Security

Articles, advice and resources.

Security Mergers Indicate Solid Job Prospects

Security Key
Recently, we ran a story about the number of VCs putting cash into security startups. That turns out to be the tip of the security spear. The past month has seen several acquisitions of note as well-established vendors sought to broaden their product line, complement security products with malware or detection services, or make noteworthy hires. For example, Milpitas, Calif.-based FireEye bought Washington, D.C.’s Mandiant for $1 billion. Mandiant made headlines last year by working with The New York Times… continue…

Time to Reassess Your Network Access Rights

Hacker Thumbnail
At the heart of the celebrated case of Edward Snowden lies one important fact: The infamous contractor gained access to the trove of documents that he ultimately leaked to journalists by escalating his access rights. And despite this very real poster boy having been in the news for the past several months, many enterprises haven’t done much with reeling in — or even auditing – the access rights they have in place. In fact, far too many enterprises don’t know… continue…

Is SAP the Latest Malware Target?

Stealing-Passwords-Thumbnail
Reports over the past several weeks have pointed to potential malware — a variation on the Shiz banking-related Trojan — that is targeting SAP installations. This nasty piece of business was originally designed to provide attackers with remote access to an infected PC and steal online-banking passwords and cryptographic certificates. According to Infoworld, the malware was discovered a few weeks ago by Russian antivirus company Doctor Web, which shared it with security researchers. Alexander Polyakov, chief technology officer at ERPScan,… continue…

Is TrueCrypt Truly Secure?

TrueCrypt-Thumbnail
Written in C++, with C and some assembler, TrueCrypt is an open source tool for creating encrypted disk volumes. The volumes it creates can be stored on an external disk, as a partition of a disk, or in a file on Windows, Linux or Mac. Developed in 2004, TrueCrypt is considered one of the best pro-privacy tools around. It’s so good, forensic examiners, in at least one case, couldn’t prove that a TrueCrypt encrypted hard disk contained incriminating evidence. The… continue…

Yes, The iPhone Fingerprint Scanner Jeopardizes Privacy. So What?

iPhone-5s-Fingerprint-Scanner-Thumbnail
Apple’s decision to include a fingerprint scanner on the iPhone 5S and presumably the next generation iPad, has been met with a certain level of righteous indignation from privacy advocates. If the phone stores your fingerprint, then it doesn’t take much of a leap to figure out that it could send your fingerprint to any law enforcement or intelligence agency with an appropriate loosely worded subpoena. Fingerprinting is for criminals – I am not one, ergo the government has no… continue…

Understanding the Complexities of Compliance

Docs-and-Regulations-Thumbnail
Almost every IT product out there – especially when you get to the enterprise level — includes some form of compliance module or report. Some of them are useful, some not so much. Whether they’re helpful or not, compliance is a tricky issue you’ve got to be familiar with. Among other things, you have to undertake some careful thought about what you are actually complying with, and for whom: The particular government regulations that cover your industry. Your legal or… continue…

Two Ways to Improve Online Privacy

NSA-Thumbnail
Following the continuing Snowden revelations, it’s fair to say that large swathes of online correspondences may be captured and processed by scanning software. If the communications that are captured are encrypted, then they’re stored and kept until they can be decrypted and read. To increase privacy, we want to make the decryption process as difficult as possible. Strengthening Encryption In theory, anything encrypted with a large number of bits (256, 512, etc.) should be impossible to decrypt without an immense… continue…

Why Kali Linux Should Be In Your Security Toolkit

Kali-Linux-Thumbnail
Kali.org’s version of Linux is an advanced penetration testing tool that should be a part of every security professional’s toolbox. Penetration testing involves using a variety of tools and techniques to test the limits of security policies and procedures. What Kali has done is collect just about everything you’ll need in a single CD. It includes more than 300 different tools, all of which are open source and available on GitHub. It’s incredibly well done, especially considering that it’s completely… continue…

Are the Days of Secure Email Over?

email-security-hangout-thumbnail
With the recent shutdown of several email providers due to fears of NSA eavesdropping, is it finally time for enterprises to get more serious about encrypting their email traffic by default? Email encryption technology has been around for decades, but largely ignored due to perceptions of being too difficult or too arcane. Watch our Hangout with Dice Security Talent Community Guide and Co-Author of Enterprise Messaging, David Strom, along with Wave Systems’ CEO Steven Sprague, and Senior Director of Product… continue…

Protecting Logins with a Second Authentication Factor

mobile-login-screen
Two-factor authentication is catching on for a variety of consumer Web services. For those of you not in the know, this isn’t all that new. Years ago, various computer vendors set out to improve things with hardware-based two-factor authentication: Something uniquely in your possession that would generate a one-time code to work with a security appliance and better secure your logins. RSA made millions in this market, and over the years these tokens have been used by millions of users.… continue…