Articles about Data Security

Bear attack

Russian government hackers spent a year in our servers, admits DNC

The US Democratic National Committee (DNC) has confirmed that hackers thought to be part of Russian state intelligence have had access to their servers for nearly a year. They have read emails, chat logs, and opposition research documents. The attack was uncovered six weeks ago, after IT admins noticed something strange was …
Iain Thomson, 14 Jun 2016
US Dollars by https://www.flickr.com/photos/pictures-of-money/  https://creativecommons.org/licenses/by/2.0/ Attribution 2.0 Generic (CC BY 2.0)

Payments security mob updates app guide

The payment application data security standard (PA-DSS) has been updated to help businesses better install, update, and patch their hardware. The guides are a global effort by Visa, Mastercard, and American Express to improve the shabby state of electronic payments around the world through the implementation of baseline …
Darren Pauli, 30 May 2016
Lord_Of_the_Rings_ring

One (storage) protocol to rule them all?

Storage Architect One of the questions posed to the “ask me anything” storage panel at this week’s TECHunplugged event was whether we will ever see a single storage protocol develop. This is an interesting idea and with the move to object storage, seems to have some merit. However, as always with technology, the answer “it depends” seems the …
Chris Evans, 17 May 2016
Intel_PHS6000_03

Google: Trust us with NHS AI

The cofounder of Google's artificial intelligence company DeepMind has responded to widespread concerns that the biz is being granted access to more than a million people's private healthcare records in the UK. Mustafa Suleyman reckons his company is highly qualified to look after the information given Google's long history of …
Kieren McCarthy, 06 May 2016

The Internet of Things edges toward a practical reality

There are countless problems with making the so-called "internet of things" (IoT) a pragmatic reality: hardware, software and standards to name the big three. But this week at the Samsung Developer Conference in San Francisco, at least two of them have started to find solutions. During one of its exec's main keynotes, Samsung …
Kieren McCarthy, 27 Apr 2016
dunce_cap_648

Stop using USB sticks to move kids' data, auditor tells Education Dept

The Department for Education (DfE) needs to improve the way it handles the personal sensitive information of 20 million records contained in its National Pupil Database, according to the Government Internal Audit Agency (GIAA). The findings were revealed in the department's annual accounts for 2014/15, which were published …
Kat Hall, 22 Apr 2016

Dutch PGP-encrypted comms network ‘abused by crooks’ is busted

Dutch firm Ennetcom has pulled its systems offline following a bust by police and accusations that its encryption technology was being abused as a communications network by drug dealers. Police have seized servers in the Netherlands, and Canada is dismantling what local reports describe as a PGP-based comms network. The …
John Leyden, 21 Apr 2016
Teacher

SamSam ransomware shifts from hospitals to schools via JBoss hole

Cisco has warned that the SamSam ransomware that has been plaguing US hospitals is now menacing schools, governments, and other organizations that have not kept their JBoss deployments up to date. According to the networking giant's Talos security team, SamSam exploits a hole in server middleware JBoss to drill its way into …
Iain Thomson, 19 Apr 2016
protest

US anti-encryption law is so 'braindead' it will outlaw file compression

The proposed bill put forward by Senators Richard Burr (R-NC) and Dianne Feinstein (D-CA) to force US companies to build backdoors into their encryption systems has quickly run into trouble. Less than 24 hours after the draft Compliance with Court Orders Act of 2016 was released, more than 43,000 signatures have been added to …
Iain Thomson, 14 Apr 2016

TalkTalk broadband customers continue to flee

Broadband customers at TalkTalk continued to flee the operator during the first three months of this year, with 126,000 customers switching away from the provider. That was on the back of 250,000 broadband customers switching to other suppliers in the previous quarter, according to research from Kantar World Panel. Some 17 …
Kat Hall, 14 Apr 2016

Line by line, how the US anti-encryption bill will kill our privacy, security

Analysis In the wake of the FBI's failed fight against Apple, Senators Richard Burr (R-NC) and Dianne Feinstein (D-CA) have introduced a draft bill that would effectively ban strong crypto. The bill would require tech and communications companies to allow law enforcement with a court order to decrypt their customers' data. Last week a …
Iain Thomson, 13 Apr 2016

Cutting edge security: Expensive kit won't save you

We all want to protect our customer and employee data, but as the threat landscape changes and the publicly disclosed data breaches get increasingly larger, our approach may need to change. What constitutes "state of the art" information security in 2016? It’s tempting to create a listicle of 10 shiny new security tools that …
Danny Bradbury, 13 Apr 2016
Cat in a box, image via Shutterstock

Oracle traps its cloud inside own tin boxes

Oracle is throwing one stone at two birds troubling its business: cloud and falling server sales. That stone: cloud in a box. The database giant has announced Oracle Cloud at Customer, a package of its publicly available, but relatively unwanted cloud software - in its reciprocally related servers. The stone has a name: …
Gavin Clarke, 24 Mar 2016

The bill for Home Depot after its sales registers were hacked: $19.5m

Home Depot will pay at least $19.5m in compensation to the 50 million customers hit by hackers who infiltrated the chain's sales tills in 2014. The US home improvement warehouse will create a $13m fund to reimburse shoppers and spend a further $6.5m providing a year's worth of identity protection for those impacted. Those are …
Kieren McCarthy, 17 Mar 2016

If your ISP is selling info about you, that has to be opt-in, says FCC boss

FCC chairman Tom Wheeler has proposed new rules that would bring ISPs in line with general data privacy laws and give citizens the right to opt out of their personal information being shared commercially. Wheeler has put forward a proposed "notice of rulemaking" to the other FCC Commissioners, who will vote on it later this …
Kieren McCarthy, 11 Mar 2016
Dollar in pocket, photo via Shutterstock

Dwolla dwamned for destroywing defwences: $100k fine for insecurity

Updated US payment processor Dwolla has been slapped with a US$100,000 fine for wrongly claiming it was super secure. In fact, its staff were left with so little training that in an IT penetration test in 2012, nearly half of them opened a phishing email, 62 per cent of those opened the link it contained, and 25 per cent of employees …

Forget data thieves, data sabotage will be your next IT nightmare

RSA 2016 For years, the security industry has been primarily focused on stopping information theft. Now more and more people in the trade are worried that the next wave of attacks won't steal data – they'll alter it instead. On Tuesday, the head of the NSA named data manipulation as one of his top three nightmares, and other vendors …
Iain Thomson, 03 Mar 2016

Latest in Apple v FBI public squabble over iPhone crack demand

Analysis In the latest salvo in a very public war, Apple's CEO and the FBI's director have published letters arguing their cases over gaining access to a locked iPhone. In Apple's corner, Tim Cook sent an all-staff email Monday morning in which he argued that the case represents a "precedent that threatens everyone's civil liberties …
Kieren McCarthy, 22 Feb 2016

PCI Council says bye-bye to big bang standards upgrades

The PCI Security Standards Council is inching towards a “March/April timeframe” release of version 3.2 of the Payment Card Industry Data Security Standard (PCI DSS). The headline item in the update will be the revised and rather later dates for migration away from Secure Sockets Layer (SSL)/Early Transport Layer Security (TLS …
Simon Sharwood, 19 Feb 2016
Boy with a backpack hides his eyes and cries. Pic by Shutterstock

National Pupil Database engorged to 20 million individual kids' records

The UK Department for Eduction has enlarged its mega database containing sensitive personal pupil information to nearly 20 million individual records, according to a Freedom of Information response. The National Pupil Database contains a range of sensitive information dating from the year 2000, including name, postcode, …
Kat Hall, 12 Feb 2016
Robot eye opens. Image via Shutterstock

Don't freak out, but your primary storage has become 'aware'

Comment The term data-aware storage is fairly new to our industry and its definition, as often happens, is not very clear. Of course vendors have their own view of this term. In my personal opinion, data-aware storage means being able to analyse infrastructure and workloads as well as storing the data involved, giving a complete …

Privacy advocates left out of NHS care.data 'oversight' board

Privacy advocates have been secretly expelled from the NHS's care.data discussions group, while lobbyists backed by biotech corporations have kept their places at the table. The care.data Advisory Group was established in March 2014, after the scheme's first collapse, as part of a process to get care.data – which intends to …

Microsoft vs US.gov, Internet of Stuff, etc: What's up with 2015's legal cloudy issues?

Last year, I highlighted five legal issues for cloud firms and consumers to watch out for in 2015. Here’s a quick recap of how those topics developed during the year. 1. Microsoft and the US government go back to court Microsoft is taking a stand against the ability of US law to reach into its Dublin data centres and, against …
Frank Jennings, 02 Feb 2016

Research: By 2017, a third of home Wi-Fi routers will power passers-by

Companies are going to be selling a lot more public Wi-Fi plans over the next few years and it's going to be home Wi-Fi users who'll be the backbone of the network, according to analysts from Juniper Research. In a new report (registration necessary), Juniper estimates that one in three home Wi-Fi routers will be used as …
Iain Thomson, 29 Jan 2016
Miss Piggy

Broadband-pushers expand user piggyback rides on private Wi-Fi

The number of public Wi-Fi hotspots piggybacking on private routers in the UK is set to increase "significantly" by next year, according to research. Currently 47 per cent of public Wi-Fi hotspots in the UK are derived from "homespot" routers. That proportion that will increase as broadband providers compete to to offer …
Kat Hall, 26 Jan 2016

Scandal-smashed OPM will no longer do govt's background checks – for obvious reasons

The US government is creating a new agency to process background checks for federal employees and contractors seeking security clearance. The Obama administration said it will instruct the Department of Defense (DoD) to oversee the establishments of the National Background Investigations Bureau (NBIB). The new agency will take …
Shaun Nichols, 25 Jan 2016
Avi Rubin

Terrible infections, bad practices, unclean kit – welcome to hospital IT

Usenix Enigma When it comes to IT security, the medical world is by far the most inept at data security. So say top researchers at the first Usenix Enigma security conference, held this week in San Francisco. "As a tester who has worked in many industries, healthcare is the absolute worst in terms of security," Avi Rubin, technical director …
Iain Thomson, 25 Jan 2016

Airbus, Boeing aero parts maker loses $54m in cyber-stick-up

An Austrian engineering firm is counting the cost of poor IT security after admitting €50m ($54m) has gone missing from its accounts following a "cyber fraud." FACC Operations makes airplane parts for giants like Airbus and Boeing, and is majority owned by a Chinese holding company. It insists its intellectual property, …
Iain Thomson, 22 Jan 2016
£10 notes. Pic: Howard Lake

Kent Council cheerily flings about £100m at managed services bods

Kent County Council and two other local authorities are on a mission to splash between £50m and £100m on a mega outsourcing gig with managed services providers. The four-year contract is to be awarded to five suppliers for "the outsourcing of day-to-day management responsibilities and functions" and is part of council plans to …
Kat Hall, 22 Jan 2016
The Seeing Eye by Valerie Everett, Flickr, CC2.0

Five technologies you shouldn't bother looking out for in 2016

Something for the Weekend, Sir? Welcome to the future! The skies are full of flying cars, the waters are full of personal submarines and our digital wallets are full of 57 varieties of mutually incompatible blockchain-based monetary currency. Food is consumed in the form of nutrition pills. The outdoor temperature is determined by Weather Control in Berlin. …
Alistair Dabbs, 22 Jan 2016
Samsung Galaxy Alpha

Samsung sued over 'lackadaisical' Android security updates

Samsung is being sued by a Dutch consumer group for its alleged lackadaisical approach to security updates for its Android phones. The Dutch Consumers’ Association (DCA) claims that an incredible 82 per cent of Samsung phones do not have the latest version of Android installed. It blames the Korean giant for failing to prod …
Kieren McCarthy, 21 Jan 2016
Deep Thought

Alibaba says 'open sesame' to AI, 1,000 new jobs in $1bn cash splash

Alibaba's cloud arm is planning a new billion-dollar partnership with Nvidia to expand its deep learning and big data systems over the next three years. The plan, announced on Tuesday at a press conference in Shanghai, will see AliCloud use Nvidia's silicon to run the new services, and will be offering them from data centers …
Iain Thomson, 20 Jan 2016

Trustwave failed to spot casino hackers right under its nose – lawsuit

IT security biz Trustwave is being sued by a Las Vegas casino operator for allegedly bungling a hacking investigation. Trustwave denies any wrongdoing. The outcome of the lawsuit could have staggering consequences for infosec outfits hired to analyze and cleanup computer network intrusions, in terms of potential liabilities …
Chris Williams, 16 Jan 2016

Open Web Application Security Project issues new secure coding bible

The Open Web Application Security Project (OWASP) has published the third version of its developer security bible trimming the fat and offering peer-reviewed and tested means of building more secure apps. The Application Security Verification Standard Project (ASVS) is the carrot to OWASP's much-cited stick that is the Top 10 …
Darren Pauli, 12 Jan 2016

Former security officials and BlackBerry CEO pile in on encryption debate

The rolling debate over encryption has been joined by BlackBerry's CEO and a range of former national security officials. Following a recent political pushback, and a Republican debate that appeared to again ask for backdoors to be introduced into encryption products, the experts have stepped in to argue for a more realistic …
Kieren McCarthy, 18 Dec 2015
3d_XPOint_die

We Kidd you not: Ex-NetApp CTO Jay speaks his brains on storage tech

NetApp’s ex-CTO Jay Kidd has joined object storage supplier SwiftStack’s board and we had the opportunity to ask him some questions about his views on various technologies. We wondered how much his views now might differ from NetApp norms. So we went ahead, and here are the technology topics and Jay Kidd's views: Mainstream …
Chris Mellor, 17 Dec 2015
Crop of doctor with pen and clipboard

Expert welcomes UK’s digital health recommendations

New recommendations made to the UK government over how to encourage greater use of technology in the NHS in England can help health bodies meet challenging budget constraints and deliver more convenience for patients, an expert has claimed. Expert in digital health Matthew Godfrey-Faussett of Pinsent Masons, the law firm …
OUT-LAW.COM, 14 Dec 2015
Bates Motel

FTC and Wyndham end hotel data protection feud

Hotel chain Wyndham Resorts has agreed to settle its long-running case with the FTC over its handling of customer data. The US trade bod said on Wednesday it has agreed to a settlement deal [PDF] that will see Wyndham spend the next two decades under mandatory rules for securing and storing customer payment card information. …
Shaun Nichols, 10 Dec 2015
World with light lines representing connectivity connecting various foci on the globe. Pic via Shutterstock

Flexible friend: Data's Big digital journey online

Big Data and All That The media appear to suffer from a congenital compulsion to simplify everything down to a level they can grasp. Big data is one of those simplifications: something that can be shoved down a Fat Pipe. Enid Blyton passed away before the IT explosion and only got as far as Big Ears. I don’t get any pleasure from nursery language …
John Watkinson, 03 Dec 2015
Iguazu_falls

Startup Iguaz.io is creating real-time Big Data analytics storage

One-year-old Iguaz.io, an Israeli Big Data startup, has just won a $15m A-round from Magma Venture Partners, JVP and large strategic investors. So what's the magic product that grabbed funding so early in the game? It seems it's all about big data-handling, which is criticised for being rigid and inflexible, with repeated …
Chris Mellor, 26 Nov 2015
ClusterStor_HW

Seagate forms federal biz unit to latch onto the gov cash faucet

Seagate has formed a Federal business unit to help shift its acquired Xyratex ClusterStor HPC arrays to Fed buyers. Seagate Government Solutions (SGS) will focus on the federal government’s big data, high performance computing (HPC), and security needs. It’s presided over by Deb Oliver, formerly with Lockheed Martin and …
Chris Mellor, 13 Nov 2015

Open to the core: MongoDB's enterprise push in 'joins' U-turn

MongoDB grabbed headlines last week with the release of version 3.2 of its popular NoSQL database. Consistent with the company’s prescribed messaging, the tech media dutifully inserted “enterprise” into every headline, touting MongoDB’s new storage engines for better data security, among other things. But one thing was missing …
Matt Asay, 11 Nov 2015
whitehall_648

UK government looks to harness the potential of open data through APIs

In a speech earlier this week, Matt Hancock, minister for the Cabinet Office, referred to data as being "no longer just a record" but a "mineable commodity, from which value can be extracted" and outlined how the UK government intends to improve its use of the information at its disposal and help others exploit the data too. " …
OUT-LAW.COM, 06 Nov 2015
Chef workflow, now including compliance based on the new InSpec framework

Chef launches Compliance: Server security policy as code

Chef Software has released Chef Compliance, a product which aims to automate verification of server security policies to enable rapid application delivery without threatening compliance. The company has also announced general availability of Chef Delivery, a continuous delivery product first announced in March 2015. The …
Tim Anderson, 06 Nov 2015
Tubbs from the League of Gentlemen. Illustration by Doeth Gwraig

Are you local? HDS adds locality, Data Ingestor to object storage

HDS has revved its object-storing HCP (Hitachi Content Platform) with what looks to be better data management and protection features. There is a new piece of hardware, the HCP S30, which can store more than 450PB of data in a single multi-node system using commodity storage. A G10 node server architecture has SSD support for …
Chris Mellor, 02 Nov 2015

Intel and Oracle push into big data, label IBM and SAP cloud clowns

Larry Ellison has dismissed his two historic competitors, IBM and SAP as "nowhere in the cloud," and used Sunday night's OpenWorld keynote to show off products and services designed to bury Big Blue and the HANA heroes. "We compete with Amazon in cloud infrastructure and never, ever see IBM - this is how much our world has …
Iain Thomson, 26 Oct 2015

FBI, US g-men tried to snatch DNA results from blood-testing biz. What a time to be alive

+Comment Not content with snooping on your emails, whereabouts and telephone calls, it appears the Feds now want your DNA results. DNA testing company 23andMe says it has received four requests from law enforcement agencies for "user data" in the past quarter, all of them from the United States. Those stats came in the first " …
Kieren McCarthy, 21 Oct 2015

Trend Micro stumps up $300m to buy HP TippingPoint

Trend Micro has agreed to pay $300m to acquire HP TippingPoint, a provider of intrusion prevention systems and related network security kit. The acquisition is both technology and market driven since it gives Trend, best known for its security software, access to HP TippingPoint’s customer base. Trend says the deal positions …
John Leyden, 21 Oct 2015

Thales buys Vormetric for $400m in major security biz push

Thales has put up $440m to acquire Vormetric, which develops data protection technology for physical, virtual and cloud infrastructures. The transaction, announced late Monday, is subject to customary closing conditions but is expected be finalised during the first quarter of 2016. The deal will allow Thales to acquire …
John Leyden, 20 Oct 2015

NetApp flexes all-flash array, flashes Flexpod revenues

NetApp, the soon-to-be undisputed leading stand-alone storage company, has announced all-flash array guarantees nicely timed to resonate with the uncertainties now affecting EMC and Dell storage array products. It is said that, compared to enterprise database applications running on traditional non-flash, disk-based systems, …
Chris Mellor, 14 Oct 2015