Security

Articles, advice and resources.

Is SAP the Latest Malware Target?

Stealing-Passwords-Thumbnail
Reports over the past several weeks have pointed to potential malware — a variation on the Shiz banking-related Trojan — that is targeting SAP installations. This nasty piece of business was originally designed to provide attackers with remote access to an infected PC and steal online-banking passwords and cryptographic certificates. According to Infoworld, the malware was discovered a few weeks ago by Russian antivirus company Doctor Web, which shared it with security researchers. Alexander Polyakov, chief technology officer at ERPScan,… continue…

Is TrueCrypt Truly Secure?

TrueCrypt-Thumbnail
Written in C++, with C and some assembler, TrueCrypt is an open source tool for creating encrypted disk volumes. The volumes it creates can be stored on an external disk, as a partition of a disk, or in a file on Windows, Linux or Mac. Developed in 2004, TrueCrypt is considered one of the best pro-privacy tools around. It’s so good, forensic examiners, in at least one case, couldn’t prove that a TrueCrypt encrypted hard disk contained incriminating evidence. The… continue…

Yes, The iPhone Fingerprint Scanner Jeopardizes Privacy. So What?

iPhone-5s-Fingerprint-Scanner-Thumbnail
Apple’s decision to include a fingerprint scanner on the iPhone 5S and presumably the next generation iPad, has been met with a certain level of righteous indignation from privacy advocates. If the phone stores your fingerprint, then it doesn’t take much of a leap to figure out that it could send your fingerprint to any law enforcement or intelligence agency with an appropriate loosely worded subpoena. Fingerprinting is for criminals – I am not one, ergo the government has no… continue…

Understanding the Complexities of Compliance

Docs-and-Regulations-Thumbnail
Almost every IT product out there – especially when you get to the enterprise level — includes some form of compliance module or report. Some of them are useful, some not so much. Whether they’re helpful or not, compliance is a tricky issue you’ve got to be familiar with. Among other things, you have to undertake some careful thought about what you are actually complying with, and for whom: The particular government regulations that cover your industry. Your legal or… continue…

Two Ways to Improve Online Privacy

NSA-Thumbnail
Following the continuing Snowden revelations, it’s fair to say that large swathes of online correspondences may be captured and processed by scanning software. If the communications that are captured are encrypted, then they’re stored and kept until they can be decrypted and read. To increase privacy, we want to make the decryption process as difficult as possible. Strengthening Encryption In theory, anything encrypted with a large number of bits (256, 512, etc.) should be impossible to decrypt without an immense… continue…

Why Kali Linux Should Be In Your Security Toolkit

Kali-Linux-Thumbnail
Kali.org’s version of Linux is an advanced penetration testing tool that should be a part of every security professional’s toolbox. Penetration testing involves using a variety of tools and techniques to test the limits of security policies and procedures. What Kali has done is collect just about everything you’ll need in a single CD. It includes more than 300 different tools, all of which are open source and available on GitHub. It’s incredibly well done, especially considering that it’s completely… continue…

Are the Days of Secure Email Over?

email-security-hangout-thumbnail
With the recent shutdown of several email providers due to fears of NSA eavesdropping, is it finally time for enterprises to get more serious about encrypting their email traffic by default? Email encryption technology has been around for decades, but largely ignored due to perceptions of being too difficult or too arcane. Watch our Hangout with Dice Security Talent Community Guide and Co-Author of Enterprise Messaging, David Strom, along with Wave Systems’ CEO Steven Sprague, and Senior Director of Product… continue…

Protecting Logins with a Second Authentication Factor

mobile-login-screen
Two-factor authentication is catching on for a variety of consumer Web services. For those of you not in the know, this isn’t all that new. Years ago, various computer vendors set out to improve things with hardware-based two-factor authentication: Something uniquely in your possession that would generate a one-time code to work with a security appliance and better secure your logins. RSA made millions in this market, and over the years these tokens have been used by millions of users.… continue…

New Vulnerabilities in Older SIM Cards

cellphones thumbnail
It’s just over 22 years since the first SIM (Subscriber Identity Module) cards appeared and now they’re everywhere in cell phones and other mobile devices. They’re mandatory in GSM devices. And now it’s been revealed that some older SIM cards have a serious vulnerability that could affect 500 to 750 million cell phones out of the estimated 6 billion in use worldwide. Or maybe more, since satellite phones also use SIM cards. The vulnerability was discovered by German security expert… continue…

Survey: People, Not Money, Are Key To Better Security

business-people-thumbnail
Security professionals believe one of the most effective ways to boost their systems’ safety has less to do with money and more to do with expanding their teams. Specifically, they’d rather have more experts than more technology. A survey by the IT security and compliance solutions provider Tripwire found that 44 percent wanted to up their skilled security staff, while only 32 percent preferred an increase in their budget. Another 24 percent wanted their board and/or key executives to buy… continue…