Security Port

Security Forums
Security Articles
Security Port Blog
Security Blogs
Security Books
Security Glossary
Security Definitions
Security Directories
Security Wikis
Security Tradeshows
Security Newsletters
Security Alerts
Buyers Guides
Security Newsgroups
Security Organizations
Submit Security Sites
Security Magazines
Security Feeds
Security News
Security Software
Security Products
Search Databases


Security Port
Contains relevant information that pertains to security related issues and solutions.

Security Port

A Security Port Blog
Security Myths
03/26/2014

Security truths evolve—meaning, they change, and you must keep up with this, particularly with wireless security. Advice for wireless security can quickly become outdated. There are actually three big wireless security myths swirling around.

#1. Limit the IP address pool to restrict number of devices that can connect.
#2. Hide your networks SSID to conceal it from hackers.
#3. Enable MAC address filtering to select who can connect.

Easing of Deportation from Homeland Security
03/25/2014

Homeland Security officials are considering at least two major policy changes to scale back deportations of immigrants in the country illegally to comply with President Obama’s order for “more humane” enforcement efforts, officials said Friday.

The first change would ease or stop deportations of foreigners who have no criminal convictions other than immigration violations. If approved, deportation efforts would chiefly target people who have been charged or convicted in court and pose a potential threat to public safety.

Thousands of people are deported every year who have overstayed their visas or entered the country illegally, including parents of children who are U.S. citizens, but who have broken no other laws.
Another change under consideration would scale back a controversial program known as Secure Communities. It allows immigration authorities to request that immigrants in the country illegally be held in local jails until they can be transferred to federal facilities for deportation.

WhatsApp Hacking
03/24/2014

WhatsApp — the popular messaging app with 465 million users acquired by Facebook for $19 billion last month — came under fire earlier this week after tech consultant Bas Bosschert published a blog post explaining how malicious developers can access your messages via the microSD card, and the post went viral.

Attackers Can Exploit Samsung
03/21/2014

Attackers can remotely exploit a software-based backdoor -- present in at least nine different models of Samsung smartphones and tablets -- to steal files and location data or surreptitiously activate a microphone or camera.

That warning was sounded Wednesday by members of the Replicant project, which builds free versions of Android to replace the proprietary versions installed by most carriers and manufacturers.

Target Did Not Follow Up on Security Breach
03/20/2014

Target Corps computer-security team was alerted when hackers broke into the retailer's systems during the holiday shopping season, but decided the warning did not need a follow-up.

In an emailed statement Thursday, Target said it is investigating its response to the episode, which ultimately grew into one of the largest corporate credit-card heists in history.

The attack began during the Black Friday shopping weekend and ran for three weeks, compromising 40 million credit- and debit-card accounts and personal information of as many as 70 million customers. The acknowledgment raises questions about whether it might have been headed off.

Security at Boston Marathon
03/19/2014

Even as police prepare for a massive presence at Bostons first marathon since the 2013 bombing attack that killed three people and injured 264, officials acknowledge the sheer scale of the event poses inevitable security risks.

More than 3,500 officers will be stationed along the 26.2 mile course starting in suburban Hopkinton, Massachusetts, and ending among throngs of spectators at the bars and restaurants of Boylston Street, where two homemade pressure-cooker bombs ripped through the crowd last year.

While officials said they are not aware of any specific threat to the 118th Boston Marathon, one of the worlds most prestigious races, they face a challenge of increasing security without taking a stance that is so aggressive it drives spectators away, security experts said.

Cyber Security
03/18/2014


Great Cyber Security Glossary.

Adobe Flash Eploits
03/17/2014

Abobe planned to release an emergency update for Flash Player on Thursday, after security vendor FireEye pointed to a zero-day exploit used by attackers to target visitors to websites of three nonprofits, two of which focus on national security and public policy.

The Flash exploit allowed attackers to target users of the websites of the Peterson Institute for International Economics at PIIE.com, the American Research Center in Egypt at ARCE.org and the Smith Richardson Foundation at SFR.org. The exploit can compromise Flash users on Windows XP or those with Windows 7 who have Java 1.6 or an outdated version of Microsoft Office 2007 or 2010 installed, FireEye said.

Biometrics Have a Bright Future
03/14/2014

Biometric scanners that can identify people are poised for big growth in building security.

Systems that can recognize by face, voice and build are rapidly being adopted by developers, and promise big financial savings as well.

6 Out of 10 Android Apps Have Security Issues
03/13/2014

Security vendors have been preaching about the impending doom of mobile malware for a few years now. Each year seems to see a dramatic spike in detected malware over the previous year, but users are starting to get a bit cynical about the coming mobile malware apocalypse. A new report from Webroot once again highlights an increase in mobile malware and also sheds light on how iOS compares to Android.

The Webroot Threat Research team analyzed nearly six million mobile applications, and hundreds of thousands of mobile infections between 2011 and 2013 to compile the Webroot Mobile Threat Report. It also reviewed data from around 125,000 customers who activated Webroot’s Lost Device Protection (LDP) feature.

Webroot found that Android poses a greater security risk than iOS. Webroot identified a 384 percent increase in total threats to Android devices over 2012, and found more than 40 percent of the Android apps analyzed were classified as either malicious, suspicious, or unwanted.

Apple Products Vulnerable to Hacks
03/12/2014

A major flaw in Apple Inc. software for mobile devices could allow hackers to intercept email and other communications that are meant to be encrypted, the company said on Friday, and experts said Mac computers were even more exposed.

If attackers have access to a mobile users network, such as by sharing the same unsecured wireless service offered by a restaurant, they could see or alter exchanges between the user and protected sites such as Gmail and Facebook. Governments with access to telecom carrier data could do the same.

Shoe Bomb Warning
03/11/2014

The new head of Homeland Security played down a recent warning that terrorists might try to sneak explosives onto commercial planes in passenger shoes, saying the threat has been around for years.

In a press conference at Los Angeles International Airport, Homeland Security Secretary Jeh Johnson said the advisory was the type that we routinely issue in response to the latest intelligence.

Law enforcement officials, speaking anonymously, said the alert was based on new intelligence indicating that a shoe bomb may be used to blow up a U.S.-bound jetliner.

Homeland Security Ammo Purchases Have Decreased
03/10/2014

A watchdog report shows that the Department of Homeland Security has reduced its spending on ammunition by more than 43 percent since 2009, allaying recent concerns that the agency was increasing its stockpile during a time of government austerity.

The Government Accountability Office analysis, released Thursday, said DHS spent $19.2 million on ammunition in 2013, compared to $33.8 million in 2009. The number of rounds the agency bought during those years also declined from 133 million to 84 million, representing a drop of nearly 37 percent.

WhatsApp Security
03/07/2014

The Facebook deal for WhatsApp drew attention for its whopping price tag, but has also brought out fresh criticism over security for the billions of messages delivered on the platform.

WhatsApp, which is to be acquired for $19 billion, says on its website that communication between your phone and our server is fully encrypted.

The company warns users need to be aware that when they send messages, the recipient's device may not be secure. But it says it does not store any chat history and that messages are wiped off its system after delivery.

Yet security researchers and others point out that there may be vulnerabilities in the system used by some 450 million people globally.

Syria Resolution
03/06/2014

The UN Security Council on Saturday adopted a unanimous but non-binding resolution calling for humanitarian aid convoys to be allowed access across war-torn Syria, but diplomats immediately voiced doubt about its effectiveness.

Syrias staunch ally Russia, with support from China, has blocked three previous resolutions aimed at pressuring the Damascus regime since the crisis began in March 2011, with an estimated half of all Syrians urgently awaiting immediate help.

But Moscow and Beijing, two of the five permanent Security Council members, did not do so this time, sending a strong message to President Bashar al-Assad, whose regime is accused of serious rights violations in attempting to hold on to power.

Energy Security
03/05/2014

New York Sen. Charles Schumer said Sunday he is calling on two federal agencies to create and enforce stronger security standards at electrical power plants across the nation.

Earlier this month, The Wall Street Journal reported that PG&E Corps Metcalf transmission substation in southern California was attacked by snipers.

The gunmen knocked out 17 transformers tasked with delivering power to Silicon Valley on April 16. A former chairman of the Federal Energy Regulatory Commission, John Wellinghoff, called it the most significant incident of domestic terrorism involving the grid that has ever occurred in the U.S.

Google Bought SlickLogin
03/04/2014

Google acquired SlickLogin, an early-stage Israeli startup that had been developing alternative web-login options, the company announced Sunday. Terms of the deal were not immediately disclosed.

Started by three graduates from the Israel Defense Forces, SlickLogin was working on a way to let users log in to particular websites on their computer by holding up their phones in front of it. The startup, which was less than 6 months old, had yet to release a commercial product or raise funding.

White House Puts Out Critical Infrastructure Security Guide
03/03/2014

Remember that cybersecurity bill that failed to pass two years ago? Not many people do.

The bill failed largely because John McCain, the Republican senator from Arizona, the United States Chamber of Commerce and others opposed it on grounds that it would be too onerous for the private sector.

The failed bill was intended to do two things. One, it would have provided for information-sharing about cyberthreats between the government and the private sector. Two, it would have set minimum security standards for the companies that oversee the nation’s critical infrastructure like dams, electrical grids, mobile towers and financial institutions.

The bill ended in a Republican filibuster in August 2012, forcing the White House to issue a watered-down executive order last year. The order made it voluntary for companies that oversee critical infrastructure to join an experimental cyberthreat sharing program, and also set up recommendations — a far cry from mandatory standards — that companies can follow to prevent attacks.

Global Health is a Security Concern
02/28/2014

Eleven years ago this week, the world faced the outbreak of Severe Acute Respiratory Syndrome, or SARS, a new epidemic that infected some 8,000 people, took the lives of 775 individuals, and inflicted $30 billion in damage to regional economies.

The emergence of SARS was a wake-up call for the World Health Organization and its members, including the United States. The world had to do more to prevent, detect and respond to new biological threats.
This is not just a health challenge; it is a security challenge as well.

Cyber Attacks on Lawfare Website
02/27/2014

Many Volokh Conspiracy readers, I imagine, have probably heard of the national security law and policy website Lawfare, or perhaps have read it occasionally.  It has emerged as the most important, go-to site for national security law and policy, widely followed by journalists, academics, and government officials, particularly in the Defense Department and intelligence community.  It has helped inspire some of the other leading websites offering commentary on national security law – Just Security, for example.  

What Lawfare has not done, however, is find deep pockets or lavish funding or, really, much funding at all.  The  Brookings Institution, where the Lawfare editor-in-chief, Benjamin Wittes, is a senior fellow, offers some modest in-kind support, but otherwise it is dependent on individual donations and small amounts of  institutional funding to pay the web hosting and related costs.  Its technical design, security, and graphic features are very much off the shelf, and although more money would help introduce new and more sophisticated features, at bottom it is a wonks website, driven largely by written content that not very many internet surfers would find interesting.

As readership increases, however, and as a site like Lawfare tries to cover topics – the military commissions trials, for example – that require sustained commitment by expert professionals, etc., costs rapidly increase.  And the off-the-shelf design can leave the site potentially highly exposed in an important matter – cybersecurity.

Hackers Took Info
02/26/2014

Hackers stole Kickstarter user data, but payment info was left untouched. Kickstarter has confirmed that it was the victim of a security breach earlier in the week. The crowdfunding website announced in a statement that data including email addresses, phone numbers, usernames and encrypted passwords were stolen during the breach.



Current Blog

2014 Security Blog Archive
March Archive
Jan & February Archive

2013 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2012 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2011 Security Blog Archive

December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2010 Securty Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2009 Securty Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2008 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
July-August Archive
May-June Archive
April Archive
March Archive
February Archive
January Archive

2007 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2006 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive


Security Alerts
Locate security alerts, and security feeds via a security rss feed directory.