based Internet client that enables users to make calls anywhere in the world at the cost of a local call. An amorphous application, Skype uses indiscernible encryption and is capable of working through virtually any network address......
[more] 802.11w fills wireless security holes IEEE 802.11i, the standard behind Wi-Fi Protected Access and WPA 2, patched the holes in the original Wired Equivalent Privacy specification by introducing new cryptographic algorithms to protect data traveling across a wireless network. Now, the 802.11w task group is looking at extending the protection beyond data to management frames, which perform the core operations of a network. Traditionally, management frames did not contain sensitive information and......
[more] Survey finds that U.K. enterprises suffer costly breaches While the number of breaches has dropped, the costliness has increased The number of security breaches at large U.K. companies dropped by half over the last two years as larger budgets have been allocated to that area, according to a government-commissioned study released Tuesday. However, the incidents that do occur are taking a heavier financial toll. The survey estimated that the cost of security incidents to U.K. businesses is 50 perc......
[more] IPods And Memory Sticks: Are The Benefits Worth The Security Risks? Few companies have taken steps to secure such devices, and some security vendors claim they can help. Personal technology has a way of working its way into companies, often to the benefit of workers and the dread of IT staffers who deal with the fallout. USB-pluggable memory drives are one of the most-popular technologies creeping in lately, but the security risks may outweigh any benefits they provide to the workplace. Most bu......
[more] Vista's security features lack polish, but still an improvement Though Microsoft has made drastic security improvements within its upcoming Vista designs, there will be some usability hiccups within its new security features and there will still be plenty of room for security developers to sell aftermarket products, the Yankee Group said this week. The Yankee Group released the report on Monday detailing its security assessments of Microsoft's most recent Vista build and predicting the effect it......
[more] New crackdown on cyber crime The UK's new FBI-style crime fighting agency has unveiled plans to get tough on cyber crime.The Serious Organised Crime Agency (Soca) has announced a range of new measures to tackle online crime gangs, such as a science laboratory to research emerging technologies that criminals might exploit.Soca absorbed the National Hi-Tech Crime Unit (NHTCU) when it was created last month, and had been criticised for apparently diluting its e-crime focus. But the agency says it......
[more] Warnings of new blackmail virus Security experts warned of a new variation of a virus that encrypts files and then blackmails the user into parting with money in return for a password. The variant, classified as Win32.GpCode.ae., is currently spreading across the Russia. Once downloaded, the virus encrypts data on the victim's PC and is only decrypted by the virus writer once demands for money are met.This virus differs from earlier variants in that it encrypts the user's data using RSA 260-bit,......
[more] Hackers keep hacking because they can I had yet another computer journalist call me to ask if Vendor X's security solution was THE security product to solve all our security problems. I get a call or e-mail like this about once every two weeks. Usually they've read the vendor's own PR, another newspaper article, or even my own column touting a particular product. The typical conversation goes something like this: Journalist: "Hey, do you think Product A from Vendor X will solve all our sec......
[more] Microsoft to Show Off Vista at Asia Hacker Conference Microsoft plans to give a hacker conference in Asia an inside look at new security features on Windows Vista later this year, the organizer of the event said Tuesday.The company's commitment to show off Vista to the hacker and security community is part of a long-term trend aimed at gaining greater feedback from users prior to product debuts. More and more software and hardware vendors are trying to weed out vulnerabilities before products g......
[more] Ransomware getting harder to decrypt Ransomware is becoming more complex and anti-virus companies are worried they may not be able to decrypt ransomed files, according to a new report. The report, Malware Evolution: April - June 2006, Hidden Wars by anti-virus company Kaspersky Labs, warned that ransomware authors are creating more sophisticated encryption algorithms in a bid to out-fox security companies and blackmail users and companies.Ransomware involves the use of malicious code to hijack u......
[more] Skype teams up with McAfee Skype certifies McAfee Internet security suite 2006 Internet communications company Skype has certified McAfee's suite of anti-virus software.McAfee Internet Security Suite 2006, McAfee VirusScan 2006 and McAfee Personal Firewall 2006 have all met Skype's standards for security, quality and usability.The security collaboration will mean files sent using the Skype file transfer function will be easily scanned by McAfee products adding an extra layer of protection t......
[more] Trojan data-stealer hijacks ICMP traffic A Trojan has been discovered that attempts to evade detection by sending stolen data back to its criminal creators using the ICMP (Internet Control Message Protocol) back channel. Detected by security company Websense, the unnamed Trojan is a relatively conventional data-stealer up to the point it communicates back to its host. Once a PC has become infected, the Trojan installs itself as an Internet Explorer browser helper object (BHO), and then waits qu......
[more] WiFi to cover London’s Square Mile London's Square Mile financial district will have near total WiFi coverage by the end of this year.The wireless network will be installed in street furniture such as lampposts and street signs. The City of London Corporation, which commissioned the network, says it will be the first of its kind in the world with full roaming capability.Traditional wireless links comprise standalone hotspots, but the City's new platform will be a mesh network that enables conti......
[more] Instant Messaging Attacks Jump 160 Percent in July Postini,a global leader in Integrated Message Management, announced last week that its Monthly Message Security & Management Update for July confirms a 160 percent increase over June in instant messaging (IM) attacks against corporate networks. In July, Postini detected and prevented new IM threats including Prokeylogger, which logs the keystrokes typed by the user, captures passwords and screenshots, and sends them to identity thieves.Post......
[more] US department learns lessons from laptop theft The US Department of Veteran Affairs (VA), which has recently suffered the loss or theft of a number of computers, is to spend over $3m installing data encryption software on all desktops, laptops and handheld devices used by its employees. Network-level data encryption is also under consideration, according to the department.A PC containing veterans' personal data went missing earlier this month from the offices of Unisys, one of the VA's con......
[more] IM boom brings security concerns By 2007, it will be considered strange if a company is not using some form of instant messaging (IM) technology. That's a far cry from a few years back, when IM was still somewhat mysterious and many enterprises did not allow its use for fear of plummeting productivity and information leaks. But as 2006 marks the year IM breaks into the workplace, network managers have new security concerns, such as worms, viruses and leaks of sensitive information. Many product......
[more] Prepare for Internet Explorer 7 After one of the most widely tested beta products in Microsoft's history and trial downloads by millions of users, Internet Explorer 7 Version 1.0 is finally ready. The tentative release date is Oct. 18, followed by Windows Update and Automatic Updates availability on Nov. 2So come that day, IE 7 will start appearing in a large percentage of the world's auto-patching inboxes. Although users and administrators will not be forced to install it (there are several wa......
[more] Wireless Security: The Standards Are Out There But not all enterprises are embracing them - yet That's the take of new research from market watcher In-Stat, which says the actual usage of strong security mechanisms in enterprise WLAN deployments continues to lag -- in spite of the ratification and availability of key wireless standards. The good news, In-Stat researchers say, is that this situation should soon change, mostly because enterprises are becoming increasingly dependent on wireless and......
[more] 802.11n will change the enterprise As a proposed wireless standard for high-throughput enhancements, 802.11n has been viewed primarily as a consumer technology. However, 802.11n has key applications applicable to the enterprise and is widely expected to drive the next generation of deployments.Enterprise-class, bandwidth-intensive applications like ERP and CRM systems, workgroup computing applications, and some wireless backhaul applications require throughputs larger than current 802.11 techno......
[more] Postini Ranked as Top Vendor for Securing Law Firm Communications 48 Percent of Law Firms Surveyed Use Postini's Services to Make Their Electronic Communications More Compliant, Secure, Productive and Reliable Postini, the industry's leading provider of on-demand Integrated Message Management services that make electronic communications like email, instant messaging and the web more compliant, productive, secure and reliable, announced it has again been rated the top choice for securing email c......
[more] McAfee announces top 2007 security threats Experts with McAfee Avert Labs predicted today that the top security threats in 2007 will revolve around the increased production of malware by organized criminals in search of monetary gains. In a teleconference today, McAfee executives said that it believes users and administrators will see increased use of sophisticated techniques such as rootkits, polymorphism, parasitic infectors and automated systems with cycling encryption to release new builds i......
[more] Postini Announces Top Five 2007 Messaging Security Predictions Spam Still on Rapid Rise Representing Nearly 93 Percent of All Email; Companies Without Proper Protection Could Face Email Meltdown Postini, the global leader in on-demand communications security, compliance and productivity solutions for email, instant messaging and the web, today announced that the recent spam explosion, which Postini reported in November, continues to grow at unprecedented levels.Spam now represents nearly 93 perc......
[more] Weigh the pros and cons of VoIP over wireless Voice over IP (VoIP) technology allows companies to cut the telco cord and make phone calls over the internet. Now, with VoIP over wireless - also called VoW, VoWiFi, wVoIP, and a number of other acronyms - organisations can cut all the cords. Numerous vendors are offering Wi-Fi IP phones that operate on the same 802.11 technologies used for wireless networks.According to a study from Infonetics Research, sales of Wi-Fi IP phones will likely reach $3......
[more] Cybercrime set to develop its own economy Organised criminals will join forces with the hacker community to form a more organised cybercrime economy, predicts vendor Websense. Criminals will buy, sell and trade hot commodities such as ready made cyber-attack toolkits and exploits to carry out zero-day vulnerabilities.Websense experts also predict that Web 2.0 security issues will escalate as these technologies are rolled out in mass with security as an afterthought......
[more] Wireless not worth hacking? For four years, I've been pretty clear about my personal opinions on wireless hackers. I don't worry about them. So when I say: "It's time to worry about wireless hackers," it's not just another security consultant scare story being recycled - it's because I think things have changed. What has changed? Easy: corporate networks have changed. It's no longer as easy as it was to penetrate a corporate firewall and compromise PCs on the LAN.By comparison, the Wi......
[more] Burglar-Proof Windows? Vista's new security features may be annoying, but they're good for you The Microsoft marketing hoopla set off by the Jan. 30 launch of Windows Vista will focus on the software's spiffy new look and enhancements such as greatly improved search abilities (see BusinessWeek.com, 1/15/07, "Vista: Upgrade-Or Trade Up?"). But the really important changes, mostly hidden, aim to improve Windows' leaky security. What you see of this may be annoying, but trust me, it's go......
[more] Hacked to the TK Maxx TJX, the multi-national which operates the popular clothing store TK Maxx in the UK, is warning its customers that computer systems involved in processing credit card transactions have been broken into by hackers.The discount retailer discovered the intrusion, which remains under investigation, in mid-December. The breach involved systems handling debit and credit card transactions as well as cheque purchases and refunds involving its TJ Maxx, Marshalls, HomeGoods and A J......
[more] Microsoft develops new tunneling protocol Microsoft is working on a new tunneling protocol for Vista and Longhorn that will provide secure network access from anywhere on the Net. The Secure Socket Tunneling Protocol (SSTP) creates a VPN tunnel that travels over Secure-HTTP, eliminating issues associated VPN connections based on the Point-to-Point Tunneling Protocol (PPTP) or Layer 2 Tunneling Protocol (L2TP) that can be blocked by some Web proxies, firewalls and Network Address Translation (NA......
[more] AirMagnet to offer analyzer for Cisco APs On Tuesday, AirMagnet launched Enterprise Analyzer for Cisco, a troubleshooting and analysis software tool for Cisco's line of switch or controller-based, lightweight APs. The software works with Cisco lightweight APs currently available and will collect and analyze a 130 different wireless network conditions, including data traffic congestion, signal noise, and interference. Using the Enterprise Analyzer interface, a network manager will be......
[more] Browser vulnerabilities and attacks will continue to mount Even as software makers add more sophisticated security features to their browsers and rush to patch documented flaws more quickly, experts maintain that holes in the programs will continue to allow for widespread malware attacks Window Snyder, chief security officer at open source browser maker Mozilla, is caught in the crosshairs of the raging browser vulnerability battle. On one hand, her company launched an upgrade to its Firefox br......
[more] Hackers target TK Maxx customers Hackers have stolen information from at least 45.7 million payment cards used by customers of US retailer TJX, which owns TJ Maxx, and UK outlet TKMaxx In a statement to US watchdogs the firm said it did not know the full extent of the theft and its effect on customers. TJX added that the security breach may also have involved TKMaxx customers in the UK and Ireland. But the company added that at least three-quarters of the affected cards had expired or data had b......
[more] Thank you Superhacker, you saved my computer Many people leave their Wi-Fi link unsecured, leaving them open to fraud. But a new breed of ‘ethical hackers’ is helping, says Joseph Dunn Peter Booth was minding his own business last Sunday afternoon at home in Kippax, near Leeds, when the knock on the door came. On his porch was Andrew Mason, 6ft 4in and dressed in a black T-shirt. He was holding a laptop and a strange antenna that resembled a Pringle crisps tin on a stick. "Your computer has......
[more] Researchers crack WEP WiFi security in record time The WiFi security protocol WEP should not be relied on to protect sensitive material, according to three German security researchers who have discovered a faster way to crack it. They plan to demonstrate their findings at a security conference in Hamburg this weekend. Mathematicians showed as long ago as 2001 that the RC4 key scheduling algorithm underlying the WEP (Wired Equivalent Privacy) protocol was flawed, but attacks on it required the i......
[more] Postini overhauls hosted security Postini has added investigation management, encryption, and better threat protection to its suite of managed security services. The new and upgraded services, set to come out this quarter, are designed to help large organisations protect themselves from threats as well as manage and archive email and instant messaging. Enhancements to Postini's archiving services include a new investigation management feature designed to ease the legal discovery process - and c......
[more] Employees have a dangerously relaxed attitude towards laptop security and password sharing According to new research carried out by SafeBoot, employees have a dangerously relaxed attitude towards security, including laptop security, sharing PIN numbers and passwords, the shredding of documents and sharing personal details over the Internet.SafeBoot's survey found that nearly half of respondents had security on their laptop but had no idea how to use it what it did, or they found it too complica......
[more] Two cautioned over wi-fi 'theft' Two people have been cautioned for using people's wi-fi broadband internet connections without permission. Neighbours in Redditch, Worcestershire, contacted police on Saturday after seeing a man inside a car using a laptop while parked outside a house. He was arrested and cautioned. A woman was arrested in similar circumstances in the town earlier this month. BBC Midlands Today correspondent Dr David Gregory said the cases are among the first of their kind. He a......
[more] Postini Wins Top Honor in Reader's Choice Award Postini, Inc., a global leader in on-demand communications security and compliance solutions for email, instant messaging and the web, today announced it has been awarded the highest honor in Information Security Magazine and SearchSecurity.com's 2007 Readers' Choice Awards. Postini's on demand email security solution won the Gold award in the Messaging/Email Category and was praised for its ability to safeguard enterprises from spam, viruses, phi......
[more] Wi-Fi hack caused TK Maxx security breach Hackers who stole 45 million customer records from the parent company of TK Maxx did so by breaking into the retail company's wireless LAN , it emerged on Monday. TK Maxx's parent company, TJX, had secured its wireless network using Wired Equivalent Privacy (WEP) - one of the weakest forms of security for wireless LANs. Hackers broke in and stole the records - which included millions of credit card numbers - in the second half of 2005 and throughout 2006......
[more] M&S laptop theft puts 26,000 at risk Marks & Spencer has confirmed that a laptop containing the personal details of 26,000 employees has been stolen. The laptop had been given to a printing company to allow it to write to the employees about pension changes.The data stored on the device included salaries, addresses, dates of birth, National Insurance details and phone numbers.Two days after the theft, M&S wrote to all staff whose names were on the laptop warning them of the risk an......
[more] Microsoft delivers seven patches including DNS fix Microsoft today released seven patches - all critical - addressing 19 vulnerabilities, including a promised fix for the well-publicised but sparsely exploited zero-day DNS server flaw. While that bug drew the majority of headlines over recent weeks, researchers today said the most significant patch appears to be MS-0726, which provides a fix for a critical Microsoft Exchange vulnerability that could result in remote code execution should a user......
[more] FBI issues wireless security warning The FBI has issued a warning telling wireless network users to ‘make sure you've got the best possible security measures in place. And don't delay.' The FBI says that it has ‘recently learned that the basic protection against intruders - Wireless Encryption Protocol, or WEP - is increasingly vulnerable to accomplished hackers.' This information came from one of the members of the FBI's longstanding InfraGard program, which brings together public......
[more] Wireless security: Balancing act Organisations need to weigh the convenience of wireless networking against the risks to the integrity of their IT systems. Steve Gold reports.A quick glance around any high-street IT store will reveal that wireless networking - commonly referred to as WiFi - has taken off in a big way. It's now possible to buy a data-accelerated 802.11g WiFi-enabled broadband router for around £50.Suddenly it's possible for an employee of even smaller firms to go out and b......
[more] Laptop security? Never heard of it... Despite rising levels of laptop theft and high-profile instances of data loss, businesses are failing to understand the need to encrypt their hard drives or better protect sensitive data.Research conducted by silicon.com has found worrying levels of insecurity where it comes to laptops, with 63 per cent of respondents saying their company does not encrypt the data on their laptops. Furthermore, 67 per cent of respondents said their companies do not provide......
[more] Wireless security 2007 Unraveling the confusion about wireless standards is no mean feat. Justin Peltier takes a look at the latest crop of products in the field of wireless security management.Wireless networks are not about to go away any time soon. The convenience of losing the copper tether and gaining the ability to roam from one end of a campus to another without re-authenticating is just too practical. In the earlier days of wireless networks, the security controls were riddled with flaw......
[more] Patchlink Join Alcatel-Lucent Application Partner Program to Build Unique Solutions for Enterprise Laptop Security and Management Alcatel-Lucent today announced the expansion of its Application Partner Program to feature its new OmniAccess 3500 Nonstop Laptop Guardian, inviting third-party software developers to collaborate with Alcatel-Lucent to deliver a complete enterprise mobility management and security system.The OmniAccess 3500 Nonstop Laptop Guardian, announced today, is a revolutionary......
[more] Companies 'fear breaches but don't improve IT security' Using encryption devices such as Virtual Private Networks can save companies from becoming high profile victims of hackers, like TK Maxx parent company TJX, claimed an IT security expert.Companies are increasingly living in fear of data breaches that could expose the enterprise to public humiliation and loss of customer trust.Michael Ruffolo, CEO of Liquid Machines told the Gartner IT Security Summit: "If your business is such that yo......
[more] London wireless use rockets Take-up exceeds New York levels and access point security improves The availability of wireless networks in central London has increased 160 per cent in the past year, over three times more than the growth experienced in New York.The sixth annual Wireless Security Survey of London, commissioned by security vendor RSA, also finds that the security of access points has improved in the past 12 months.The capital now has 7,130 access points, putting it ahead of New York f......
[more] Four deadly security sins Organisations should not rely on their staff to ensure their network is secured as employees are not infallible and one slip is all it takes for cybercriminals to launch a vicious attack. "If you are an organisation that is relying on your employees to do the right thing with respect to security, you've already made a number of mistakes," said Scott Montgomery, global vice president for product management at Secure Computing.Montgomery noted that end users are......
[more] The Top Five Digital Threats To Your Business While the Internet, mobile computing and online advertising can help small fries compete with larger rivals, these digital tools also invite plenty of risk. Our advice: Don't be a Luddite, but don't lie awake at night, either. Do something about it. Fraud, for example, is a risk any business must deal with. Last year, North American merchants lost $3 billion because of online payment fraud (purchases made with stolen or unauthorized account informat......
[more] More Wireless, Not Enough Security Since 2002, RSA, the security division of EMC (Quote), has been doing regular surveys of wireless networks found in big cities - essentially, wardriving the same streets, time after time, using everything from cars to buses to horse-drawn carriages - to see what changes. For 2007, they found that while deployment of Wi-Fi was up, so was security - but security is not keeping up with the deployment. "We drive the same route in New York, London and Paris,&q......
[more] Top business security threats identified The main security threats affecting businesses have been identified by new research, prompting fresh fears over the security issues facing modern firms. According to a report from InfoWorld, a range of security threats frequently affect businesses, coming from a number of different areas. Research finds that the main threats are outside attacks to harvest data at 66 per cent, exposing sensitive data or files to unauthorised users (60 per cent) and the ac......
[more] IT and compliance: A risk management 'odd couple' Handling compliance and risk have become inescapable elements of the modern CIO's role as they strive to ensure the business can forge ahead while not exposing areas of weakness or potential liability. Danny Bradbury explains the dilemma... Compliance can be a daunting word for IT managers. Ultimately, it's about managing risk exposure at a broad level. So what can IT directors do to satisfy the rest of the board, especially given that regulation......
[more] City ignoring Wi-Fi risks London firms are still using insecure wireless encryption Revelations earlier this year that poor wireless security contributed to the theft of 45 million credit card numbers at US retailer TJ Maxx increased calls for firms to abandon Wired Equivalent Privacy (WEP), the protocol found to be at fault. But a recent survey of London's wireless infrastructure by RSA suggests WEP use remains widespread, and this is despite a new payment card industry (PCI) standard requiring......
[more] FBI planted spyware on teen's PC to trace bomb threats The FBI planted spyware on the computer used by a Washington state teenager to finger him as the person behind a rash of bomb threats e-mailed to his high school, court documents revealed this week. The 15-year-old, a former student at Timberline High School in Lacey, Wash., pleaded guilty Monday to making the bomb threats, as well as to identity theft charges, according to The Olympian. He was sentenced to 90 days in juvenile detention and......
[more] USB encryption vendor suffers computer breach A technology firm that recently entered the data security market reported this week that thieves infiltrated a company computer nearly two years ago, illegally accessing some 27,000 customer credit card files. None of the financial information belonging to customers of Kingston Technology has been misused, according to a statement from the Fountain Valley, Calif.-based company. The affected customers purchased Kingston products online.The $3.7 billio......
[more] Researchers say Web apps over Wi-Fi put data at risk Users who access Google Inc.'s Gmail or the Facebook social-networking site over Wi-Fi could be putting their accounts at risk of being hijacked, according to research from Errata Security Inc., a computer security company. It's not just those sites but any rich Web applications that exchange account information with users, including blogging sites such as Blogspot or even software-as-a-service offerings such as those of Salesforce.com Inc.,......
[more] DOT Looks to Avoid Further P2P Leaks The U.S. Department of Transportation is taking several steps to prevent further exposure of internal information, after more than 90 agency documents were exposed on a peer-to-peer network. The documents were inadvertently exposed on a file-sharing network after the teenage daughter of a telecommuting DOT worker installed a P2P client on an agency PC containing the information. Daniel Mintz, the department's CIO, said the incident prompted the agency to qui......
[more] Does compliance make encryption always necessary? Encryption has been around since the days of Caesar, when simplistic ciphers were used to protect communications between Roman generals. A lot has changed since then, but not everything. Encryption has been integral to data protection. Many organisations -- especially larger ones -- still look to encryption to protect sensitive data. Caesar would be proud of the fact that the hundreds of millions of people who use the Internet also use encryption......
[more] eBay users targeted by ID-stealing botnet Online auction site eBay has been targeted by identity thieves, who are wielding a botnet that uses brute force to uncover valid account log-in information, according to security company Aladdin Knowledge Systems. The attacks against eBay may have started as long ago as early August, said Ofer Elzam. He said that he and other researchers at the Tel Aviv-based security company have not been successful in notifying eBay of their weekend findings. Accordin......
[more] Storm worm: More powerful than BlueGene? Criminals behind the Storm worm have created a botnet containing millions of PCs, which have a combined computing power greater than the most powerful supercomputer in existence. The Storm worm botnet has been estimated to control between one million and five million computers, which one researcher says makes it more powerful than IBM's BlueGene/L supercomputer.Peter Guttman, a computer sciences security researcher, wrote in an email posted on insecure.or......
[more] Wireless Protocols Learning Guide Ensuring wireless security can still be a big hold-up to the actual deployment or the continued use of a wireless network in the enterprise. This section of the Wireless Protocols Learning Guide covers monitoring and security policies for a wireless network in addition to a discussion of available tools and configurations that enhance wireless security. WLAN technology deployments have increased, and federal regulations (such as HIPAA, Sarbanes Oxley and Gramm-L......
[more] Security experts pitch 'culture of data' The companies that are having the most success in advancing their data security efforts today are those that are finding a way to protect sensitive information without getting in the way of business users, industry experts maintain. In crafting their data-handling policies and selecting from the multitude of security technologies at their fingertips, those businesses that can foster both ready access to information, along with strong defenses for end-use......
[more] Vista SP1 'lacks wow factor', says Microsoft If you've been waiting for Windows Vista SP1 to come out before you make the leap to the new operating system, don't, says Microsoft.Microsoft's Pete McKiernan, a senior product manager for Windows, told silicon.com sister site CNET News.com one of the purposes of a service pack is to include all the patches that have been released in one package. Windows Vista SP1 will have that but little else for the home user, he said.Unlike the buzz surrounding......
[more] The top 10 reasons Web sites get hacked Experts say the people who actually build Web applications aren't paying much attention to security; a non-profit group is trying to solve that Web security is at the top of customers' minds after many well-publicized personal data breaches, but the people who actually build Web applications aren't paying much attention to security, experts say. "They're totally ignoring it," says IT consultant Joel Snyder. "When you go to your Web site des......
[more] Red faces as government laptop goes missing A laptop containing details of customers at banking institutions has been stolen after a member of HM Revenue and Customs (HMRC) left it in the boot of his car.The computer contained records from finance houses revealing the identity of high value customers who had invested in Individual Savings Accounts, according to research by the BBC."We very much regret the loss of some customer data provided to us by a number of financial institutions,"......
[more] Windows XP SP3 to include some Vista features A Web site that leaked details of Windows XP Service Pack 3 over the weekend claimed that the update includes several new features, including some borrowed from Windows Vista. According to NeoSmart Technologies, Windows XP SP3 build 3205, which was released to beta testers on Sunday, includes four new features among the 1,000-plus individual hot fixes and patches that have been issued since XP2's debut three years ago. Features backported from Vista......
[more] Security expert: Storm botnet 'services' could be sold The owners of the Storm botnet, whose identities are as yet unknown, could be preparing to sell off the "services" of segments of the network, according to Joe Stewart, a researcher from managed security services company SecureWorks. Stewart claimed in a blog post on Sunday that the latest Storm variants now use a 40-byte key to encrypt their peer-to-peer traffic, meaning each node will only be able to communicate with nodes that use the sa......
[more] Cafe Latte attack steals data from Wi-Fi users If you use a secure wireless network, hackers may be able to steal data from your computer in the time it takes to have a cup of coffee. At the Toorcon hacking conference in San Diego this coming weekend, security researcher Vivek Ramachandran, will demonstrate a technique he's developed to attack laptops that use the WEP (Wired Equivalent Privacy) encryption system to log on to secure wireless networks. Developed in the late 1990s, WEP was the def......
[more] WEP destroyed by new client hack It was cracked long ago, but still hacks for the discredited WEP wireless security protocol keep coming.The latest one to be uncovered is the work of AirTight Networks' researchers Vivek Ramachandran and MD Sohail Ahmad, and was demonstrated at last weekend's Toorcon9 conference. Aided by flaws in the Windows Wi-Fi stack, the new attack involves coaxing an isolated Windows laptop into sending back ARP packets in response to a barrage of the same from the attacki......
[more] Geforce cracks Windows passwords Experts call for more data encryption after Russian software uses graphics processor to break into Windows Security firms warned today that laptop hard disks should be encrypted as a matter of urgency following the release of a utility that uses graphics cards to crack Windows passwords.An eight-character Windows password can be cracked in less than five days using version 2.0 of Moscom-based Elmscroft's Distributed Password Recovery System in conjunction with an......
[more] GSS warns over Windows 2000 random number generator flaw A potentially serious flaw in Windows 2000 that can compromise emails, passwords and other details keyed on a PC keyboard has been revealed. "The problem stems from a flaw in the random number generator in Windows 2000. The flaw allows encrypted Web data and email transmissions to be decoded," says David Hobson, managing director of Global Secure Systems (GSS), the IT security specialist and integrator. According to Hobson, thos......
[more] Security Sweep Finds Retailer's Wi-Fi Networks At Risk Despite the well-publicized wireless woes of retailer TJX earlier this year, it seems many retailers have failed to move to protect themselves from the loss of customer data. AirDefense, the Alphretta, Georgia-based wireless intrusion prevention vendor, conducted a "war drive" survey recently of over 3,000 retailers in eight major cities--Atlanta, Boston, Chicago, Los Angeles, New York City, San Francisco, London and Paris. In tho......
[more] Securing the Enterprise Beyond the Perimeter Recent high-profile security breaches have taught us a clear lesson: organizations that rely primarily on a secure perimeter to protect sensitive data are fooling themselves. This year, hardly a week has passed without headlines about a security breach involving sensitive data. However criminals get the data, whether through a traditional perimeter breach, use of insider credentials or outright theft of physical storage media, the lesson is the same.......
[more] Retail Wi-Fi Wide Open to Hackers, Study Finds A study has discovered that while retailers are physically securing their businesses to prevent theft, they are not taking the same precautions with their wireless security. The "2007 Retail Shopping Wireless Security Survey" conducted by AirDefense, tested the wireless "perimeters" of 3,000 shops across the United States and parts of Europe. It discovered that of 2,500 wireless devices such as laptops, hand-helds, and barcode sc......
[more] Researcher releases proof-of-concept VoIP hack Potential Trojan listens and records on the network or at the ISP level An expert has released a proof-of-concept program to show how easy it would be for criminals to eavesdrop on the VoIP-based phone calls of any company using the technology. Called SIPtap, the software is able to monitor multiple Voice-over-IP (VoIP) call streams, listening in and recording them for remote inspection as .wav files. All that the criminal would need would be to inf......
[more] CIOs: UK data laws unfit for purpose The UK's data-protection laws have been branded "unfit for purpose" in the wake of the loss of CDs containing 25 million records by Her Majesty's Revenue & Customs (HMRC). In what is now emerging as the UK's biggest-ever data-security breach, Her Majesty's Revenue & Customs (HMRC) admitted last week that two CDs containing names, dates of birth, addresses, national insurance numbers and bank account details of 25 million child-benefit recipients have been......
[more] PlayStation a hacker's dream The powerful processors in Sony's PlayStation 3 gaming console now have another use: cracking passwords. New Zealand-based security researcher Nick Breese claims to have used the year-old gaming console to crack passwords at speeds 100 times greater than Intel hardware is capable of.Breese, a security consultant with Security-Assessment.com, presented his findings to the Kiwicon hacker conference in Wellington, New Zealand."Suddenly we have a massive increase in......
[more] Data loss a global endemic as Canadian Health Agency admits to Major Hack File this one under the " There Goes Your Personal Info" category... News just in from Canada confirms that database disasters are not just confined to UK government agencies, after sensitive patient information has been accessed by persons unknown on a Canadian health agency computer. "Police in Newfoundland are reported to be investigating to what degree hackers have accessed medical information - includin......
[more] RFID tags: It is a dog’s life Hacking threat could undermine radio frequency tag systems. Adam Laurie lived lived his life as a dog earlier this year. By duplicating the RFID tags used to identify pets in the UK and sewing it into his watch strap, Laurie, an independent security researcher, based in Kent, re-created his dog's ID as a hacking exercise. However, this kind of virtual animal cloning could become a serious issue as RFID-based systems are rolled to keep track of livestock. The UK has......
[more] Security firm cracks encryption for Microsoft's wireless keyboards Dreamlab Technologies AG says it has found a way to sniff the data traffic between Microsoft's wireless keyboards and their base stations, which communicate with each other on the 27 MHz band. In the method they discovered, unauthorized parties are reportedly able to record and decrypt all keystrokes from such keyboards. The decoding was demonstrated using data traffic from the Wireless Optical Desktop 1000 and 2000. The securit......
[more] UK businesses shunning encryption tech? Fewer than half of UK companies use encryption technology to secure their data. Despite the lack of encryption, UK IT managers claim their corporate data is safe and almost two-thirds (65 per cent) said the HM Revenue & Customs (HMRC) data breach will not change their IT spending priorities, according to a survey by Check Point.Only 48 per cent of those surveyed have deployed encryption within their organisations and a further 12 per cent did not even......
[more] More data protection breaches show need for root and branch review Manufacturers need to constantly review their data protection procedures, warns digital vaulting and data encryption specialist Cyber-Ark as news of another pair of CD-ROMs going walkabout from a UK government agency emerged over the weekend. "The News of the World has revealed that a former contractor for the Department for Work and Pensions had two CD-ROMs containing details of thousands of benefit claimants in her posses......
[more] CIOs: Encryption only part of data-security solution Policies, processes and a "corporate ethos" of care of data are more important in securing sensitive information than using encryption technology. Encryption has been back in the spotlight following the data breach at Her Majesty's Revenue & Customs (HMRC) that led to two CDs containing unencrypted records of 25 million people on the child-benefit database getting lost in the post.But two-thirds of a 12-strong CIO Jury IT user p......
[more] Intel adds encryption to vPro Embedded security features, code-named Danbury, make application encryption easier, add new layer of hard drive protection The addition of the Danbury tools represents only the latest in a string of security and management technologies embedded directly into the vPro lineup by Intel, including the company's Active Management Technology (AMT), which is aimed at making it easier for administrators to do remote updates on corporate machines, such as for installing ant......
[more] Laptop stolen from Citizens Advice A laptop containing client information has been stolen from the car of an employee of Citizens Advice in Northern Ireland. Up to 60,000 client records are held on the computer, which was stolen in the early hours of 5 December, 2007. According to Citizens Advice in Northern Ireland, the data stored relates to people from the Belfast area who have sought advice from a Citizens Advice Bureau office within the city.The amount of information held varies from case......
[more] Unlocking encryption management As encryption technology becomes more user-friendly and manageable, more businesses are adding standalone encryption platforms to their IT security Someday, encryption features built into a wide range of IT products -- from operating systems and messaging gateways to hard drives and storage systems -- may work in concert to offer central policy enforcement across different types of network assets and devices. Until that day arrives, however, companies embracing t......
[more] Five security truths to protect your critical systems Anyone who tells you that your IT network is “100% secure” is either a fool, or greatly mistaken. Security is a moving target, and unfortunately, this target is being manipulated by the bad guys. With 2007 almost behind us, I reflect on the struggle enterprises and governments face in cyber security. This is not a holiday wish list, or resolutions for 2008, but read through these 5 notions and I can guarantee: you will wonder if you are doin......
[more] Wi-Fi virus outbreak is possible, researchers say If criminals were to target unsecured wireless routers, they could create an attack that could piggyback across thousands of Wi-Fi networks in urban areas like Chicago or New York City, according to researchers at Indiana University. The researchers estimate that a Wi-Fi attack could take over 20,000 wireless routers in New York City within a two-week period, with most of the infections occurring within the first day. "The issue is that......
[more] California data breach disclosure law extended to cover medical records California has extended its widely copied data breach notification law to encompass incidents including electronic medical and health insurance information. AB 1298, which took effect Tuesday, adds unencrypted medical histories and information on mental or physical conditions or diagnoses to the types of records covered by the Golden State's first-in-the-nation breach notification law. Unencrypted insurance policy or sub......
[more] Busting the 10 Myths About Data Protection Whether from security breaches or careless insiders, data protection is on the mind of every CIO these days. However, many don't know that it's steeped in misconceptions. Data breaches happen all the time in industries ranging from retail to government. Protecting data is a key concern for CIOs, but there are a lot of misconceptions about data protection. Here we'll debunk some of the myths and explain best practices for protecting data without impedin......
[more] Web flaw yields free Macworld VIP pass Security researcher taps design flaw for second year in a row to procure a Platinum pass. For the second year running, security researcher Kurt Grutzmacher has found a way to get a free "Platinum" pass to the Macworld Conference and Expo, being held in San Francisco this week. Thanks to a design flaw in the conference's Web site, he was able to figure out the special promotional code and award himself a 100 percent discount when purchasing the show's most......
[more] Whitehall staff banned from removing laptops …encryption rules follow latest data debacle All Whitehall staff have been banned from removing laptops containing unencrypted personal data from offices in the wake of the Ministry of Defence (MoD) data loss. Cabinet secretary Sir Gus O'Donnell sent an email to top civil servants on Monday night warning them that laptops and hard drives containing personal data could not be removed from government premises unless they are encrypted.The directive is......
[more] German police Skype-hacking leaked German police have hired a company to create Trojans capable of capturing traffic from Skype and SSL, leaked documents appear to show. The two scanned documents , which appear on the Wikileaks website in their German form, are difficult to verify, but one appears to describe how a security company, Digitask, was asked to create a "Skype Capture Unit" based around Trojans planted on targeted PCs covertly transferring data to a remote server. "As......
[more] IBM dives into massive encryption IBM is embarking on a massive rollout of desktop and laptop encryption, providing 355,000 employees with whole-disk encryption from PGP to keep data confidential. Although IBM already uses encryption in pockets of its organisation, including the use of Secure Multipurpose Internet Mail Extensions encryption in Lotus Notes, the rollout of PGP whole-disk encryption could mark Big Blue's biggest-ever commitment to data-scrambling. Alan Mitchell, IBM senior technic......
[more] Encryption could make you more vulnerable, warn experts The use of data encryption could make organisations vulnerable to new risks and threats, a panel of security experts warned today. Many organisations are encrypting their stored data to relieve concerns over data theft or loss - for example, US mandatory disclosure laws on data breaches do not apply to encrypted data. However, experts from IBM Internet Security Systems, Juniper, nCipher and elsewhere said that data encryption also brings n......
[more] Hackers camouflage 100% of Web attacks, IBM researcher says Hackers now mask virtually every Web browser exploit as part of their normal procedure to evade detection by security software, said IBM's X-Force research team today. By the end of last year, according to Kris Lamb, director of IBM Internet Security Systems' X-Force, nearly 100% of all Web exploits were either self-encrypted or relied on obfuscation techniques to make it difficult for standard intrusion detection and intrusion prevent......
[more] Wi-Fi networks need to be properly secured to avoid illegal piggybacking of internet service Computer users must properly securing their Wi-Fi networks following reports that people who illegally download music and films may have their internet subscriptions cancelled. The proposed Green Paper will require internet service providers (ISPs) to take action against the estimated six million users a year who access pirated material. This legislation could cause headaches for both ISPs and Wi-Fi use......
[more] Virtual servers 'pose security risk' One of the most attractive features of virtualisation - the ability to replicate virtual servers on the fly to meet demand - carries major security risks - from data theft to denial of service - according to a talk scheduled for the Black Hat DC 2008 conference this week in Washington. When a virtual machine migrates from one physical server to another, it can be subject to a range of attacks primarily because authentication between machines is weak and the......
[more] NHS laptop with 5,123 patient records stolen An NHS laptop holding information on 5,123 patients has been stolen from a hospital in Dudley. The theft occurred on 8 January in the outpatient department at Russells Hall Hospital, which is part of the Dudley Group of Hospitals NHS Trust. The laptop held a database that contained the "limited clinical records" of 5,123 patients. The trust said the database is password and login protected, and a separate login and password was needed to op......
[more] Government 'lost' DNA data disc on 2,000 criminal suspects The government is being urged to explain why a data disc, containing DNA profiles of 2,000 offenders whom the Dutch authorities wished to trace had been missing for almost a year. The latest data controversy to hit the government came about after the Dutch authorities tried to track down 2,000 Dutch citizens who were on the run after committing serious crimes. In January 2007, they sent a disc containing the DNA samples of the offenders......
[more] Researchers figure out how to crack GSM phone security Two enterprising researchers claim to have figured out a way to eavesdrop on calls made using GSM mobile phones, cracking open its much-vaunted encryption. According to David Hulton and Steve Muller, who presented the technique at the Black Hat security conference in Washington this week, GSM calls can now be recorded over long distances and cracked open in half an hour using only $1,000 worth of field-programmable gate array-aided computer......
[more] Update: Hard drive encryption has Achilles heel, say researchers Researchers at Princeton have found a way to steal the hard drive encryption key used by hard-drive encryptors like Windows Vista BitLocker or Apple's FileVault. If you think that encrypting your laptop's hard drive will keep your data safe from prying eyes, you may want to think again, according to researchers at Princeton University. They've discovered a way to steal the hard drive encryption key used by products such as Windows......
[more] Trend buys encryption vendor Trend Micro has acquired Identum, an email encryption software vendor based in Bristol, in a move to strengthen its software-as-a-service product portfolio. Identum's Private Post desktop and gateway server products will be integrated into Trend's existing line of products and rebranded "Identum as Trend Micro." The Identum server software, which will automatically encrypt messages depending on the user's corporate security policy, can be used alongside ex......
[more] Questions raised about Oyster card security Smartcards with encrypted RFID chips, including London’s Oyster fare card, might not be as secure as previously thought. New research at the University of Virginia is causing a major stir in Boston, because it raises question over the smart "CharlieCards" used by commuters on the city’s 'T' metro system. However, London's Oyster card uses similar RFID technology - the Mifare Classic made by Philips spinoff NXP Semiconductors. Work by University of Vir......
[more] Sharpen up your data protection act The collection and use of personal information is essential to the functioning of businesses, but IT departments need to be sure that the systems processing or holding these records comply with the Data Protection Act, writes Pauline Brace, principal security consultant at Global Secure Systems. IT departments need to identify which systems the organisation uses to process personal data and how those systems interrelate so they can identify security vulnerabi......
[more] The top 10 security land mines Many companies spend a small fortune and deploy a small army to secure themselves from the many security threats lurking these days. But all those efforts can come to naught when making any of these common mistakes. The results can range from embarrassing to devastating, but security experts say that all are easily avoidable. And almost all can be done without spending one more dime. Here are the 10 most common security land mines that experts say you need to avoi......
[more] Laptop with info on heart patients stolen from federal researcher The unencrypted medical information of about 2,500 participants in a cardiac study conducted by the National Heart, Lung and Blood Institute (NHLBI) may have been compromised by the theft of a laptop PC last month. The potentially compromised information includes the names, birth dates and hospital medical record numbers of the study participants, as well as data from reports about cardiac MRI procedures performed on them, the NH......
[more] UK's most popular Wi-Fi router defaults to insecurity From the folks at security think tank GNUCitizen comes yet another demonstration of the insecurity that's present by default in the UK's most popular home broadband router. By default, the BT Home Hub, which is manufactured by Thomson/Alcatel, uses a weak algorithm to generate keys used for locking down a Wi-Fi network. So weak, in fact, that Wired Equivalent Privacy (WEP) keys can be predicted in just 80 guesses on average. GNU has written a......
[more] Customer data 'needs protection' Companies and public bodies are not doing enough to protect customers' data, the UK's privacy watchdog and a major survey of security have said. The Information Commissioner said that the 94 security breaches reported to him last year was an "alarming" number. The survey of more than 1,000 firms suggested that almost 90% of them let staff leave offices with potentially confidential data stored on USB sticks. Firms and public bodies were urged to make data protec......
[more] Hannaford to spend 'millions' on IT security upgrades after breach Executives at Hannaford Bros. Co. said today that the grocer expects to spend "millions" of dollars on IT security upgrades in the wake of the recent network intrusion that resulted in the theft of up to 4.2 million credit and debit card numbers from its systems. The planned upgrades include the installation of new intrusion-prevention systems that will monitor activities on Hannaford's network and the individual systems at its......
[more] Bank of Ireland reports customer data theft Bank of Ireland has had four company laptops stolen, containing around 10,000 customer details. The bank confirmed that four laptop computers - containing information on customers' names and addresses, medical backgrounds, life assurance details and bank account details - were stolen between June and October of last year. The data held was not encrypted. The laptops contained information relating to some customers who either obtained a quote or took o......
[more] Voltage offers public key encryption without certificates Voltage Security has an encryption scheme that it says avoids the need for cumbersome databases of public keys and certificates, by making public keys as needed, from users' identities. The company also has an email security service which it thinks will have another unexpected result - persuading users to adopt extra security on top of their companies' policies. Voltage's identity-based encryption architecture has been proposed as an IET......
[more] Does Californian bank scam highlights need for data vaulting? This is the question that security firm Cyber-Ark asks referring to the case of a California bank employee who sold his employer's computers on eBay - and even pawned them to raise cash - highlights the need for digital data vaulting security within companies of all sizes. "This case illustrates that [sic] good old employee theft is yet another security risk facing organisations," said Mark Fullbrook, Cyber-Ark's UK Directo......
[more] Artist formerly known as Patchlink touts whitelists Lumension Security, formerly called Patchlink, now has a new focus to go with its new name: whitelisting. In a video interview at the AusCERT 2008 security conference last week, Lumension's senior vice president Andrew Clarke explained how whitelists could help fight data leakage. "There is a tremendous amount of data potentially being brought in or taken out [of enterprises]. Whitelisting defines who can bring in devices, what devices th......
[more] Yet another hole found in BT Wi-Fi router Users of Britain's most popular Wi-Fi router have yet another reason to change the default settings toute de suite, and once again they have the folks in BT's security department to thank. In recent weeks, they changed the default password in the BT Home Hub, from "admin" to the device's unique serial number. In theory, this should improve user security by making it next to impossible for intruders to guess the credentials to gain administrati......
[more] Info Security Products Guide Names Safend Winner of the 2008 Best Deployment Scenario Awards Safend, a leading provider of endpoint Data Leakage Prevention (DLP) solutions, announced today that Info Security Products Guide, a Silicon Valley Communications publication and the world’s leading publication on security-related products and technologies, has named Safend a winner of the 2008 Best Deployment Scenario Award in the endpoint security category. This prestigious award recognizes security v......
[more] Bank loses tapes with data on 4.5M clients Bank of New York Mellon Corp. officials last week confirmed that a box of unencrypted data storage tapes holding personal information of more than 4.5 million individuals was lost more than three months ago by a third-party vendor during transport to an off-site facility. The bank informed the Connecticut State Attorney General's Office that the tapes belonging to its BNY Mellon Shareowner Services division were lost in transport by off-site storage fi......
[more] Meshing Compliance with Security The realities of today’s heavily regulated IT environment have forced a priority shift with IT security. Initiatives that once could never find a patron are now being funded, as organizations scurry to comply with regulatory demands. This has been a positive step for a lot of IT security practices, but there are some definite downsides. The sad news is that some organizations have begun to equate compliance with security, assuming that the act of complying with......
[more] Voltage Security and Websense Join Forces to Help Secure Organizations' Essential Information Voltage Security, a global leader in information encryption, and Websense, Inc. (NASDAQ: WBSN), a global provider of Web, email and data protection technologies, today introduced an integrated security solution that will provide customers with comprehensive protection for their essential information across Web, email and data security systems. By enabling customers to apply data-centric protection, busi......
[more] Extended WiFi range creates security risks A growing number of gadgets are now appearing on the market to offer WiFi users extended range when picking up "free" WiFi signals. "These devices, which can be obtained for under 20.00 pounds or so, can easily extend the effective range of a WiFi access point or router up to two or three hundred yards. This means that companies that think their WiFi access point is limited to their company building, need to think again," said David Hobson, GSS' managin......
[more] Security militia sought to brutalize ransomware virus After discovering a new and improved virus that encrypts important files on infected machines, researchers from Kaspersky are calling on fellow security professionals to lend a hand in cracking the massive key needed to liberate the ensnared data. The call to arms posted Friday comes two days after the antivirus provider detected a new variant of a malicious file-encryptor dubbed Gpcode. It surreptitiously encrypts a variety of files, includ......
[more] Q&A: iPhone Security and the Enterprise Market Jesper Svegby is the Director of Business Development for the Mobile group at Check Point. With more than 10 years of experience in the Mobility and IT-security community Jesper has among other positions a history within the Swedish banking sector where he has participated within security groups covering secure transactions over public nets. Does Check Point's support of the iPhone mean that you believe it's ready for the business user? Should Wind......
[more] Q&A with Mark Bower of Voltage Security Recently I talked with Mark Bower, director of Information Protection Solutions at Voltage Security. I have written about Voltage in the past, and still argue that the Format Preserving Encryption (FPE) it offers is unlike anything I have seen with regard to data protection and security. I e-mailed Mark during a news cycle of several information breach disclosures, all within a few days of one another. The Q&A is provided as is, and is just one expert's in......
[more] Total cost of ownership, ease of management and low initial price are the most important issues for customers choosing UTM appliances Total cost of ownership, ease of management and low initial price are the three most important issues for customers choosing UTM appliances, according to new research by Check Point Software Technologies Ltd. The results of Check Point's recent survey also showed the most desirable and popular functions of UTMs for users, and the relevance of other factors such a......
[more] ICO: UK may get data-breach notification law The UK's privacy watchdog has said the country is a step closer to getting a law that forces organisations to reveal data breaches, thanks to draft EU legislation. Deputy information commissioner David Smith said proposals to revise the EU's ePrivacy Directive could be the "catalyst" needed to get data-breach notification into UK law. Amendments to the directive would require "providers of electronic services to inform users of breaches of data......
[more] Chipmaker sues to quash research on RFID smart card security flaws A semiconductor company is suing a Dutch university to keep its researchers from publishing information about security flaws in the RFID chips used in up to 2 billion smart cards. The cards are used to open doors in corporate and government buildings, and to board public transportation systems. NXP Semiconductors filed suit in Court Arnhem in The Netherlands against Radboud University Nijmegen. The company is pushing the courts......
[more] Companies ignoring unified comms security Companies are leaving their unified communications (UC) systems wide open to hackers, newly published research claims. The biggest problems arise from the improper or incomplete use of security features, according to the latest report from Light Reading's VoIP Services Insider. "Vendors are putting technologies in place to provide protection from existing and impending threats," said Denise Culver, a research analyst at Light Reading."But......
[more] Encrypted hard drives may not be safe PC users employing encryption software to keep part of a computer's hard drive private, may not be as safe as they think, according to researchers at the University of Washington and BT. They've discovered that popular programs like Word and Google Desktop store data on unencrypted sections of a computer's hard drive - even when the programs are working with encrypted files. "Information is spilling out from the encrypted region into the unencrypted re......
[more] MoD loses sensitive laptop from hotel A Ministry of Defence official's laptop holding sensitive information has been stolen from a hotel, the 659th laptop to be stolen in four years. The laptop, which was encrypted, was stolen from the Britannia Adelphi hotel in Liverpool on Thursday. The news follows the government’s disclosure that 658 other laptops had been stolen in the last four years. This was much higher than the previous figure of 347 laptops stolen in 2004 to 2007. The revised l......
[more] Design flaws impair security at banking sites Banking Web sites suffer from design flaws that undermine their security, exclusive of software vulnerabilities, according to a University of Michigan study to be released Friday. Of 214 sites surveyed in 2006, more than 75% had at least one design flaw that could lead to a security problem, the university said. The flow and layout of the sites can make those sites riskier, and the problems can't be fixed with a patch unlike a software vulnerability.......
[more] Austrian official fuels Skype backdoor rumours Off the cuff remarks by Austrian government officials suggest that Skype conversations might be intercepted. Speaking at a recent meeting on lawful interception between ISPs and Austrian regulators, an unnamed "high-ranking" official at Austria's interior ministry said that listening into a conversation over Skype presented no particular problems, Heise security reports. The opinion contrasts with the view of Joerg Ziercke, president of Germany's Fe......
[more] Security oversight may have enabled Countrywide breach The man accused of stealing customer data from home mortgage lender Countrywide probably was able to download and save the data to an external drive due to an oversight by the company's IT department. On Friday, Rene Rebollo, a former senior financial analyst at Countrywide, was arrested for his alleged role in stealing customer data and selling it. U.S. Federal Bureau of Investigation affidavits show that Rebollo told special agents that......
[more] Are You Ready for the All Wireless Workplace? With 802.11n offering performance and security on par with cabled Ethernet, why wouldn’t you embrace wireless? This, anyway, is the vision of WLAN equipment vendors. The most telling slogan is Motorola’s: “Wireless by default, wired by exception.” The truth, though, is this all-wireless vision takes some parsing. All-wireless is coming—if you’re talking about the end-user perspective. No one is proposing wireless data centers. Ethernet t......
[more] UK's lax wireless security threatens TJX-style hack UK shoppers' credit-card details could be at risk from the same wireless hack technique that snared more than 40 million people's details in the US, according to security experts. Security at hundreds of medium-sized retailers is not fully checked to ensure financial details cannot be accessed through insecure wireless networks, the experts claimed. The claim comes in the wake of US authorities charging 11 people in connection with the country......
[more] The pitfalls of FTP Servers I’ve heard recently that there is a new craze for thrill seekers known as Russian Roulette parachuting – a one in six chance that the parachute might not open – but apparently this is just not close enough to the edge for some IT folks out there. It seems the latest stunt is using FTP (File Transfer Protocol) to provide access to information. You would have thought that this went out with Glitter Rock since they both showed up around 1972 but apparently there are stil......
[more] Home Office admits loss of 3,000 workers' data The Home Office has lost the names, nationalities, passport numbers and dates of birth of 3,000 seasonal agricultural workers on two CDs in transit to the UK Borders Authority. The incident, which took place in March, was reported to the Information Commissioner's Office but has only now been publicly disclosed in the Home Office's 2007-08 resource accounts, published on 8 August, 2008. "This is not a Home Office data loss," said a Home O......
[more] Encryption compliance still the Wild West Encrypting data is becoming a requirement. How well you need to manage the keys that are used to encrypt the data is still open to debate. The state of Iowa recently became the 43rd state to pass a data breach law that requires a company to give its consumers notice should the company discover its consumer\'s personal information is compromised. In states with laws like Iowa, the primary concern is ensuring that data stored to tape is encrypted so in the......
[more] Olympians Connect with Fans through Blogs In a move that advocates say will bring Olympic athletes closer to fans, a Raleigh, North Carolina-based PC company is reporting the rapid spread of on-site blogging by competitors in the Beijing games. Officials at Lenovo reportedly say that more than 100 athletes are participating in their “Voices of the Olympic Games” blogging program, generating 1,374 athlete postings on the forum and reaching more than 8.5 million fans through third-par......
[more] SSDs Are Hot, but Not Without Security Risks Solid-state drives are fast becoming popular replacements for hard drives, especially in laptops, but experts caution that SSDs aren't as secure as commonly thought. SSDs may offer better data security than traditional hard drives, but they do not completely erase data and are vulnerable to physical hacks from light sources like an ultraviolet laser, experts say. Despite their relatively high cost and concerns about durability, SSDs are gaining popul......
[more] UK fraudster gang go PIN sniffing The organised tampering of PIN entry devices to commit credit card fraud, which led to arrests in Birmingham last week, has been linked to a breach in an Asda store on the outskirts of Portsmouth. Cash was withdrawn from ATMs in China and Canada after the cards were used in the Gosport branch of Asda, Register sources confirmed. Margaret Galea, 66, was one of the Barclays customers hit by the scam, which involved creating counterfeit cards and tampering with PI......
[more] Encryption isn't enough to keep data safe on stolen laptops Laptops are easily mislaid. Most of these laptops had security precautions such as passwords and encryption in place. The fact is that this level of security is not enough.It is the data on a laptop that is valuable, and so therefore, being able to keep this safe and out of the wrong hands is of the utmost importance. William Pound, VP International Operations, Absolute Software, commented: "The lack of security precautions taken......
[more] MoJ fiasco proves need for European Union mandate on UK government data security The latest data loss fiasco - involving a disk containing the personal details of around 5,000 Ministry of Justice staff going missing - highlights the need for European Union controls on data security to be implemented across all UK government departments and agencies enforcing the use of encryption of private and personal data on staff and members of the public, according to Security Specialist Cyber-Ark. "T......
[more] 900 laptops go missing at London Heathrow airport every week free RSS feed from Security Park Data loss is hitting the headlines all too often. Airports have become rich pickings for laptop and data thieves. Approximately 22.5 million business travellers pass through London Heathrow’s terminals every year, and according to a recent survey by the Ponemon Institute, it is the worst offender for lost and stolen laptops with up to 900 devices going missing per week. Despite most of these lapt......
[more] NHS trust loses 18,000 staff details A London NHS hospital trust has admitted to losing almost 18,000 staff details on four CDs. The payroll details were lost on 22 July while in transit between the salaries and wages department of Whittington Hospital NHS Trust and payroll company McKesson, where they were to be stored.David Sloman, chief executive of the Whittington Hospital NHS Trust, said on Tuesday that a staff member had been suspended over the incident, as the discs had been placed in an......
[more] Second TJX hacker pleads guilty A Miami man pleaded guilty on Monday to charges of hacking and identity theft related to the high-profile data breaches at TJX and a number of other merchants.Christopher Scott, 25, admitted to his role in computer intrusions at nine retailers that netted a cybercriminal gang more than 40 million credit and debit card numbers, prosecutors have said.Between 2003 and 2007, the cyberbandits exploited insecure wireless networks, which allowed them to p......
[more] BlackBerry users neglecting security New research finds 44 per cent of second-hand devices still contain sensitive data Over a third of BlackBerry devices are sold without being wiped of sensitive personal and corporate data, according to new research released today by BT. The study of over 160 second-hand handheld devices found they still contained details of bank accounts, board meetings and financial data.Nearly a quarter of phones contained information which could allow the previous owner a......
[more] Private data at risk from new Trojan A Trojan, highly popular with fraudsters, can add data entry fields to legitimate online banking sites and entice consumers to give up sensitive information such as bank card numbers and PINs. The Limbo malware integrates itself into a web browser using a technique called HTML injection, said Uri Rivner, head of new technologies at RSA Consumer Solutions, a division of EMC. Because it's so closely integrated in the browser, it can operate even while the user......
[more] Sophos concludes €217 million Utimaco buy Antivirus vendor Sophos has concluded its acquisition of Utimaco Software, a seller of data encryption software. With the acquisition, Sophos gets a sizeable foothold in the endpoint data protection market, where it will compete with McAfee and CheckPoint Software. Utimaco is dominant in Germany and Western Europe, selling mainly to the type of large-enterprise customers that Sophos covets, said Sophos CEO Steve Munford. The €217 million (US$314 mi......
[more] Stolen McCain party laptop had minimal data safeguards A laptop containing GOP “strategic information” that was stolen from a regional party headquarters in Kansas City last week lacked any security safeguards beyond basic password protection, a party spokeswoman said Monday. Tina Hervey, spokeswoman for the Missouri Republican Party, said the organisation had not previously considered measures such as encryption to protect against the unauthorized access of sensitive data.“I think we're......
[more] Cambridge lab sets quantum key world record The hugely promising security technology of Quantum Key Distribution (QKD) has moved an important step closer to commercialisation with the announcement by UK-based researchers that they can now shift encryption keys around at speeds of 1Mbits/s. If that sounds like modest throughput in an age of multi-gigabit networking, it does have one important implication for the technology - it makes it possible for secure QKD to be used on optical networks with......
[more] WiFi is no longer a viable secure connection Global Secure Systems has said that a Russian's firm's use of the latest NVidia graphics cards to accelerate WiFi ‘password recovery' times by up to an astonishing 10,000 per cent proves that WiFi's WPA and WPA2 encryption systems are no longer enough to protect wireless data. David Hobson, managing director of GSS, claimed that companies can no longer view standards-based WiFi transmission as sufficiently secure against eavesdropping to be used with......
[more] Suspects must reveal encryption keys, court rules Defendants can't deny police an encryption key because of fears the data it unlocks will incriminate them, a British appeals court has ruled. The case marked an interesting challenge to the UK's Regulation of Investigatory Powers Act (RIPA), which in part compels someone served under the act to divulge an encryption key used to scramble data on a PC's hard drive. Failure to do so could mean a two-year prison sentence or up to five years if the c......
[more] Study: Global information security improving, but far from perfect Information is the new currency of business and this year progress has been made to secure it, but there is still work to be done, according to a worldwide study released Wednesday at a seminar in New York. Case in point: The study found that though security technology implementation is increasing, many companies don't know where all their important data is located. The sixth annual study titled, “The State of Information......
[more] Many businesses still unsure how to secure mobile devices effectively Managing the new generation of mobile devices, from connected laptops to smart phones, is the new challenge faced by IT departments. Today’s devices not only have the capability to access corporate networks, but can also store large amounts of potentially sensitive data. According to new research from Vodafone UK, many UK businesses appear unsure as to how to secure mobile devices effectively – with nearly a quarter of......
[more] London consumers trounce corporates in wireless security London homeowners are more careful about defending their wireless networks against trespassers than their corporate counterparts. One in five business networks fail to use any form of wireless encryption while 90 per cent of Londoners use encryption of some kind at home. RSA's seventh annual wireless security survey also found the wireless penetration at home was far more advanced than in either New York City or Paris, with 55 per cent of......
[more] Lipstick on a pig and how it relates to IT security As someone that has become totally engrossed in Tuesday's U.S. elections, Barack Obama's comment about lipstick on a pig resonated because in my opinion it just about sums up the approach to IT security in most enterprises today. You have SOX, PCI, Basel, ISO or whatever other policy you can think of, and as long as you carry on doing things in the same old way you might as well put “lipstick on a pig.” Over the past year, after countless inci......
[more] A quarter of law firms admit to losing confidential information According to a survey by Credant Technologies amongst 100 legal firms across the UK, 24% of UK legal firms have confessed to misplacing at least one mobile device containing confidential documents. These losses leave the data saved to the device vulnerable to exposure with case-notes, contracts and client details typically at risk. 37% of lawyers believed that if they did lose their mobile device it would be insecure as a hacker, o......
[more] Once thought safe, WPA Wi-Fi encryption is cracked Security researchers say they've developed a way to partially crack the Wi-Fi Protected Access (WPA) encryption standard used to protect data on many wireless networks. The attack, described as the first practical attack on WPA, will be discussed at the PacSec conference in Tokyo next week. There, researcher Erik Tews will show how he was able to crack WPA encryption and read data being sent from a router to a laptop computer. The attack could a......
[more] UK government admits it cannot ensure data safety The UK Government has faced repeated embarrassments over lost data, with over 270 data breaches being reported over the past year. Prime Minister Gordon Brown has admitted that the government cannot promise the safety of personal data entrusted by the public, and is blaming it on human error. However many in the industry think that the recent spate of security breaches were entirely preventable, and that the Government should address its ignoran......
[more] QuickStudy: Identity-based encryption Public-key cryptography offers very strong protection for electronic communications. Much of its strength comes from the use of paired keys, which are separate (but mathematically related) codes that encrypt and decrypt a message; one key is public and one is known only to the recipient. But hardly anyone uses public-key cryptography, because it's it's too much trouble. The recipient has to be prepared with both public and private keys, and the sender has t......
[more] What has happened to storage security? It would be an overstatement to suggest that the state of storage security has declined in the past year, but it's fair to say that it's lost some momentum. While everyone on the planet is now aware of privacy concerns and specifically the widely publicized risk of off-site tape loss, only a relatively small number of companies have acted to mitigate the situation. Certainly there have been technology advances, including the availability of tape drive e......
[more] Details of 5000 children found on memory stick in Leeds An enquiry has been launched after a memory stick was found in a second-hand car in Leeds. The memory stick contained the names, addresses, dates of birth, ethnicity and phone numbers of an estimated 5,000 children. It also stored information about child protection and whether parents claimed state benefits. The memory stick had been dropped at least a month earlier by a Leeds City Council worker during a taxi trip, although the employee r......
[more] Credit card customers left fearing worst after account details discovered German police are advising customers to check their accounts for suspicious activity after data was apparently stolen. Frankfurt police spokesman Karlheinz Wagner said the authorities had secured boxes of credit card data that had been saved to microfilm and sent anonymously to the Frankfurter Rundschau newspaper. The information apparently includes the names, addresses, account numbers and recent transactions for thousand......
[more] Web who's who botches secure sockets layer New research has uncovered flaws in the encryption certificates used to protect the websites of hospitals, banks, and even top-secret government spy agencies, raising questions about whether they are complying with regulations requiring them to adequately safeguard their online visitors. Rodney Thayer, a security researcher with Canola & Jones, spent a day and a half scoping out weak websites using nothing more than a handful of search queries type......
[more] How to use public Wi-Fi safely Sandwich chain Pret A Manger became the latest venue to announce free wireless internet access this week. But while public 'hotspots' are growing in number, free bandwidth comes with an element of risk, warns security specialist David Hobson. Once you are associated to an access point, you are on the same network as others connected to the same access point, in the same way as plugging into the same network segment. A simple network discovery will show who else is......
[more] Social networking is next for cybercrime, claims guru Cybercrime is likely to move into the social networking world, taking advantage of sites such as Facebook and MySpace, says New Zealand encryption guru Peter Gutmann. "I would assume internet crime will migrate to social networking sites in the future," says Gutmann, who also develops encryption toolkits and researches the usability of security software. Social networking sites are incredibly powerful virus platforms in that they allow devel......
[more] Firewalls failing to keep generation Facebook in check Workers are increasingly using online applications like Facebook and Google Apps as collaboration tools. How can businesses keep the net generation happy at work while keeping confidential data from leaking out of the enterprise? It's a question Sean Whetstone, head of IT services for Reed Specialist Recruitment, is wrestling with. Whetstone told silicon.com his company is concerned about online applications such as Facebook as people could......
[more] Small laptops pose a big security threat They're highly portable, inexpensive, very popular -- and a potential security nightmare. Running against the trend of mobile computers featuring progressively larger processors, memory, storage, screens and price tags, ultraportable laptops promise to streamline and simplify their users' lives. Easy to carry, capable of running only a handful of modest applications and affordably priced, ultraportables have emerged over the past year or so to become one......
[more] What can you afford NOT to do on IT security? With the ailing economy putting a crimp in IT budgets, information security managers -- like just about everyone else in the tech world -- are feeling pressure to keep their costs in line. Few expect to be hit with outright budget reductions, at least in the short term; regulatory requirements and the ever-expanding list of external and internal threats make it hard to devote less money to security efforts. But there is a growing push to curb or defe......
[more] DECT wireless eavesdropping made easy Conversations relayed through cordless household phones might be far easier to snoop upon than previously suspected. A new attack against phones based on DECT (Digital Enhanced Cordless Telecommunication) technology - demonstrated during the Chaos Communication Congress in Berlin earlier this week - might be carried out cheaply using off-the-shelf kit, together with a little know-how. A modified $30 VoIP laptop card running on a Linux portable were used to d......
[more] Lock down that data Another example of the insider threat to personally identifiable information has surfaced. This time it was not just a matter curious employees browsing through celebrity records but a scheme to steal identities and open fraudulent credit card accounts. In December, an employee in the human resources department of the Library of Congress was charged with conspiring to commit wire fraud for a scheme in which he stole information on at least 10 employees from library databases......
[more] Security will eat IT budgets in 2009, says survey Security budgets are increasing in 2009 to consume 12.6 percent of the entire IT operating budget, up from 11.7 percent in 2008, according to Forrester Research's survey of 942 IT and security managers in North America and Europe. Staffing and upgrades to existing security technology are taking up over half of the IT security budgets overall, according to Forrester's report, ‘The State of Enterprise IT Security: 2008 to 2009'. The survey a......
[more] Plan to extend police-hacking powers gathers pace The UK government has agreed to work with the European Parliament on plans to extend police powers to conduct remote searches of computers. The European Union Council of Ministers approved a plan in November 2008 to grant law-enforcement authorities in member states the power to perform remote searches of suspects' computers, as well as to perform 'cyber patrols' of the internet and increase data sharing between European police forces. The plan,......
[more] Clock ticking for gas stations to pump up data security Lower gas prices aren't the only thing that's new at the pumps these days. Data encryption tools are also becoming part of the picture. Starting Jan. 1, Visa Inc. is requiring all new fuel-dispensing machines being installed at gas stations around the U.S. to support the Triple Data Encryption Standard, a mandate that is designed to make it harder for identity thieves to steal debit card data from gas pumps by shielding the personal identif......
[more] Government failed to clamp down on data loss Staff are still able to copy unencrypted information from internal databases on to USB sticks, the portable memory devices that have been involved in many of the recent high-profile security breaches. The health and transport departments – as well as the Driving and Vehicle Licensing Agency – have failed to make encryption mandatory despite the recommendations of a Cabinet Office report last year.The Department for Children, Schools and F......
[more] Gov't departments deny memory-stick risks The departments of health and transport have denied a report that they allow staff to use USB devices to transfer unencrypted information. In a report on 12 January, 2008, the Financial Times said that information obtained under the Freedom of Information Act and passed to the newspaper shows the Department of Health and the Department for Transport are still allowing employees to download unencrypted data to USB memory sticks. But a spokesperson for th......
[more] Enterprises told to stop ignoring encryption Brocade is warning companies to reassess their security priorities for data centres and stop ignoring encryption, after a survey found that half of respondents had experienced security breaches during 2008. The Brocade commissioned survey of 4,500 senior European IT decision-makers in the UK, France and Germany was carried out during late 2008, across a number of verticals (public sector, health, finance, retail, manufacturing/logistics, telco, media......
[more] Next-gen botnet armies fill spam void The demise late last year of four of the world's biggest spam botnets was good news for anyone with an email inbox, as spam levels were cut in half - almost overnight. But the vacuum has created opportunities for a new breed of bots, some of which could be much tougher to bring down, several security experts are warning. New botnets with names like Waledac and Xarvester are filling the void left by the dismantling of Storm and the impairment of Bobax, Rusto......
[more] Indian Police on the hunt for poorly secured wireless connections At a conference in Mumbai last week, 80 policemen were taught about Wi-Fi connections and cybercrime and given the authority to order the owners of wireless routers to properly secure them with encryption and passwords. Police in Mumbai are reportedly on the hunt for poorly secured wireless connections, following an incident last year where hackers sent a warning about an imminent bombing from an innocent person’s Wi-Fi con......
[more] Russians start selling Wi-Fi encryption cracker The Russian security company that caused a stir some months by talking up its cracking tool for recovering Wi-Fi encryption keys, has started selling its software to all-comers in a specially packaged product. Normally, running a tool to do this on a conventional Intel Core 2 Duo desktop PC would take months to brute force even a single 8-character WPA/WPA2-PSK password, of which there are trillions of possible alpha-numeric combinations at that b......
[more] Security boffins attempt to freeze out cold boot crypto attack Security researchers have developed prototype countermeasures to defend against the recently developed cold boot crypto attack. Cold boot is a technique for snatching cryptographic keys from memory, creating a means to circumvent disk encryption. A targeted machine that's been left hibernating would be turned off and quickly rebooted using an external hard drive, loaded with customised software, in order to extract encryption keys st......
[more] Your laptop data is not safe. So fix it. The largest single type of security breach is the stolen or lost laptop, according to the Open Security Foundation, yet these computers are among the least protected of all IT assets. The costs of a data breach can be huge, including the loss of trade secrets, marketing plans, and other competitive information that could have long-term business damage, plus the immediate costs of having to notify people if their personal information was possibly at risk f......
[more] Thousands of USB sticks fogotten in clothes left at dry cleaners According to a survey released by Credant Technologies, in the last year 9,000 USB sticks have been forgotten in people's pockets as they take their clothes to be washed at the local dry cleaners. Data leakage and data loss is at an all time high. It could be blamed on the ever-popular USB or memory stick which most people now use to download and transport large amounts of sensitive data. The survey was carried out across the UK,......
[more] Voltage encrypts NHS Trust’s emails Recent instances of loss of data from NHS Trusts seem to have prompted the Lancashire Teaching Hospitals NHS Foundation Trust to strengthen its email security. The Trust has deployed Voltage Security’s SecureMail encryption system to protect data contained both in the internal and external emails. Integrating with the existing infrastructure, SecureMail enables end-to-end, content level encryption of email and mobile messaging. Saeed Umar, IT project manager......
[more] Elcomsoft software means WiFi users should step up security Global Secure Systems has said that the release of a WiFi password auditing utility by Russia's Elcomsoft should act as a wake-up call on the dangers of wireless insecurities to all IT managers. David Hobson, managing director of GSS, claimed that the release of the Wireless Security Auditor by Elcomsoft moves the wireless security ballgame on by several stages as it highlights the fact that WiFi users need to be using more complex alph......
[more] New paint promises high-speed Wi-Fi shielding IT managers should start familiarising themselves with a new security tool, the paint brush, as Japanese researchers have come up with a paint that they say will block high-speed wireless signals, giving businesses a cheap option to protect their wireless networks. The problem of securing wireless networks has been an issue for a while now. Wi-Fi LANs with no encryption or running the obsolete WEP system, run the risk of having hackers outside the b......
[more] Home Office rapped over data-protection breach Privacy watchdog the Information Commissioner's Office has found the Home Office to have breached data-protection law over the loss of 84,000 prisoners' data. Although the data was lost by contractor PA Consulting, as the relevant data controller the Home Office was ultimately accountable for the loss under the Data Protection Act, said assistant information commissioner Mick Gorrill. "This case was serious because it involved thousands of ind......
[more] Secure Encryption Key Lifecycle Management One of the essential components of encryption that is often overlooked is key management - the way cryptographic keys are generated and managed throughout their life. Because cryptography is based on keys that encrypt and decrypt data, your database protection solution is only as good as the protection of your keys. Security depends on two factors:Where are the keys stored andWho has access to them?When evaluating a data privacy solution, it is essenti......
[more] Heartland data breach proves PCI compliance is not enough The data breach at Heartland Payment Systems that exposed millions of credit card holders in the US to fraud, proves regulatory compliance alone is not enough. Despite being compliant with the Payment Card Industry Data Security Standard (PCI DSS), cybercriminals were able to gain access to Heartland's systems. The criminals installed spy software to steal credit card details as millions of transactions were processed for an unknown peri......
[more] Alarm sounded over wi-fi networks Wireless access points could be used by hi-tech criminals to spread viruses and worms, warn US researchers. Security holes and the popularity of the devices in cities makes them ideal for spreading malware, they found. Using modelling methods from real diseases the team showed how a worm could gradually infect all access points in urban areas. They found that the majority of vulnerable access points would be hit in the first 24 hours of an outbreak.Password cra......
[more] Coming soon: Full-disk encryption for all computer drives The world's six largest computer drive makers today published the final specifications(download PDF) for a single, full-disk encryption standard that can be used across all hard disk drives, solid state drives (SSD) and encryption key management applications. Once enabled, any disk that uses the specification will be locked without a password -- and the password will be needed even before a computer boots. The three The Trusted Computing......
[more] Retailers still failing on wireless security Retailers are dragging their feet when it comes to ensuring wireless networks are safe from hackers, a new survey has claimed. Thousands of wireless access points (APs) in busy retail centres across the globe are wide open to wireless data-robbers, an annual Motorola wireless security survey found. Almost a third (32 per cent) of 7,940 APs probed were found to be unencrypted, a six percentage point rise on the year before. A quarter of APs were still......
[more] New disk encryption standards could complicate data recovery When the world's largest disk-makers joined last week to announce a single standard for encrypting disk drives, the move raised questions among users about how to deal with full-disk encryption once it's native on all laptop or desktop computers. For example, what happens if a user loses a password -- essentially leaving the drive filled with data that can no longer be unencrypted? Or what if a drive becomes corrupted or damaged, the......
[more] Data losses proving costlier for businesses Data breaches are costing companies more than ever as consumers shun those that have lost information, according to a new study. Data breaches have proven to be a downside of the information age as personal and financial information face threats from hackers, careless employees, and thieves. The study is based on a survey of 43 U.S. companies that lost data in 2008, ranging from 4,200 records to 113,000 records across 17 industry sectors, according to......
[more] Encryption key management solution launched by coalition of seven companies Seven organisations have joined to launch an interoperability specification for encryption key management. Designed to aid IT security, compliance and data recovery, Brocade, RSA, HP, IBM, LSI, Seagate and Thales have worked together to create a jointly developed specification for enterprise key management. KMIP is designed to provide a single, comprehensive protocol for communication between enterprise key management s......
[more] EMD implements AppGate unified network access control solution EMD, a professional services firm based in Malta, has installed the network access control solution from AppGate Network Security to ensure that client information and communications remain confidential and secure when staff are working away from the office. EMD chose to implement AppGate’s technology because it provides a comprehensive, easy to use and cost effective solution in one box, delivering the security, access contro......
[more] Windows 7: Enterprise features explained The lion's share of attention about the Windows 7 beta has been on consumer features. The new taskbar with its jumplists, mouse-hover features, easy navigation and the more controllable user account control are the immediate attention-grabbers. But the under-the-hood, less "sexy" enterprise features of Windows 7 are not as well known. Popular blogger and editor of Supersite for Windows Paul Thurrott recently said in an interview with CIO.com sister site......
[more] Man-in-the-middle attack sidesteps SSL A combination of poorly educated users, fewer security warnings in browsers, and sites that mix secured and unsecured content allow man-in-the-middle attacks that can sidestep the ubiquitous secure sockets layer (SSL) encryption used to pass login credentials, a researcher told attendees on Wednesday at the Black Hat Security Briefings. Using a proxy server sitting between the victim and the Internet, security researcher Moxie Marlinspike — his real......
[more] Encryption demands: Ignored by quarter of MoD contractors Companies working on confidential UK defence information are not complying with government demands to encrypt data. One-quarter of contractors which either access the Ministry of Defence Restricted Network or who work on classified or above information have failed to confirm they encrypt all defence data held on laptops and portable media - a requirement under the MoD's List-X Notice security standards. In a written answer to Parliament,......
[more] Banks, credit unions begin to sue Heartland over data breach In an indication of the legal troubles companies can find themselves in over data breaches these days, several banks and credit unions have begun suing Heartland Payment Systems over its recently disclosed data breach. In the six weeks since the potentially-massive breach was disclosed, eight banks and credit unions have filed lawsuits against Heartland over its alleged failure to take adequate measures for protecting credit and debt......
[more] Police force loses 'unencrypted' investigations memory stick A memory stick that contains information on hundreds of police investigations, possibly unencrypted, has gone missing. The memory stick - belonging to the Lothian and Borders Police, the police force that covers Edinburgh and south east Scotland - contained the details of 750 vehicles alongside other data relating to investigations. It was lost two months ago, but only reported missing on 26 February and was last used by staff working......
[more] UK organisations fail to protect data with encryption More than half of UK public and private sector organisations are still risking data breaches and leaks, because they do not have data encryption in place to secure information on laptops, handheld devices and removable storage media. This is one of the key findings of the second annual UK data security survey by Check Point Software Technologies Ltd. According to the new survey of 120 IT managers and senior IT staff, 49% of respondents said......
[more] ATM malware appears, Diebold issues security update Diebold, which has fielded recent criticism over the reported insecurity of its voting machines, is now fighting off news that its ATMs also can be compromised. Security firm Sophos reported this week that it received three samples of a trojan that was customised to run on Diebold-manufactured cash machines in Russia, said Graham Cluley, Sophos' senior security consultant. The malware was able to read card numbers and PINs -- then when the att......
[more] Local authority not meeting GCSx CoCo rules run the risk of losing data and being cut-off from Government networks The Government Connect Secure eXtranet (GCSx) and Code of Connection (CoCo) rules kick in on March 31 and any local authority not meeting the rules could run the risk of losing data and being cut-off from Government networks. Local authorities, education and emergency services could being faced with ex-communication from Government networks as the March 31st compliance deadline appr......
[more] Enterprises still neglecting WLAN security Most European enterprises are neglecting their wireless LAN security, with an alarming number using only the most basic security protection for their wireless networks. So discovered a Motorola survey carried out by Vanson Bourne, which found that over half (65 percent) of large European companies use the same security measures for both wired and wireless networks, when in reality, they need different handling. The survey questioned 400 IT directors at......
[more] Data Security: Whose Job Is It Really? Forrester has a recommendation for CISOs struggling with how to secure corporate data: Stop trying so hard. Despite years of investments in technology and processes, protecting enterprise-wide data remains a maddeningly elusive goal for chief information security officers (CISOs). Software-as-a-service (SaaS), Web 2.0 technologies, and consumerized hardware increase the number of escape routes for sensitive information. Regulations, statutes, and contractua......
[more] Cloud Security Alliance formed to promote best practices A group calling itself the Cloud Security Alliance announced its formation Tuesday, with eBay and ING as founding members. The alliance, which plans to make its first big splash at the upcoming RSA Conference, was formed to promote security best practices in a cloud computing environment. The on-demand cloud computing model is putting new demand on security, according to statements from Dave Cullinane, CISO at eBay. "The very nature......
[more] Research spies holes in Fortune 1000 wireless nets Overlooked design weaknesses in a widely used type of wireless network are seriously jeopardizing the network security of the retailers and manufacturers that rely on them, a security expert has determined. So-called FHSS, or frequency-hopping spread spectrum, networks are an early form of the 802.11 wireless data standard. Although transmission speeds, at about 2 Mbps, lag far behind more recent 802.11 technologies, they remain widely used by......
[more] Conficker begins stealthy update The Conficker worm has started to update infected machines with a mystery package of data. Computer security firms watching the malicious program noticed that it sprang into life late on 8 April. The activity on its update system delivered encrypted software to compromised machines. It is not yet clear what the payload contains. The Conficker virus variants are thought to be present on millions of PCs around the world. Spam connection The......
[more] Survey: 7 of 10 IT pros have found sexual, other inappropriate material on employees' laptops Nearly three-quarters of corporate security and IT professionals in the U.S. have found "inappropriate" pictures, videos or browser cache links on employee laptops, a survey released Wednesday shows. Two-thirds of the 3,100 IT pros anonymously surveyed by the Ponemon Institute had found "evidence of inappropriate interactions with other employees" of an adult nature on company-issued laptops......
[more] Wireless and wired security: one and the same Some enterprises believe they don't have to concern themselves with wireless security if they don't run sensitive information on their networks. This can be a costly mistake, as Motorola's Ronald van Kleunen explains. In today's competitive economy, we need the power to do business anywhere, anytime. As such, wireless networks are taking over the enterprise. The flexibility and low cost, plus the ability to increase staff productivity, has resulted......
[more] Cryptography experts debate cloud-computing risks A group of pioneers in the security field, whose work in encryption is used to protect internet data and communications every day, spoke about the state of security at a cryptographer's panel at the RSA security conference in San Francisco on Tuesday. They tackled various questions about cybersecurity in general, but the topic that dominated was cloud computing. "Cloud computing is a challenge to security, but one that can be overc......
[more] Getting a grip on key rotation One of the ways to turn a pleasant dinner conversation among CISOs and risk managers into a philosophical battleground is to introduce the topic of key rotation, which is defined as the process of decrypting data with an old key and re-keying the data with a new one. There are many conflicting ideas about how much key rotation is necessary, how far it should go, and how often it should be done. These issues cause trepidation and worry for many IT managers. But the......
[more] Researchers Warn of Nasty Trojan Just as we're finally being allowed to stop saying the C word (no, don't make me say it!) experts are warning of a powerful new Trojan attack that could make some waves of its own, based on its ability to spread like a traditional virus and embed itself deeply into end users' machines. In a blog post authored by longtime security guru Paul Henry, of Lumension, the expert contends that the emerging attack, identified as a variant of the Virut.CF Trojan by Symante......
[more] Better incentives required to stop data loss Organisations do not know enough about the source, reason and frequency of data leaks, and more incentives need to be put in place to encourage better data protection, according to a panel discussion at the Infosecurity Europe show in London. Data losses are still a regular occurrence, and IT managers often have no idea about the scale of the breach, or whether it is accidental or intentional. Lord Errol, one of the panellists, believes that this iss......
[more] New standard for encrypting card data in the works; backers include Heartland The same organization that led the development of security standards for payment-card magnetic stripe data and PIN-based transactions will soon begin work on a new specification for encrypting cardholder data while it is in transit between systems during the transaction process. And among the companies in the forefront of the effort is Heartland Payment Systems Inc., the Princeton, N.J.-based payment processing firm t......
[more] Botnet probe turns up 70GB of personal, financial data Researchers from the University of California gained control over a well-known and powerful network of hacked computers for 10 days, gaining insight into how it steals personal and financial data. The botnet, known as Torpig or Sinowal, is one of the more sophisticated networks that uses hard-to-detect malicious software to infect computers and subsequently harvest data such as e-mail passwords and online banking credentials. The researcher......
[more] Researchers renege on security flaw promise Indian security researchers have released proof-of-concept code that can be used to take over a computer running Windows 7, despite earlier promising not to make the code public for fear it could be misused. VBootkit 2.0 was developed by researchers Vipin Kumar and Nitin Kumar and is now available for download under an open-source licence. They unveiled the proof-of-concept code at the Hack In The Box (HITB) security conference in Dubai last month, wh......
[more] New warning over cloud security gaps The security gaps in cloud computing demand greater scrutiny than traditional IT outsourcing models, a new Forrester report has said. With traditional outsourcing models, a customer places its own servers in someone else's data centre, or a service provider manages devices dedicated to that customer. But multi-tenancy rules the day in cloud computing, and customers may not know where their data is stored or how it's replicated, Forrester analyst Chenxi Wang w......
[more] Steps to mitigate Web 2.0 security risks Love or loathe it, businesses can’t ignore the Web 2.0 phenomenon. As LinkedIn, Facebook, Twitter, wikis, blog sites, Flickr, music sharing and other collaborative applications have eased their way into peoples’ working lives, companies are having to work through the security implications. These applications change the way people interact, blurring the line between what’s business and what’s personal. They allow people to put more data on the......
[more] OpenSSH chink bares encrypted data packets Cryptographers are urging users of a widely employed network protocol to make sure they're running the latest version after discovering a flaw that could allow attackers to read data that's supposed to remain encrypted. All programs that incorporate the OpenSSH implementation of SSH, short for Secure Shell, should make sure they use version 5.2, which provides several countermeasures to prevent the attacks. Other SSH implementations may be vulnerable a......
[more] Investigators prove Nokia 1100 online banking hack Criminals wouldn't have been paying all that money for old phones for nothing By Jeremy Kirk, IDG News Service An old chocolate-bar style Nokia 1100 mobile phone has been used to break into someone's online bank account, affirming why criminals are willing to paying thousands of pounds for the device. Using special software written by hackers, certain models of the 1100 can be reprogrammed to use someone else's phone number and receive their SMS......
[more] Questions asked over RFID tags and scanners and their ability to spread malware The security of the Radio-Frequency Identification (RFID) tag, and its ability to resist malware, has been questioned.Oleg Petrovsky, senior software development engineer at Microsoft, claimed that at a hardware level, a RFID tag normally consists of a receiver and transmitter and a micro-controller that facilitates the exchange. However the micro-controller is not powerful enough to employ sophisticated means of a......
[more] PCI compliance accused of becoming meaningless if it is not correctly enforced The requirements for PCI compliance have been described as ‘woefully inadequate'.Paul Henry, security and forensic analyst at Lumension, claimed that breach after breach of credit card data has become all too commonplace, and PCI should raise the bar and increase the minimum acceptable standards to become compliant in light of these many failures.Pointing to the Heartland incident, Henry stated that PCI had &ls......
[more] Windows XP ATMs at risk from data-sniffing software Cybercriminals refine malware which steals PINs and card data ATMs running Microsoft's Windows XP operating system that records sensitive card details, risk being hacked as cybercriminals improve a malicious software programme, according to security vendor Trustwave. The malware has been found on ATMs in Eastern European countries, according to a Trustwave report. The malware records the magnetic stripe information on the back of a card as well......
[more] Google cloud told to encrypt itself A small army of security and privacy researchers has called on Google to automatically encrypt all data transmitted via its Gmail, Google Docs, and Google Calendar services. Google already uses Hypertext Transfer Protocol Secure (https) encryption to mask login information on this trio of cloud-based web-based applications. And netizens have the option of turning on https for all transmissions. But full-fledged https protection isn't flipped on by default.&qu......
[more] Heartland CEO says data breach was 'devastating' Heartland Payment Systems chief executive Robert Carr remembers what it felt like when he first heard about the massive data breach at his company earlier this year. "I wanted to throw up. It was devastating," says Carr, recalling how he felt upon realizing that one of his worst fears had come true. "People had asked me for years 'what keeps you awake at night' and I would keep telling them it was the fear of a data breach," he told Com......
[more] Security experts uncover one-stop botnet marketplace Researchers have uncovered a fully-functional marketplace for the building and selling of botnets. Security firm Finjan said that the site allows criminals to obtain everything from malware and data, to networks of infected PCs. Yuval Ben-Itzhak, chief technology officer at Finjan, described the new site an "eBay for stolen data". "It is basically a hacker-to-hacker platform to provide everything you want, " he said. "......
[more] New devices make hotspots a hacker's paradise Airport lounges, train stations and hotels represent three of the easiest attack vectors for hackers, according to white hat hacker, Chris Gatford. Speaking at IDC's SecurityVision conference today, Gatford said the vast majority of public hotspot users put their organisation's data at risk by connecting without a VPN to the "Linksys global wireless network" - his term for open networks set up in peoples homes that are left unsecured. Gatford, direc......
[more] Bord Gáis unencrypted stolen laptop contained the bank account details of 75,000 customers Bord Gáis, theIrish energy provider, has seen an unencrypted laptop containing the bank account details of 75,000 of its customers stolen from its Dublin offices. The theft occurred on 5th June 2009, but has only just been revealed as the gardaí was following a particular line of investigation. The incident occurred early on Friday 5 June when the Bord Gáis offices in Dublin and a number of adjacen......
[more] Pull the Plug on Unauthorized Wireless Devices What types of wireless devices are your employees plugging in to your company's network? If you don't know the answer to this question, your business is at risk. Today, like never before, employees are coming to work equipped with an array of network-compatible wireless gadgets — iPhones, laptop computers, media players, wireless access points and more. All of these devices, unfortunately, are capable of disrupting network operations and stea......
[more] IBM touts encryption innovation IBM today said one of its researchers has made it possible for computer systems to perform calculations on encrypted data without decrypting it. IBM says the breakthrough would let computer services, such as Google Inc. or others storing the confidential, electronic data of others, fully analyze data on their clients' behalf without expensive interaction with the client and without seeing any of the private data. The idea is a user could search for information us......
[more] The human factor in laptop encryption Hardly a day goes by without news of some laptop containing sensitive information about customers or staff getting lost or stolen. The latest high profile example is the Bord Gais burglary in Dublin in which an unencrypted laptop containing the bank details of 75,000 electricity customers was stolen. Hilariously, Bord Gais told the people affected that "data security and laptop encryption is a major priority for us". More practically, it urged the names to w......
[more] Programmer steals Wall Street trading code, FBI alleges A high-level developer for Goldman Sachs was arrested by the FBI Friday and charged with stealing computer code that automates the firm's high-volume trading on stock and commodities markets, according to court documents and sources close to the case. The Reuters news service, which broke the story yesterday, tied the developer, Sergey Aleynikov, to Goldman Sachs, where he was allegedly a vice president of equity strategy. Today, sources w......
[more] UK data breach incidents on the rise Seven in ten UK organisations experienced a data breach incident over the last year, up from 60 per cent in the previous year. The third edition of an annual survey by the Ponemon Institute, sponsored by PGP, also found that 12 per cent of 615 public and private sector organisations probed were hit by five data loss incidents over the previous year. Less than half of these breaches (43 per cent) were disclosed publicly, while disclosure of the remainder was n......
[more] How one NHS trust encrypted its data It was last September when NHS chief executive David Nicholson issued a national mandate that demanded all NHS trusts nationally secure personal data with encryption. Nicholson and the NHS appreciated the importance of the security of patient data, which was often sensitive. In 2008, there had been a number of high profile data leaks from councils and other public sector agencies and was at the time a particularly hot topic. The NHS was also trying to move d......
[more] Map out your zone defense A good exercise for any security admin is to map your security domains or zones. The idea is that a map of the inputs and outputs of your organization's data pathways will give you a clearer idea of the users, gateways, systems, and data that you are trying to secure. Unless you know about it, it's impossible to secure it. And, as the saying goes, a problem well defined is a problem half-solved. Start with all of the ways that people can enter your environment: LAN, WA......
[more] PCI clarifies procedures to secure Wi-Fi The group charged with administering the Payment Card Industry Data Security Standard (PCI DSS) has begun issuing guidance documents that merchants can use to help them better understand and adhere to payment security standards. On Thursday, the PCI Security Standards Council published its first installment: a 33-page paper for clarifying how retailers should secure their wireless internet environment. “The guidelines are not there to add any new c......
[more] HSBC companies slapped with £3m fines over data breaches Three HSBC companies have been hit with fines after the financial services watchdog found they weren't doing enough to protect customers' data. The Financial Services Authority (FSA) fined HSBC Life £1,610,000, HSBC Actuaries £875,000 and HSBC Insurance Brokers £700,000 - making a total of £3m in penalties between them. Due to the fact the three firms settled with the FSA, their fines were discounted by 30 per cent - the original charges......
[more] Want to keep eavesdroppers out? HP researchers think they have the answer Two researchers for HP have created a browser-based darknet, an idea that could make it easier for businesses to keep eavesdroppers from finding out confidential corporate information. Darknets are encrypted peer-to-peer networks normally used to communicate files between closed groups of people. Most darknets require a certain level of technological literacy to set up and maintain, including taking care of the necessary......
[more] Screen-blocking systems stop prying eyes You've probably been in this situation before: A colleague strolls up behind your computer during work hours and your personal e-mail is in view. To protect computer users in such instances -- and some that are much more problematic -- a U.S.-based company, Oculis Labs, has come up with two systems that obscure sensitive content on a computer screen, offering an alternative to plastic overlays that block content unless viewed at a direct angle. Oculis La......
[more] SHA-3 hash contest enters second round The competition for the next generation of cryptographic hash algorithms has moved on to its second stage. Fourteen candidates have been selected by the US National Institute of Standards and Technology (NIST), which is running the contest, to progress onto the next round in the competition to define the algorithm that will underpin SHA-3 (Secure Hash Algorithm 3). NIST expects to competition, which began in 2008, to climax after four years in 2012. Of 51......
[more] Researcher reveals massive 'professional thieving' botnet A ferocious piece of malware that's infected up to a million PCs is stealing a "tremendous" amount of financial information from consumers and businesses that log on to their bank, stock broker, credit card, insurance, job hunting and favorite e-shopping sites, a noted botnet researcher said today. "Clampi is the most professional thieving pieces of malware I've ever seen," said Joe Stewart, director of malware research for Sec......
[more] Nine things about botnets that will scare your pants off I wondered just how deep and wide the botnet problem goes. What I learned with just a little bit of research is enough to make you want to return to the days of stand-alone computing. The reality is worse than most people suspect. Let me share nine known things about botnets that will scare your pants off. At the very least, perhaps this article will prompt you to step up your effort to keep your corporate PCs off the illicit botnets. 1.......
[more] Mozilla patches three Firefox bugs Mozilla has patched Firefox 3.5 and Firefox 3.0 to quash three security vulnerabilities, including a pair unveiled last week at Black Hat, and a third Mozilla itself revealed last month. Firefox 3.0.13, the update to the older browser that Mozilla will drop off the support list in January 2010, includes two bugs, while Firefox 3.5.2 fixes a separate flaw. The vulnerabilities patched by Firefox 3.0.13 were disclosed last week by Dan Kaminsky of IOActive and a s......
[more] AES encryption not as tough as you think Cryptographers have found a new chink in the widely used AES encryption standard that suggests the safety margin of its most powerful cipher is not as high as previously thought. In a soon-to-be-published paper, researchers Alex Biryukov, Orr Dunkelman, Nathan Keller, Dmitry Khovratovich, and Adi Shamir show that the 256-bit version of AES is susceptible to several so-called related-key attacks that significantly diminish the amount of time it takes to g......
[more] Tokenization vs. end-to-end encryption Over the last few months, the PCI Knowledge Base has been doing research on the impact of PCI compliance on fraud and fraud management for the Merchant Risk Council. One of the things we've learned is that, in general, the PCI-mandated controls are most effective at reducing internal fraud due to insider threat. Many of the controls focus on limiting the number of employees who are authorized to access credit card data, whereas others focus on separating t......
[more] How to Prevent a Heartland-Style Data Breach The United States Department of Justice announced today the arrest of Albert Gonzalez, a 28-year old Miami man, in the largest identity theft prosecution on record. Gonzalez is accused, along with two as-yet-unnamed Russian co-conspirators, of compromising more than 130 million credit and debit card accounts from a variety of targets including Heartland Payment Systems and 7-Eleven. While the Department of Justice should be commended for the successf......
[more] New attack cracks common Wi-Fi encryption in a minute Computer scientists in Japan say they've developed a way to break the WPA encryption system used in wireless routers in about one minute. The attack gives hackers a way to read encrypted traffic sent between computers and certain types of routers that use the WPA (Wi-Fi Protected Access) encryption system. The attack was developed by Toshihiro Ohigashi of Hiroshima University and Masakatu Morii of Kobe University, who plan to discuss further......
[more] Quantum computer slips onto chips Researchers have devised a penny-sized silicon chip that uses photons to run Shor's algorithm - a well-known quantum approach - to solve a maths problem. The algorithm computes the two numbers that multiply together to form a given figure, and has until now required laboratory-sized optical computers. This kind of factoring is the basis for a wide variety of encryption schemes. The work, reported in Science, is rudimentary but could easily be scaled up to handl......
[more] Heartland CEO: More Card Encryption Needed The top executive at Heartland Payment Systems Inc. last week called on credit card vendors, payment processors and retailers to embrace an encryption standard that would protect credit and debit card numbers. Robert Carr, Heartland's chairman and CEO, told the U.S. Senate Homeland Security and Governmental Affairs Committee that industry guidelines today don't require encryption of credit card numbers during transit between retailers, payment processo......
[more] Encryption is becoming more elaborate to ensure confidential business data is kept secret In 1597, Francis Bacon coined the phrase scientia potentia est, “for knowledge itself is power”, and this is as true today as it was then. Bacon could not have foreseen the change that has overtaken information, and business data in particular. Digital information is now one of the cornerstones of business, and never before has so much knowledge been available so easily. However, keeping business secrets ha......
[more] Protecting your digital assets after death Thanks to an endless stream of gadgets many of us are in heaven when it comes to technology. Do-it-all phones, never ending storage, social web sites - to many this is what life is all about. At some point though drop dead gorgeous gizmos outlive their owners. But once we die, what happens to the digital life we leave behind?
Plan ahead
As might be expected, policies vary from company to company. E-mail providers will often give up the deceased's passw......
[more] What does PCI mean to you? This week my attention has been dominated by one word, well six officially, but often narrowed down to six or even three letters – PCI. To give it its full title it is the ‘Payment Card Industry Data Security Standard', and in my meetings this week at Gartner and other panel debates, the subject arose on several occasions. Now I will be the first to acknowledge that I do not know the ins and outs of PCI (as we will now call it), but thanks to the PCI DSS user group (se......
[more] Anti-wi-fi paint offers security Researchers say they have created a special kind of paint which can block out wireless signals. It means security-conscious wireless users could block their neighbours from being able to access their home network - without having to set up encryption. The paint contains an aluminium-iron oxide which resonates at the same frequency as wi-fi - or other radio waves - meaning the airborne data is absorbed and blocked.
By coating an entire room, signals can't get in......
[more] Inhibiting employee use of Web 2.0 applications is a double edged sword With strong evidence now emerging that allowing employee access to Web 2.0 sites is beneficial, many organisations are starting to reverse their decisions to ban the new internet. However, with no controls in place to manage sites accessed and content posted, companies are still in danger from data leaving undetected, employees posting negative and possibly libellous comments and escalating bandwidth usage. Organisations th......
[more] Fake antivirus attacks PCs with ransom demand The Fake antivirus phenomenon has taken an unpleasant turn with the discovery of a Windows program that not only cons users into buying an unnecessary license but appears to lock files and applications on the victim's PC. According to security company Panda Security, rogueware program Total Security 2009 starts out in conventional fashion with the ‘discovery' of a non-existent malware infection for which it demands an unusually ambitious $79.9......
[more] How to verify that an email was opened by the intended recipient To complete registration, several websites send users an email message that contains an HTTPS secured link. However, if that email is intercepted, an impersonator may complete the registration process without accessing the recipient's email account. Is there to set up a server to confirm the email was opened by the intended recipient? Unfortunately, email protocols don't really include a check point to detect whether the original......
[more] Amazon's EC2 brings new might to password cracking Forget what you've learned about password security. A simple pass code with nothing more than lower-case letters may be all you need - provided you use 12 characters. That's the conclusion of security consultant David Campbell, who calculated the cost of waging a brute-force attack on various types of passwords using cloud computing services offered by Amazon. Based on hourly fees Amazon charges for its EC2 web service, it would cost more than......
[more] CIOs need to worry about the rise in temporary workers and consultants brought about by the recession In June this year, the CBI predicted that we’re going to be stuck in recession for at least another twelve months. The dangers of the current financial situation on employee morale are clear – no one likes feeling as though their jobs are under threat, or that their company can’t afford promotions or pay rises. But what are the risks of disgruntled employees for security, specifically informati......
[more] Towards the paperless office A few weeks ago I reported that I could sense a new, much more determined mood across the UK business community to embrace electronic channels to overcome the postal strike. You can really see the aspiration in the eyes of sales executives to turn a major disaster into a business opportunity. So what has the response been so far? My contacts in Mimecast, a leading vendor of cloud-based email security services, tell me that they noted a 20% increase in the volume of......
[more] Red faces as Cofee spills onto the net In an ironic twist of fate, Microsoft's Computer Online Forensic Evidence Extractor (Cofee) crime scene reporting tool has leaked onto the net. According to the security firm Sophos and other reports, copies of the tool have surfaced on a file sharing site, and users are already downloading it. Cofee is designed to be used by crime scene investigators, letting them download the contents of a suspicious computer without the need to insert a USB key.
Microso......
[more] Industry needs to come clean on cloud security A leading security expert has warned of widespread data theft as more and more organisations move their information into the cloud, and urged firms to consider data encryption by key management as the only viable way to mitigate this risk. Speaking to V3.co.uk as part of its Information Overload Summit, Dave Rand, chief technology officer of security vendor Trend Micro, argued that IT teams want to move to cloud computing because of the cost saving......
[more] UK 'in danger of being left behind' on security A leading security expert has warned that UK organisations need to focus more security efforts on behavioural monitoring of employees, or risk failing on data security and falling behind on the global stage. Stuart Okin, former chief security advisor of Microsoft and now UK MD of consultancy Comsec, said the current information overload facing firms means they cannot afford to take a reactive approach.
"What we've done historically is look at the......
[more] Eight indicted for $9 million hack A U.S. grand jury in Atlanta has indicted eight people related to hacking into a computer network operated by credit-card processing vendor RBS WorldPlay and stealing $9 million. Indicted Tuesday were Sergei Tsurikov, 25, of Tallinn, Estonia; Viktor Pleshchuk, 28, of St. Petersburg, Russia; Oleg Covelin, 28, of Chisinau, Moldova; and a person known only as Hacker 3. They were charged in a 16-count indictment of conspiracy to commit wire fraud, wire fraud, cons......
[more] St Albans Council loses fourth laptop this month A laptop has been stolen from St Albans District Council containing the personal details of over 14,000 local postal voters. The details included the names, addresses, dates of birth and signatures of 14,673 residents – everyone who applied for a postal votes for the June local election. The laptop was the fourth to be stolen from the council this month.
The council has reassured the St Albans Review that the laptop did not contain details of vot......
[more] Unsecure encryption methods leave data security and network security vulnerable Companies are using unreliable and unprotected methods and tools for data security that do not have a security basis for encryption. A lack of guidance and education is causing companies to use unsecure encryption methods which leaves data security and network security vulnerable. Marc Hocking, chief technology officer at Becrypt, claimed that he had seen instances of Winzip being used as an encryption and data prot......
[more] Scientists promise an end to web attacks Research published by academics at the University of Bristol's Department of Computer Science suggests that a new technology could render cyber attacks " computationally impossible". The experts will present their research at the ASIACRYPT 2009 security and cryptology conference being held in Japan this week. Paul Morrissey, Nigel Smart and Bogdan Warinschi will discuss how a new technique could be applied that makes web site attacks impossible.
The rese......
[more] Top Five Reasons For Security FAIL The Internet security industry has seen every type of security solution fail. While there are exceptions, one can learn some general principles as to why things fail. Below are some observations. The weakest link
"Security is only as good as its weakest link." This is probably the most well-known adage. Surprisingly however, many security solutions fail because of it, as the weakest link is often not obvious. This is best demonstrated with a couple of examples......
[more] Drone incident serves up data encryption lesson The disclosure that Iraqi insurgents were able to intercept live video feeds from U.S. drones has focused the spotlight on a familiar IT security issue: data encryption. In a story that's receiving widespread attention, the Wall Street Journal yesterday reported that Iranian-backed groups in Iraq and Afghanistan were tapping into live feeds from Predator drones using a $26 software tool called SkyGrabber from Russian company SkySoftware. The hithe......
[more] UK retail Wi-Fi security still patchy Wi-Fi security in UK retail environments is improving, but shops remain vulnerable to the sorts of attacks carried out as part of the infamous TJX credit card heist. The cybercrooks, who lifted more than 21 million credit card records, leapfrogged onto the retailer's credit card database after first breaking into the wireless network of a regional store, a subsequent investigation ahead of upcoming US trials revealed. The incident ought to have acted as a wa......
[more] Smartphone attacks, rogue antivirus, cloud breaches top 2010 security concerns The rise of the Conficker worm and Heartland Payment Systems' enormous data breach were two defining security events in 2009. What's in store for 2010? "It's going to get worse," says Patrik Runald, senior manager of security and research at Websense, who argues there has not yet been a year when things got better in terms of security and the wider Internet. Criminals have been mastering botnets, phishing scams and f......
[more] Hackers show it's easy to snoop on a GSM call Computer security researchers say that the GSM phones used by the majority of the world's mobile-phone users can be listened in on with just a few thousand dollars worth of hardware and some free open-source tools. In a presentation given Sunday at the Chaos Communication Conference in Berlin, researcher Karsten Nohl said that he had compiled 2 terabytes worth of data -- cracking tables that can be used as a kind of reverse phone-book to determine t......
[more] Kingston owns up to USB stick hack Independent memory giant Kingston Technology has issued a highly unusual warning that several of its supposedly secure encrypted USB drives can be hacked. The precise nature of the hack has not been disclosed, but the company named named three drive models, the DataTraveler BlackBox, the DataTraveler Secure - Privacy Edition, and the DataTraveler Elite - Privacy Edition, as being vulnerable to "a skilled person with the proper tools and physical access to the d......
[more] Care UK safeguards company data with Becrypt DISK Protect Becrypt has announced its partnership with Care UK, an independent provider of health and social care, to provide a range of security solutions, enabling Care UK to enhance comply with government and NHS legislation as well as safeguarding company data and its employees. Care UK selected Becrypt from a trial of three security providers, to implement its DISK Protect and Enterprise Manager solutions across its laptop estate. Becrypt DISK......
[more] Businesses fail to secure remote workers Over three quarters of businesses have regular remote users among their workforce, yet only 27 per cent use hard disk encryption. According to survey by Check Point, 77 per cent of businesses have a quarter of staff who regularly work remotely, and in addition, only nine per cent use encryption for removable storage devices. Juliette Sultan, head of global marketing at Check Point, said: "With less than 30 per cent of businesses saying they use data encr......
[more] Only one in four companies use hard disk encryption to protect sensitive data on corporate endpoints According to a Check Point global customer survey of businesses on endpoint security trends, the number of remote workers continues to grow and businesses need to expand their IT measures to safeguard the increasing mobile workforce. Over 40% of businesses in the last year have more remote users connecting to the corporate network from home or when travelling, compared to 2008. Check Point disco......
[more] Heartland moves to encrypted payment system Responding to its widely reported and massive data breach that took place a year ago, Heartland Payment Systems will be moving to an end-to-end encryption system for payment transactions, according to Chairman and CEO Robert Carr. "End-to-end encryption is a good way to mitigate the risk of having the kind of compromise that we and hundreds of other companies have had," Carr said in an interview.
"We're using encryption on the front end to keep card n......
[more] No major PCI DSS revision expected in 2010 PCI Security Standards Council general manager Bob Russo said the next revision of the Payment Card Industry Data Security Standard (PCI DSS), due in October, will contain clarifications but no major changes to the standard. "There won't be any surprises," Russo said. "We're more likely to see guidance documents."
Encryption, virtualization and the use of more secure payment terminals are expected to gain more attention. Those topics have been the focu......
[more] Average annual cost of PCI compliance audit? $225k Merchants that undergo network audits to ensure compliance with the Payment Card Industry Data Security Standards are paying an average of $225,000 each year -- and 10% of these business are paying $500,000 or more annually, according to a new study. In spite of that, 2% of them fail these audits. The study, conducted by The Ponemon Institute under sponsorship of Thales, surveyed 155 qualified security assessors (QSA) worldwide who are authoriz......
[more] Overlooked online threats There's the danger you know, and then there's the danger you don't know. Most of us are rightfully wary of downloading and running programs that have no pedigree, or of performing day-to-day operations as an administrative user. But with each passing year, new security threats march in to eclipse the old, many of them not getting their share of attention until it's too late. Threats go unappreciated for various reasons. Some seem too obscure or unlikely to be valid unt......
[more] Argos buries unencrypted credit card data in email receipts Catalogue firm Argos has been criticised for an email security breach that exposed customers' credit card details and CCV security numbers. The exposure came to light after an Argos customer who checked his order confirmation email found that his credit card number and security code was buried in the HTML source of the message. The slip-up meant that any miscreants who intercepted email confirmation messages from Argos would be able to......
[more] ICO raps Zurich Insurance for data breach Zurich Insurance has been found in breach of the Data Protection Act after losing an unencrypted backup tape containing personal financial data on 46,000 policy holders, and personal details on a further 1,800 third parties. The data was lost by sister company Zurich Insurance Company South Africa during a routine transfer to a data storage centre in South Africa in August 2008. The incident was not reported to Zurich Insurance for over a year, accordin......
[more] Kit attacks Microsoft keyboards (and a whole lot more) Security researchers on Friday unveiled an open-source device that captures the traffic of a wide variety of wireless devices, including keyboards, medical devices, and remote controls. Keykeriki version 2 captures the entire data stream sent between wireless devices using a popular series of chips made by Norway-based Nordic Semiconductor. That includes the device addresses and the raw payload being sent between them. The open-source packa......
[more] Lumension Device Control protects Barts and The London NHS Trust against data theft and malware infections Barts and The London NHS Trust has selected Lumension Device Control to protect against virus and malware infections while safeguarding the confidentiality and integrity of patient data. The Trust partnered with Lumension for its data protection solution to prevent data loss and theft by enforcing removable device usage and encryption policies for all removable devices such as laptops, MP3......
[more] Consumers warned about smartphone data loss The iPhone and the Blackberry is as big a threat to personal data security as the home PC, a new government-backed campaign plans to tell people. According to the UK-based GetsafeOnline.org, consumers are storing personal data on smartphones without thinking through the consequences should that device get lost or stolen. The organisation's research shows that about one in five owners of smartphone devices can expect to lose or have them stolen them at......
[more] Data loss fines hit £500K from today From Tuesday 6 April, the Information Commissioner's Office (ICO) will get enhanced powers to fine organisations up to £500,000 for serious breaches of the Data Protection Act. Previously the maximum fine was a paltry £5,000. The tougher measures will be imposed alongside compulsory audit notices to central government departments found culpable for data breaches. The new powers for the UK's privacy watchdog are designed to deal with serious......
[more] Response to ICO fines mainly positive Response to the introduction of £500,000 fines by the Information Commissioner's Office is positive, however firms need to take action on network and employee security. Following the introduction of fines of up to £500,000 by the Information Commissioner's Office (ICO), claims have been made that a penalty could drag a company under.Dave Everitt, general manager of EMEA at Absolute Software, said that the fines have the potential to make a seriou......
[more] Sophos upgrades SafeGuard data protection tools Sophos has released updates to its SafeGuard Easy and SafeGuard Enterprise data protection packages. The security firm said that the latest versions offer long-term data protection plans, and cater for a wider array of customer requirements. SafeGuard Enterprise 5.50 provides data encryption and data leak prevention. The updated engine is compatible with most standards, and is built to support the future needs of enterprise customers.SafeGuard Eas......
[more] How to get your DLP strategy right There is a phenomenal amount of information collected about every facet of our life by banks, the government, healthcare agencies, employers, phone companies, ISPs, businesses - not to mention social networking sites. Numerous laws have been enacted to safeguard this information and serious penalties are imposed for any breaches. Most organizations have taken various precautions to protect sensitive information, whether personal or corporate, from intruders.......
[more] NHS worst for data breaches - Information Commissioner The NHS reported the highest number of serious data breaches of any UK organisation since the end of 2007, the Information Commissioner's Office says. David Smith, deputy commissioner at the ICO told the Infosec security conference the NHS had highlighted 287 breaches to it in the period. That accounts for more than 30% of the total number reported.The NHS - the UK's largest employer with 1.7m staff - is in the process of rolling out digita......
[more] Infosec 2010: Large firms overwhelmed by security breaches A staggering 92 per cent of large organisations have suffered a security incident or data breach in the past year, as they struggle to cope with the changing threat landscape, according to the latest biennial Information Security Breaches Survey from PricewaterhouseCoopers (PwC). PwC partner Chris Potter branded the findings, launched today at Infosec 2010, "surprisingly bad", and said that companies are struggling to mitigate......
[more] Real security breaches take time The hacker typed furiously, cracking the encryption manually. The suddenly she had an idea: "CTRL+ALT+F2+x", she typed, then shouted "We're in! We have complete control of the mainframe". In the movies, security breaches are binary affairs. One second the attacker is faced with insurmountable NSA grade encryption, the next they have complete control of everything. Of course, in real life, security breaches are much more boring. A real-life se......
[more] PCI Security Council updates requirements for payment card devices The council that administers the Payment Card Industry Data Security Standard today released new requirements that vendors of payment card devices will be expected to incorporate into their products going forward. The new requirements are in the latest version of the council's PIN Transaction Security (PTS) requirements and are designed to bolster security on retail point-of-sale card readers and unattended kiosks and payment te......
[more] Managing the private encryption keys to the kingdom At its core the PCI Data Security Standard is nothing more than a series of guidelines that constitute security best practices. But companies that institute programs to better protect cardholder data can also leverage and extend these efforts throughout their business, ensuring that other sensitive customer, employee and partner data is better protected. Encryption is a critical element of any security strategy and is widely leveraged to prote......
[more] Researchers claim major cryptography advance A pair of university researchers are presenting a system which could greatly advance the use of cryptography in computing. Bristol University computer science Professor Nigel Smart and Dr Frederik Vercauteren from Belgium's Katholieke University Leuven are planning to present a paper which outlines a scheme for handling and computing encrypted content. The scheme outlined in the paper, say the researchers, improves on a 2009 encryption scheme from IB......
[more] Encryption and passcode can be easily bypassed on iPhone 3GS To implement security simply, but effectively is very difficult. Unfortunately for businesses or consumers who think their iPhones are secure, they are incorrect. Experts at Sophos noted that when they plugged in their iPhone 3GS to a Ubuntu 10.4 (Lucid Lynx) workstation, they were able to access some of the data without authenticating to the phone or OS. On initial examination all that is required to access the "user content" areas of......
[more] Data breaches reported to the ICO top 1,000 The Information Commissioner's Office (ICO) has received over 1,000 reports of data breaches or losses since it was set up, and has issued a stern reminder that organisations must ensure that data is well protected. Deputy commissioner David Smith said that the majority of the losses were the result of human error, and that companies need "extra vigilance" to stop data ending up in the wrong hands. "Staff must be adequately trained in t......
[more] The biggest botnets: Is your PC part of one? There are hundreds of botnets, ad hoc networks of Windows PCs that are infected with one or more programs to let them do the bidding of their controllers, some are far more trouble than others. While you can't afford to ignore any botnet threat, here are some of the worst of the worst. "When it comes to botnets, size does matter," said Scott Emo, head of endpoint solutions at Check Point, a network security company. That's because "the......
[more] Researchers release point-and-click website exploitation tool Researchers have released software that exposes private information and executes arbitrary code on sensitive websites by exploiting weaknesses in a widely used web development technology. Short for Padding Oracle Exploitation Tool, Poet is able to decrypt secret data encrypted by the JavaServer Faces web development framework without knowing the secret key. Attackers can use the technique to access private customer data on websites o......
[more] iPhone 4, iOS 4 offer deeper enterprise support Apple CEO Steve Jobs promised deeper enterprise support with its iPhone 4 and its iOS 4 software, noting that it will offer better data protection, wireless application distribution and support for multiple Exchange e-mail accounts, as well as SSL VPN security. But all of that still might not be enough for some industry analysts to give IT shops a green light for full iPhone deployments, at least when the iPhone is compared with BlackBerry device......
[more] Check Point acquires data security and document encryption specialist Liquid Machines Check Point Software has announced the acquisition of privately held Liquid Machines, a leader in data security. Liquid Machines' products prevent the misuse, modification, loss or theft of intellectual property and sensitive information residing in documents. Liquid Machines specializes in data protection and has 12 issued and pending patents for document encryption and content security. The acquisition, comp......
[more] Nine tips to secure your iPad The recent AT&T data leak underscores the need for iPad security precautions. A few simple steps can help protect confidential data. AT&T apologised Sunday for a hack that exposed thousands of customers' email addresses last week, and said it will work with law enforcement to prosecute those responsible. A hacker group called Goatse Security got about 114,000 email addresses of people including White House Chief of Staff Rahm Emanuel and New York Mayor Mich......
[more] How do you protect your data when it's out of your hands What's not to like about laptops? They're powerful, connected, portable, have great graphics and sound - and they don't cost much more than their desktop counterparts. So it's no surprise that laptop shipments rose by 16% in 2009. Unfortunately, their portability makes them easier to lose, not to mention prime targets for opportunistic theft. Analyst firm Gartner says that 10% of laptops are stolen annually. That's over 500,000 laptops gl......
[more] Firefox add-on does 'HTTPS Everywhere' The Electronic Frontier Foundation and The Tor Project have teamed up to offer a Firefox add-on that beefs up https on several major websites, including Google.com, Wikipedia, Twitter, Facebook, and PayPal. Currently in beta, HTTPS Everywhere is designed to make encryption easier to use on sites offering at least partial SSL support. Google, for instance, still defaults to unencrypted search, but the EFF's add-on automatically takes you to the https incarn......
[more] iPhones, iPads in the enterprise: 5 security views When it comes to mobile devices, IT security practitioners prefer employees use a BlackBerry because it's easier to control the data users share on them than, say, an Android or iPhone. But as consumer-based devices like the Apple brands get more sophisticated with each release, it's getting harder to keep them out of the workplace. Proliferation of the iPad has only heightened enterprise hunger. For some IT shops, it's not that big a deal. Oth......
[more] The DLP waste: High costs, patchy abilities, and poor deployments The good, the bad, and the ugly of data-loss prevention tools and technologies got a solid once over from Gartner analyst Eric Ouellet, who spared no punches during his presentation on the topic during the first day of Gartner's Security & Risk Management Summit. DLP content-filtering, where the vendor options typically include a network-based appliance, host-based software, and a discovery tool, in many cases remains a high-pric......
[more] The pros and cons of Windows 7 security Businesses are eyeing a transition to Microsoft Windows 7, and with a wealth of security features that are part of it, it's worth figuring out the good and bad about each of them, says Gartner analyst Neil MacDonald, who notes in some cases, third-party security products might be the better fit. The AppLocker feature in Windows 7 offers an application-control capability that lets the IT manager set up a list of applications allowed to run, said MacDonald......
[more] Misconfigured Cisco wireless gear could lead to Wi-Fi breach Users of a popular Cisco Systems wireless access point may be setting themselves up for trouble if they leave a WPA wireless migration feature enabled, according to researchers at Core Security Technologies. The issue has to do with Cisco's Aironet 1200 Series Access Point, which is used to power centrally managed wireless LANs. The Aironet 1200 can be set to a WPA (Wi-Fi Protected Access) migration mode, in which it provides wireless......
[more] Heartland ramps up first end-to-end encryption Heartland Payment Systems, the victim last year of a massive data breach of sensitive card data, vowed after that devastating event to develop new security gear based on end-to-end encryption between itself and its merchants to prevent such a breach from occurring again. That's now taking shape, but slowly. "We have a long way to go," acknowledges Heartland CEO Bob Carr, pointing out the so-called E3 payment terminals, intended for small......
[more] Four key steps to secure converged networks The increasing convergence of multiple networks for voice, data, video and other services onto a single infrastructure based on Internet Protocol (IP), has the potential to leave serious gaps in security according to the Information Security Forum (ISF). Driven by the promise of reduced costs and increased flexibility, network convergence can expose organisations to unknown or unmitigated threats from malicious or malfunctioning infrastructure, devices......
[more] Is Wireless Security a Contradiction in Terms? Wi-Fi is everywhere. Whether you travel for business or simply need Internet access while out and about, your options are plentiful. You can sign on at airports, hotels, coffee shops, fast food restaurants, and now, airplanes. What are your risk factors when accessing wireless? There are plenty. Wi-Fi wasn't born to be secure. It was born to be convenient. Wireless networks broadcast messages using radio and are thus more susceptible to eavesdroppin......
[more] Massachusetts Data Breach Exposes 139,000 Records The Massachusetts Secretary of State's office became the latest data breach victim when an employee accidentally released confidential information of 139,000 state-registered investment advisers to a business publication. The breach occurred when personal information of tens of thousands of investment professionals contained on a CD-ROM was sent to IA Week, an investment industry publication, in response to a request for public information. IA......
[more] Three local authorities lose sensitive data on children Three local authorities have been taken to task by the Information Commissioner's Office for breaching the Data Protection Act. London Borough of Barnet, West Sussex County Council and Buckinghamshire County Council had all lost sensitive information relating to children. An unencrypted, non-password protected USB stick and CDs containing the personal information on over 9,000 children and members of their families was stolen from an emplo......
[more] Hacker claims to have found Skype hole Skype's security credentials have been called into question by a developer who claims to have released a software library that emulates an encryption algorithm used by the popular VoIP service. Sean O'Neill, best known for designing the EnRUPT hash algorithm, has released program code which emulates the RC4 algorithm used by Skype to encrypt communications over its network.Skype is widely used in home and business environments, and the company guards its s......
[more] Bizarre phone ransom Trojan found by researchers Researchers have discovered a bizarre piece of Trojan ransomeware which disables programs on infected PCs before demanding victims make an unaccountably small payment to a Ukrainian mobile phone network in return for an unlock code. According to Webroot, the Krotten ransom Trojan is one of the oddest pieces of malware of the year. Taking the path of least resistance, it eschews the complex encryption outlook taken by a range of ransomware program......
[more] New spy rootkit targets industrial secrets Siemens is warning customers of a new and highly sophisticated virus that targets the computers used to manage large-scale industrial control systems used by manufacturing and utility companies. Siemens learned about the issue on 14 July, Siemens Industry spokesman Michael Krampe said in an email message Friday. "The company immediately assembled a team of experts to evaluate the situation. Siemens is taking all precautions to alert its customers......
[more] Fourth largest US payment processor selects Voltage Security for merchant end-to-end encryption Elavon, a wholly owned subsidiary of U.S. Bancorp, has announced that Voltage Security has been selected as part of Elavon's comprehensive security offerings for its merchant network. Voltage SecureData featuring Voltage's Format-Preserving Encryption (FPE), coupled with simplified key management supplied by Voltage Identity-Based Encryption (IBE), becomes one of the end-to-end encryption approaches f......
[more] Four Ways IPv6 Will Save the Internet With only a 12-month supply of the common IPv4 addresses left, the world needs to quickly embrace IPv6 The world is almost out of IP addresses--or at least it's almost out of the IPv4 addresses that IT admins and users are most familiar with. Fortunately, IPv6 has been developed to exponentially expand the pool of available IP addresses while also providing a few other benefits. To address issues with the current IP protocol in use (IPv4), and to add featur......
[more] Data breaches exploit configuration errors, not software vulnerabilities Hackers appear to be increasingly counting on configuration problems and programming errors rather than software vulnerabilities in order to steal information from computer systems, according to a new study from Verizon. Verizon issues an annual report on data breaches, but this year had access to statistics related to investigations done by the U.S. Secret Service, which the company said broadened the scope of its analys......
[more] Detecting source rather than code is key, says Trend Micro From their Silicon Valley office, David Perry, global education director of Trend Micro, told Infosecurity that it's no longer sufficient to detect code, but instead, it's more productive to detect the source of the code. "Organised crime is now commercially produced. The bad guys are trying to break our methods of protection, and one virus has turned into a criminal enterprise of many components. We can no longer focus on detectin......
[more] MoD review points to cyber security shortcomings The Ministry of Defence has said in a recent review that cyber security threats are of "increasing concern" to the department. The Resource Accounts 2009-2010 (PDF) review led by Sir Bill Jeffrey said that the MoD needs to improve awareness of the risk of cyber attacks, and ensure that it has the "capability to respond flexibly and effectively". The paper also questions the encryption procedures of laptops used by the MoD. The number that are full......
[more] Changes to PCI Data Security Standard leave questions unanswered PCI DSS 2.0 mostly about minor tweaks, analysts say A new version of the PCI Data Security Standard scheduled for release later this year is likely to attract more attention for what it leaves unaddressed rather than what it changes, analysts say.
That assessment is based on a preview of proposed changes to the standard that was released today by the PCI Security Standards Council, the body that administers the Payment Card Industr......
[more] How to roll out full disk encryption on your PCs and laptops Hardly a week goes by when some organization or another doesn't lose some laptops and face a litany of IT security questions. One that always comes up: Were the systems' disks fully encrypted? Sometimes the answer is "Yes", but plenty of organizations have yet to make the leap to full disk encryption.
I asked Michael Kamens, information security officer at WGBH Educational Foundation in Brighton, Mass., to lay out the basics of what......
[more] Cloud security 101: Start cramming now People still come up to me claiming that cloud computing is nothing but network computing with a "10-dollar word" attached to it. They're wrong, though: Cloud computing represents a fundamental shift in information technology, in myriad ways. If you're a security admin -- whether for applications or infrastructure -- your job is going to change. There will be internal (private) and external (public) clouds that you will have to deal with, but the......
[more] Heartland pays another $5.4m for malware infection The United States' fourth largest credit card payments processing company Heartland Payment Systems has agreed to pay a US$5 million ($5.4 million) settlement to its financial services customer Discover over a data breach caused by a malware infection. Heartland processed card payments for Visa, Mastercard and other financial service providers to the tune of US$70 billion in 2009.The payments processor had already paid American Express US$3.6 mi......
[more] How easy is it to hack a mobile? Continuing scrutiny of the methods used by some News of the World journalists (NoW) to listen to private voicemails has turned the spotlight on mobile security. But how easy is it to hack a handset? "It depends on how much money, time and effort you want to put into it" said Nigel Stanley, a mobile security analyst at Bloor Research. Mr Stanley said the number of ways to get at information on a handset was growing, even as it got far less likely that th......
[more] Hotel operator warns of data breach HEI Hospitality, owner and operator of upscale hotels operating under the Marriott, Sheraton, Westin and other monikers, has sent letters informing some 3,400 customers that their credit card data may have been compromised. The warning stems from an intrusion into point of sale systems at several HEI properties earlier this year, which could have allowed card holder data being to be illegally accessed, the company said in the letter. The intrusion could have......
[more] A simple guide to wireless network security Employees are exposing personal and professional information unknowingly as they log onto public WiFi hot spots at hotels, airports and coffee shops, experts say. Ryan Crum, former director of information security at PricewaterhouseCoopers Advisory Services, said he has observed unprotected Social Security numbers, corporate financial data and information about mergers and acquisitions circulating on public WiFi networks, particularly in emails.Securit......
[more] Can privacy be saved? Maybe Thanks to the explosion of social networking and all those nifty Web apps people use to bank and shop online, the bad guys now have an endless supply of attack vectors to steal personal data. In fact, some security industry experts have declared privacy dead. Whatever the case may be, companies are increasingly under the regulatory gun to keep customer, employee and supplier data safe from prying eyes. At the CSO Security Standard Tuesday, attendees got a taste of wha......
[more] Business partners a growing security concern When it comes to managing risk, companies have plenty of choices. They can outsource security controls or handle it in house. They can put all their data in the cloud or keep it in their data center. But their relationship with business partners is a lot more complicated. That's one of the takeaways from the Eighth Annual Global Information Security Survey CSO conducted along with sister publication CIO and PriceWaterhouseCoopers. Some 12,847 business......
[more] Microsoft pushes Windows Web bug patch to everyone Microsoft today released its latest emergency patch to its Windows Update distribution service, making good on a promise earlier this week. On Tuesday, Microsoft shipped a fix for a flaw in the ASP.Net Web site and application framework that let attackers steal important data from Web servers, including account usernames and passwords. At the time, the fix was only available from Microsoft's download site, which forced server administrators to m......
[more] Teenager jailed for refusal to disclose password A British teenager has been jailed for four months for refusing to disclose his encryption password to police. Oliver Drage, 19, of Freckleton in Lancashire, was arrested in May 2009 by a Blackpool police squad investigating child sexual exploitation. Police were unable to decrypt his computer however due to a 50 character password which Drage, who works in a fast food shop, refuses to disclose. "Drage was previously of good character so the......
[more] PCI security group speaks out on encryption The organization in charge of defining security for the payment-card industry's merchants and service providers issued two guidance papers Tuesday. The first is on end-to-end encryption and the second on payment card technology used more commonly in Europe than the U.S. There's considerable interest among service providers and merchants in using some form of point-to-point encryption to better protect sensitive cardholder data, and the PCI Security S......
[more] A quarter of WiFi networks unsecured, finds survey Years after WiFi security was supposed to have gone ‘critical', a quarter of access points in the UK remain open and unsecured, a new ‘wardriving' survey has discovered. Worse, large numbers of people will happily log on to an open ‘rogue' access point in city centres, no questions asked, opening themselves to the risk of serious data theft. This first disturbing aspect of the ethical hacking survey on behalf of financial firm......
[more] Facebook to fight data disclosure with encryption Seeking to alleviate a recently-discovered security issue, Facebook is looking to address the way it allows developers to handle user information. Facebook engineer Mike Vernal said in a posting to the company's developer blog that Facebook would begin using encryption tools to handle user ID (UID) information within third party applications. The move comes as Facebook looks to move beyond a recent security disclosure. Researchers discovered that......
[more] Check Point launches blade for secure remote working Network security firm Check Point has launched a software blade which integrates encryption and SSL VPN capabilities to offer secure access to corporate assets such as email and business apps for remote workers. The Mobile Access Software Blade allows customers to pre-authorise specific mobile applications, providing easy access to these apps via single sign-on. Centralised management and provisioning capabilities ease the workload of IT secur......
[more] Upgraded retail security standard ignores mobile payments The second version of the Payment Card Industry (PCI) Data Security Standard (DSS) is being released Thursday by the organization PCI Security Standards Council, which sets the network and security requirements for merchants and service providers handling sensitive cardholder data. There aren't major changes to the existing PCI DSS 1.2 standard, according to the council's general manager Bob Russo. Further clarification is being made to &......
[more] Coder fires 'Idiocy' warning to Twitter users A coder has developed a hijacking tool to compromise Twitter accounts and then post a warning to the victim. The tool, named "Idiocy," searches for users insecurely visiting Twitter over public Wi-Fi networks and then hijacks their session to post a tweet informing them they are vulnerable to attack. A link has also been included in the tweet directing users to a website explaining what has happened once a user has been exploited.Jonty War......
[more] Facebook developers sold user information Facebook has banned developers from gathering and passing on any data to third parties, after it revealed some developers had been discovered selling user information to data brokers. Mike Vernal, a Facebook engineer, explained in a blog post that Facebook will change its policies to prevent the situation occurring again. "While we determined that no private user data was sold, and that the transfer of these user IDs did not give access to any priva......
[more] Trend Micro expert warns that cloud data can move under its own volition The economic imperative that is driving many organisations to store their data in the cloud is an understandable one, but now a security expert has warned about the ability of cloud-based data "to get up and move on its own." According to Dan Crowe, a product marketing manager with Trend Micro, there is a problem with cloud data and its propensity - usually driven by the cloud service provider's automatic replicat......
[more] Riverbed expands Steelhead into the cloud Riverbed Technology is expanding its optimisation appliances, offering two products aimed at accelerating the performance of cloud computing applications and storage services. The first is a cloud-based implementation of the firm's Steelhead appliance for the application market. The wide area network optimisation service will extend Steelhead's performance management features into cloud-based applications, the firm said. The subscription-based service is......
[more] Apple smashes patch record with gigantic update Apple on Wednesday patched more than 130 vulnerabilities in Mac OS X, smashing a record the company set last March when it fixed over 90 flaws. The update for OS X 10.6, a.k.a. Snow Leopard, and OS X 10.5, better known as Leopard, was Apple's first since September and the seventh for the year. Calling the update "huge," Mac vulnerability expert Charlie Miller pointed out that even with a staggering 134 patches, there were plenty of flaws......
[more] US data protection laws spur encryption take-up Data security laws are now the main reason US companies take up encryption, for the first time surpassing even anxiety over data breaches, a new report by the Ponemon Institute on behalf of Symantec has found. Reporting for its fourth year in 2010, US Enterprise Encryption Trends found that regulations were cited as the biggest factor for using encryption by 69 percent of the nearly 1,000 survey IT security respondents in larger companies and gover......
[more] Apple breaks Mac security again by not playing well with others PGP, now owned by Symantec, has issued a warning to Mac users of PGP Whole Disk Encryption that they should not apply the Mac OS X Snow Leopard 10.6.5 update, a massive patch that fixes more than 130 vulnerabilities. "Compatibility issues may prevent the system from successfully booting," the company said in its advisory. The U.S. Computer Emergency Response Team and several security companies also warned Mac users not to......
[more] Password cracking in the cloud On-demand cloud computing is a wonderful tool for companies that need some computing capacity for a short time, but don't want to invest in fixed capital for long term. For the same reasons, cloud computing can be very useful to hackers -- a lot of hacking activities involve cracking passwords, keys or other forms of brute force that are computationally expensive but highly parallelizable. For a hacker, there are two great sources for on-demand computing: botnets m......
[more] Stoke on Trent council rapped for child data breach Stoke on Trent council has been forced to improve its data security processes after privacy watchdog the Information Commissioner's Office was made aware that the local authority had lost personal data on 40 children. The information, which included court reports and details of proceedings for children in care, was placed on an unencrypted and non-password protected memory stick which was subsequently lost. The device was found by a member of t......
[more] Most company laptops still not encrypted Deep into the age of data loss anxiety, most business laptops are still not secured using technologies such as encryption, a small but perhaps telling survey has revealed. According to Check Point's questioning of 130 UK IT managers, only 40 percent said that their laptops used encryption, which contrasts strikingly with the 68 percent who had access to a business VPN. Compounding this is the growing influence of consumer device in organisations, with a s......
[more] How to avoid an ICO fine The Information Commissioner's Office (ICO) finally came good today on its repeated promise to levy fines of up to £500,000 on firms contravening the Data Protection Act. V3.co.uk has spoken to various data protection experts to come up with the definitive guide for companies not wanting to become the next headline maker for the wrong reasons. First, a few points to consider. Although the financial penalty could be a significant burden on an organisation, especiall......
[more] Data breaches: 4 fundamental ways to shore up your defenses If you're like most IT professionals, you constantly feel as if you should be paying more attention to security. But it's tough to find the time, budget and staff to do the best job possible. Or is it? In its most recent, and rather depressing, report on data breaches, Verizon concluded that IT security had not improved much since its first report was published in 2008."This study always reminds us that our profession has the neces......
[more] Three quarters of UK firms admit to a data breach Nearly three quarters of UK organisations have suffered a data breach over the past year, with the average cost of each topping £3m, according to the latest annual UK Enterprise Encryption Trends study from Symantec. The study, the first under Symantec's banner since the firm bought encryption vendor PGP earlier this year, found that 71 per cent of firms had experienced at least one breach, with the figure rising to 88 per cent on a global......
[more] Trend Micro Boosts Encryption With Mobile Armor Acquisition Trend Micro is making inroads in the mobile space and expanding its data protection portfolio with the acquisition of mobile encryption company Mobile Armor. The deal, signed Monday, will give the Tokyo-based security company another layer of security that will be increasingly relevant as more customers move their IT infrastructure to the cloud and mobile space. The technology garnered from the acquisition will provide encryption on a......
[more] WatchGuard boosts messaging security with appliance launch Security firm Watchguard Technologies has expanded its range of messaging and content security products with a new appliance designed to offer medium and large enterprises advanced inbound and outbound threat protection. The WatchGuard XCS 770R features dynamic on-demand clustering and queue replication across multiple systems and is fully redundant to ensure email security is always running, the firm said. The appliance has been designe......
[more] Ransomware returns: 'If you ever want to see your data again...' Ransomware is back. After a hiatus of more than two years, a variant of the GpCode program has again been released, kidnapping victims' data and demanding $120 for its return. Like the ransomware programs before it, GpCode encrypts a victim's files and then demands payment for the decryption key. The new version of GpCode -- labeled GpCode.AX by security firm Kaspersky -- comes with a bit more nastiness than previous attempts. The......
[more] Corporate America's lost laptop epidemic The fact that one of 10 corporate laptops will be lost or stolen over their three-year lifetime -- along with tens of thousands of dollars of data -- presents two major problems for enterprises. The Ponemon Institute took both tacks on Thursday in presenting a study on the cost of lost laptops funded by chip giant Intel. The survey of 329 companies found that more than 86,000 laptops had been lost or stolen. A previously released study pegged the cost of......
[more] A short history of e-mail's future Scarcely a year goes by without someone making radical predictions about the future of e-mail. Only a few have even been right. Facebook has reopened the topic with predictions of how the new Facebook Messages product will shape e-mail's future - a scant five months after the social network's chief operating officer predicted the death of e-mail. Both predictions echoed similar musings from decades past. Predictions of the death of e-mail go back to e-mail's be......
[more] Global firms underestimate emerging technology threats Global businesses appear to be woefully unprepared for the security risks posed by emerging technologies such as cloud computing and social networking, according to the latest research from consultancy Ernst & Young. The firm's 13th annual Global Information Security Survey found that, despite the rapid spread of such technologies, just 10 per cent of companies think that security teams should examine new and emerging IT trends as a prio......
[more] Privacy project uses cryptography to reduce shared info A project that could radically reduce the amount of personal information we share in our dealings has been revealed by IBM researchers. The ABC4Trust project is developing an "electronic wallet", with encrypted versions of all a person's details. A query by a device like a "chip and PIN" reader will involve only the information that is strictly necessary. The idea could also be applied to online transactions, and aims to......
[more] UK comes top in EU security study Encouraging news emerged on the security front today after the latest research from the European Union revealed that just 12 per cent of enterprises in the region suffered security related hardware or software failure last year. The research from EU statistical office Eurostat also found that just five per cent of European firms reported the destruction or corruption of data owing to malware infection or unauthorised access. UK and Hungarian firms fared the best......
[more] Man used neighbor's Wi-Fi to threaten Vice President Biden A Blaine, Minn., man has pleaded guilty to charges that he hacked into his neighbor's Wi-Fi connection to e-mail death threats and child pornography, apparently with the intention of causing trouble for the unsuspecting neighbor. Barry Vincent Ardolf, 45, pleaded guilty last week to charges of hacking, identity theft, possession of child pornography and making threats to Vice President Joe Biden. According to prosecutors, he used the Air......
[more] 2010 tech snapshot: IT security This year has seen an almost unparalleled buzz of activity in the security space, from big name mergers and acquisitions activity to allegations of state-sponsored attacks and most recently, the rise of the hacktivist. Alongside this are the continued threat of spam, the growing sophistication of malware and changing trends among the workforce such as mobile working and the use of social networking, which are exposing the enterprise to new and dangerous threats. S......
[more] Researchers hack GSM mobile calls using $9 handsets Researchers have demonstrated an alarmingly simple technique for eavesdropping on individual GSM mobile calls without the need to use expensive, specialised equipment. During a session at the Chaos Computer Club Congress (CCC) in Berlin, Karsten Nohl and Sylvain Munaut used cheap Motorola handsets running a replacement firmware based on open source code to intercept data coming from a network base station. Armed with this, they were able to loc......
[more] Half of UK public and private sector organisations are at risk of data breaches and losses from portable PCs and devices A Check Point survey of 130 UK IT managers and senior IT staff has revealed that over half of UK public and private sector organisations are at risk of data breaches, losses and leaks from portable PCs and devices. A total of 52% of respondents said they do not use data or device encryption to secure their business laptops, and a further 8% admitted they didn't know if encrypt......
[more] Recalculating the telephony security equation Among the threats that keep IT security managers up at night, attacks against phone systems have often ranked near the bottom. The last time we asked IT leaders about their telephony security plans, just 2% had experienced a security incident, and in almost all of these cases, the attack was internal misuse of phone systems for personal long-distance calls. Few had developed any sort of comprehensive security or risk analysis plan covering their voic......
[more] Thousands of Mobile Devices left at airports According to telephone interviews with the lost property offices of 15 UK airports, including Heathrow and Luton, thousands of mobile phones and laptops have been left behind last year, with the majority still unclaimed and many left over the Christmas holiday peak season. This figure is likely to be just the tip of the iceberg as it does not take into account all those devices that were stolen, or kept by the ‘lucky' finder. The survey, carried......
[more] Self-encrypted drives set to become standard fare We've seen this coming over time: Based on the Trusted Computing Group's standard, hard drives and solid state drives (SSD), are offering self-encryption built-in. The key difference with these next-generation encrypted drives is that these units have the encryption integrated into a single chip on drive in the drive. Securing data storage is especially important for small businesses, due to legal specifications that require companies to report b......
[more] Waledac botnet wakes up in 2011 with new run of pharmaceutical spam A new variant of the Waledac botnet has reappeared, with pharmaceutical spam being distributed. The botnet reappeared at the end of 2010, sending out a New Year themed spam email where a URL in the email asks the recipient to download a fake Adobe Flash player, however this campaign ended on January 4. The new pharmaceutical campaign also uses redirections via compromised legitimate sites with the links not just sending the user......
[more] UK doctor loses unencrypted laptop containing patient data A UK doctor faces a disciplinary inquiry after an unencrypted laptop containing confidential patient data was stolen from his home. The unnamed junior medic acted against regulations set by the Hull and East Yorkshire Hospitals NHS Trust, his employers. The doctor took unencrypted patient information - including names, dates of birth, the treatments - on 1,147 patients and loaded it onto his laptop, which was stolen in November. The medi......
[more] Stuxnet developers made "too many mistakes" The creators of Stuxnet made "too many mistakes" and much went wrong in its use, a researcher has claimed. Speaking at the Black Hat DC conference yesterday, security consultant Tom Parker said it was unlikely a Western state was responsible for developing Stuxnet due to the issues it encountered. Parker claimed there was "too much technical inconsistency" and suggested Stuxnet's code was not of particularly high quality, Kaspersky......
[more] Carberp banking malware upgrades itself A piece of banking malware that researchers have been keeping an eye on is adding more sophisticated capabilities to stay hidden on victims' PCs, according to the vendor Seculert. Carberp, which targets computers running Microsoft's Windows operating system, was discovered last October by several security companies and noted for its ability to steal a range of data as well as disguise itself as legitimate Windows files and remove antivirus software. It has......
[more] Facebook offers HTTPS encryption Facebook has taken heed of calls to bolster its security, announcing an "opt-in" session encryption feature that temporarily threatens the functionality of many of its apps customers. "If you've ever done your shopping or banking online, you may have noticed a small "lock" icon appear in your address bar, or that the address bar has turned green," explained Facebook security engineer, Alex Rice, on Wednesday. "This indicates tha......
[more] Simply encrypting data isn't enough, key management is vital Information security and compliance often swim together in the collective minds of CIOs, and so in the mainstream the adoption of information security technologies tends to be related to how well they solve compliance issues. From many perspectives this is not unreasonable: corporate IT departments can't be experts in all areas and they need guidance. However, this can lead to the undesirable situation where compliance projects drive s......
[more] Websense goes hybrid with web and email security appliance Websense has launched an email and web security appliance designed to offer inbound and outbound threat protection on a single device, with additional cloud-based filtering capabilities. Websense Triton Security Gateway Anywhere combines the content security firm's Web and Email Security Gateway offerings with data loss prevention on a Websense V-Series appliance. Consolidating these capabilities onto a single platform with a single mana......
[more] Sophos goes virtual with email security appliance Sophos has expanded its range of email security and data protection products with a virtual email security appliance, designed to offer enhanced inbound and outbound threat protection with simplified management at a low cost. Available immediately for VMware virtualised environments, the Sophos Virtual Email Appliance integrates data loss prevention with email encryption and proactive spam and malware protection. The appliance features the vendor......
[more] Trend Micro Data Protection updates to simplify management Trend Micro has updated its Data Protection security platform with extensions to its encryption, device management and data loss prevention security suites. Much of the new line up will include Data Protection modules which help extend the platform into existing offerings. The update ranges from the Worry Free Security small and medium-sized business platform, to the larger enterprise endpoint security platforms. Other modules include pr......
[more] Researchers wary of SSD security Traditional ways to clear data from hard disks are not as effective on solid state disks (SSDs), posing a security risk. Research from the University of California in San Diego suggests that ways used to securely remove data failed to do so on the faster format. Researchers warned users to think about encryption before installing SSDs in their networks. Of the 12 drives the study examined, only eight had ATA and SCSI command sets for removing data and only half o......
[more] Hackers avoiding encryption with memory scraping What's "pervasive memory scraping" and why is it considered by SANS Institute security researchers to be among the most dangerous attack techniques likely to be used in coming the coming year? Simply put, pervasive memory scraping is used by attackers who have gained administrative privileges to successfully get hold of personally identifiable information (PII) and other sensitive data held encrypted in a file system, according to Ed Sko......
[more] Cambridgeshire council rapped for memory stick data breach Cambridgeshire County Council has become the latest local authority to contravene the Data Protection Act after losing sensitive information. Data protection watchdog the Information Commissioner's Office (ICO) said that the council lost an unencrypted memory stick containing personal information on at least six "vulnerable adults". The unapproved memory stick was used after the employee in question had difficulty using the USB......
[more] Encrypted USB stick glitch led to Council data loss A council that used encrypted memory sticks has been handed a reprimand from the Information Commissioner's Office (ICO) after an employee's struggle to use the technology resulted in data being lost on an unsecured replacement drive. According to a release put out by the ICO, Cambridgeshire County Council lost a stick containing case and meeting notes relating to least six ‘vulnerable adults' in the council's care, which it reported to t......
[more] New Palo Alto software enforces security policies on all corporate laptops Palo Alto Networks is coming out with software that extends its next-generation firewall protection to individual laptops no matter where they are when they tap into business networks. Called Global Protect, the software agent sets up an SSL session over the Internet to the nearest corporate Palo Alto security gateway, which enforces the security policies that have been set up for that particular user and device. The com......
[more] What cloud security really means You can look at cloud security in two ways. For customers, cloud security means facing down added uncertainty and risk -- whether you're talking about the public or the private cloud, data moves across virtual machines and shared resources, increasing exposure. For vendors, on the other hand, cloud security means a massively scalable architecture to ramp up security technology in the endless war on threats. Eva Chen, CEO of Trend Micro, makes it her business to a......
[more] Businesses 'plagued' by missing encryption keys Encryption keys have proven difficult for many businesses to handle, with loss and theft representing two major problems, a report has shown. More than half of respondents to a poll conducted by security firm Vanafi said they had seen encryption keys either stolen or going missing, or were unsure if they had just been mislaid. And 51 percent admitted similar problems with digital certificates. Significantly, more than three-quarters (78 per cent) o......
[more] Encryption popular with auditors, report finds Companies looking to put security auditors in a good mood could do worse than invest in encryption at every level of their business, a Ponemon Institute survey for Thales has suggested. A detailed questioning of 505 experienced auditing professionals found that 72 percent were favourably influenced either significantly or to some degree when encountering encryption during their work. When comparing the importance of encryption to other security syst......
[more] Hosted authentication is set to grow with the growth in 2-factor authentication and the move towards cloud computing Hosted authentication is a cloud-based service where two-factor, strong authentication is provided by an outside supplier instead of being done in-house. Gartner in the research paper ‘On the Verge: Strong Authentication as a Service' published June 2010, described the strong authentication as a service market as ‘burgeoning'. With an ever increasing number of users wa......
[more] BP employee loses laptop containing data on 13,000 oil spill claimants The personal information of 13,000 individuals who had filed compensation claims with BP after last year's disastrous oil spill may have been potentially compromised after a laptop containing the data was lost by a BP employee. The information, which had been stored in an unencrypted fashion on the missing computer, included the names, Social Security numbers, addresses, phone numbers, and dates of birth of those who filed cl......
[more] Ransom Trojan returns for new encryption attack The creators of the deeply unpleasant GPCode Trojan have released a new version of the malware that encrypts victims' data files and tries to extort money for the unlock key. The major innovation this time compared to a version from November 2010 is that the criminals demand a slightly higher fee of $125 for the key paid through the Ukash payment pre-paid card site instead of using direct money transfer. GpCode.bn, as it has been named by Kaspersky......
[more] Businesses must implement better smartphone security practices A recent study published by Ovum showed that only 52% of businesses enforce authentication on their employees' mobile phones. A separate survey conducted by Goode Intelligence showed that 70 percent of businesses allow employees to use their personal smart phones for company business, and 64 percent of the companies that allow users to store company information on their smartphones are not enforcing encryption of that sensitive data......
[more] The encryption keys used to secure data have become the keys to the kingdom Back in the mid 70s, the use of encryption in enterprises was pretty much unheard of. Soon companies started to introduce some encryption in limited instances, such as encoders on communication lines to encrypt financial transactions. A major breakthrough in the 90s saw the rapid expansion of the use of encryption with the arrival of asymmetric key encryption. And asymmetric encryption gave birth to two technologies that......
[more] When trusted IT pros go bad It's a CIO's worst nightmare: a call from the Business Software Alliance, saying that some of the software your company uses might be pirated. You investigate and find that not only is your software illegal, it was sold to you by a company secretly owned and operated by none other than your own IT systems administrator, who's been a trusted employee for seven years. When you start digging into the admin's activities, you find a for-pay porn website he's been running o......
[more] Data protection, hidden in plain sight Researchers from the University of Southern California and the National University of Science and Technology in Pakistan have developed an application that secures data by hiding it in plain sight. As most people know, encryption is the principal method for securing sensitive data today, and strong encryption schemes such as AES can be effective at keeping important info out of the wrong hands. However, encrypted data is easily identified, which makes it ri......
[more] How to Get Smarter About CRM Security If Value Engineering is the identification of different implementation strategies to achieve the business goal, the ultimate in value engineering is to identify requirements that don't need to be done in the first place. Although security and access control would seem to be a poor candidate for this kind of requirements elimination, in many situations the technical solutions are so clumsy and expensive that there's almost no ROI. This can be politically touc......
[more] Sophos launches tool to protect iPhones, iPads and Android devices Sophos has launched a new enterprise offering designed to help firms better manage the explosion of iPhones and iPads, Google Android and Windows Mobile devices in the organisation. Sophos Mobile Control has been designed to allow IT administrators to centrally manage all consumer devices brought into the enterprise environment, locking down unwanted features, controlling which apps can be downloaded and enforcing security policy......
[more] Security researchers claim memory encryption breakthrough Researchers at North Carolina State University claim they've achieved a breakthrough in how encryption can be used in technology called non-volatile main memory, which is seen as an eventual replacement for conventional dynamic random-access memory. Unlike DRAM, with NVMM "when you turn off the power, the data remains there," Yan Solihin, associate professor of electrical and computing engineering at N.C. State, explains. He not......
[more] IT staff's knowledge of and access to encryption keys could bring the company to a grinding halt with minimal effort According to a new survey conducted by Venafi, 40% of IT staff admit that they could hold their employers hostage - even after they've left for other employment - by making it difficult or impossible for their bosses to access vital data by withholding or hiding encryption keys. A third of survey respondents said that their knowledge of and access to encryption keys means they cou......
[more] Riverbed releases WAN cloud storage gateway appliances Riverbed Technology today released three new gateway appliances that use WAN acceleration algorithms in order to reduce the bandwidth required to send data to public or private cloud infrastructures. Prior to the release of its new Whitewater-510, Whitewater-710 and Whitewater-2010 appliances, Riverbed's Steelhead acceleration technology required two appliances on either end of a WAN connection to replicate data. Now, the company said, one b......
[more] Web authentication authority suffers security breach Yet another web authentication authority has been attacked by hackers intent on minting counterfeit certificates that would allow them to spoof the authenticated pages of high-profile sites. Israel-based StartCom, which operates StartSSL suffered a security breach that occurred last Wednesday, the company said in a tersely worded advisory. The certificate authority, which is trusted by the Microsoft Internet Explorer, Google Chrome, and Mozill......
[more] Ready or not, they're already in your enterprise Tablets, Netbooks, iPhones, and Androids -- devices that hardly existed five years ago -- are sweeping through enterprises today. Workers no longer wish to be shackled to the corporate 18-month-old ThinkPad when they can be running the latest shiny gadget at both home and work. This means CSOs are contending with a wave of mobile devices that are accessing cloud-based applications and services from anywhere the user desires. The risks can be real......
[more] Dropbox left document storage accounts open for four hours Online storage service Dropbox accidentally turned off password authentication for its 25 million users for four hours on Monday -- although "much less than 1%" of those accounts were accessed during the period, the company said. It is still investigating whether any of those accounts were improperly accessed. Dropbox CTO Arash Ferdowsi wrote that the company introduced a code change at 1:54 p.m. PST that caused a problem in th......
[more] SMBs are taking encryption and biometric-based access control seriously With sensitive data being held in mobile devices and with the increase in remote working, SMBs are taking encryption seriously. With the proliferation of mobile devices and increase in cases of lost 'laptops' etc., it comes as no surprise that a recent poll conducted by DigitalPersona has uncovered that disk encryption is an IT priority for SMBs. In addition, DigitalPersona also found that more than a third of businesses are......
[more] Is DLP a blunt instrument or a misused technology? Following on from the introduction of monetary penalties by the Information Commissioner's Office last year, I looked at the likelihood of data loss prevention (DLP) solutions rising in popularity in line with the regulatory increase. Whether there was an overall increase in take up of DLP solutions is one for the analysts to determine, but a year on it seems that there is a growing feeling that DLP has not been the wonder solution it could have......
[more] Security researchers discover 'indestructible' botnet More than four million PCs have been enrolled in a botnet security experts say is almost "indestructible". The botnet, known as TDL, targets Windows PCs and is difficult to detect and shut down. Code that hijacks a PC hides in places security software rarely looks and the botnet is controlled using custom-made encryption. Security researchers said recent botnet shutdowns had made TDL's controllers harden it against investigation.The......
[more] DDoS attack in March likely N.Korean work, says McAfee The cyber attacks that paralyzed a handful of major South Korean websites earlier this year were almost certainly carried out by North Korea or parties allied with the country, computer security company McAfee said Tuesday in a report. The company's analysis, carried out with the help of the South Korean and U.S. governments, is one of the most thorough yet published on the March attacks, and details how they were carried out, and why they w......
[more] Hackers crack crypto for GPRS mobile networks A cryptographer has devised a way to monitor cellphone conversations by exploiting security weaknesses in the technology that forms the backbone used by most mobile operators. Karsten Nohl, chief scientist of Berlin-based Security Research Labs, said the attack works because virtually all of the world's cellular networks deploy insecure implementations of GPRS, or general packet radio service. Some, such as those operated by Italy's Wind or Telecom I......
[more] If you need more information about Encryption, please feel free to contact us with your Encryption questions using our contact form.
