Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
Sending Email, Web Security To The Cloud
E-mail and Web security outsourcing are gaining more momentum as resource-strapped companies look for ways to tighten their IT belts. IT shops are constantly being asked to do more with less, and it's often security that gets more budget cuts since it's an IT area that doesn't contribute directly to a company making money.
Al Qaeda Implicated In Cyberattacks
Some papers recently became publicly available in the case of terrorism suspect Mohamedou Ould Slahi, accused of being one of Al-Qaeda's top recruiters. The papers revealed Al-Qaeda hacking activity, which demonstrates what proof of accountability in Internet attacks is, and how many of us jump to conclusions about countries, such as China, without it.
Symantec Takes $370 Million Plunge Into Encryption Market
Acquisitions of PGP, GuardianEdge will make security giant an immediate player, experts say
Product Watch: BreakingPoint To Roll Out 'Cyber Tomography Machine'
New testing platform scores the security of an organization's overall infrastructure and its resiliency to attack
Microsoft SIR, Dissected
Microsoft published Version 8 of its Security Intelligence Report (SIR) this week. The report covers the second half of 2009 and is a massive piece of information with almost 250 pages.
Report: Tier 1 Merchants Pay $122,000 More For PCI Assessments
Ponemon Institute/Thales survey PCI DSS security assessment firms about next version of PCI
Security Services Improve, But Bargains Few
Enterprises more focused on quality and functionality of services than on cost, experts say
Trusting 'Trusted' Sites Again
I've been teaching a user security awareness and training course to faculty and staff at our university. One of the great aspects of the class is the discussions that develop out of the participants' questions, like the security of social networks and how to use wireless securely while on the road. Lately, I've been getting one question more and more often: How do I know if a site is safe?
WinMagic eStore Sells SecureDoc FDE For $99
eStore protects all data on Windows or Mac desktops, laptops, tablets and removable media
More Than One-Third Of Network Devices Show Vulnerabilities, Study Says
Average device shows more than 40 configuration violations, according to research
CSRF Attacks Get New PoC Creation Tool
Cross site request forgery (CSRF) is a powerful attack that can have devastating consequences. It's not a new attack, but new tools are released every year because Web developers don't always write secure code that can prevent these attacks. Often, CSRF vulnerabilities go undetected because automated scanners have difficulty detecting them.
PCI: Data Token Alternatives
When a merchant cannot -- or will not -- replace credit card numbers with tokens provided by its payment processor, how does it secure it database to be PCI-compliant?
Log Review Checklist For Responders Under Fire
Checklists are one of the most important things for first responders to have access to when responding to an incident. The reasons are many, and most of them tend to fall back on the human nature of the first responder. Incident response can impose a lot of stress on an individual, whether from management or the sheer criticality of the potentially hacked resource, it can be easy to miss a step or remember a command incorrectly when under fire.
Researcher To Demonstrate Uncrackable Encryption Key
Scientist at Tel Aviv University builds key transmission system based on lasers, fiber optics
New Full Disclosure, Website Vulnerabilities Database
The biggest news in security circles in the past day or so is the new full disclosure site, Vulnerable Sites DB database.
Attacking Electronic Door Access Control Systems
A friend recently pointed me to some research he has been doing with embedded door access control systems, as well as some of the vulnerabilities he has uncovered. Some of his findings were recently disclosed at Carolinacon, with more to come during his presentation at Hack in the Box.
Bridging The Gap Between Training And Operations
The EDUCAUSE Security Professionals Conference is a great conference for IT staff from higher education to meet and learn about deploying and managing security tools like OSSEC and Bro IDS, hear how others are dealing with compliance issues, and network with other professionals interested in security.
NSA Director On The Cyber-Counterattack
According to an Associated Press report, the director of the National Security Agency told Congress the U.S. should respond in force to computer-based attacks -- even when the attacker is not known. Is that possible, and is it a good idea?
Nmap Does Much More Than Network Discovery
Nmap is among a network penetration tester's best friends, sitting high on a pedestal with the Metasploit Framework. I've been using the tool my entire career for network mapping and host discovery, typically on a weekly basis.
Flat-File Databases Often Overlooked In Security Schemes
Popular method of creating and exchanging database files could leave sensitive data vulnerable, experts say
Stop Counting Bots
How many bots are on the Internet, and why should we care? This is an argument I've been making since the late 1990s, and it is high time I got it in writing outside of closed circles.
Cisco WLAN Flaws May Be Typical Of Many Proprietary Systems, Researcher Says
Black Hat Europe presentation to offer view into Cisco WLAN vulnerabilities -- and a warning to users of other proprietary products
In SSL We Trust? Not Lately
In the past two weeks we have seen multiple problems with SSL, which is used in our Web browsers to protect the privacy and integrity of our electronic transactions.
PCI Database Security Primer
I have written a lot about compliance in that past three months, but most of the guidance has been generic. Now I want to talk about database security specifically in relation to the Payment Card Industry (PCI) Data Security Standard, and consider compliance more from an architectural standpoint as opposed to a tools- or policy-based perspective.
Share -- Or Keep Getting Pwned
Forget the bad guys: Sometimes it seems like the security industry doesn't trust itself. There's too much internal hoarding of intelligence for privacy or competitive reasons and too little sharing of information among researchers, victims, and law enforcement about real attacks. All this does is give the cybercriminals an edge.
Password Brute Forcing Tool Gets Major Update
Brute-force password guessing attacks are very common. If you operate a publicly accessible SSH server, then you know firsthand just how common it is with constant poking for weak passwords on accounts like root, admin, and test. When the attackers do find a weak password and gain access, they will typically download their tools and start scanning for more weak passwords from the newly compromised server.
'MULE' Prototype Uses Location For Authentication
CMU research creates Mobile User Location-Specific Encryption
|
Latest Comment: After several data breaches, management decided to go with a more aggresive DLP strategy.
2020: The Year in SecurityDownload this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Tweet This
0 Comments
