Feeds

Articles about Security

SIEMs like a good idea: How to manage security in real time

Register now for this webcast that explains how security information and event management (SIEM) can work, what it does, and how to fit it into your existing security environment. Watch this live event on September 29 at 13:00 BST (8:00 EST) - if you can't make it, just sign up and we will email you when the recording is …
David Gordon, 29 Aug 2014
closed_sign shut down under collapsed liquidation

Akamai warns: SMB security remains major risk

Security offerings for small businesses need to look more like those offered to enterprises, according to Akamai global security senior director Fran Trentley. Speaking to The Register while in Sydney for the Gartner Security & Risk Management Summit, Trentley said SMBs are increasingly seen as attack targets, and that poses a …
padlock

Boffins propose security shim for Android

An international group of researchers believes Android needs more extensible security, and is offering up a framework they hope either Google or mobe-makers will take for a spin. The project is described in this paper slated for the Usenix Security Symposium on Friday in San Diego. The researchers from Germany's Technische …

NIST wants better SCADA security

America's National Institute of Standards and Technology (NIST) wants to take a hand in addressing the SCADA industry's chronic insecurity, by building a test bed for industrial control systems. The Reconfigurable Industrial Control Systems Cybersecurity Testbed is only in its earliest stages. According to this RFI, the …

Amazon flicks switch on CloudFront security features

Amazon has beefed up security on its CloudFront services, adding Perfect Forward Secrecy, OCSP stapling and session tickets to its SSL support. The company describes the new AWS features in full in this blog post. Session tickets are designed to improve performance, particularly in the case of an interrupted session between …

GCHQ grants security clearance to Samsung's Knox mobe security

The official containerisation solution for security on Samsung phones and tablets has passed muster with GCHQ. It’s now deemed safe enough for UK government employees to get a Galaxy Note 3, Galaxy S3 S4 or Galaxy S5 all of which run the Korean firm's KNOX software. This is only to the OFFICIAL (PDF) level of security. This is …
Simon Rockman, 16 May 2014

Do your execs take mobile security seriously?

One of the findings emerging from our latest poll is that many of you are highlighting a lack of exec awareness and air cover when it comes to mobile security. This in turn appears to translate to a lack of funding to put the systems in place to cope with new devices, BYOD and so on. Is this something you are experiencing? If …
Dale Vile, 11 Jul 2014

Microsoft brings own security info exchange to the world

Microsoft has announced a “a security and threat information exchange platform for analysts and researchers working in cybersecurity.” Dubbed “Interflow”, Redmond says the new service is “a distributed system where users decide what communities to form, what data feeds to bring to their communities, and with whom to share data …
Simon Sharwood, 24 Jun 2014
Spam image

Microsoft to shutter security email feed on July 1

Microsoft will suspend a 12 year-old email mailing list that offers news of security updates, in a decision possibly tied to tougher Canadian anti-spam laws. As of July 1st 2014, sysadmins and infosec bods will get their news from a Redmond RSS feed to receive update of new Microsoft security alerts. "As of July 1, 2014, due to …
Darren Pauli, 29 Jun 2014
bug on keyboard

Cisco slurps security scanner

Cisco has continued the expansion of its security portfolio with the acquisition of malware analysis outfit ThreatGRID. The acquisition target was founded in 2012, one of the then-burgeoning number of companies that pushed malware analysis, threat intelligence, and security analytics into the cloud (supplemented by an on-premise …

Got mobile security sussed yet? No fibbing, now

First we were told that BYOD would define the future of end user computing. Now many are saying that the use of personal devices for work isn't the way forward after all. While the truth is probably somewhere in between – BYOD for some users, but company devices for others – most agree that the use of mobile technology is set to …
Dale Vile, 03 Jul 2014

BlackBerry: We'll buy Angela Merkel's phone security company. HA!

BlackBerry has bought privately held German firm Secusmart as part of its drive to become the handset provider of choice for security-conscious clients such as government agencies and big businesses. Secusmart, which specialises in voice and data encryption, was already a partner of the one-time business phone giant, providing …

Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade

Mozilla has released a bug-and-security update for Firefox, with 11 security fixes, three of them critical. Chief among the security patches is a use-after-free bug the organisation says was discovered by one James Kitchener. From the advisory: “Mozilla community member James Kitchener reported a crash in DirectWrite when …

Storage AND security? It must be a Reg Live Chat

What: Storage, security and the 2014 show When: Live Chat, 2pm, 20 June 2014, London CIOs, IT managers and sysadmins face a host of challenges at the moment as they try to exploit and tame the same technologies that their users are adopting under the radar. At the same time, converging disciplines mean that they may end up …
David Gordon, 04 Jun 2014
Thomas Drake

NSA leaker Thomas Drake says Oz security reforms are 'scary'

Thomas Drake and Jesselyn Radack Thomas Drake and Jesselyn Radack National Security Agency whistleblower Thomas Drake says Australia's looming national security reforms makes him 'shudder', labelling them ambiguous and a plot to stamp out legitimate public-interest whistleblowing. Drake, who Edward Snowden said was his …
Darren Pauli, 04 Aug 2014
Flytrap

Security chap writes recipe for Raspberry Pi honeypot network

Honeypots are the perfect bait for corporate IT shops to detect hackers targeting and already within their networks and now one security bod has devised a means to build a battalion of the devices from Raspberry Pis. University of Arizona student Nathan Yee (@nathanmyee) has published instructions for building cheap hardware …
Darren Pauli, 01 Aug 2014

AWS levels up in game of government security – and now one step below classified access

Amazon Web Services (AWS) has leveled up its US government security certification, winning the right to handle more sensitive work from the Department of Defense (DoD). The company has, of course, blogged the news that it has won provisional authorization to operate levels three to five of the DoD's cloud security model. Level …
Simon Sharwood, 21 Aug 2014

EFF sues NSA over snoops 'hoarding' zero-day security bugs

Intelligence agencies are among the most prolific buyers of zero-day computer security flaws that can be used to spy on enemies foreign and domestic, or so it's claimed – and the Electronic Frontier Foundation (EFF) has launched a lawsuit to find out what exactly they are doing with them. "Since these vulnerabilities potentially …
Iain Thomson, 02 Jul 2014

Cisco kicks off security kit/software/cloud combo

Cisco has added threat management to its portfolio, announcing Managed Threat Defense which it says brings realtime security to its customers. Since “cloud everywhere” is the base assumption of practically every new launch, the Borg feels constrained to stipulate that Managed Threat Defense includes an “on-premise” solution, …
management management4

Security: Sweet brief for rare man Roche, new boss of Fujitsu TS

Fujitsu company veteran Tom Roche has grabbed the chieftain's chair at the Technology Solutions unit with a specific brief to boost security sales. The post became vacant last month when former boss Michael Keegan was made overlord of UK ops for Fujitsu, replacing Duncan Tait who was lifted to the head of the EMEIA organisation …
Paul Kunert, 18 Jun 2014
Fail and You

Oracle Database 12c's data redaction security smashed live on stage

Oracle’s much-ballyhooed data redaction feature in Database 12c is easy to subvert without needing to use exploit code, attendees at Defcon 22 in Las Vegas have heard. The redaction features in 12c are designed to automatically protect sensitive database material by either totally obscuring column data or partially masking it – …
Iain Thomson, 08 Aug 2014

Kaspersky warns of IMPOSTER mobile security apps

Security firm Kaspersky Lab is warning users following the discovery of a set of mobile malware apps that impersonate its products. The firm said that unknown malware writers have been crafting applications that bill themselves as being Kaspersky products but instead infect devices or simply fail to do much of anything once …
Shaun Nichols, 17 May 2014

Trustwave gobbles up Application Security, gorges itself on tech

Data security biz Trustwave has acquired fellow data security provider Application Security, a startup that specialises in automated database security scanning technologies. Financial terms of the deal, announced on Monday, were undisclosed. Privately-held Application Security develops security software for relational databases …
John Leyden, 12 Nov 2013

AOL confirms security breach from spam attack

AOL has issued a warning to users that their personal information has been stolen by attackers, a week after the security of its servers was questioned. The net giant on Monday said that the same hackers behind last week's spam deluge were able to infiltrate its servers and lift information including email addresses, contact …
Shaun Nichols, 28 Apr 2014
Screaming kid

Secondhand Point-o-Sale terminal was horrific security midden

Second hand point-of-sale systems sold through eBay are likely to contain all sorts of sensitive information, according to the work of a security researcher at HP. HP sleuth Matt Oh bought an Aloha point-of-sale terminal on eBay for $200. This type of terminal is widely used in cash registers within the hospitality industry. …
John Leyden, 21 Jul 2014
Kaspersky Lab logo

Kaspersky's Security for Virtualization pushed to XenServer and HyperV

Kaspersky is extending its Security for Virtualuzation Light Agent security tool to the Citrix XenServer and Microsoft HyperV platforms. The company said that the Light Agent tool will launch on April 22 with XenServer and HyperV support as well as new options for VMware's vSphere hypervisor. The company will continue to …
Shaun Nichols, 15 Apr 2014

Cisco kicks off $300k Internet of Things security competition

Cisco has announced prizes of up to $US75,000 to get help finding ways to secure the burgeoning Internet of Things. Anyone who watches the procession of SCADA vulnerabilities, the exposures discoverable through the Shodan search engine, or the recent bugs popping up in cars, routers, home automation and (maybe) smart appliances …
Fail and You

NASDAQ IT security spend: $1bn. Finding mystery malware on its servers: Priceless

NASDAQ servers were infected by malware that exploited two mystery zero-day vulnerabilities, according to a magazine cover story published today. Despite spending a ton of money on computer security, the stock exchange was wide open to attack, we're told. Today's report pulls back the curtain back to reveal a little more about …
Iain Thomson, 17 Jul 2014

Google slurps sound-powered security upstart SlickLogin

Google has bought five-month-old security startup SlickLogin, which specialises in sound-based authentication technology. Financial terms of the deal were kept secret. The Israel-based company, which was founded by three ex-Israeli-military security bods in 2013, announced that it had been scooped up by Google in a statement on …
Kelly Fiveash, 17 Feb 2014
GCHQ as seen on Google Earth

O2 vs Vodafone: Mobe firms grab for GCHQ, gov.uk security badge

Both Vodafone and O2 are claiming to be the best mobile phone network for people, particularly government people, who are worried about security. O2 is crowing about achieving the secure and government-approved network certification known as CAS(T), which stands for CESG Assured Service (Telecommunications), O2 being the first …
Simon Rockman, 11 Aug 2014

Japan airport staff dash to replace passcodes after security cock-up

The dangers of writing passwords down on paper were laid bare in the Japanese airport of Haneda this week after a member of staff managed to lose a note containing key security codes ahead of US president Barack Obama’s arrival today. The unlucky Skymark Airlines employee dropped the memo – which contained a list of the codes – …
Phil Muncaster, 23 Apr 2014
pipes

Multipath TCP speeds up the internet so much that security breaks

The burgeoning Multipath TCP (MPTCP) standard promises to speed up the internet but will also break security solutions including intrusion detection and data leak prevention, says security researcher Catherine Pearce. MPTCP technology is an update to the core communications backbone of the internet that will allow the …
Darren Pauli, 31 Jul 2014
Red Hat Shadowman logo

Red Hat plans unified security management for Fedora 21

Red Hat is planning a significant change to how its Fedora Linux distribution handles crypto policy, to ship with the due-in-late-2014 Fedora 21 release. In this wiki post, the Fedora Project outlines what it calls “system-wide crypto policy”. The idea is that Fedora would provide consistent security for all applications running …

Pakistan mulls cyber security bill to keep NSA at bay

Pakistan’s Upper House this week began debating a new bill seeking to establish a National Cyber Security Council, an agency the nation feels is needed in the wake of Edward Snowden's myriad revelations about NSA surveillance. The Cyber Security Council Bill 2014 was presented by Senator Mushahid Hussain Sayed on Monday with the …
Phil Muncaster, 15 Apr 2014

Big Java security fixes on the way – but not so fast, Windows XP users

As if running Windows XP after Microsoft withdrew support wasn't risky enough, XP users who have Java installed may soon have even more to worry about. Oracle is due to issue its next Critical Patch Update – the massive, quarterly fix-it fests that deliver security updates across the company's entire product line, including Java …
Neil McAllister, 04 Jul 2014
IE8 patch

New dashboard gives eagle's-eye view of Microsoft's security flaws

Microsoft has launched a new dashboard service designed to make it easier for systems admins to view the latest security bulletins for a range of Microsoft software. The idea behind the service, called myBulletins, is to allow admins to subscribe to security bulletins for only those products that are in use in their environments …
Neil McAllister, 29 May 2014
iiNet Logo

iiNet cans cloud security and storage services

iiNet has, of late, signalled an intention to build on its reputation as a carrier by offering subscription services. Yet the internet service provider yesterday cancelled two such services, namely the security-as-a-service “Protection Pack”. The protection pack was a $AUD9.99 a month service that baked malware scanning and …
Simon Sharwood, 30 Apr 2014
bug on keyboard

Senate slams ad servers for security failings

The US Senate has issued a report calling for the online advertising industry to improve its security against malware attacks, and for lawmakers to legislate tougher penalties should it fail to do so. The Committee on Homeland Security and Governmental Affairs said that the advertising landscape as it now exists "makes it …
Shaun Nichols, 15 May 2014

Redmond may buy security company it says is wrong about AD flaw

Microsoft is reportedly in talks to buy Israeli security firm Aorato for $200 million after this week pouring cold water on its claim to have discovered a critical flaw in Active Directory. Aorato was founded by former Israeli Defense Force hackers and offers products that detects attacks on against Active Directory. As …
Darren Pauli, 16 Jul 2014
Blood image

14 antivirus apps found to have security problems

Organisations should get their antivirus products security tested before deployment because the technology across the board dangerously elevates attack surfaces, COSEINC researcher Joxean Koret says. COSEINC is a Singapore security outfit that has run a critical eye about 17 major antivirus engines and products and found 14 …
Darren Pauli, 29 Jul 2014

ABANDON CLOUD! Docker Linux containers spring a security leak

A security exploit has surfaced that can allow rogue programs to break out of Docker containers and access files on their host OS, but the flaw has been sealed in the latest version of the tech. Unlike virtualization, which launches a separate operating system instance for every virtual machine, Linux containerization sticks …
Jack Clark, 19 Jun 2014
Stourport cctv image 12.03.03

Dimwit hackers use security camera DVRs as SUPER-SLOW Bitcoin-mining rig

Miscreants are using hacked digital video recorders in a somewhat misguided attempt to mine cryptocurrency BitCoins. Hackers have created custom code to infect devices normally used for recording footage from security cameras. After getting in, likely to taking advantage of weak default passwords, a common security mistake with …
John Leyden, 02 Apr 2014

US 911 service needs emergency upgrade and some basic security against scumbags

The US emergency response system is in urgent need of better security as it’s surprisingly easy to disable or spoof 911 calls. In a talk at Defcon 22 two doctors (who are also hackers) and a security consultant presented research into the emergency response system and how calls via fixed line, mobile phones and VoIP are routed. …
Iain Thomson, 11 Aug 2014
snowden SXSW

Security guru: You can't blame EDWARD SNOWDEN for making US clouds LOOK leaky

Accusations that the revelations from rogue National Security Agency sysadmin whistleblower Edward Snowden have damaged the US technology industry are misplaced, according to influential security guru Mikko Hypponen. Hypponen, chief research officer at security firm F-Secure, said that the disclosure that US tech was either " …
John Leyden, 30 Apr 2014
Tesla Model S

Researcher lights fire under Tesla security

A security researcher is calling on Tesla to introduce two-factor authentication for access to the combination of services that make its Tesla S model one of the most “Internet of Things” vehicles in the world today. As noted by Threatpost, researcher Nitesh Dhanjani has found that the combination of a mere six-character …

Samsung mobes to get an eyeful of your EYE in biometric security bid

Samsung is looking to kick its competition with Apple up a notch by swapping fingerprint scanners in its smartphones for more advanced biometric devices like iris scanners, a company exec has said. According to a report in the Wall Street Journal, Samsung senior VP Rhee In-jong, who heads the company's Knox security platform, …
Neil McAllister, 19 May 2014

Symantec security chap signs for CSIRO's ICT In Schools

The Register's campaign to recruit 20 volunteers for CSIRO's ICT In Schools program is four-fifths of the way to its goal. In case you came in late, we're supporting the program because there are never enough skilled people to work in our industry, teachers aren't always in the best position to enthuse kids about technology. We …
Simon Sharwood, 18 Aug 2014

US government green-lights data swapping for security firms

Security firms looking to share research data with their peers need not fear the US Federal Trade Commission or Department of Justice any more. The FTC and DOJ issued a joint policy statement on Thursday assuring the security community that they will not pursue antitrust cases against companies that share their security …
Shaun Nichols, 10 Apr 2014
Paypal vulnerability

PayPal 2FA mobe flaw chills 'warm and fuzzy' security feeling

Duo Labs video PayPal's second factor authentication (2FA) protection can be mitigated through mobile device interfaces that allow fraudsters to steal funds with a victim's username and password, Duo Security researchers say. The bypass, crimped but not eradicated by client side patches, existed because the PayPal iOS and …
Darren Pauli, 26 Jun 2014

Apple ships security fixes for iOS, OS X, Safari ... basically EVERYTHING

Apple on Monday shipped new versions of its operating systems, its web browser, and Apple TV firmware – with each update a minor release aimed at fixing bugs and closing security vulnerabilities. The latest release of OS X Mavericks, version 10.9.4, addresses a total of 19 vulnerabilities in a variety of OS subsystems, ranging …
Neil McAllister, 30 Jun 2014