Articles about It Security

Crop of doctor with pen and clipboard

EU puts out prescription for smart hospitals

An EU agency has grappled with thorny issues surrounding the adoption of IoT technology in hospitals to draft a series of best practice guidelines. The European Union Agency for Network and Information Security (ENISA) study engaged information security officers from more than 10 hospitals across the EU, painting a picture of …
John Leyden, 25 Nov 2016
Scientist says nope. Photo by SHutterstock

BOFH: The Hypochondriac Boss and the non-random sample

Episode 14 "It's called Selection Bias," I say to the Boss. "What do you mean?" "I mean they're cherry-picking research that supports their opinion." "How?" "Okay, so say I think that playing first person shooter games gives you migraines." "It does," the Boss says. "No it doesn't," the PFY says. "It does - I get them every time …
Simon Travaglia, 25 Nov 2016
shutterstock_213172012

Contracts trading personal data for digital content: Rights to remedy, redress required

Opinion Consumers should not have had to actively provide their personal data in return for digital content to be supplied to them to benefit from consumer protection rights relating to the supply of that content, a committee of MEPs has said. A new directive on contracts for the supply of digital content was proposed by the European …
OUT-LAW.COM, 18 Nov 2016
London financial centre gherkin etc. photo by shutterstock

Losses and sales up, shares down at Sophos

Losses at London Stock Exchange-listed Sophos have gone up despite increasing sales. For the six months up to 30 September, revenues were $256.9m (£207.4m) compared to $234.2m in the same period a year ago. Losses, however, widened from $13.4m to $24.6m on rising R&D costs and more recurring business. Unified Threat …
John Leyden, 09 Nov 2016

Trump's plan: Tariffs on electronics, ban on skilled tech migrants, turn off the internet

The United States Presidential Election has been run and at the time of writing looks almost certainly to have been won by Donald Trump. Which means we now have a decent idea of what's in store for the global technology industry in the next four years. And it looks like a wild ride: Trump's policies include a clamp down on H- …
Simon Sharwood, 09 Nov 2016
Dan Kaminsky

Dan Kaminsky calls for a few good hackers to secure the web

Dan Kaminsky, chief scientist for the cybersecurity firm White Ops, reknowned for fixing flaws in the DNS system, has a new project push on and he's looking for coders to lend a hand. He's currently hosting a four-day hackathon to build a set of tools designed to fix some of the most basic flaws and faults in IT security. …
Iain Thomson, 28 Oct 2016

US DNC hackers blew through SIX zero-days vulns last year alone

Security researchers have shone fresh light on the allegedly Russian state-sponsored hacking crew blamed for ransacking the US Democratic National Committee's computers. Sednit – also known as APT28, Fancy Bear and Sofacy – has been operating since 2004. The cyber-mob has reportedly infiltrated machines operated by targets as …
John Leyden, 20 Oct 2016

Democralypse Now? US election first battle in new age of cyberwarfare

Hacking attempts against more than 10 US state election databases have increased fears about Russian efforts to disrupt or influence the 2016 presidential election. Cyberattacks against voting databases in Arizona, Illinois and at least eight other states have only heightened concerns in the wake of the hack and subsequent …
John Leyden, 18 Oct 2016

Euro Patent Office staff demand new rights to deal with terrifying boss

Staff at the European Patent Office (EPO) have asked its administrative council to adopt new guidelines to protect them from the organization's rampaging president. The open letter [PDF] urges the council – which meets this week in Munich – to adopt the same rules for disciplinary proceedings and internal investigations that …
Kieren McCarthy, 14 Oct 2016
Grain silos by Scott Davis

Data-updater CTERA gets IBM reselling approval stamp

IBM is becoming a CTERA reseller to ship enterprise file services integrated with its SoftLayer, Cleversafe-based, object storage, and fully support it. CTERA provides a cloud storage gateway for file sync and share, and data protection, plus a NAS appliance. It has just gained $25m in a funding round; no doubt the VCs were …
Chris Mellor, 13 Oct 2016

Should Computer Misuse Act offences committed in UK be prosecuted in UK?

Analysis At this week’s Conservative Party Conference there will be a lot of talk about making Brexit happen, putting the “Great” back in Britain, and taking back control of our laws. However, there is one law where the government is reluctant to express much enthusiasm for sovereignty at all; it is the Computer Misuse Act (CMA) 1990. …

Sad reality: It's cheaper to get hacked than build strong IT defenses

Whenever mega-hacks like the Yahoo! fiasco hit the news, inevitably the question gets asked as to why the IT security systems weren't good enough. The answer could be that it's not in a company's financial interest to be secure. A study by the RAND Corporation, published in the Journal of Cybersecurity, looked at the frequency …
Iain Thomson, 23 Sep 2016

Wow, RIP hackers ... It's Cyber-Lord Blunkett to the rescue for UK big biz

A high-profile project has been launched with the aim of strengthening UK enterprises' IT security. The Cyber Highway was launched in London on Tuesday by Lord David Blunkett. The resource offers a “user-friendly online portal for large enterprises that want to strengthen the cyber defence of their supply chain.” Corporations …
John Leyden, 21 Sep 2016
Data breach

Mobile review website MoDaCo coughs to data breach

Smartphone news and reviews site MoDaCo has admitted to a data breach. MoDaCo founder, Paul O’Brien confirmed a security leak (first reported by haveibeenpawned), while playing down its significance. Email and IP addresses together with (hashed) passwords and usernames for up to 875,000 MoDaCo accounts were dumped online. …
John Leyden, 20 Sep 2016
Paul Winchell and dummy

You call it 'hacking.' I call it 'investigation'

Something for the Weekend, Sir? Here's a photo of what I had for lunch! Amazing!!! No it isn't amazing. It's your lunch. You gotta see the new 4k TV I bought today! Thanks for giving me a fascinating, if cursive, inventory of your consumer durables. Took Jonesy out for his walk and he chased a rabbit. Nice to have your pet's name. Could be useful. 28 …
Alistair Dabbs, 16 Sep 2016

Dropbox: Leaked DB of 68 million account passwords is real

A leaked database purported to contain login information for 68 million Dropbox accounts is the real deal. The cloud biz confirmed the authenticity of the records to The Register, with independent verification from IT security guru Troy Hunt. The archive, which is being shared online, contains Dropbox user IDs and hashed …

Hacked hookup site Ashley Madison's security was laughable

Ruby Corp, the rebranded parent company of illicit-affair-arranging outfit Ashley Madison, has had to enter into court-enforceable orders with privacy authorities in Canada and Australia, following the findings of a joint investigation in the two countries. After the company was hacked by Impact Team, it was pretty clear that …
whitehall road in London. <a href="http://www.shutterstock.com/gallery-637816p1.html?cr=00&pl=edit-00">Albert Pego</a> / <a href="http://www.shutterstock.com/editorial?cr=00&pl=edit-00">Shutterstock.com</a>

IT delays helped derail UK's historic child sexual abuse inquiry

Exclusive The British government’s high-profile inquiry into historic child sexual abuse has been hampered by IT delays, which have been a major component of its "legacy of failure”. Since it was announced in 2014, the Independent Inquiry into Child Sexual Abuse (IICSA) into decades of child abuse and corresponding cover-ups has had …
Kat Hall, 16 Aug 2016

Christians Against Poverty pleads for forgiveness over data breach

UK debt relief charity Christians Against Poverty has begun writing to supporters following a data breach that exposed personal details – including phone and bank account numbers, and banking sort codes. Unidentified hackers broke into the charity’s systems in late July. The intrusion was only detected a week later, as an …
John Leyden, 15 Aug 2016

IT security pro salaries: Silicon Valley? You'd be better off in Minneapolis

Minneapolis IT security workers enjoy among the highest salaries of any US city while techies in the heart of San Francisco's tech boom region earn a much lower (cost-of-living-adjusted) wage. Minneapolis, MN tops the list with a $127,757 average (adjusted) salary for a IT Security Specialist (more than 27K more than San Jose …
John Leyden, 15 Aug 2016
spy_eye_648

IT security splurge surge

Worldwide spending on information security products and services will reach $81.6 billion in 2016, an increase of 7.9 per cent over 2015, according to research and advisory firm Gartner. Consulting and IT outsourcing are the largest categories of spending on information security, but this is poised to change. In the run-up to …
John Leyden, 09 Aug 2016
A medical sample cup

Very peed off: Ohio urologists stay zipped after embarrassing leak

A medical group in Ohio has confirmed it was ransacked by miscreants who leaked hundreds of thousands of medical files, financial documents and patient records – but offered little else in the way of an explanation. The Central Ohio Urology Group told The Register it is still working with investigators and IT security experts …
Shaun Nichols, 04 Aug 2016
pwnie

Top infosec top bods praise and damn in Pwnie Awards

Black Hat It’s Black Hat time and that means the Pwnie Awards ceremony, honoring the highlights and bottom feeders of the IT security industry. The ceremony - which hands out gold and technicolored toy ponies that would make a brony salivate - was held on Wednesday night at the Black Hat convention in Las Vegas. The judges that included …
Iain Thomson, 04 Aug 2016

Flame Canada, flame Canada ... Botched govt payroll computers spew smoke ahead of probe

The Ottawa data center housing Phoenix – the Canadian government's bungled payroll system for federal workers – was shut down on Wednesday after smoke was detected inside. The Shared Services Canada server warehouse also housed computers handling government email, as well as some government websites, which were switched off, …
Shaun Nichols, 28 Jul 2016

Bosses at UK infosec biz Quadsys confess to hacking rival reseller

Five men working at UK-based IT security reseller Quadsys confessed today to hacking into a rival's database. Owner Paul Streeter, managing director Paul Cox, director Alistair Barnard, account manager Steve Davies and security consultant Jon Townsend appeared before the beak at Oxford Crown Court. All five pleaded guilty to …
Paul Kunert, 21 Jul 2016
Ruby slippers from wizard of Oz

We ain't in 1996 anymore, Dorothy: SQL Server 2016 proves it

Microsoft has had a database since 1989, initially working with Ashton-Tate and Sybase to create a variant of Sybase SQL Server for IBM’s OS/2. But it wasn’t until 1995 that Microsoft really got serious with SQL Server 6 for Microsoft’s rock-solid server operating system Windows NT. Back then, however, engines like SQL Server …
Mark Whitehorn, 18 Jul 2016
A person hiding in a box

US govt bank insurer 'covered up China hack to protect top boss'

The US Federal Deposit Insurance Corporation – a government agency tasked with safeguarding citizens' bank accounts – deliberately covered up a cyberattack by China to protect its incoming chairman. This is according to a damning report from Republican members of the US House Committee on Science, Space and Technology, who …
Shaun Nichols, 13 Jul 2016
Phone cables, photo via Shutterstock

Comms intercept commish: There were some top secret orders

An oversight body has revealed that secretaries of state for the Home Office and the Foreign and Commonwealth Office have issued at least 23 secret orders to telecommunications companies on national security grounds since 2001. The Interception of Communications Commissioner’s Office (IOCCO) has today published its 55-page …
UN building, photo via Shutterstock

WIPO chief trying to 'fix the composition of the Staff Council' – lawyer

WIPO's director general Francis Gurry is seeking to strengthen his hold on the UN’s global IP group by getting rid of its staff council. A lawyer for the council, Matthew Parish, has written to all United Nations ambassadors expressing concern over Gurry's attempts to alter the composition of the body, whose most recent …
John Oates, 06 Jul 2016

WA government still hopeless at infosec

Western Australia's Auditor General has panned the state's consistently-awful IT security, delivering its report from a site that Chrome warns isn't doing HTTPS right. The agency has been telling the state government it's security is subpar for years. When it ran hostile scans of agency networks in 2011, 14 out of 15 failed to …

SWIFT hackers nick $10m from Ukraine bank

Hackers stole $10m from a Ukrainian bank by – yup, you guessed it – invading its computers and using the inter-bank transfer system SWIFT to shift their loot. The theft from an unnamed Ukrainian bank follows news of cyber-heists at other banks worldwide, most notoriously the lifting of $81m from an account held in New York …
John Leyden, 28 Jun 2016
NBC suit worker image via Shutterstock

You know how that data breach happened? Three words: eBay, hard drives

Users are unwittingly selling sensitive and unencrypted data alongside their devices through the likes of eBay and Craigslist. Secure data erasure firm Blancco Technology Group (BTG) purchased 200 second-hand hard disk drives and solid state drives before conducting a forensic analysis to find out what data was recoverable. …
John Leyden, 28 Jun 2016
Bear attack

Russian government hackers spent a year in our servers, admits DNC

The US Democratic National Committee (DNC) has confirmed that hackers thought to be part of Russian state intelligence have had access to their servers for nearly a year. They have read emails, chat logs, and opposition research documents. The attack was uncovered six weeks ago, after IT admins noticed something strange was …
Iain Thomson, 14 Jun 2016
A partially-eaten langos

Cisco is to spend $10m on infosec scholarships to 'widen talent pool'

Cisco is setting up a $10m scholarship fund to train the next generation of IT security staff. The Global Cybersecurity Scholarship Program will run for two years and will pay for 10,000 applicants to be trained in the art of cyber security. It includes a mentoring program to provide specialist knowledge. The basic coursework …
Iain Thomson, 14 Jun 2016
Boy slurps watermelon. Credit: Shutterstock

Symantec swoops on Blue Coat in $4.65bn deal

Blue Coat has scrapped its IPO plans in favour of a $4.65bn takeover by IT security rival Symantec. Greg Clark, Blue Coat CEO, will take the helm at Symantec, so resolving the question of succession of Mike Brown, who announced his resignation as CEO in April. On a pro-forma basis, the combined company would have $4.4bn in …
Drew Cullen, 13 Jun 2016
Snake oil salesman

NSW government mulls HIV-status database

A state with a poor record for protecting private data, in a country that has no mandatory breach disclosure, wants to add names to a health database containing peoples' HIV status: what could possibly go wrong? The NSW state government is currently considering a regulatory report suggesting the change. The NSW Health …
Screenshot from the movie Airplane!

In-flight movies via BYOD? Just what I always wan... argh no we’re all going to die!

Something for the Weekend, Sir? It’s sunny outside, which can mean only one thing: I am about to go on holiday to a place where it will be pissing down with rain and sleet for the next fortnight. My globetrotting exploits have been limited this year, so I’m looking forward to enjoying my first experience of in-flight entertainment via Wi-Fi to my own device …
Alistair Dabbs, 27 May 2016
Prince philip Thames barrier old control room photo Environment Agency

Landmark computer hacking archive deposited at TNMOC

An archive that tells the story of how the 1980s hack of Prince Philip’s mailbox led to UK anti-hacking legislation has been deposited at The National Museum of Computing (TNMOC). Robert Schifreen, the "white hat" at the centre of the 1980s controversy, compiled the archive, which details Schifreen’s two-year-long legal …
John Leyden, 18 May 2016
Taylor Swift

Inter-bank system SWIFT on security? User manual needs 'revamp’

Updated Inter-banking messaging systems SWIFT’s security guidelines are "outdated and incomplete". The criticism from security vendor Skyport Systems comes days after SWIFT revealed that a second bank had fallen victim to credential theft fraud, creating yet further concern already fuelled by February’s $81m Bangladesh reserve bank …
John Leyden, 16 May 2016
Cash register, photo via Shutterstock

Want a job in security? Lock down US military's supermarkets

The US Department of Defense is looking to form a security team to protect military commissaries from hackers. NextGov has spotted a posting from the Federal Business Opportunities site for an "incident response service" at military commissary shops. According to the job post [Word Doc], the response service contractors will …
Shaun Nichols, 08 Apr 2016
Large leaver switch on a board of push button switches

Lotto 'jackpot fix' code

The Multi-State Lottery's former IT security boss Eddie Tipton smuggled code onto lotto machines that allowed him to predict the numbers drawn on certain days of the month. That's according to investigators in Iowa this week. In July, Tipton was found guilty of fraud in the US state, and was sent down for ten years, for …
Chris Williams, 08 Apr 2016

OK, so the users want corporate apps on the move. Don't Panic

People want to be able to do their job from wherever they happen to be. It's understandable – if you don't need to be in an office chained to your desk then why not work somewhere more convenient? Let's look at five ways to make this achievable. Remote access to local apps At the most basic level you have the traditional …
Dave Cartwright, 30 Mar 2016
SAP Match Insights

Some old SAP systems have default kernel user accounts. Guess what happened next?

Security researchers were able to access default SAP accounts on enterprise systems worldwide by using default passwords. The security snafu meant that SAP systems worldwide were potentially vulnerable to data theft, business process disruption and fraud, specialist security outfit ERP-SEC warned. Joris van de Vis, researcher …
John Leyden, 29 Mar 2016
Water Treatment Centre pipe sluices off water. Photo by Joe Jungmann, released into the public domain

Water treatment plant hacked, chemical mix changed for tap supplies

Hackers infiltrated a water utility’s control system and changed the levels of chemicals being used to treat tap water, we're told. The cyber-attack is documented in this month’s IT security breach report (available here, registration required) from Verizon Security Solutions. The utility in question is referred to using a …
John Leyden, 24 Mar 2016
wham_bang by Roy Lichtenstein

Cyberthreat: How to respond...and when

Spotting threats in cyberspace is like star gazing. There are lots of them out there, but telling them apart and working out which ones are about to go supernova takes experience and skill. You don’t want to pour the same resource into protecting yourself against every single perceived threat, because no budget can support …
Danny Bradbury, 23 Mar 2016

Feds raid 'extortionist' IT security biz Tiversa, CEO put on leave

The CEO of a controversial cybersecurity outfit has been put on leave following an FBI raid of its headquarters. Federal agents raided Tiversa's Pittsburgh office earlier this month looking for evidence in a long-running investigation of its business practices. Soon after the raid, CEO Robert Boback was placed on leave and …
Kieren McCarthy, 18 Mar 2016
Moments of perspiration

Cyberthreat: Learning to live with the risk

Cyberthreats are like the common cold or some other infectious virus; eventually you’re going to get sick. It’s a part of life. They’re always there, lurking just around the corner, waiting to make your life that little bit harder. At the same time, you can’t focus entirely on potential risks to your business at the expense of …
Danny Bradbury, 18 Mar 2016
Hacker with face obscured, wearing a hoodie,  works in front of a bank of monitors. photo by Shutterstock

Is this Romanian man really 'GhostShell'? If so, he risks arrest

Members of the security community are nonplussed by claims that a Romanian hacker “GhostShell” has seemingly risked arrest by doxxing himself in a bid to get a job in information security. The man claiming to be a one-time Anonymous-affiliated hacktivist avoided identification and arrest for four years before apparently outing …
John Leyden, 15 Mar 2016

Polite, helpful? Stop it at once in the name of security

In this article I'm going to talk about the second most important aspect of being an IT manager or engineer. “The second?” I hear you cry. Yes, the second, because the most important aspect is terribly dull and doesn't take 800 words to describe: safety. (And if you think I'm mad, ask yourself whether you'd break down the door …
Dave Cartwright, 14 Mar 2016

DDoS protection biz Incapsula knackers its customers' websites

Glitches at distributed denial-of-service mitigation biz Incapsula left the websites it defends offline twice on Thursday. Incapsula blamed "connectivity issues" for the global PITSTOP, aka the worldwide degradation of its services. "A rare case triggered an issue on the Incapsula service and caused two system-wide errors at …
John Leyden, 10 Mar 2016