Articles about It Security

Fail and You

NASDAQ IT security spend: $1bn. Finding mystery malware on its servers: Priceless

NASDAQ servers were infected by malware that exploited two mystery zero-day vulnerabilities, according to a magazine cover story published today. Despite spending a ton of money on computer security, the stock exchange was wide open to attack, we're told. Today's report pulls back the curtain back to reveal a little more about …
Iain Thomson, 17 Jul 2014
Photo of the White House at dusk

White House to world: We don't hoard IT security vulnerabilities

Backing up the NSA's claim that it was caught by surprise by the Heartbleed OpenSSL bug, the White House has tried to explain the rules under which it allows agencies to hoard security vulnerabilities. In this White House blog post, cybersecurity coordinator Michael Daniel says leaving a huge number of vulnerabilities …

Would you hire a hacker to run your security? 'Yes' say Brit IT bosses

More than two in three IT professionals would consider ex-hackers for security roles, providing they have the right skills to do the job, a survey has found. In addition, 40 per cent of respondents to CWJobs' survey of 352 IT bods reckoned there aren't enough skilled security professionals in the UK technology industry. As if …
John Leyden, 30 Sep 2013
IT Crowd. Source: Channel 4 / 2entertain

'Shadow IT' gradually sapping power and budget from CIOs

The CIO's power over IT budgets is being slowly eroded, with spend now increasingly dispersed throughout organisations, according to a survey of 1,000 IT "decision-makers". The research from BT said CIOs now face a "Darwinian moment", with 76 per cent reporting unauthorized "shadow IT" within their businesses - an element that …
Kat Hall, 15 Dec 2014

Security products: Best of breed or create your own monster?

IT security is not just about antivirus or firewall products anymore. There is a whole layer cake of different product types designed to protect your organisation in different ways. It is a stack, in much the same way as TCP-IP networking or web server functionality has stacks of functionality. The question is, what's the best …
Danny Bradbury, 07 Nov 2014

Big data minnow swallowed by security player Accumuli

AIM-listed specialist security player Accumuli has coughed £1.9m for small Bracknell-based big data analytics reseller and integrator EQUALIS, it confirmed to the City today. This bolt-on-buy adds a seven-strong band of big data boffins that sell software from Splunk - for which EQUALIS is Blighty's only authorised training …
Paul Kunert, 02 Dec 2013
The Register breaking news

Putting the security jigsaw together

Reg reader research Effective IT security is both important and hard to implement, and it isn’t getting any easier. Central systems are becoming more complex, and keeping up with the ever-changing threat landscape is an ongoing challenge. Then there's the fact that end users are more mobile than ever and increasingly reckon they should be able to …
Tony Lock, 06 Sep 2013
The Register breaking news

A woman in IT is like a dog who speaks: Rare. A woman in IT security?

Women are shunning cyber security even more than they shun the rest of IT, according to a survey. Of the 2,500 people who took cyber security training at QA in 2012, just 6.2 per cent were women. The number of women choosing to take up security courses also declined overall by 19.5 per cent between 2011 and 2012, while the …
Jasper Hamill, 06 Jun 2013

NATO nations 'will respond to a Cyber attack on one as though it were on all'

NATO is set to agree a new cyber defence policy that would mean any severe cyber attack on a NATO member could be considered tantamount to a traditional military attack and invoke the alliance's collective defence provisions. Article V is the collective defence clause of the NATO treaty by which an attack on one member is …
John Leyden, 03 Sep 2014

India's tough hacker crackdown: IT security leaflets with every device

India has reportedly concocted a plan to cut down on IT security problems: forcing hardware vendors to include a security awareness brochure with all desktop PCs, mobile phones and USB modems. The plans were dreamt up to improve the country’s cyber security preparedness, in response to the increasing volume of online threats …
Phil Muncaster, 14 Jan 2013
bug on keyboard

Aargh! Bamboozled by security licensing - what works for my family?

Readers' corner And so to El Reg Forums and Edwin, a commentard since 2007, who is having a bit of trouble in choosing IT security software for his family. He writes: I'm rapidly losing my mind in the minefield that is security software, particularly when it comes to licensing many devices... The internet has become useless for this sort of …
Drew Cullen, 19 Feb 2014
The Register breaking news

Bit9 hacked after it forgot to install ITS OWN security product

IT security biz Bit9's private digital certificates were copied by hackers and used to cryptographically sign malware to infect the company's customers. The software-whitelisting firm's certificates were swiped when its core systems were hacked last week. The intruders then signed malicious code and distributed it to the company …
John Leyden, 11 Feb 2013
Cloud security

Defence giant BAE coughs $230m for cloud heavy SilverSky

BAE Systems has bought cloud-based email and network security firm SilverSky for $232.5m, seemingly finding the US company's products and customer base irresistible. Ian King, chief executive, BAE Systems, said: "SilverSky has an established sales force, a complementary suite of scalable products and a large installed customer …
John Leyden, 21 Oct 2014
GCHQ is following you on Twitter, Faceboo, email...

GCHQ's CESG CCP 4 UK GOV IT BFFs? LOL RTFA INFOSEC VIPs ASAP

Britain's global eavesdropping nerve-centre GCHQ hopes to turn its certificates of IT security competence into an industry standard - by awarding them to bods in the private as well as public sector. The CESG (Communications-Electronics Security Group) Certified Professional scheme (CCP) was launched in October, and is handed …
John Leyden, 01 Oct 2013
Parliament in the clouds

Devs SLAM UK.gov's JavaScript-astic, 'shoddy' security education website

A high profile UK government cyber security campaign aimed at changing attitudes to online security has come under criticism for the poor quality of its expensive website. Cyber Streetwise was launched with great fanfare, and much positive comment from the IT security biz, last month. It was part of a campaign led by the Home …
John Leyden, 14 Feb 2014

DARPA slaps $2m on the bar for the ULTIMATE security bug SLAYER

It's a bad day for the vulnerability scanning industry: DARPA has announced a new multi-million-dollar competition to build a system that will be able to automatically analyze code, find its weak spots, and patch them against attack. Mike Walker, DARPA program manager, said that the challenge was to start a "revolution for …
Iain Thomson, 22 Oct 2013

UK consumers particularly prone to piss-poor patching

UK consumer patching practices have worsened still further over the last three months, increasing the threat of malware problems, according to a new study by IT security provider Secunia. Secunia estimates 12.6 per cent of UK users are running unpatched operating systems, up from 9.7 per cent the previous quarter. In addition, …
John Leyden, 30 Oct 2014
cloud

Sophos gulps down hot Mojave, will puff out more secure clouds

Sophos has slurped up the security firm Mojave Networks in a bid to develop the world's strongest and most secure cloud. You should probably now get excited about data security. "Mojave Networks is a young innovative company that has built a leading platform right at the intersection of three cutting-edge areas of security: …
Jasper Hamill, 08 Oct 2014
hands waving dollar bills in the air

Reconceptualising IT security

Whitepaper Traditional approaches to information security are incapable of dealing with today's threats. Just as the attackers have evolved, so the security industry needs to adopt new architectural models and techniques to deliver appropriate protection without imposing unnecessary costs. In a nutshell this is the thesis of our latest …
Miatta Momoh, 14 Apr 2011

Too much infosec regulation undermines security, warns NAB

More prescriptive regulation of the security posture in industry sectors like banking could have the paradoxical impact of reducing security, according to Andrew Dell, head of IT security services at the National Australia Bank. “We have to become much more agile and proactive – how we look at, how we react to cybercrime. Our …

Racing Post escapes ICO fine after leaking info of 677K punters

UK sports-betting newspaper the Racing Post has received a stern warning – but not a fine – after it emerged that it had aired the private details of more than 677,000 customers as the result of a security breach last year. The October 2013 snafu resulted in the exposure of the names, addresses, passwords, dates of birth and …
John Leyden, 28 Aug 2014
Fawlty Towers

Watchdog bites hotel booking site: Over 3k card details slurped

Hotel booking website Worldview Limited has been fined £7,500 over a security breach involving its website that allowed hackers to swipe the full payment card details of some 3,814 customers. Sensitive data was accessed after the unidentified attacker exploited a SQL injection flaw in Worldview website to access the firm's …
John Leyden, 05 Nov 2014

Northern Ireland website leaves front door open, spills users' data

The creators of this Irish website may be fluent in the language of the Emerald Isle, but they are distinctly unversed in computer security. The Líofa (Fluent) website – a UK government project [PDF] – suffered not so much a data breach as a data giveaway. Users' personal information such as names, addresses, emails and phone …
Jennifer Baker, 18 Nov 2014
The Register breaking news

Experts: Network security deteriorating, privacy a lost cause

Ethernet Summit Internet and network security is bad, and it's going to get worse before it gets better. To make it better, CIOs and IT admins need to rethink the way that they approach protecting their networks from hackers and other miscreants. "We've got North Korea with ICBMs and we've got Iran developing an atomic bomb, but that's not our …
Rik Myslewski, 24 May 2013
india

IT industry to benefit from India's new government

New Indian prime minister Narendra Modi's Bharatiya Janata political party will be good for Indian IT on two fronts, analysts say. Modi was elected two weeks ago after a marathon campaign and election at which over 800 million people were eligible to vote. The Bharatiya Janata political (BJP) secured over 171 million votes and …
Simon Sharwood, 26 May 2014

Heartbleed implicated in US hospital megahack

The Heartbleed flaw is responsible for the high-impact US hospital hacking attack disclosed this week, an unnamed investigator told Bloomberg. As many as 4.5 million patient records have been exposed in an attack against Community Health Systems, a US hospital group that manages more than 200 hospitals. China-based attackers …
John Leyden, 20 Aug 2014

Satellite weather forecast: Cloudy with a chance of p0wnage

Weather predictions could be thrown into chaos if miscreants exploited a litany of dangerous and years-old holes reported in ground control for the Joint Polar Satellite System (JPSS). The flaws, of which 12,703 are considered high risk, have been detailed in a US Government audit report that examined the state of security of …
Darren Pauli, 11 Sep 2014

EvilToss and Sourface hacker crew 'likely' backed by Kremlin – FireEye

Russia is "likely" sponsoring a hacking outfit that targets foreign governments and security organisations, the US intelligence firm FireEye claims. "APT28", a group operating for possibly more than a decade, has attacked governments in Georgia, Eastern Europe, as well as NATO and the Organisation for Security and Co-operation …
Darren Pauli, 28 Oct 2014
Gloved hand reaches into victim's pocket to steal mobile phone

Sony Pictures hack is Hollywood's 'Snowden moment' say infosec bods

Hackers obtained system administrators' passwords to pull of the mega-hack against Sony Pictures' servers, according to reports. This will come as no surprise to IT professionals. Purloined administrator credentials gave miscreants calling themselves Guardians of Peace broad latitude to access systems and sensitive data; that …
John Leyden, 19 Dec 2014
The Register breaking news

Security still slack in WA government agencies

While not as utterly hopeless as last year, IT security is still troublesome in Western Australia’s government agencies. In last year’s annual audit, the Auditor General strolled through fourteen agency networks in an undetected penetration test. This year, the auditor’s staff have looked at payment security in nine agencies, as …
medical_doctor_health_channel

'Chinese crims' snatch 4.5 MILLION patient files from US hospitals

One of the largest healthcare providers in the US claims Chinese hackers ran riot through its systems between April and June this year – accessing names, addresses and social security numbers of millions of patients. But Community Health Systems (CHS) insists no medical records nor any financial data were grabbed by the …
Iain Thomson, 18 Aug 2014
Hacker image

Sony employees face 'weeks of pen and paper' after crippling network hack

Sony Pictures still hasn't recovered from a comprehensive attack on its computer networks – and staff have been reduced to doing their work by hand – according to insiders. This notice stuck on lifts at Sony Pictures in London.. pic.twitter.com/RMZcQhjfYI — James Dean (@JamesDeanTimes) November 28, 2014 The infiltration by …
Iain Thomson, 28 Nov 2014

US astrophysicist Neil deGrasse Tyson: US is losing science race

Rock star astrophysicist Neil Tyson says the United States has lost pole position in scientific research and its people must refocus on innovation rather than wait for "the next app". Tyson (@neiltyson), Carl Sagan's former student and the narrator of recent popular documentary series Cosmos: A Spacetime Odyssey, said …
Darren Pauli, 10 Oct 2014

Online crims are getting away with it down under

Law enforcement agencies charged with investigating online crime might actually be sitting at their desks gorging on donuts in Australia, if the nation's Computer Emergency Response Team' survey of stakeholders is to be trusted. The results of that survey, published today, states that “Out of those respondents who did report a …
Simon Sharwood, 18 Feb 2013
The Register breaking news

UK boffins get £3.8m pot to probe 'science of cyber-security'

GCHQ, the UK's nerve-centre for eavesdropping spooks, has established what's billed as Blighty's first academic research institute to investigate the "science of cyber security". The lab - which was set up with the Research Councils' Global Uncertainties Programme and the government's Department for Business, Innovation and …
John Leyden, 14 Sep 2012

Ex US cybersecurity czar guilty in child sex abuse website case

A top government cybersecurity official who secretly joined an online pedophile network to swap child sex abuse material and rape fantasies has been convicted. Timothy DeFoggi, 56, is described by the US Department of Justice as being the former acting director of cyber security at Uncle Sam's Department of Health and Human …
Iain Thomson, 27 Aug 2014

Security damn well IS a dirty word, actually

Sysadmin blog An interesting feature popped up on Ars Technica recently; website journo Nate Anderson discusses how he learned to crack passwords. The feature is good; good enough for to me to flag it up despite that journalistic competition thing*. That said, the feature gently nudges – but does not explore – a few important points that are …
Trevor Pott, 26 Mar 2013

Who's riddling Windows PCs with gaping holes? It's your crApps

Nearly nine out of ten security vulnerabilities in Windows computers last year were the fault of popular third-party applications, as opposed to Microsoft's own software. That's according to security biz Secunia, which analysed flaws found in the most-used 50 Windows programs - 29 from Microsoft (including its operating system …
John Leyden, 15 Mar 2013
French cartoon, 1790: devil disguised as man walking tightrope

Happy now? Mobiles, cloud, big data now 'a growing security risk'

Innovations in mobile and cloud computing, social technology and the use of "big data" present an emerging risk to organisations' IT security, experts have warned. The European Network and Information Security Agency (ENISA), which is an EU advisory body, said that those technologies would increasingly provide the platform for " …
OUT-LAW.COM, 11 Jan 2013

Hate keeping your systems updated and secure? So does Uncle Sam

A Senate report has cast doubt on the ability of many of the US's largest government agencies to properly secure and maintain their systems. The report, authored by Senator Tom Coburn (R-OK) and his fellow Republican members of the Senate Homeland Security and Governmental Affairs Committee, detailed incidents in government …
Shaun Nichols, 06 Feb 2014
Files

UK.gov teams up with moneymen on HACK ATTACK INSURANCE

+Comment The UK government last week partnered with 12 insurance companies to develop the "cyber-insurance" market. But experts are split on whether encouraging the development of the nascent market will result in the adoption of improved security practices. Cabinet Office Minister Francis Maude said that while cyber insurance adds an …
John Leyden, 13 Nov 2014
Sign outside the National Security Agency HQ

Don't panic! Mega cloud biz group says NSA just one among many threats

Enterprises are being told to not abandon the cloud out of fear of possible threats to their data security posed by US government snoops. The Open Data Center Alliance (ODCA) has advised big companies the benefits of cloud – escaping their legacy IT – far outweigh risks of the National Security Agency pilfering their secrets. …
Gavin Clarke, 07 Jul 2014
Hacker image

'We're having panic attacks' ... Sony staff and families now threatened in emails

Sources within Sony Pictures have told The Register that employees received bizarre emails on Friday threatening them and their families if they don't take the side of hackers who raided the firm's corporate servers. The hackers, working under the moniker Guardians of Peace or GOP, have spent the past week dumping onto file- …
Iain Thomson, 06 Dec 2014
Hacker mug 06.12.02

Ethical hacker backer hacked, warns of email ransack

The IT security certification body that runs the Certified Ethical Hacker programme has itself been hacked. The EC-Council said the same hackers who ran the DNS poisoning attack that resulted in the defacement of its website in late February had also managed to access the control panel for its website after breaking into the …
John Leyden, 13 Mar 2014
Blasphemous Password

You CAN'T bust into our login app's password vault, insists Roboform

Password management company RoboForm has tweaked how the mobile version of its password manager works in response to criticism by a security expert. Yet the firm rejects further criticisms that its technology might easily be circumvented. IT security contractor Paul Moore discovered a pair of what he argues are potentially …
John Leyden, 03 Jul 2014

Win a free pass to RSA Conference Europe

Prize draw RSA Conference 2013 opens its doors in Amsterdam on October 29: wanna go? The Register is a media partner for this top ranking IT security event, and we have two free delegate passes to give away. We will select the winner by way of prize draw open to all subscribers to The Register's weekly IT security newsletter. On Wednesday …
David Gordon, 21 Oct 2013
The Register breaking news

Experts troll 'biggest security mag in the world' with DICKish submission

Updated Security researchers have taken revenge on a publishing outlet that spams them with requests to write unpaid articles – by using a bogus submission to satirise the outlet's low editorial standards. Hakin9 rather grandly bills itself as the "biggest IT security magazine in the world", published for 10 years, and claims to have a …
John Leyden, 05 Oct 2012
Parliament in the clouds

Crack CERT warriors arrive to save UK from grid-crippling hack attacks

The UK is finally getting a national Computer Emergency Response Team (CERT), with the delayed launch of the organisation taking place today. CERT-UK, a key component of the government's £650m National Cyber Security Strategy, will co-ordinate responses to hacking and malware-based cyber attacks on a national level. The …
John Leyden, 31 Mar 2014
The Register breaking news

SaaS security: it comes down to knowing what you are doing

In this workshop on Software as a Service (SaaS), we’ve been having a good look at the issues of risk, trust and security in the cloud. A lot of things have happened recently that may cause us to think twice about SaaS and risk – Flickr showed just how absurd things can get if policies and processes are not properly thought …
Andrew Buss, 15 Feb 2011
HP ZBook 17 mobile workstation

Even small businesses need control over their mobile devices

Sponsored article This article is sponsored by EE No matter how small your business, the chances are that smartphones, tablets, laptops and the like, whether owned by employees or the company, are an essential component of working life. They enable staff to respond quickly to questions and address problems at any time, wherever they are. A …
David Gordon, 04 Oct 2014