I guess there is truth in the saying that the devil is in the details. If anyone ever tries to tell you that their product or service is 100% secure you have my permission to smack them with a large fish (not an actual permission slip). That being said, it is good to tackle the issues straight on when you've been hacked. In this case the storage manufacturer LaCie was breached by a nefarious third party who managed to set up shop on their internal network well over a year ago.
Melissa Andrews, a resident of Canada, is a cyber security "cop" for Payza, an international e-commerce payment platform operating in 97 countries. Her job, described by the company's public relations firm as "the worst security job on the Internet," is to protect the public from illegal, and many times revolting, content, by shutting the sites down and alerting authorities about criminal activity. She spoke with CSO this week about her job and why she is proud of what she does.
I just finished up a lengthy tour through Latin America and Asia, as described in many of my latest blogs. Most recently I was in Australia and New Zealand (ANZ). I had the opportunity to work with various government agencies, organizations within critical infrastructure and general enterprise businesses across ANZ. Their primary topic of interest: big data. More specifically, they were interested in determining what needs to be part of a successful big data security strategy.
One of the legacies of Edward Snowden's treason is that companies are now concerned about the insider threat more than they ever were before. He demonstrates that a single person inside an organization can devastate the organization. While technology should have caught Snowden, there is also the realization that his coworkers and managers should have noticed indications of unusual activities.
The Web browser has been a major infection vector for years, allowing malware to be transported to millions of computers through phishing, man-in-the-middle, SQL injection and countless other attacks. But what if there were a way to stop this madness and secure the browsing channel itself?
You know that little padlock icon you look for to ensure your Web traffic is encrypted and secure? It turns out that you might not be as secure as you think thanks to a vulnerability that was accidentally introduced into the code of OpenSSL.
Risks to enterprises are not only of the security breach variety from outside attackers, malicious insiders or even careless employees. Another comes from everybody in an organization a even its most loyal, careful, capable members.
In large-scale organizations, implementing mobile device management (MDM) is typically given. After all, with so many employees using mobile devices that either contain or connect to sources of sensitive information, there needs to be some way to keep everything in check. But what about those companies that aren't big enough to be able to afford an MDM implementation and a full-sized IT department to manage it? Without a means to centralize the control of mobile devices, how can these smaller companies protect their data?
The Hash is on the road this week, but while yours truly is flying the friendly skies, the following round-up will keep you in the loop on current events and interesting research. Today's cache includes a unique attack on Microsoft Outlook, using XSS to launch DoS attacks, and a note on the end of Windows XP.
Although it's tempting to use the Personal mode of Wi-Fi security, which is easy to set up and use, businesses and organizations really need to use the Enterprise mode of WPA2 -- also known as 802.11i. Although it requires a RADIUS server to do the 802.1X authentication and is more complex to set up, it provides superior security and can save you time and money in the long run.
Kaspersky Labs says that nearly 30 percent of all Phishing attacks last year targeted financial institutions, second only to social networking Phishing attack campaigns, which accounted for nearly 36 percent of all attacks of this type.
Today's security suites try to protect all (or most) of your devices, and provide Web-based management. We examine how seven major applications compare in terms of features, ease of use and which devices they actually protect.