Articles about Information Security

'Security, privacy' main barrier to 'government cloud' rollout in EU

Security and privacy issues are holding back "the cloudification of governmental services" in the EU, according to a new report. The European Union Agency for Network and Information Security (ENISA) said concerns about how sensitive data is protected in a cloud computing environment have not been resolved. It said data security …
OUT-LAW.COM, 04 Mar 2015
Drawing of brain

Europe's cyber security agency wants pick your infosec BRAINS

Do you work in the ICT sector? If so, Europe’s top cyber security agency wants you. ENISA (The European Union Agency for Network and Information Security) is looking for 20 experts to join its “Permanent Stakeholders’ Group”. Self-declared experts who work in the ICT sector for fixed and mobile electronic communications …
Jennifer Baker, 07 Nov 2014

Scouts take down database due to 'security vulnerabilities'

The Scouts Association has taken down its Compass database, which holds the records of nearly half-a-million young people and adult volunteers, after discovering a "potential security vulnerability," The Register can reveal. In a letter seen by El Reg and addressed to members this morning, the association said the decision was …
Kat Hall, 28 Jan 2015

Sucker for punishment? Join Sony's security team

Sony is seeking a steely-willed vulnerability management director in the wake of its thorough hosing by unknown attackers. The beleaguered media giant posted an online advertisement Friday seeking a security bod boasting a decade's hacking experience to, among other things, "Unify and enhance Sony’s global information security …
Darren Pauli, 23 Dec 2014
Hacked sarcasm

Biz coughs up even less for security, despite mega breach losses

Information security budgets are falling despite a continuing rise in the number of attacks, according to a new report by management consultants PwC. Detected security incidents have increased 66 per cent year-over-year since 2009, reaching the equivalent of 117,339 attacks per day, according to PwC's "The Global State of …
John Leyden, 01 Oct 2014

Moscow, Beijing poised to sign deal on joint cyber security ops

Moscow and Beijing will next month sign a deal to commence joint information security projects and operations, and to increase cooperation in the space, according to a popular Russian newspaper with ties to President Vladimir Putin. Kommersant owned by Russia's richest man and President Putin ally Alisher Usmanov reported ( …
Darren Pauli, 24 Oct 2014
Keep out sign with deleted expletive

US watchdog: Anthem snubbed our security audits before and after enormous hack attack

A year or so before American health insurer Anthem admitted it had been ruthlessly ransacked by hackers, a US federal watchdog had offered to audit the giant's computer security – but was rebuffed. And, after miscreants looted Anthem's servers and accessed up to 88.8 million private records, the watchdog again offered to audit …
Shaun Nichols, 05 Mar 2015
GCHQ as seen on Google Earth

O2 vs Vodafone: Mobe firms grab for GCHQ, gov.uk security badge

Both Vodafone and O2 are claiming to be the best mobile phone network for people, particularly government people, who are worried about security. O2 is crowing about achieving the secure and government-approved network certification known as CAS(T), which stands for CESG Assured Service (Telecommunications), O2 being the first …
Simon Rockman, 11 Aug 2014
Pile of mobiles

Will security concerns scupper your BYOD policy?

Analysis Almost everyone involved in IT fears BYOD to some extent. That’s largely because they are terrified of careless colleagues costing the business a shed load of money. But small to medium sized businesses who lack the budget and resources to do security well fear BYOD more than most. Just this week, Hugh Boyes from the Institution …
Tom Brewster, 29 Nov 2014

Adobe CSO offers Oracle security lesson: Go click-to-play

Oracle could have saved mountains of cash and bad press if Click-to-Play was enabled before Java was hosed by an armada of zero day vulnerabilities, Adobe security boss Brad Arkin says. The simple fix introduced into browsers over the last year stopped the then zero day blitzkrieg in its tracks by forcing users to click a button …
Darren Pauli, 16 Oct 2014

Euro security agency says MORE crypto needed in gov policy

Governments need to build more privacy into legislation,technology vendors need to step up and compliance cops should crack down to push privacy-enhancing technologies out of the labs, says the European Union Agency for Network and Information Security (ENISA). The agency has issued a report, Privacy and Data Protection by …
Darren Pauli, 14 Jan 2015
management management4

Security: Sweet brief for rare man Roche, new boss of Fujitsu TS

Fujitsu company veteran Tom Roche has grabbed the chieftain's chair at the Technology Solutions unit with a specific brief to boost security sales. The post became vacant last month when former boss Michael Keegan was made overlord of UK ops for Fujitsu, replacing Duncan Tait who was lifted to the head of the EMEIA organisation …
Paul Kunert, 18 Jun 2014

Trustwave gobbles up Application Security, gorges itself on tech

Data security biz Trustwave has acquired fellow data security provider Application Security, a startup that specialises in automated database security scanning technologies. Financial terms of the deal, announced on Monday, were undisclosed. Privately-held Application Security develops security software for relational databases …
John Leyden, 12 Nov 2013

Cyber security: Do the experts need letters after their name?

Despite its reticence over everything Snowden, GCHQ has been awfully proud of its work with academia over the last year. Though it has always worked closely with universities, the Cheltenham-based spy agency has given its backing to various government initiatives designed to give a fillip to British cyber-security wannabes and …
Tom Brewster, 17 Nov 2014

Japan needs 80,000 EXTRA info-security bods to stay safe

Japan has an 80,000 shortfall in infosec professionals, and needs to provide extra training for more than half of those currently in the industry, if it’s to protect key IT systems from attack, according to the government. A government panel of information security experts met back in June to draw up a long term plan to address …
Phil Muncaster, 09 Oct 2013
iCloud brute force

Apple promises iCloud security alerts, better 2FA after, er, NAKED Internet of Thingies flap

Apple plans to roll out new iCloud security alerts as well as extending its two-step authentication technology in the wake of this week's privacy flap over nude selfies of Jennifer Lawrence, Kate Upton and other celebs. Private pictures of disrobed (female) celebrities including Oscar winner Lawrence and swimwear model Upton …
John Leyden, 05 Sep 2014

VMware's tool to harden virtual networks: a spreadsheet

VMware has released a guide to hardening its NSX virtual networking and product. The guide published online by VMware information security professional Pravin Goyal, covers management, control and data planes. It recommends including audit logs and system events in backups, enabling and securing remote logging for the NSX …
Darren Pauli, 14 Oct 2014
Job cuts jpeg

Layoffs at EMC's RSA security division

RSA, the security division of EMC, has confirmed plans to restructure its business, a move than means an unspecified number of long-term staffers will be shown the door. Details are scarce, for now, but RSA said that it plans to make new hires that will more than offset job losses by start of 2014. It wrote in an email: While …
John Leyden, 20 Sep 2013

ALL comp-sci courses will have compulsory infosec lessons – UK.gov

Cyber-security will appear on the UK curriculum from next year in a bid to get more kids into the industry, the government has announced. The topic will be a key part of UK computing and digital further education qualifications from September 2016, Cabinet Office minister Francis Maude said today. Its inclusion is part of a …
Kat Hall, 10 Mar 2015
Diversion

Email-sniffing Linkedin Intro NOT security threat, insists biz network

LinkedIn, the social network for suits, has come out in defence of its LinkedIn Intro app after security researchers panned it for making users' emails vulnerable to hackers. LinkedIn Intro is an iOS application that allows iPhone or fondleslab users to route their email through so that they receive background information on an …
John Leyden, 29 Oct 2013

Definitions matter. For crying out loud, securobods, BE SPECIFIC – ENISA

Definitions matter when your infrastructure is under threat says European Union Agency for Network and Information Security (ENISA). ENISA’s latest report, published on Thursday, concludes that there is an increase in the occurrence of routing threats, DNS threats and DDoS attacks to internet infrastructure. Its advice? Get your …
Jennifer Baker, 15 Jan 2015
Parliament in the clouds

Home Office launches £4m cyber security awareness scheme

The UK Home Office has launched a new £4m information security awareness campaign, designed to educate businesses and consumers about rising hacker threats. The first stage of the campaign is due to get underway in the autumn. The scheme will sit alongside other more established information security initiatives, such as Get Safe …
John Leyden, 24 Jun 2013

Dell denies 'insecure autoupdate app' flings open PC backdoor

Dell has denied building backdoors into its kit following a security researcher's discovery of an insecure update assistant app. Tom Forbes alleges that the Dell Service Tag Detector app* is so insecure that it creates a backdoor on machines it is installed upon. More specifically, Forbes alleges that the app caries a Remote …
John Leyden, 24 Mar 2015

Energy firms' security so POOR, insurers REFUSE to take their cash

Underwriters are reportedly refusing to insure energy firms because poor security controls are leaving them wide open to attacks by hackers and malware infestations. Lloyd's of London told the BBC they had seen a surge in requests for insurance from energy sector firms but poor test scores from security risk assessors means that …
John Leyden, 27 Feb 2014

KPMG cuts its funding for UK.gov's Cyber Security Challenge

KPMG is cutting back on its sponsorship of the UK government-backed Cyber Security Challenge after concluding the puzzle-based focus of the competition is failing to attract the right kind of potential recruits into the infosec profession. Senior security staff at the professional services firm told Computing that it was scaling …
John Leyden, 17 Jan 2014
GCHQ road sign

GCHQ names the Hogwarts for Hackers

The UK's Government Communications Headquarters (GCHQ) has certified six Masters of Cyber Security degrees. The certifications were issued under the UK's Cyber Security Strategy that, among other things, calls for the nation to “Strengthen postgraduate education to expand the pool of experts with in-depth knowledge of cyber.” …
Simon Sharwood, 04 Aug 2014

Who'd be Target's infosec chief? Tesco CIO joins hack-battered firm

UK retail giant Tesco has lost its veteran CIO to Target, whose IT chief is stepping down after just a year. Tesco’s Mike McNamara is taking charge of Target’s IT operations at 1,790 retail stores, 37 distribution centers, global development and online. He replaces Bob DeRodes, hired in spring 2014 after US retailer Target lost …
Gavin Clarke, 04 Feb 2015
padlock

Yahoo! spaffs! out! plugin! to! bring! crypto! to! everyone's! email!

Yahoo! has shown off an OpenPGP-based end-to-end e-mail encryption it says will be offered as a plug-in by the end of the year. Its aim is to make PGP-based encryption more accessible to the everyday layperson. Described in this blog post by Purple Palace chief information security officer Alex Stamos, the mail encryption code …
Sad cloud

EU governments are CRAP at cloud, moans Brussels' infosec watchdog

European governments haven’t got a clue how to implement cloud services. So say the EU's own cybersecurity experts. ENISA (the European Network and Information Security Agency) has released a report on the adoption of something it calls “Gov Cloud”, defined as “a deployment model to build and deliver services to state agencies ( …
Jennifer Baker, 28 Feb 2015

DARPA slaps $2m on the bar for the ULTIMATE security bug SLAYER

It's a bad day for the vulnerability scanning industry: DARPA has announced a new multi-million-dollar competition to build a system that will be able to automatically analyze code, find its weak spots, and patch them against attack. Mike Walker, DARPA program manager, said that the challenge was to start a "revolution for …
Iain Thomson, 22 Oct 2013

RSA boss demands revamp of outdated privacy, security regs

RSA Europe Corporate security policies that simply adopt regulations and obsess over privacy are stuck in the last century, according to senior execs at security biz RSA. Tom Heiser, president of the EMC-owned outfit, told delegates to the RSA Europe conference that efforts to comply with red tape and standards is fruitless as the rules …
John Leyden, 10 Oct 2012
The Register breaking news

Step forward the chief information security officer

What does the modern chief information security officer (Ciso) look like? The role used to be little more than acting as a glorified sysadmin but things have changed. These days, Cisos must be all-rounders, concentrating not just on technology but on business too. “In recent years, the role of the Ciso has become more business …
Danny Bradbury, 15 Nov 2011

Knives out for new EU rules forcing govts to reveal hacker attacks

Talks began on a new computer security law for Europe on Tuesday night. National ministers, the European Commission and MEPs got together for the first time in an attempt to nail down the wording in the proposed Network and Information Security (NIS) Directive. When it was proposed by the commission early last year, the draft …
Jennifer Baker, 14 Oct 2014

Forging administrator cookies and crocking crypto ... for dummies

Security pro Laurens Van Houtven has created a free introduction cryptography course to help programmers lift their infosec game. The Crypto 101 book contained everything needed to understand complete systems including block and stream ciphers; hash functions; message authentication codes; public key encryption; key agreement …
Darren Pauli, 04 Nov 2014
management governance3

New security standard for CHAPS who have your CREDIT CARD data

A new version of the PCI-DSS payment card industry standard was published yesterday, and is due to come into effect at the start of January. The new rules place a greater emphasis on promoting improved security rather than complying with pre-set rules. PCI DSS 3.0 is designed to "help organisations take a proactive approach to …
John Leyden, 08 Nov 2013
The Register breaking news

Google offers limited data on National Security Letters

Google has expanded its semiannual Transparency Report to include data about National Security Letters (NSLs) – albeit only a very small amount of data, given the strict secrecy that continues to surround the controversial documents. NSLs are letters written by US government agencies – usually the FBI, but occasionally such …
Neil McAllister, 05 Mar 2013

It's a post-Sony hack world as Blue Coat sells for $2.4 BILLION

Blue Coat Systems is to be acquired by Bain Capital in an all-cash transaction valued at approximately $2.4bn, possibly preparing the company to go public again following its capture by Thoma Bravo for $1.3bn in 2012. Blue Coat, declaring “strong market share and revenue growth” of late, focuses upon providing network and …
North Korean leader Kim Jong-un

Prez Obama slaps sanctions on Norks in payback for Sony hack

The Obama administration has imposed new economic sanctions on North Korea in retaliation for its alleged, and frankly barely believable, involvement in the Sony Pictures mega-hack. Citing the Norks' "destructive and destabilizing conduct," US Treasury Secretary Jacob Lew said in a statement on Friday that the Treasury …
Neil McAllister, 02 Jan 2015

FIRST standards to clean up messy CERTs

The global gathering of incident responders FIRST is spearheading a global standards effort to reform and unify the operations of government and large enterprise computer emergency response teams (CERTs). The Forum of Incident Response and Security Teams (FIRST) has tipped US$500,000 into the effort and has received backing from …
Darren Pauli, 20 Oct 2014

Hackable intercom lets you SPY on fellow apartment-dwellers

Kiwicon Kiwi hacker Caleb "alhazred" Anderson has popped a video intercom device that could have allowed him to spy on the 700 apartments in his building. The GrandStream GXV3175 intercom unit has been patched after Anderson - who by day serves as Context Information Security's lead consultant - began the attack while "inspired" by a …
Darren Pauli, 12 Dec 2014
Sydney harbour bridge poking out of the clouds

Australia mandates* cloud use by government agencies

Australia's Department of Finance has updated its Cloud Policy to say “... agencies now must adopt cloud”. Those italics are the Department's, and it also has some qualifications for the edict, namely that cloud should only be adopted “where it is fit for purpose, provides adequate protection of data and delivers value for money …
Simon Sharwood, 08 Oct 2014
The Register breaking news

PayPal security boss: OBLITERATE passwords from THE PLANET

PayPal has declared war on the password - and wants a better way for folks to perform open sesame on their own internet accounts. Speaking at the Interop security conference in Las Vegas yesterday, Michael Barrett, chief information security officer at PayPal, talked about his work to create an open standard that could remove …
Jasper Hamill, 10 May 2013
Sony Pictures

Sony hack was good news for INSURERS and INVESTORS

Whoever hacked Sony Entertainment at the end of November changed information security forever. Where once hackers had been most concerned to gain access to the honeypots of credit cards and bank accounts, this theft had a different goal, one that became clear with the steady release of Sony’s most intimate secrets throughout …
Mark Pesce, 15 Jan 2015
The Register breaking news

Samsung: Smart TV security hole is so minor we'll fix it immediately

Samsung has downplayed the significance of a data-leaking security bug in its Smart TVs, but promised to close the hole by January. Earlier this month Malta-based startup ReVuln said it had discovered a vulnerability that allows hackers to remotely copy data off USB drives connected to a Samsung TV LED 3D and other Smart TVs, …
John Leyden, 19 Dec 2012
The Register breaking news

UK faces hacking doom, but think of the money, security startups!

Infosec 2013 The UK government is hit by more than 33,000 pieces of malicious email a day, ranging from casual phishing to targeted espionage attacks. Chloe Smith, minister for political and constitutional reform at the Cabinet Office, told delegates at the Infosecurity Europe conference on Wednesday that despite this onslaught cyber …
John Leyden, 25 Apr 2013
Nuclear bomb image

Hold on to your hats, we're ready to talk turkey on cybersecurity law, say ministers

European ministers said on Wednesday they are ready to negotiate a new cybersecurity law with the European Parliament and Commission. The proposed Network and Information Security (NIS) Directive would force operators that provide essential services (such as energy, transport, banking, and healthcare) and key internet enablers ( …
Jennifer Baker, 12 Mar 2015
Hacked sarcasm

Oz privacy comish says breaches could double this year

The office of Australia's Federal Privacy Commissioner has received 60 voluntary data breach notifications in the six months since 12 March compared to 71 received in the 2014 financial year. The statistics provide to Vulture South and repeated at the Australian Information Security Association conference include all manner of …
Darren Pauli, 20 Oct 2014

China and Russia start again with this UN internet takeover bull****

A new submission to the UN's General Assembly from China, Russia and the 'stans may reignite fears of a government takeover of the internet. Dated 13 January but only appearing now in English, the document (A/69/723) [PDF] is an "update" of the countries' "international code of conduct for information security." That code of …
Kieren McCarthy, 04 Feb 2015

‪Obama criticises China's mandatory backdoor tech import rules

US prez Barack ‪Obama has criticised China's new tech rules‬, urging the country to reverse the policy if it wants a business-as-usual situation with the US to continue. As previously reported, proposed new regulations from the Chinese government would require technology firms to create backdoors and provide source code to the …
John Leyden, 05 Mar 2015

Cisco okayed for UK government comms

Cisco has had a bunch of products certified as secure by the GCHQ's information security arm, the Communications & Electronics Security Group (CESG). The certification only covers the products to handle information up to the UK government's “Official” classification – that is, most government information. However, as the …