Feeds

Articles about It Security

Fail and You

NASDAQ IT security spend: $1bn. Finding mystery malware on its servers: Priceless

NASDAQ servers were infected by malware that exploited two mystery zero-day vulnerabilities, according to a magazine cover story published today. Despite spending a ton of money on computer security, the stock exchange was wide open to attack, we're told. Today's report pulls back the curtain back to reveal a little more about …
Iain Thomson, 17 Jul 2014
Photo of the White House at dusk

White House to world: We don't hoard IT security vulnerabilities

Backing up the NSA's claim that it was caught by surprise by the Heartbleed OpenSSL bug, the White House has tried to explain the rules under which it allows agencies to hoard security vulnerabilities. In this White House blog post, cybersecurity coordinator Michael Daniel says leaving a huge number of vulnerabilities …

Would you hire a hacker to run your security? 'Yes' say Brit IT bosses

More than two in three IT professionals would consider ex-hackers for security roles, providing they have the right skills to do the job, a survey has found. In addition, 40 per cent of respondents to CWJobs' survey of 352 IT bods reckoned there aren't enough skilled security professionals in the UK technology industry. As if …
John Leyden, 30 Sep 2013

Big data minnow swallowed by security player Accumuli

AIM-listed specialist security player Accumuli has coughed £1.9m for small Bracknell-based big data analytics reseller and integrator EQUALIS, it confirmed to the City today. This bolt-on-buy adds a seven-strong band of big data boffins that sell software from Splunk - for which EQUALIS is Blighty's only authorised training …
Paul Kunert, 02 Dec 2013
The Register breaking news

Putting the security jigsaw together

Effective IT security is both important and hard to implement, and it isn’t getting any easier. Central systems are becoming more complex, and keeping up with the ever-changing threat landscape is an ongoing challenge. Then there's the fact that end users are more mobile than ever and increasingly reckon they should be able to …
Tony Lock, 06 Sep 2013
The Register breaking news

A woman in IT is like a dog who speaks: Rare. A woman in IT security?

Women are shunning cyber security even more than they shun the rest of IT, according to a survey. Of the 2,500 people who took cyber security training at QA in 2012, just 6.2 per cent were women. The number of women choosing to take up security courses also declined overall by 19.5 per cent between 2011 and 2012, while the …
Jasper Hamill, 06 Jun 2013
bug on keyboard

Aargh! Bamboozled by security licensing - what works for my family?

And so to El Reg Forums and Edwin, a commentard since 2007, who is having a bit of trouble in choosing IT security software for his family. He writes: I'm rapidly losing my mind in the minefield that is security software, particularly when it comes to licensing many devices... The internet has become useless for this sort of …
Drew Cullen, 19 Feb 2014

India's tough hacker crackdown: IT security leaflets with every device

India has reportedly concocted a plan to cut down on IT security problems: forcing hardware vendors to include a security awareness brochure with all desktop PCs, mobile phones and USB modems. The plans were dreamt up to improve the country’s cyber security preparedness, in response to the increasing volume of online threats …
Phil Muncaster, 14 Jan 2013
The Register breaking news

Bit9 hacked after it forgot to install ITS OWN security product

IT security biz Bit9's private digital certificates were copied by hackers and used to cryptographically sign malware to infect the company's customers. The software-whitelisting firm's certificates were swiped when its core systems were hacked last week. The intruders then signed malicious code and distributed it to the company …
John Leyden, 11 Feb 2013
GCHQ is following you on Twitter, Faceboo, email...

GCHQ's CESG CCP 4 UK GOV IT BFFs? LOL RTFA INFOSEC VIPs ASAP

Britain's global eavesdropping nerve-centre GCHQ hopes to turn its certificates of IT security competence into an industry standard - by awarding them to bods in the private as well as public sector. The CESG (Communications-Electronics Security Group) Certified Professional scheme (CCP) was launched in October, and is handed …
John Leyden, 01 Oct 2013
Parliament in the clouds

Devs SLAM UK.gov's JavaScript-astic, 'shoddy' security education website

A high profile UK government cyber security campaign aimed at changing attitudes to online security has come under criticism for the poor quality of its expensive website. Cyber Streetwise was launched with great fanfare, and much positive comment from the IT security biz, last month. It was part of a campaign led by the Home …
John Leyden, 14 Feb 2014

DARPA slaps $2m on the bar for the ULTIMATE security bug SLAYER

It's a bad day for the vulnerability scanning industry: DARPA has announced a new multi-million-dollar competition to build a system that will be able to automatically analyze code, find its weak spots, and patch them against attack. Mike Walker, DARPA program manager, said that the challenge was to start a "revolution for …
Iain Thomson, 22 Oct 2013

Too much infosec regulation undermines security, warns NAB

More prescriptive regulation of the security posture in industry sectors like banking could have the paradoxical impact of reducing security, according to Andrew Dell, head of IT security services at the National Australia Bank. “We have to become much more agile and proactive – how we look at, how we react to cybercrime. Our …
hands waving dollar bills in the air

Reconceptualising IT security

Traditional approaches to information security are incapable of dealing with today's threats. Just as the attackers have evolved, so the security industry needs to adopt new architectural models and techniques to deliver appropriate protection without imposing unnecessary costs. In a nutshell this is the thesis of our latest …
Miatta Momoh, 14 Apr 2011
india

IT industry to benefit from India's new government

New Indian prime minister Narendra Modi's Bharatiya Janata political party will be good for Indian IT on two fronts, analysts say. Modi was elected two weeks ago after a marathon campaign and election at which over 800 million people were eligible to vote. The Bharatiya Janata political (BJP) secured over 171 million votes and …
Simon Sharwood, 26 May 2014
The Register breaking news

Experts: Network security deteriorating, privacy a lost cause

Internet and network security is bad, and it's going to get worse before it gets better. To make it better, CIOs and IT admins need to rethink the way that they approach protecting their networks from hackers and other miscreants. "We've got North Korea with ICBMs and we've got Iran developing an atomic bomb, but that's not our …
Rik Myslewski, 24 May 2013
The Register breaking news

Security still slack in WA government agencies

While not as utterly hopeless as last year, IT security is still troublesome in Western Australia’s government agencies. In last year’s annual audit, the Auditor General strolled through fourteen agency networks in an undetected penetration test. This year, the auditor’s staff have looked at payment security in nine agencies, as …

Online crims are getting away with it down under

Law enforcement agencies charged with investigating online crime might actually be sitting at their desks gorging on donuts in Australia, if the nation's Computer Emergency Response Team' survey of stakeholders is to be trusted. The results of that survey, published today, states that “Out of those respondents who did report a …
Simon Sharwood, 18 Feb 2013

Who's riddling Windows PCs with gaping holes? It's your crApps

Nearly nine out of ten security vulnerabilities in Windows computers last year were the fault of popular third-party applications, as opposed to Microsoft's own software. That's according to security biz Secunia, which analysed flaws found in the most-used 50 Windows programs - 29 from Microsoft (including its operating system …
John Leyden, 15 Mar 2013
The Register breaking news

UK boffins get £3.8m pot to probe 'science of cyber-security'

GCHQ, the UK's nerve-centre for eavesdropping spooks, has established what's billed as Blighty's first academic research institute to investigate the "science of cyber security". The lab - which was set up with the Research Councils' Global Uncertainties Programme and the government's Department for Business, Innovation and …
John Leyden, 14 Sep 2012

Security damn well IS a dirty word, actually

An interesting feature popped up on Ars Technica recently; website journo Nate Anderson discusses how he learned to crack passwords. The feature is good; good enough for to me to flag it up despite that journalistic competition thing*. That said, the feature gently nudges – but does not explore – a few important points that are …
Trevor Pott, 26 Mar 2013
Sign outside the National Security Agency HQ

Don't panic! Mega cloud biz group says NSA just one among many threats

Enterprises are being told to not abandon the cloud out of fear of possible threats to their data security posed by US government snoops. The Open Data Center Alliance (ODCA) has advised big companies the benefits of cloud – escaping their legacy IT – far outweigh risks of the National Security Agency pilfering their secrets. …
Gavin Clarke, 07 Jul 2014

Hate keeping your systems updated and secure? So does Uncle Sam

A Senate report has cast doubt on the ability of many of the US's largest government agencies to properly secure and maintain their systems. The report, authored by Senator Tom Coburn (R-OK) and his fellow Republican members of the Senate Homeland Security and Governmental Affairs Committee, detailed incidents in government …
Shaun Nichols, 06 Feb 2014
Blasphemous Password

You CAN'T bust into our login app's password vault, insists Roboform

Password management company RoboForm has tweaked how the mobile version of its password manager works in response to criticism by a security expert. Yet the firm rejects further criticisms that its technology might easily be circumvented. IT security contractor Paul Moore discovered a pair of what he argues are potentially …
John Leyden, 03 Jul 2014
Hacker mug 06.12.02

Ethical hacker backer hacked, warns of email ransack

The IT security certification body that runs the Certified Ethical Hacker programme has itself been hacked. The EC-Council said the same hackers who ran the DNS poisoning attack that resulted in the defacement of its website in late February had also managed to access the control panel for its website after breaking into the …
John Leyden, 13 Mar 2014
French cartoon, 1790: devil disguised as man walking tightrope

Happy now? Mobiles, cloud, big data now 'a growing security risk'

Innovations in mobile and cloud computing, social technology and the use of "big data" present an emerging risk to organisations' IT security, experts have warned. The European Network and Information Security Agency (ENISA), which is an EU advisory body, said that those technologies would increasingly provide the platform for " …
OUT-LAW.COM, 11 Jan 2013
Parliament in the clouds

Crack CERT warriors arrive to save UK from grid-crippling hack attacks

The UK is finally getting a national Computer Emergency Response Team (CERT), with the delayed launch of the organisation taking place today. CERT-UK, a key component of the government's £650m National Cyber Security Strategy, will co-ordinate responses to hacking and malware-based cyber attacks on a national level. The …
John Leyden, 31 Mar 2014

Win a free pass to RSA Conference Europe

RSA Conference 2013 opens its doors in Amsterdam on October 29: wanna go? The Register is a media partner for this top ranking IT security event, and we have two free delegate passes to give away. We will select the winner by way of prize draw open to all subscribers to The Register's weekly IT security newsletter. On Wednesday …
David Gordon, 21 Oct 2013
The Register breaking news

Experts troll 'biggest security mag in the world' with DICKish submission

Security researchers have taken revenge on a publishing outlet that spams them with requests to write unpaid articles – by using a bogus submission to satirise the outlet's low editorial standards. Hakin9 rather grandly bills itself as the "biggest IT security magazine in the world", published for 10 years, and claims to have a …
John Leyden, 05 Oct 2012
The Register breaking news

'Chromecast - recycle it after a long fulfilling life of kitten videos'

This was the week when the reviews, teardowns, commentaries and analyses of Google's 35-buck media-streaming HDMI dongle Chromecast came flooding in. Though there were those who were blown away, those who loved its pure simplicity and those who reckoned that the Chocolate Factory's dominance of TV was just around the corner, …

A couple of whitepapers about SIEM

In our first visit to the Reg whitepaper library in some time, we took time out to inspect the security pitches. Here is a couple of vendor papers about SIEM (security information and event management) software that we thought deserved a wider airing. Registration is, as per usual, required. Data control in the cloud This …
David Gordon, 05 Jun 2013
The Register breaking news

SaaS security: it comes down to knowing what you are doing

In this workshop on Software as a Service (SaaS), we’ve been having a good look at the issues of risk, trust and security in the cloud. A lot of things have happened recently that may cause us to think twice about SaaS and risk – Flickr showed just how absurd things can get if policies and processes are not properly thought …
Andrew Buss, 15 Feb 2011
The Register breaking news

Tripwire buys nCircle

IT security firm Tripwire has agreed to acquire vulnerability management specialists nCircle. Terms of the deal, announced Monday, were undisclosed. Combining forces will allow the development of technologies that will enable senior security officers to make risk-based security decisions that align with business priorities and …
John Leyden, 11 Mar 2013
The Register breaking news

Panda Security axes jobs, gets new chief exec

Spanish anti-virus firm Panda Security has announced plans to cut its workforce in response to a sustained drop in sales. Panda, which employs 1,000 worldwide as part of either its core business or in local franchises, plans to lay off 120 (or around 35 per cent) of its workforce at its headquarters in Bilbao. A further eight …
John Leyden, 26 Sep 2011
The Register breaking news

The IT security blame game

The word “governance” is one that tends to make most peoples’ eyes glaze over. But whether we are talking about running a corporation, managing an IT department or dealing with IT security, there has to be a mechanism in place for making sure that the right things are taken care of in an acceptable manner. And cutting through …
Jon Collins, 17 May 2010

NYT crackers get busy again, claims vendor

Security vendor FireEye believes it's spotted signs that the attackers who breached the New York Times' network last year are busy again – and that they've improved the malware they're using. The vendor says the group, dubbed APT 12, has revised the Aumlib and "lxeshe" malware in the time between January and now. January was …
channel

Bytes swallows Security Partnerships

Surrey-based Bytes Technology Group has swallowed Security Partnerships (SP) in a bid to start reducing its software division's reliance on Microsoft licensing. Bytes has forked out for a couple of Xerox concessionaires in the past half decade, buying Xclusive in 2006 and Planflow Systems two years later, but has been relatively …
Paul Kunert, 02 Aug 2011
channel_partners_deal_handshake

Ex-pats take note: China IT salaries set to jump 40 per cent

Salary hikes of up to 40 per cent could be on offer for IT pros in China this year as the surging demand for specialised skills offers certain ex-pat professionals some new opportunities for a change of scene in 2013. International recruiter Michael Page’s annual Salary & Employment Forecast (PDF) for China reveals a booming …
Phil Muncaster, 18 Feb 2013
broken smashed harddrives forensics

Privacy International probes GCHQ's mouse fetish

Privacy International is probing hardware manufacturers about what data can be stored on peripherals after it was revealed the GCHQ specifically targeted trackpads, keyboards and monitors in its destruction of Snowden files held by the Guardian's UK office. Blighty's G-Men oversaw the destruction of storage devices and computers …
Darren Pauli, 23 May 2014
The Register breaking news

Is it possible to measure IT Security?

It is a commonly held principle in many areas of business that if you can’t measure something “quantitatively”, it will be difficult to raise the quality objectively. The applicability of this statement to the world of IT security is clear. Without having some form of metrics in place, it is tough, if not impossible, to judge …
Tony Lock, 28 May 2010
workman in high vis jacket bent over, super-imposed on cloud background

The reseller lining in the SME security cloud

On paper, the cloud is a wonderful thing for small businesses. It gives even the smallest of firms access to enterprise-level software, reduces capital expenditure, and is increasingly seen as being a good move for security, too. This is a turnaround in recent months, says Ben Gower, MD at Perspicuity, a UK SaaS (software-as-a- …
Lucy Sherriff, 21 Jun 2012
The Register breaking news

Incompetence a bigger IT security threat than malign insiders

Accidental security incidents involving workers happen more frequently and have the greater potential for negative impact than malicious insider attacks, according to new research from RSA. The poll of 400 top level execs in the UK, France, Germany and the US casts doubt on the conventional wisdom that malicious insiders are the …
John Leyden, 25 Aug 2009
The Register breaking news

IT bods to prove their prowess in bed with spooks

The British Computer Society has launched a pilot scheme to certify information assurance professionals in government. The full scheme will be launched in January 2012 and will focus on developing and delivering an Information Assurance Specialist Certification Scheme for anyone working in a government department or those …

You. Netgear ReadyNAS owners. Have you closed your gaping holes today?

IT security biz Tripwire warns that a critical security vulnerability in some Netgear storage devices is going unnoticed by users, partly because the vendor has downplayed its importance. Writing on his company blog, Tripwire researcher Craig Young says although Netgear issued a patch for its RAIDiator firmware in July to squash …
Sky's Sainsbury's iPad shopping trolley

BYOD: The great small biz security headache

After surveying more than 1600 IT professionals late last year, the analyst firm Freeform Dynamics concluded that the consumerisation of IT is a real thing, and it is not just down to those pesky young people and their shiny iPads. Company founder Dale Vile says the trend is driven not just by the so-called digital natives, but …
Lucy Sherriff, 18 Jun 2012
Netgear ITV2000

Netgear router admin hole is WIDE OPEN, but DON'T you dare go in, warns infosec bod

Netgear has promised to release a patch next month to fix a recently discovered vulnerability that lets attackers take control of unguarded kit. Security flaws in the firmware that ships with the latest versions of Netgear's WNDR3700 wireless router mean that miscreants can bypass authentication before accessing the …
John Leyden, 25 Oct 2013
The Register breaking news

Where to start with IT Security

In a short series of webcasts The Register's expert panel will be tackling the current state of the security market. Over the course of the next few weeks the experts will be looking into a variety of topics, from treating the main risks to the importance of an evolving security solution, and what 2009 has in store. Starting …
Team Register, 13 Mar 2009
Printed key

French gov used fake Google certificate to read its workers' traffic

A French government agency has been caught signing SSL certificates and impersonating Google. The bogus certificates were endorsed by the certificate authority of the French Treasury, DG Trésor. And the Treasury's own authorisation certificate was, in turn, vouched for by IGC/A (Infrastructure de Gestion de la Confiance de l' …
John Leyden, 10 Dec 2013
bug on keyboard

Remember Anna Kournikova? Come with us on a tour of bug-squishing history

Brain. No, it’s not some Skynet AI drone, nor is it the blob that was always out to get the Teenage Mutant Hero Turtles. It is the name of the first PC virus, dating back to 1986. The two Pakistani brothers, Basit and Amjad Farooq Alvi, who wrote it did not have malicious intentions: they simply wanted to scare people running …
Tom Brewster, 03 Jun 2014
channel

Online ID theft, an employee IT security guide

Tired of telling the net numpties at work to smarten their act on email security? Is the company's message about the dangers of online id theft falling on deaf ears? We have the just the right material for you to distribute to your workforce. The Register has teamed up with Messagelabs to offer the Employee IT Security Guide, a …
Team Register, 22 Sep 2009