Articles about It Security

Hacked US OPM boss: We'll fix our IT security – just give us $21 million

The boss of the US government's thoroughly ransacked Office of Personnel Management has – rightly – come in for a rough ride from members of the House Committee on Oversight and Government Reform. Politicians on both sides of the trenches tore strips off the lamentable state of security in the agency, which was raided by hackers …
Iain Thomson, 16 Jun 2015

The weapons pact threatening IT security research

Analysis The US government has rewritten chunks of an obscure weapons trade pact between itself, Europe, Russia, and other nations – a pact that is now casting its shadow over today's computer security tools. Dubbed the Wassenaar Agreement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies, the treaty limits who …
Iain Thomson, 06 Jun 2015
Booth babe banhammer

Bye bye, booth babes. IT security catwalk RSA nixes sexy outfits

The organizers of this year's RSA security conference have made at least one thing clear to exhibitors: no booth babes. The industry shindig has sent out a new dress code banning scantily clad models, regardless of gender, from wandering the show floor. The rules dictate that exhibitors cannot wear shorts, tank tops and halter …
Shaun Nichols, 26 Mar 2015
Panic button

SIM hack scandal biz Gemalto: Everything's fine ... Security industry: No, it's really not

Six days ago Gemalto, the world's largest SIM card manufacturer, was told that back in 2010 it had been ransacked by NSA and GCHQ hackers. Today the company gave itself the all-clear: no encryption keys, used to secure phone calls from eavesdroppers, were stolen, it claims. Yet the IT security industry is not so sure. Documents …
Iain Thomson, 25 Feb 2015
Fail and You

NASDAQ IT security spend: $1bn. Finding mystery malware on its servers: Priceless

NASDAQ servers were infected by malware that exploited two mystery zero-day vulnerabilities, according to a magazine cover story published today. Despite spending a ton of money on computer security, the stock exchange was wide open to attack, we're told. Today's report pulls back the curtain back to reveal a little more about …
Iain Thomson, 17 Jul 2014

Spanish election site in security cert warning screwup snafu

Updated Website crypto problems on the Spanish online voting registration website are causing it to generate all manner of security warnings. Attempts to visit the sede.ine.gob.es site – run by Spain's National Statistics Institute and introduced this year for municipal/regional elections – typically lead to users being confronted with …
John Leyden, 13 Apr 2015
Cloud security

Cloud Security Temperature Check

Survey Results It is increasingly common for users and business groups to drive their own adoption of cloud services. But even where IT is involved, as organisations ramp up their use of cloud, activity is often uncoordinated. Pulling the threads together across service silos to manage risks effectively can be a challenge. The right strategy …
Dale Vile, 20 May 2015
Photo of the White House at dusk

White House to world: We don't hoard IT security vulnerabilities

Backing up the NSA's claim that it was caught by surprise by the Heartbleed OpenSSL bug, the White House has tried to explain the rules under which it allows agencies to hoard security vulnerabilities. In this White House blog post, cybersecurity coordinator Michael Daniel says leaving a huge number of vulnerabilities …

Would you hire a hacker to run your security? 'Yes' say Brit IT bosses

More than two in three IT professionals would consider ex-hackers for security roles, providing they have the right skills to do the job, a survey has found. In addition, 40 per cent of respondents to CWJobs' survey of 352 IT bods reckoned there aren't enough skilled security professionals in the UK technology industry. As if …
John Leyden, 30 Sep 2013
Keep out sign with deleted expletive

US watchdog: Anthem snubbed our security audits before and after enormous hack attack

A year or so before American health insurer Anthem admitted it had been ruthlessly ransacked by hackers, a US federal watchdog had offered to audit the giant's computer security – but was rebuffed. And, after miscreants looted Anthem's servers and accessed up to 88.8 million private records, the watchdog again offered to audit …
Shaun Nichols, 05 Mar 2015
IT Crowd. Source: Channel 4 / 2entertain

'Shadow IT' gradually sapping power and budget from CIOs

The CIO's power over IT budgets is being slowly eroded, with spend now increasingly dispersed throughout organisations, according to a survey of 1,000 IT "decision-makers". The research from BT said CIOs now face a "Darwinian moment", with 76 per cent reporting unauthorized "shadow IT" within their businesses - an element that …
Kat Hall, 15 Dec 2014
US cashpoint. Pic: Tax Credits

Are you an infosec bod? You must be STINKING RICH, says study

Jobs in the lucrative cyber-security sector can command salaries of $200,000 or more, according to a new salary survey. Lead software security engineer pull in an average of $233,333 while Chief Security Officer ($225,000) and Global Information Security Director ($200,000) also receive serious salaries. A new study of 2015 …
John Leyden, 12 May 2015

Big data minnow swallowed by security player Accumuli

AIM-listed specialist security player Accumuli has coughed £1.9m for small Bracknell-based big data analytics reseller and integrator EQUALIS, it confirmed to the City today. This bolt-on-buy adds a seven-strong band of big data boffins that sell software from Splunk - for which EQUALIS is Blighty's only authorised training …
Paul Kunert, 02 Dec 2013

Security products: Best of breed or create your own monster?

IT security is not just about antivirus or firewall products anymore. There is a whole layer cake of different product types designed to protect your organisation in different ways. It is a stack, in much the same way as TCP-IP networking or web server functionality has stacks of functionality. The question is, what's the best …
Danny Bradbury, 07 Nov 2014
The Register breaking news

Putting the security jigsaw together

Reg reader research Effective IT security is both important and hard to implement, and it isn’t getting any easier. Central systems are becoming more complex, and keeping up with the ever-changing threat landscape is an ongoing challenge. Then there's the fact that end users are more mobile than ever and increasingly reckon they should be able to …
Tony Lock, 06 Sep 2013
The Register breaking news

A woman in IT is like a dog who speaks: Rare. A woman in IT security?

Women are shunning cyber security even more than they shun the rest of IT, according to a survey. Of the 2,500 people who took cyber security training at QA in 2012, just 6.2 per cent were women. The number of women choosing to take up security courses also declined overall by 19.5 per cent between 2011 and 2012, while the …
Jasper Hamill, 06 Jun 2013
Car-2-Car

The car in front has Kaspersky deep inside

Kaspersky Lab is taking anti-virus in a different direction by embedding it in SCADA-based industrial control systems, components of the Internet of Things, and yep, even cars. The Russian security software firm and SYSGO has teamed up to embed the new Kaspersky Security System platform within SYSGO's real-time operating system …
John Leyden, 02 Mar 2015
sap security vulnerabilities

Almost EVERY SAP install hackable, researchers say

A staggering 95 percent of enterprise SAP installations contain high-severity vulnerabilities that could allow systems to be hijacked, researchers say. Researchers from SAP security tools vendor Onapsis say attackers can target the SAP installs to pivot from low to high integrity systems, execute admin privilege commands, and …
Darren Pauli, 08 May 2015

India's tough hacker crackdown: IT security leaflets with every device

India has reportedly concocted a plan to cut down on IT security problems: forcing hardware vendors to include a security awareness brochure with all desktop PCs, mobile phones and USB modems. The plans were dreamt up to improve the country’s cyber security preparedness, in response to the increasing volume of online threats …
Phil Muncaster, 14 Jan 2013

Insurer tells hospitals: You let hackers in, we're not bailing you out

When hackers swiped 32,500 patient records from Cottage Healthcare System, it was sued by its own customers for $4.1m – a bill that was settled by its insurers. Now the insurance company, Columbia Casualty Company, has claimed Cottage's computers were hopelessly insecure, and it wants its money back. Columbia claims the …
Shaun Nichols, 28 May 2015
The Register breaking news

Bit9 hacked after it forgot to install ITS OWN security product

IT security biz Bit9's private digital certificates were copied by hackers and used to cryptographically sign malware to infect the company's customers. The software-whitelisting firm's certificates were swiped when its core systems were hacked last week. The intruders then signed malicious code and distributed it to the company …
John Leyden, 11 Feb 2013
Bye bye Olympia

Infosec turns 20 to face battle with BSides, RSAC Unplugged

Infosec 2015 Infosec, the annual IT security trade show, wheeled out the rock stars of the Infosec world for its 20th anniversary this week. Bruce Schneier and John McAfee – the Paul McCartney and Keith Moon of the cybersecurity world – both keynoted as the show return to its original home in Olympia, London following an extended sojourn at …
John Leyden, 04 Jun 2015

NATO nations 'will respond to a Cyber attack on one as though it were on all'

NATO is set to agree a new cyber defence policy that would mean any severe cyber attack on a NATO member could be considered tantamount to a traditional military attack and invoke the alliance's collective defence provisions. Article V is the collective defence clause of the NATO treaty by which an attack on one member is …
John Leyden, 03 Sep 2014
Stock ticker board

Sophos looks to raise £65m with IPO

Security software outfit Sophos is to imminently float on the London Stock Exchange, a move it estimates will raise $100m (£65m), the company announced today. The Oxford-based biz is thought to be targeting a valuation of £1bn, according to The Sunday Times (subscription required). Richard Holway, analyst at TechMarketView …
Kat Hall, 03 Jun 2015
bug on keyboard

Aargh! Bamboozled by security licensing - what works for my family?

Readers' corner And so to El Reg Forums and Edwin, a commentard since 2007, who is having a bit of trouble in choosing IT security software for his family. He writes: I'm rapidly losing my mind in the minefield that is security software, particularly when it comes to licensing many devices... The internet has become useless for this sort of …
Drew Cullen, 19 Feb 2014
hands waving dollar bills in the air

Reconceptualising IT security

Whitepaper Traditional approaches to information security are incapable of dealing with today's threats. Just as the attackers have evolved, so the security industry needs to adopt new architectural models and techniques to deliver appropriate protection without imposing unnecessary costs. In a nutshell this is the thesis of our latest …
Miatta Momoh, 14 Apr 2011

Hey kids, who wants to pwn a million BIOSes?

The overlooked task of patching PC BIOS and UEFI firmware vulnerabilities leaves corporations wide open to attack, a new paper by security researchers warns. Xeno Kovah and Corey Kallenberg argue that the poor state of low-level software security is among the easiest ways for hackers to deeply infiltrate organizations. A …
John Leyden, 12 Jun 2015
GCHQ is following you on Twitter, Faceboo, email...

GCHQ's CESG CCP 4 UK GOV IT BFFs? LOL RTFA INFOSEC VIPs ASAP

Britain's global eavesdropping nerve-centre GCHQ hopes to turn its certificates of IT security competence into an industry standard - by awarding them to bods in the private as well as public sector. The CESG (Communications-Electronics Security Group) Certified Professional scheme (CCP) was launched in October, and is handed …
John Leyden, 01 Oct 2013
New York City's Manhattan skyline

New York side-eyes California's hack attack laws: I'll have what she's having

New York's attorney general is asking the state to set new rules requiring companies to confess when they've been hacked. The Big Apple's AG Eric Schneiderman said that he is going to ask the state to force organizations to disclose the loss of customer user names, passwords and security question answers as part of its …
Shaun Nichols, 15 Jan 2015
Cloud security

Defence giant BAE coughs $230m for cloud heavy SilverSky

BAE Systems has bought cloud-based email and network security firm SilverSky for $232.5m, seemingly finding the US company's products and customer base irresistible. Ian King, chief executive, BAE Systems, said: "SilverSky has an established sales force, a complementary suite of scalable products and a large installed customer …
John Leyden, 21 Oct 2014
Parliament in the clouds

Devs SLAM UK.gov's JavaScript-astic, 'shoddy' security education website

A high profile UK government cyber security campaign aimed at changing attitudes to online security has come under criticism for the poor quality of its expensive website. Cyber Streetwise was launched with great fanfare, and much positive comment from the IT security biz, last month. It was part of a campaign led by the Home …
John Leyden, 14 Feb 2014

DARPA slaps $2m on the bar for the ULTIMATE security bug SLAYER

It's a bad day for the vulnerability scanning industry: DARPA has announced a new multi-million-dollar competition to build a system that will be able to automatically analyze code, find its weak spots, and patch them against attack. Mike Walker, DARPA program manager, said that the challenge was to start a "revolution for …
Iain Thomson, 22 Oct 2013
Gunther Oettinger, EU digital commissioner. Pic: Jennifer Baker

What would have stopped TV5Monde hack? Yup, MOAR LAWS

Europe’s Digital Commissioner, Gunther H-dot Oettinger, says we are all far too laissez-faire with our passwords. Oetti made the comments to German weekly Welt am Sonntag after hacked French telly-box channel TV5Monde exposed its passwords on air one day after being shut down by an ISIS cyberattack. Never one to miss a chance …
Jennifer Baker, 14 Apr 2015
China

China's hackers stole files on 4 MEELLION US govt staff? Bu shi, says China

China is fending off accusations it was behind the theft of personal dossiers on four million US government workers – some of whom had applied for or were granted security clearances. China's foreign ministry spokesman Hong Lei told NBC News: "We hope the United States could discard this kind of suspicion and stop groundless …
Shaun Nichols, 05 Jun 2015

OPM data breach: Looking at you, China! National Intelligence head stares out Beijing

James Clapper, Director of the US' National Intelligence body, has suggested Beijing is behind the successful attacks on the Office of Personnel Management (OPM), which resulted in the theft of millions of federal employees' (including intelligence workers) highly sensitive biographies. Clapper, who reports directly to the …

Too much infosec regulation undermines security, warns NAB

More prescriptive regulation of the security posture in industry sectors like banking could have the paradoxical impact of reducing security, according to Andrew Dell, head of IT security services at the National Australia Bank. “We have to become much more agile and proactive – how we look at, how we react to cybercrime. Our …
Roller shutter

Thousands of UK drivers' details leaked through hole in parking ticket website

Thousands of UK drivers have been caught up in a data breach at a UK parking firm. A database of parking ticket details held by PaymyPCN.net covering almost 10,000 motorists was mistakenly published online. A security flaw on the private parking firm's website allowed public access to names, addresses, photographs and emails. …
John Leyden, 27 Feb 2015
cloud

Sophos gulps down hot Mojave, will puff out more secure clouds

Sophos has slurped up the security firm Mojave Networks in a bid to develop the world's strongest and most secure cloud. You should probably now get excited about data security. "Mojave Networks is a young innovative company that has built a leading platform right at the intersection of three cutting-edge areas of security: …
Jasper Hamill, 08 Oct 2014

UK consumers particularly prone to piss-poor patching

UK consumer patching practices have worsened still further over the last three months, increasing the threat of malware problems, according to a new study by IT security provider Secunia. Secunia estimates 12.6 per cent of UK users are running unpatched operating systems, up from 9.7 per cent the previous quarter. In addition, …
John Leyden, 30 Oct 2014

Microsoft patch batch pre-alerts now for paying customers ONLY

Microsoft is facing fierce criticism over its decision to make pre-notification of upcoming patches available only to paid subscribers. The Advance Notification Service (ANS) formerly made information on upcoming software patches available to the public but from now on the information will be restricted to “premier” customers …
John Leyden, 09 Jan 2015
A Chinese laundry on the back streets of Shanghai

4 new twists that push the hacker attack on millions of US govt workers into WTF land

The data breach that recently hit the US government's Office of Personnel Management, in which personnel records for millions of federal workers were swiped, is worse than first feared, sources claim. According to new reports that emerged on Thursday, the attack was active for more than a year and the pilfered information …
Shaun Nichols, 12 Jun 2015

Racing Post escapes ICO fine after leaking info of 677K punters

UK sports-betting newspaper the Racing Post has received a stern warning – but not a fine – after it emerged that it had aired the private details of more than 677,000 customers as the result of a security breach last year. The October 2013 snafu resulted in the exposure of the names, addresses, passwords, dates of birth and …
John Leyden, 28 Aug 2014
The Register breaking news

Experts: Network security deteriorating, privacy a lost cause

Ethernet Summit Internet and network security is bad, and it's going to get worse before it gets better. To make it better, CIOs and IT admins need to rethink the way that they approach protecting their networks from hackers and other miscreants. "We've got North Korea with ICBMs and we've got Iran developing an atomic bomb, but that's not our …
Rik Myslewski, 24 May 2013
Fawlty Towers

Watchdog bites hotel booking site: Over 3k card details slurped

Hotel booking website Worldview Limited has been fined £7,500 over a security breach involving its website that allowed hackers to swipe the full payment card details of some 3,814 customers. Sensitive data was accessed after the unidentified attacker exploited a SQL injection flaw in Worldview website to access the firm's …
John Leyden, 05 Nov 2014
Data breach image

Want to have your server pwned? Easy: Run PHP

More than 78 per cent of all PHP installations are running with at least one known security vulnerability, a researcher has found. Google developer advocate Anthony Ferrara reached this unpleasant conclusion by correlating statistics from web survey site W3Techs with lists of known vulnerabilities in various versions of PHP. …
Neil McAllister, 31 Dec 2014

Northern Ireland website leaves front door open, spills users' data

The creators of this Irish website may be fluent in the language of the Emerald Isle, but they are distinctly unversed in computer security. The Líofa (Fluent) website – a UK government project [PDF] – suffered not so much a data breach as a data giveaway. Users' personal information such as names, addresses, emails and phone …
Jennifer Baker, 18 Nov 2014
Osborne 1, second version - DRAM detail

Is that a graphics driver on your shop's register – or a RAM-slurping bank card thief?

Crooks are infecting sales registers running Oracle-owned MICROS software with malware tailor-fitted to steal bank card information from the machines. MalumPoS scrapes sensitive data from the RAM inside the tills, which are used in places from shops and restaurants to hotels and bars. The software nasty can be easily modified to …
John Leyden, 09 Jun 2015
UK Prime Minister David Cameron with US President Barack Obama

Prez Obama snubs UK PM's tough anti-encryption crusade at White House meet

The UK and the US will collaborate more closely to prevent "cyberattacks," the two countries' respective leaders so bravely promised in a joint press conference on Friday. Following bilateral meetings in Washington DC this week, UK Prime Minister David Cameron and US President Barack Obama jointly announced new cooperative …
Neil McAllister, 16 Jan 2015
Eugene Kaspersky in Sydney

Duqu 2.0: 'Terminator' malware that pwned Kaspersky could have come from Israel

Eugene Kaspersky reckons hacking into his firm's corporate network was a "silly" move by cyberspies, but independent experts are far from convinced. All seem agreed that the rare attack by a state against an leading information security firm is bad news for corporate security more generally, as it shows attacks are getting more …

Automation eases the pain of software patching

The three biggest challenges for IT managers are security, reliability and performance. Ideally, an organisation’s software will excel at all three but in practice we know that isn’t true. Even the best-laid software development plans let bugs through which can cause problems in all these areas. So patching the organisation’s …
Robin Birtstone, 11 May 2015