Security Port

Security Forums
Security Articles
Security Port Blog
Security Blogs
Security Books
Security Glossary
Security Definitions
Security Directories
Security Wikis
Security Tradeshows
Security Newsletters
Security Alerts
Buyers Guides
Security Newsgroups
Security Organizations
Submit Security Sites
Security Magazines
Security Feeds
Security News
Security Software
Security Products
Search Databases


Security Port
Contains relevant information that pertains to security related issues and solutions.

Security Port

A Security Port Blog

 
Venezuela a Security Concern?
03/31/2015

The United States declared Venezuela a national security threat on Monday and ordered sanctions against seven officials from the oil-rich country in the worst bilateral diplomatic dispute since socialist President Nicolas Maduro took office in 2013.

U.S. President Barack Obama signed and issued the executive order, which senior administration officials said did not target Venezuela's energy sector or broader economy. But the move stokes tensions between Washington and Caracas just as U.S. relations with Cuba, a longtime U.S. foe in Latin America and key ally to Venezuela, are set to be normalized.

CyActive Acquisition
03/30/2015

PayPal — soon to be spinning off from parent company eBay — today confirmed its latest acquisition and operational move to build out its payment technology as a standalone business, and provide better protection in the growing problem of online security in e-commerce. It is buying CyActive, a specialist in predictive malware detection based out of Israel. It will also use the company’s operations to kickstart a larger security hub in the country.

Another CyberSecurity Flaw
03/27/2015

ust when you thought it was safe to use your computer again after last year's Heatbleed, Shellshock and other computer bugs that threatened your security and just as I predicted in my column of Dec. 20, 2014, researchers have discovered yet another security flaw that threatens millions of Internet users.

This one goes by the clever acronym FREAK which stands for Factoring Attack on RSA-EXPORT Keys. This bug affects SSL TLS protocols used to encrypt data as it is transmitted over the Internet and potentially puts at risk private information sent over the Internet including passwords, banking and credit card information. To better understand FREAK, it is necessary to go back to restrictions of a maximum of 512-bit code encryption from the early 1990s used in software to be sold abroad.

The reason for this was that the federal government wanted to make it easier for federal intelligence agencies to spy on overseas software users. Following much criticism and protest by the technological community, these restrictions were ended. However, many software developers continued to use the weaker encryption.

When you use the Internet, your computer communicates with your server on how best to protect your data. Due to the FREAK flaw, some software, including Apples Secure Transport, can be manipulated into accepting the weaker encryption program, which can then be hacked by a sophisticated hacker to steal your data.

OpenSSL
03/26/2015

Funding from the Core Infrastructure Initiative has helped the maintainers of OpenSSL, one of the Internet’s most-deployed pieces of open source software, begin to get the crypto implementation on its feet.

Despite its ubiquity, OpenSSL has historically been under-funded and under-resourced, though no one outside those close to the project knew how dire the situation was until Heartbleed and other Internet-wide bugs started experts looking closely at the security of open source software.

With funding from CII and other corners of the Internet, full time help has been hired to maintain the regular flow of patches and feature upgrades, and since last spring, get the code base ship-shape for a full-fledged security audit.

Threshold Signatures: The New Standard for Wallet Security?
03/25/2015

A group of researchers from Princeton University, Stanford University and the City University of New York, have announced a new ECDSA threshold signature scheme that is particularly well-suited for securing Bitcoin wallets.

Bitcoin wallets often are attacked by increasingly sophisticated cyber thieves. Coupled with the irreversibility of bitcoin transactions, that poses important security problems that decrease user confidence in Bitcoin and could prevent the digital currency from going mainstream if no robust and simple solution is found.

Health Care Security
03/24/2015

While federal regulators flesh out details of a 10-year roadmap for electronic health record interoperability, which would pave the way for national data exchange, five GOP senators are demanding that more attention be paid to the plans for security and privacy of patient data as it's shared among healthcare providers .

In a recent blog appearing in Health Affairs, co-written by Republican Senators Lamar Alexander of Tennessee, Richard Burr of North Carolina, Mike Enzi of Wyoming, Pat Roberts of Kansas and John Thune of South Dakota, the lawmakers question whether American taxpayers are getting a return on the $35 billion investment that the HITECH Act has made in promoting the adoption of EHRs.

The Security Download: Anticipating Cyberattacks with Machine Learning
03/24/2015

Artificial intelligence and machine learning are playing a larger role in cybersecurity, which can in theory help companies identify risks and anticipate problems before they occur. The idea is to create software that can adapt and evolve to combat ever-changing attack strategies, or identify patterns of suspicious behavior.

Traditional security mechanisms have leveraged rule, pattern, signature and algorithm-based approaches to detect threats, and that is a problem, according to Paul Stokes, CIO of the University of Victoria in British Columbia.

Hundreds of ID Badges Missing
03/23/2015

Hundreds of ID badges that let airport workers roam the nations busiest hub have been stolen or lost in the last two years, an NBC News investigation has found.

While experts say the missing tags are a source of concern because they could fall into the wrong hands, officials at Hartsfield-Jackson Atlanta International Airport insist they do not pose a significant security threat.

The wayward badges came to light when NBC-DFW asked airports across the country to reveal how many of them were unaccounted for. Only one, Atlanta, provided numbers before the Transportation Security Administration blocked the release of more data.

Group Claiming Links to Isis Hacks Small Business Websites
03/20/2015

The FBI is investigating the hacking of a number of small business websites in the US and Europe by people claiming to be affiliated with Islamic State (Isis).

The Isis logo appeared on the landing pages of the targeted websites along with the message: Hacked by Islamic State (Isis). We are everywhere.

Cyber Security Tips Not Realistic
03/19/2015

As a young and idealistic researcher, one of the most painful lessons for me to learn was this: In real life, not everyone is able to follow best-case security recommendations.

This is especially true for the 46.5 million people in the US living under the poverty line. For many of them, even getting Web access means using open and insecure wireless networks and logging in with shared computers in pubic libraries. For Americans applying for government assistance, they often have to reveal sensitive personal data on websites that are not well protected.

Google releases Cloud Security Scanner
03/18/2015

Google today released a tool to make scanning for vulnerabilities on its cloud platform more effective, an aptly named Google Cloud Security Scanner.

Although several security scanners already exist for Web applications, Google says these are typically not very well suited to those that run on the Google App Engine – theres a tendency to report false positives and setup can be more complicated than necessary.

Options Traders Bet on Cyber Security
03/17/2015

A barrage of damaging cyber attacks has shaken up the security industry, and traders in the options market are betting on cyber security companies benefiting from increased spending as governments and businesses boost security.

Cyber security has become a major concern for U.S. firms with recent high profile data breaches reported at Sony Pictures Entertainment, Target Corp, Home Depot Inc, and most recently at health insurer Anthem Inc.

Analysts see Cyber security companies FireEye Inc and CyberArk Software Ltd benefiting from increased spending on security.

Cybersecurity: Tackling the Threat from Within
03/16/2015

The firewalls, anti-virus software, mail-filters and other digital defences used across the business world are generally looking for external threats.

But what if the bad guys are on the inside?

What if your own employees are seeking to defraud your company by diverting cash, copying the customer database, or stealing sales leads?

More than half of all people seeking to defraud a company are inside the fortress, suggest figures from consultancy PWCs Global Crime Report.

That figure has risen steadily over the past few years, the firm says, adding that it now seems to be younger staff who are spearheading the trend.

The same survey also saw a change in the nature of fraud. Now, criminals are as likely to indulge in procurement fraud - making false company purchases, for example - as they are to steal cash or data.

How to Up Your Cyber Security
03/13/2015

The average cost to a U.S. business of a lost or stolen record containing customer information is $201, according to the 2014 Cost of Data Breach Study conducted by the Ponemon Institute for IBM. The most expensive incidents are due to malicious attacks, not to human error or process failure. That’s a problem for your business.

Mega-retailer Target may have had to pay cash to counter its late-2013 data hack, which reportedly affected up to 110 million customers, but it was lucky. Similar breaches have resulted in the destruction of companies.

JP Morgan Taking Security Seriously
03/12/2015

JPMorgan Chase is not taking cyberthreats lightly. On the contrary, it has chosen to respond to them with military-grade strength when it comes to staffing its new cybersecurity unit.

In June of last year, the company suffered a massive breach of its computer network where hackers stole the names, addresses, and email addresses of 83 million individuals and small businesses. As recourse, JPMorgans security chief James Cummings has implemented a comprehensive security operation with a focus on staffing it with ex-military officers, Bloomberg reported.

Agriculture Giants Boost Cybersecurity to Shield Farm Data
03/11/2015

Agriculture companies are building sturdier digital fences to fend off cyberattacks that industry officials say are increasingly targeting the sector.

Companies including Monsanto Co. and Deere & Co. are investing more in cybersecurity as the farming business grows more datacentric, with satellite-steered tractors and algorithm-driven planting services expanding across the U.S. Farm Belt, executives said at an industry event Thursday.

Seed and chemical companies have long guarded their technology with patents and security measures, but the expanding array of farm-level data collected by high-tech combines and other farm equipment in recent years has increased concerns that the sector will become a bigger target of hackers.

Superfish
03/10/2015

Superfish is basically your run-of-the-mill adware software, but with some big security holes. Lenovo pre-installed it on some computers sold between October 2014 and December 2014, but any Windows computer can be infected. At its core, Superfish is meant to place advertisements in your web browser. The problem is that the software also intercepts encrypted traffic, which opens up your computer to man-in-the-middle attacks.

Good Tech vs Bad Tech
03/09/2015

In the corporate world digital defences are being overwhelmed alarmingly often. A string of recent high-profile intrusions by hackers, ranging from the devastating cyber-attack on Sony Pictures Entertainment to the news this week that crafty hackers had pilfered large sums of money from banks in Russia and elsewhere, have propelled cyber-security to the top of boardroom agendas.

Home Security Not So Secure
03/06/2015

Home security systems are supposed to make people safer. But as 7 On Your Side found out, it does not take much to hack in and foil a system.

7 On Your Side spoke with a hacker who tested 16 smart security systems, connected smoke alarms and thermostats and he found weaknesses in every single one.

This is how an alarm system is supposed to work. Someone breaks into your home and sets off the alarm. The crook is caught on video. But Colby Moore is a professional hacker and his job is to expose vulnerabilities.

Lenovo Pulls Laptop After Security Warnings
03/05/2015

Lenovo Group Ltd. is working quickly to wipe all traces of an app it had preinstalled on some consumer laptops, responding to security researchers warnings that the app could give attackers a way to steal people’s encrypted Web data or online passwords.

The company said on Thursday that it stopped shipping computers with the Superfish adware in January—a practice it had begun in September—and that it will not preload this software in the future. Lenovo also said Superfish had been disabled on systems that already had it installed. The company said it could not say how many machines were affected.

Lenovo, the worlds biggest seller of PCs, intends to distribute software that will delete any Superfish app data from laptops on which it had been installed.

TrueCrypt Security Audit
03/04/2015

An effort to search for cryptographic flaws in TrueCrypt, a popular disk encryption program, will resume even though the software was abandoned by its creators almost a year ago.

For years TrueCrypt has been the go-to open-source tool for people looking to encrypt files on their computers, especially since it’s one of the few solutions to allow encrypting the OS volume.

In October 2013, cryptography professor Matthew Green and security researcher Kenneth White launched a project to perform a professional security audit of TrueCrypt. This was partly prompted by the leaks from former U.S. National Security Agency contractor Edward Snowden that suggested the NSA was engaged in efforts to undermine encryption.

Kids Get Hurt by Anthem Security Breach
03/03/2015

Children are at particular risk of identity theft because their information is more valuable to criminals. Because there is no history and typically no previous credit applications, it is far easier to fraudulently create identities. The criminals, who will likely have purchased the information from the original hackers, can use the identities whole or take the critical Social Security numbers and match them with other names and addresses, creating synthetic identities.

What Would Happen if the Department of Homeland Security Shut Down?
02/21/2015

Any type of government shutdown—even if only of a single agency—has real and significant consequences. But many of the politicians who talk about these consequences use the kind of hysterical rhetoric that suggests a shutdown would result in ISIS setting up a new branch office in El Paso, Texas.

Box Security
03/02/2015

Box, a cloud-based data storage and collaboration company, hopes it has solved one of the last great impediments to businesses going fully online.

On Tuesday, the company announced a technology that adds another layer of data encryption to its service. The idea is to put in new kinds of protection from hackers and snoops. If it works, regulated industries like finance and healthcare might move their data from locally maintained computers to Boxȗs machines, which are accessed via the Internet to office computers and mobile devices.

Companies send fake phishing emails to test security
02/27/2015

The next phishing email you get could be from your boss.

With high-profile security breaches on the rise, from Sony Pictures to Anthem, companies are on the defensive. And they want to make sure their employees are not a hack waiting to happen.

Data show phishing emails are more and more common as entry points for hackers. Unwittingly clicking on a link in a scam email could unleash malware into a network or provide other access to cyberthieves.



Current Blog

2015 Security Blog Archive
April Archive
March Archive
February Archive
January Archive

2014 Security Blog Archive
November / December Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
Jan & February Archive

2013 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2012 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2011 Security Blog Archive

December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2010 Securty Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2009 Securty Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2008 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
July-August Archive
May-June Archive
April Archive
March Archive
February Archive
January Archive

2007 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2006 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive


Security Alerts
Locate security alerts, and security feeds via a security rss feed directory.