Skip the navigation

More Cyberwarfare In Depth

Why security professionals need to get more creative with penetration testing (and how to do it)

Security professionals have long been running penetration tests against their firewalls and other security systems to find weaknesses that need to be addressed.

LaCie compromised for over a year

I guess there is truth in the saying that the devil is in the details. If anyone ever tries to tell you that their product or service is 100% secure you have my permission to smack them with a large fish (not an actual permission slip). That being said, it is good to tackle the issues straight on when you've been hacked. In this case the storage manufacturer LaCie was breached by a nefarious third party who managed to set up shop on their internal network well over a year ago.

3 ways to reduce BYOD legal liability with the right conversation

As "bring your own device" (BYOD) reshapes the way organizations handle technology, how do we handle the uncertainty of legal liability and security concerns?

How to create awareness of the insider threat

One of the legacies of Edward Snowden's treason is that companies are now concerned about the insider threat more than they ever were before. He demonstrates that a single person inside an organization can devastate the organization. While technology should have caught Snowden, there is also the realization that his coworkers and managers should have noticed indications of unusual activities.

Secure browsers offer alternatives to Chrome, IE and Firefox

The Web browser has been a major infection vector for years, allowing malware to be transported to millions of computers through phishing, man-in-the-middle, SQL injection and countless other attacks. But what if there were a way to stop this madness and secure the browsing channel itself?

IT departments are a dying breed

Earlier this week, I posted a question to Twitter and one reader offered an interesting rant on the topic, one that I felt was worth sharing.

What you need to know about Heartbleed and OpenSSL

You know that little padlock icon you look for to ensure your Web traffic is encrypted and secure? It turns out that you might not be as secure as you think thanks to a vulnerability that was accidentally introduced into the code of OpenSSL.

The real security lesson Windows XP taught us is to challenge our assumptions

Launched in October 2001, today (really) marks the end of support for the Windows XP operating system. As the 12+ year run of Windows XP comes to an end, it holds some curious lessons.

Heartbleed bug gets plugged

Cue the hyperbole and clapping monkeys. Today brings news to the screens of security folks the world over that OpenSSL has an OMG ZERO DAY AUUGGGGGHHHHH...oh, wait, there's a fix.

Salted Links: 7 April 2014

The Hash is on the road this week, but while yours truly is flying the friendly skies, the following round-up will keep you in the loop on current events and interesting research. Today's cache includes a unique attack on Microsoft Outlook, using XSS to launch DoS attacks, and a note on the end of Windows XP.

Financial firms and social media remain top Phishing targets

Kaspersky Labs says that nearly 30 percent of all Phishing attacks last year targeted financial institutions, second only to social networking Phishing attack campaigns, which accounted for nearly 36 percent of all attacks of this type.

Encrypting sensitive data is a must; new key management tools make it easy

Encryption is one of the best ways to prevent the type of terrible headaches that many high-profile companies have experienced with stolen data. Even if experienced hackers are able to penetrate a system, having the data encrypted can mean that nothing useful is taken.

The Grill: Rep. William Keating wants cross-sector data sharing

Rep. William Keating (D-Mass.), who sits on the House Cybersecurity, Infrastructure Protection and Security Technologies Subcommittee, is calling on the Department of Homeland Security to be more involved in tackling the cybersecurity problem. Insider (registration required)

Cybersecurity Expert and CIO: Internet of Things is 'Scary as Hell'

The terms "Internet of Things" (IoT) and "connected home" are two of the trendiest buzzwords in the technology world today. And while both clearly offer very real potential, they also introduce their own share of risk, particularly if they're not approached with caution, according to Jerry Irvine, an owner and CIO of IT outsourcing services firm, Prescient Solutions.

5 Ways to Prevent Data Loss in Mobile Environments

Confidential company data can make its way onto mobile devices, where it's no longer under the protection of your toughest network defenses. Does that make your data vulnerable? To find out, review some strategies for preventing data loss on mobile devices.

The new security perimeter: Human Sensors

Security Manager George Grachis discusses the current cyber threat landscape and why Human Sensors, our users, are our most underutilized resource that can make all the difference

Virtual machine (VM) security still a work in progress

Trying to protect your expanding virtual machine (VM) empire will require a security product that can enforce policies, prevent VMs from being terminated or infected, and deliver the virtual equivalents of firewalls, IPS and anti-virus solutions.

A clear-eyed guide to Mac OS X's actual security risks

Apple has improved its security in recent years, but is it enough?

Everything You Know About Enterprise Security Is Wrong

Whether you're talking about your network, your company's building or your home, a perimeter approach to security is no longer adequate. As McAfee discussed at this week's RSA Conference, you can't provide physical or electronic security simply by trying to prevent authorized access -- you have to rethink all types to security to protect data and lives.

How to Test the Security Savvy of Your Staff

How do you know your employees retain what you teach them in company-required security awareness training? You don't -- unless you regularly test their security savvy and effectively address their mistakes during post-test follow-up sessions.