Security

Articles, advice and resources.

For Hacker Intelligence, Visit Their Forums

Mind Power
The best way to protect your networks is to think like a hacker, and the best way to find out what hackers think is to spend some time on their public discussion boards. This is exactly what the analysts from Imperva, a security research firm, did and the results are intriguing. In last month’s Hacker Intelligence Report #13, they looked at one of the largest discussion forums (they don’t reveal which one, but it has a quarter of a million… continue…

Android Apps Are Vulnerable to SSL Exploits

Posted In Android, Security
Security
Although Google invested a lot of time and money in their Google Play Store—formerly known as Android Market—to bring it to the same level as Apple’s AppStore, it still needs a lot of work. One of the biggest imperatives for Google is to strengthen the security of its apps. A new German research report, which was released during the annual ACM Computer and Communications Security Conference (CCS) 2012, uncovered big security issues. Thus far, Apple hasn’t had big problems with apps, aside… continue…

Irony: McAfee, Trust Guard Certifications Invite Trouble

mcafee_logo
These days it’s tough to find an online merchant that doesn’t display either a McAfee Secure or Trust Guard logo somewhere. The marks indicate that the websites undergo vigorous daily security scans. We consumers are then meant to feel safe to shop away in confidence that our credit card details won’t end up in the wrong hands. Now, a pair of security consultants is arguing that the programs may inadvertently place websites at greater risk. Unintended Consequences The problem isn’t… continue…

Unisys Stealth Enables Virtual Networks

unisys
Security is an obsession for everyone who talks about the cloud and virtualization. Hoping to add another layer of comfort to your security concerns, Unisys has introduced its Stealth Solutions Suite, an NSA-certified technology that stealth-enables network endpoints, making them seem invisible on your network. “You can’t hack what you can’t see,” notes Jill M. Walsh, stealth portfolio manager, Technology, Consulting and Integration Solutions at the company. The stealth technology executes low in the protocol stack. On top of the… continue…

Europeans Flog Themselves with Cyber Attacks

Cyber Europe 2012
A massive denial of service attack hit more than 300 European public and private institutions this week, including major government agencies such as the UK’s spy agencies MI5 and MI6 and several banks. The interesting thing is that the assault wasn’t by some hacker. It was a coordinated attempt by the agencies and businesses themselves. Welcome to the latest round of defensive planning for the next real cyber war. The Cyber Europe 2012 exercise was run by the European Network… continue…

How IT Can Leverage Consumerization

WomanHiding
“Most traditional approaches to IT security we saw last year were fundamentally breaking down,” said Brian Madden of brianmadden.com during an interview at VMworld 2012. Last year at VMworld in Las Vegas, Madden and I spoke about the consumerization of IT. To summarize, Madden pointed out that the world of IT had changed because users are no longer beholden to IT to get services. The endless variety of available Web services means they can circumvent IT security policies and more… continue…

Simple Theft: No FBI Conspiracy in Apple UDID Hack

Surveillance Camera
First, hackers affiliated with Anonymous claimed they’d gained access to the laptop of an FBI agent, along with a database of more than 12 million Apple unique device identifiers. To prove it, they released a redacted list of some 1 million of them. Then, the FBI denied the claims, and Apple unambiguously said the UDIDs hadn’t come from them. So, obviously, somebody’s wasn’t being entirely honest. Had Apple and the FBI been cooperating in order to secretly monitor digital communications?… continue…

Data is Safer in the Cloud than on Your Network

Thief Breaking In
“Cloud environments may be safer than on-premise environments,” said Rohit Gupta, VP, Business Development for Alert Logic. He was referencing a biannual study on cloud security that Alert Logic released this month. We spoke at the VMworld 2012 conference in San Francisco. The cloud’s questionable security has become such a super hot topic that just the endless discussion of it alone has become something of a joke. Gupta, who works for a security as a service company, noted that we… continue…

Gaming Headsets Can Ooze Info from Your Brain

Crazy Gamer
Ever wear one of those gamer headsets when destroying the enemy? Turns out you may be doing more than annihilating your opponent. Researchers found hackers can guess sensitive personal information from people wearing popular, consumer-grade EEG headsets. Yes, those “mind-reading” headsets for video games can allow bits of your memory to leak out. Researchers from the University of California at Berkeley, Oxford University and the University of Geneva presented a paper on the topic at the Usenix security conference in… continue…

Software Testing’s Undervalued Role in IT Security

Matt Heusser’s report on this summer’s Conference for the Association for Software Testing (CAST) is worth a careful read. Don’t think that you as a security professional have much to do with software testing? Think again. As he says in a blog post on SmartBear’s website, “so many companies downplay the importance of software testing. Quality assurance gets little time, energy and attention until something goes wrong.” Too often security professionals just see themselves as dealing with the security issues… continue…