Articles about Information Security

Pentagon on manual mission to build nation-wide security database

US Defence bureaucrats are bashing numbers into a database in a bid to develop what the agency hopes will become an automated security scorecard, assessing vulnerability exposure across the country's networks and weapons systems. The scorecard is at present a manual effort to help identify vulnerabilities and propose the means …
Darren Pauli, 21 Sep 2015

China makes internet shut-downs official with new security law

China is able to shut off internet access during major 'social security incidents' and has granted its Cyberspace Administration agency wider decision making powers under a draft law published this month. The draft also appears to require critical infrastructure organisations including foreign entities to store "important" …
Darren Pauli, 13 Jul 2015

Raytheon: Ho hum, another day, another $1bn cyber-security contract with Uncle Sam

Defense contractor Raytheon said it will be providing IT security for more than 100 US government agencies in a deal valued at upwards of $1bn. Raytheon said the billion-dollar contract, reportedly set to run for five to seven years, will include development and support of cybersecurity protections for the Department of …
Shaun Nichols, 30 Sep 2015
Policeman claps in London street

Europol and Barclays shack up for steamy security shenanigans

EU law enforcement body Europol and Barclays have signed a Memorandum of Understanding (MoU) to formalise their cooperation in combating cybercrime targeting the financial sector. The agreement establishes a formal means for Europol and Barclays to "exchange strategic information, information on trends, expertise and statistical …

IT security spending to hit $75.4bn in 2015 despite currency issues, says Gartner

Worldwide spending on information security will reach $75.4bn in 2015 – an increase of 4.7 per cent over 2014 – despite a currency-driven price hike causing some customers to delay purchases until next year. Government initiatives, increased legislation and high-profile data breaches are the hot topics shaping the latest …
John Leyden, 23 Sep 2015

Europe talks to hackers, security bods on Wassenaar recalibration

Speaking at a roundtable meeting on export controls on Wednesday, Dutch MEP Marietje Schaake said that she and other lawmakers were working to avoid "some of the unintended consequences of the Wassenaar Arrangement." That's the arrangement between various nations on the export of weapons and arms, which includes software used …
Jennifer Baker, 30 Sep 2015

US dominates net-security patents, China, Canada and Oz on the advance

The US, China, Canada and Australia are the world's major sources of security patents, according to analysis by LexInnova. The company issued a report on Friday looking at the market for security patent licensing. It'll come as no surprise that Cisco is the 800-pound gorilla of the security game with 6,442 patents (followed …
Angela Merkel's eyes

Bundestag won't reveal web block list on 'national security' grounds

Official sources in Berlin are refusing to publish details of the 100,000 websites blocked in the Bundestag, because revealing them would “endanger national security”. The block is primarily meant for the executive branch of the institution, but in practice affects all lawmakers working in the Bundestag. Following a serious …
Jennifer Baker, 28 Jul 2015

Flash deserves to live, says Cisco security man

Don't kill Flash; that's the message from Cisco security veteran John Stewart who says the Adobe team have put in the hard yards into reforming security and needs to weather the current bug storm. The advice follows a call for the ravaged runtime to be expunged from the digital world by former Yahoo-cum-Facebook security man …
Darren Pauli, 31 Jul 2015

FLASH MUST DIE, says Facebook security chief

Newly-minted Facebook security chief Alex Stamos has called for Adobe Flash to be taken out behind the shed by a shotgun-wielding world. The former Yahoo! security head joined Menlo Park this year and over the weekend said in two Tweets that it is time the death knell chimed for the Adobe's much-hacked tool. "It is time for …
Darren Pauli, 14 Jul 2015

ISC2 launches security cert training for cloud-defending cherubs

ISC2 has announced the dates of its training courses for its new cloud security certification, created alongside Cloud Security Alliance (CSA), beginning with exam availability in PearsonVUE testing centres from 21 July. The pitch for the ISC2- and CSA-developed Certified Cloud Security Professional (CCSP) certification …

Adobe to hire security auditor to prevent repeat of password SNAFU

Australia's privacy commissioner says basic mistakes at Adobe allowed hackers to ransack its customer database in 2013, and reveals that the company plans to appoint auditors to make sure it won't experience a repeat of the breach. Timothy Pilgrim, holder of the privacy commissioner's office, yesterday released a report [PDF] on …
Simon Sharwood, 09 Jun 2015

US to rethink hacker tool export rules after mass freakout in security land

Proposed changes to the US government's export controls on hacking tools will likely be scaled back following widespread criticism from the infosec community, a government spokesman has said. "A second iteration of this regulation will be promulgated," a spokesman for the US Department of Commerce told Reuters, "and you can …
Neil McAllister, 30 Jul 2015

Super Stuxnet's SCADA slaves: security is atrocious

Botnet boffin Peter Kleissner says at least 153 computers are still slaves to Stuxnet. Of those, six are tied to supervisory control and data acquisition (SCADA) systems which the malware is designed to exploit to destroy the attached machinery. Kleissner told a presentation at an information security conference in Vienna last …
Darren Pauli, 11 Jun 2015

Sysadmins: Your great power brings the chance to RUIN security

Risk management bod Kris French Junior has offered 10 tips to help security teams bin their boring, technical, and uniformed education schemes The Hyland Software education aficionado takes aim at what he sees as pervasive checkbox compliance-driven and complicated training programs that lack the excitement and pizazz of crowd …
Darren Pauli, 28 Jul 2015

'Security, privacy' main barrier to 'government cloud' rollout in EU

Security and privacy issues are holding back "the cloudification of governmental services" in the EU, according to a new report. The European Union Agency for Network and Information Security (ENISA) said concerns about how sensitive data is protected in a cloud computing environment have not been resolved. It said data security …
OUT-LAW.COM, 04 Mar 2015

Lottery IT security boss guilty of hacking lotto computer to win $14.3m

Iowa state lottery's IT security boss hacked his employer's computer system, and rigged the lottery so he could buy a winning ticket in a subsequent draw. On Tuesday, at the Polk County Courthouse in Des Moines, Iowa, the disgraced director of information security was found guilty of fraud. Eddie Tipton, 52, installed a …
Iain Thomson, 22 Jul 2015
Drawing of brain

Europe's cyber security agency wants pick your infosec BRAINS

Do you work in the ICT sector? If so, Europe’s top cyber security agency wants you. ENISA (The European Union Agency for Network and Information Security) is looking for 20 experts to join its “Permanent Stakeholders’ Group”. Self-declared experts who work in the ICT sector for fixed and mobile electronic communications …
Jennifer Baker, 07 Nov 2014

Scouts take down database due to 'security vulnerabilities'

The Scouts Association has taken down its Compass database, which holds the records of nearly half-a-million young people and adult volunteers, after discovering a "potential security vulnerability," The Register can reveal. In a letter seen by El Reg and addressed to members this morning, the association said the decision was …
Kat Hall, 28 Jan 2015

Sucker for punishment? Join Sony's security team

Sony is seeking a steely-willed vulnerability management director in the wake of its thorough hosing by unknown attackers. The beleaguered media giant posted an online advertisement Friday seeking a security bod boasting a decade's hacking experience to, among other things, "Unify and enhance Sony’s global information security …
Darren Pauli, 23 Dec 2014
Hacked sarcasm

Biz coughs up even less for security, despite mega breach losses

Information security budgets are falling despite a continuing rise in the number of attacks, according to a new report by management consultants PwC. Detected security incidents have increased 66 per cent year-over-year since 2009, reaching the equivalent of 117,339 attacks per day, according to PwC's "The Global State of …
John Leyden, 01 Oct 2014

Moscow, Beijing poised to sign deal on joint cyber security ops

Moscow and Beijing will next month sign a deal to commence joint information security projects and operations, and to increase cooperation in the space, according to a popular Russian newspaper with ties to President Vladimir Putin. Kommersant owned by Russia's richest man and President Putin ally Alisher Usmanov reported ( …
Darren Pauli, 24 Oct 2014

Who should be responsible for IT security?

Typically, when a cybersecurity problem arises, it’s the IT department that gets it in the neck. Ostensibly, that makes sense. After all, if someone is in your network mining your database for corporate secrets, it’s hardly the office manager or the accounts receivable department’s lookout, right? Perhaps. On the other hand, …
Danny Bradbury, 18 Aug 2015
Keep out sign with deleted expletive

US watchdog: Anthem snubbed our security audits before and after enormous hack attack

A year or so before American health insurer Anthem admitted it had been ruthlessly ransacked by hackers, a US federal watchdog had offered to audit the giant's computer security – but was rebuffed. And, after miscreants looted Anthem's servers and accessed up to 88.8 million private records, the watchdog again offered to audit …
Shaun Nichols, 05 Mar 2015
GCHQ as seen on Google Earth

O2 vs Vodafone: Mobe firms grab for GCHQ, security badge

Both Vodafone and O2 are claiming to be the best mobile phone network for people, particularly government people, who are worried about security. O2 is crowing about achieving the secure and government-approved network certification known as CAS(T), which stands for CESG Assured Service (Telecommunications), O2 being the first …
Simon Rockman, 11 Aug 2014
Pile of mobiles

Will security concerns scupper your BYOD policy?

Analysis Almost everyone involved in IT fears BYOD to some extent. That’s largely because they are terrified of careless colleagues costing the business a shed load of money. But small to medium sized businesses who lack the budget and resources to do security well fear BYOD more than most. Just this week, Hugh Boyes from the Institution …
Tom Brewster, 29 Nov 2014

Adobe CSO offers Oracle security lesson: Go click-to-play

Oracle could have saved mountains of cash and bad press if Click-to-Play was enabled before Java was hosed by an armada of zero day vulnerabilities, Adobe security boss Brad Arkin says. The simple fix introduced into browsers over the last year stopped the then zero day blitzkrieg in its tracks by forcing users to click a button …
Darren Pauli, 16 Oct 2014
US cashpoint. Pic: Tax Credits

Are you an infosec bod? You must be STINKING RICH, says study

Jobs in the lucrative cyber-security sector can command salaries of $200,000 or more, according to a new salary survey. Lead software security engineer pull in an average of $233,333 while Chief Security Officer ($225,000) and Global Information Security Director ($200,000) also receive serious salaries. A new study of 2015 …
John Leyden, 12 May 2015

Trustwave gobbles up Application Security, gorges itself on tech

Data security biz Trustwave has acquired fellow data security provider Application Security, a startup that specialises in automated database security scanning technologies. Financial terms of the deal, announced on Monday, were undisclosed. Privately-held Application Security develops security software for relational databases …
John Leyden, 12 Nov 2013
management management4

Security: Sweet brief for rare man Roche, new boss of Fujitsu TS

Fujitsu company veteran Tom Roche has grabbed the chieftain's chair at the Technology Solutions unit with a specific brief to boost security sales. The post became vacant last month when former boss Michael Keegan was made overlord of UK ops for Fujitsu, replacing Duncan Tait who was lifted to the head of the EMEIA organisation …
Paul Kunert, 18 Jun 2014

Euro security agency says MORE crypto needed in gov policy

Governments need to build more privacy into legislation,technology vendors need to step up and compliance cops should crack down to push privacy-enhancing technologies out of the labs, says the European Union Agency for Network and Information Security (ENISA). The agency has issued a report, Privacy and Data Protection by …
Darren Pauli, 14 Jan 2015

Aussie spy agency gets first bug bounty credit

Australia's national spy agency has been credited with its first public vulnerability disclosure after reporting a remote code execution vulnerability in an HP Autonomy component. The Australian Signals Directorate had previously reported vulnerabilities in a variety of software but it is the first time its work has been …
Darren Pauli, 23 Sep 2015

Australian Govt to launch cyber sec sharing strategy

Australia's Federal Government will this year deliver its first Cyber Security Strategy to generate 'practical' means to improve security including public-private partnerships. It is the second paper-based initiative designed to help address the unruly state of information security across public and private sectors. The …
Darren Pauli, 28 May 2015

Students! Graduates! Win £10,000 with the Cyber 10K challenge

Competition In a bid to help address the cyber skills gap in the UK, NCC Group is calling on Britain’s students and graduates to solve the cyber security challenges both businesses and consumers face today. The winner of the Cyber 10K challenge will receive £10,000 and expert advice from the company to develop their own security solution …
David Gordon, 14 Sep 2015

UK gets the Ashley Madison fear: Data privacy moans on the up

Consumer complaints about the way personal data is handled increased by 30 per cent from 2013 to 2014, according to figures from Pinsent Masons, acquired via several Freedom of Information requests to the Information Commissioners Office (ICO). Complaints about the security of personal information rose from 886 in 2013 to 1, …
John Leyden, 05 Oct 2015
Cash in brown paper envelope CC 2.0 attribution

A third of workers admit they'd leak sensitive biz data for peanuts

A third of employees would sell information on company patents, financial records and customer credit card details if the price was right. A poll of 4,000 employees in the UK, Germany, USA and Australia found that for £5,000, a quarter would flog off sensitive data, potentially risking both their job and criminal convictions …
John Leyden, 29 Jul 2015

Win a free new car – just show Intel how you'd hack your existing one

Intel is getting serious – dead serious, apparently – about car hacking. And nothing says serious like a prize giveaway. If you join Chipzilla's new Automotive Security Review Board and make all the right noises, you can win a free new ride. The chip-baking giant revealed the review board on Monday, and is inviting seasoned …
Chris Williams, 14 Sep 2015

Cyber security: Do the experts need letters after their name?

Despite its reticence over everything Snowden, GCHQ has been awfully proud of its work with academia over the last year. Though it has always worked closely with universities, the Cheltenham-based spy agency has given its backing to various government initiatives designed to give a fillip to British cyber-security wannabes and …
Tom Brewster, 17 Nov 2014

Wanna harvest a stranger's Facebook data? Get a mobile number and off you go

Hackers and other miscreants are able to access names, telephone numbers, images and location data in bulk from Facebook, using only a cellphone number. The loophole was revealed by software engineer Reza Moaiandin. Moaiandin, technical director at UK-based tech firm, exploited a little-known privacy setting in a …
John Leyden, 12 Aug 2015
Crop of doctor with pen and clipboard

Phone-fondling docs, nurses sling patient info around willy-nilly

UK doctors and nurses routinely share sensitive patient information via their smartphones, we're told. Two in three or 65 per cent of doctors at Imperial College London have used text messages to communicate with colleagues about a patient, and half (46 per cent) have used picture messaging on their smartphone to send a …
John Leyden, 08 Oct 2015

Japan needs 80,000 EXTRA info-security bods to stay safe

Japan has an 80,000 shortfall in infosec professionals, and needs to provide extra training for more than half of those currently in the industry, if it’s to protect key IT systems from attack, according to the government. A government panel of information security experts met back in June to draw up a long term plan to address …
Phil Muncaster, 09 Oct 2013 creates £500K fund to help universities teach cyber skills

The UK government is putting up a £500,000 fund to develop cyber security skills within universities and colleges, essentially helping them construct innovative teaching methods to provide the skills needed to protect the UK from hackers, malware and other information security threats. The Higher Education Academy will …
John Leyden, 23 Sep 2015
Close-up of a woman's lips, slightly pixelated as if on a CRT TV.  Pic via SXC - no restrictions

'RipSec' goes to Hollywood: how the iCloud celeb hack happened

The chief hacker behind the infamous iCloud celebrity hacks has revealed in a documentary how the group dubbed RipSec shook Hollywood by plundering thousands of naked photos and financial data of Tinsel Town icons. The hacker broke silence and spoke to Canadian tech and producer Travis Doering who provides information security …
Darren Pauli, 25 Sep 2015

Holes found in Pocket Firefox add-on

Information security man Clint Ruoho has detailed server-side vulnerabilities in the popular Pocket add-on bundled with Firefox that may have allowed user reading lists to be populated with malicious links. The since-patched holes were disclosed July 25 and fixed August 17 after a series of botched patches, and gave attackers …
Darren Pauli, 20 Aug 2015
iCloud brute force

Apple promises iCloud security alerts, better 2FA after, er, NAKED Internet of Thingies flap

Apple plans to roll out new iCloud security alerts as well as extending its two-step authentication technology in the wake of this week's privacy flap over nude selfies of Jennifer Lawrence, Kate Upton and other celebs. Private pictures of disrobed (female) celebrities including Oscar winner Lawrence and swimwear model Upton …
John Leyden, 05 Sep 2014

LinkedIn reveals invitation-only bourgeois bug bounty

LinkedIn has revealed the closed-door bug bounty program it has run for the last eight months, paying out $65,000 in vulnerability rewards along the way. But the company is keeping the door to the scheme firmly closed. The if-you-need-to-ask-you'll-never-know bounty is designed to cut you the noise from the signal so that only …
Darren Pauli, 19 Jun 2015
Job cuts jpeg

Layoffs at EMC's RSA security division

RSA, the security division of EMC, has confirmed plans to restructure its business, a move than means an unspecified number of long-term staffers will be shown the door. Details are scarce, for now, but RSA said that it plans to make new hires that will more than offset job losses by start of 2014. It wrote in an email: While …
John Leyden, 20 Sep 2013
Bye bye Olympia

Infosec turns 20 to face battle with BSides, RSAC Unplugged

Infosec 2015 Infosec, the annual IT security trade show, wheeled out the rock stars of the Infosec world for its 20th anniversary this week. Bruce Schneier and John McAfee – the Paul McCartney and Keith Moon of the cybersecurity world – both keynoted as the show return to its original home in Olympia, London following an extended sojourn at …
John Leyden, 04 Jun 2015

Ten years after the Samy worm its discoverer's voice is lost in the din

It has been 10 years since Sydney security bod Wade Alcorn disclosed how cross-site scripting vulnerabilities could be weaponised, a revelation that would one week later see the proof of concept become the fastest-spreading worm ever. There is no direct link between Alcorn's disclosure and Samy Kamkar's eponymously named worm …
Darren Pauli, 17 Aug 2015

Ad slingers beware! Google raises Red Screen of malware Dearth

Watch out dodgy ad slingers and news sites; Google is expanding its 'last line of defence' Chrome feature to brand all security-slacker ad networks as unsafe. The Chocolate Factory will, over coming weeks, expand its Safe Browsing feature such that it throws an ominous Red Screen™ in front of ad networks it says have poor …
Darren Pauli, 17 Jul 2015