Security Port

Security Forums
Security Articles
Security Port Blog
Security Blogs
Security Books
Security Glossary
Security Definitions
Security Directories
Security Wikis
Security Tradeshows
Security Newsletters
Security Alerts
Buyers Guides
Security Newsgroups
Security Organizations
Submit Security Sites
Security Magazines
Security Feeds
Security News
Security Software
Security Products
Search Databases


Security Port
Contains relevant information that pertains to security related issues and solutions.

Security Port

A Security Port Blog

Intel Security Guru Says Regulating Encryption Is Difficult
03/30/2016

Encrypting digital data should not be considered a moral issue of good and evil. Rather, it is a nuanced legal issue that may not be covered under existing law.

Thats one of the takeaways from a discussion about cybersecurity and data with Steve Grobman, the chief technology officer for Intels security group. Grobman explained during the Structure Data conference in San Francisco on Thursday that encryption is really just complex mathematics, which makes it a difficult thing to legislate.

Tips When Running a Security Company
03/28/2016

The dump, in a hacker e-zine format, begins with a note from the attacker. Sarcastically titled TIPS WHEN RUNNING A SECURITY COMPANY, it details the security holes found during the breach:

Use one root password for all the boxes
Expose PDUs [power distribution units in server racks] to WAN with telnet auth
Never patch, upgrade or audit the stack
Disregard PDO [PHP Data Objects] as inconvenient
Hedge entire business on security theatre
Store full credit card info in plaintext
Write all code with wreckless [sic] abandon

Wells Fargo Eye Scanning
03/26/2016

Eye scanners have long been the stuff of sci-fi and action flicks, safeguarding everything from classified data to secret lairs.

Soon, though, they'll be used in the real world to protect something more mundane: your bank account. Or, more precisely, your company's much larger one.

Starting this summer, San Francisco banking giant Wells Fargo & Co. will let corporate clients sign in to the bank's commercial banking app using either an eye scan [pictured above] or a face- and voice-recognition system.

Android Security
03/24/2016

Highlights of the March 2016 Android Security Update

There are 16 issues in the update: 6 are Critical, 8 are High, and 2 are Moderate. The vulnerabilities I list below illustrate the variety of fixes Google has patched this month.

Critical vulnerabilities

The security updates range from privilege vulnerabilities, remote code execution vulnerabilities, remote denial of service vulnerabilities, and mitigation bypass vulnerabilities.

The most critical issue was remote code execution vulnerabilities in Mediaserver and libvpx. The flaw could have allowed a third party to use MMS media or browser playback media to execute malicious code on either a smartphone or a tablet. Google has released fixes for all iterations of Android, going back to 4.4.4.

Elevation of Privilege in Conscrypt: This vulnerability could allow a specific type of invalid certificate (one issued by an intermediate Certificate Authority) to be incorrectly trusted. This particular vulnerability would allow man-in-the-middle attacks, as well as an elevation of privilege and remote arbitrary code execution.

Elevation of Privilege Vulnerability in MediaTek Wi-Fi Kernel Driver: The Wi-Fi kernel driver contained a vulnerability that could enable a local malicious application to execute arbitrary code within the kernel, thus allowing elevation of privilege.

Chrome Update Patches Some Major Security Vulnerabilities
03/22/2016

This week, Google released the latest stable update for its Chrome browser addressing three high priority security vulnerabilities. Version 49.0.2623.87 of Chrome is available now for Windows, Mac and Linux computers, and although Google is not willing to discuss the fixes in detail, a recent blog post explains the basics of the bu

IRS Shutdown Identity Protection PIN Tool
03/20/2016

The IRS has issued a notice about the temporary suspension of use of its Identity Protection PIN tool. According to the notice, the use of the IP PIN tool on the IRS.gov site has been suspended as part of its ongoing security review. It has announced a possible security breach.

A recent attack on the website that resulted in the breach of an IRS contractors system—exposing 101,000 taxpayers Social Security numbers and other data—prompted an IRS security review. The IRS designed the Identity Protection PIN tool to safeguard people at higher risk of becoming the victims of fraud because of sensitive personal information leaked in commercial data breaches, by providing them an additional layer of security. Instead, the tool was being used by the scammers for the very purpose of identity theft.

Hackers Breach Ku Klux Klan Website
03/18/2016

A website run by the Ku Klux Klan has been downed as part of what appears to be a significant breach of its host and security provider Staminus. The company, which promises to protect users from distributed denial of service (DDoS) attacks, was exposed by a crew going by the name of FTA, which leaked data online yesterday.

Dumped information included customer contact details and password hashes (the result of taking the plain text password on running it through a one-way algorithm to garble the text). The hackers also claimed to have accessed unencrypted credit card details, though FORBES could not verify that claim.

Where European Countries Stand on Privacy Versus Security
03/17/2016

In the wake of the San Bernardino shootings that left 14 people dead and 22 others wounded, the debate over encryption between tech companies and law enforcement has reached a fever pitch in the US. The FBI wants Apple to help it crack into the iPhone of Syed Rizwan Farook who, along with wife Tashfeen Malik, carried out the ISIS-inspired attack in December.

Apple has refused, saying that its job is to protect the privacy of its customers. The company contends that the debate should not be framed as privacy or security, but privacy and security. With both sides digging in their heels, the case looks destined for the Supreme Court. Meanwhile, lawmakers in some European countries are taking new steps to broaden government access to big data.

European countries have different stances on digital security, but generally are more willing than the U.S. to grant governments access to personal data.

Security Problems in Prisons
03/16/2016

Correctional officers in state prisons may soon be using pepper spray to quell potential fights with and among inmates.

They are deploying portable metal detectors to better ferret out homemade knives.

And they plan to cut the use of canned goods in prison commissaries, thus denying troublemakers the use of sharp metal lids that can be turned into weapons.

Despite these increased security efforts, lawmakers had plenty of questions during a budget hearing Thursday for Acting Corrections and Community Supervision Commissioner Anthony Annucci.

Security Flaws in Fitness Trackers
03/14/2016

On February 2, 2016, cybersecurity researchers at the nonprofit organization Open Effect and the University of Toronto released a report called Every Step You Fake that outlined the privacy flaws of fitness trackers. The privacy issue isn not usually found in traditional trackers that only report their data on their own screen or a personal computer. Researchers studied eight wrist-style fitness trackers by well-known companies Apple, Basis, Fitbit, Garmin, Jawbone, Mio, Withings and Xiamoi and found that devices linked to mobile apps and online sync options posed the greatest security risk.

One huge flaw is that some devices offered zero encryption when sending data online making it incredibly easy for hackers to read and alter the data. The Bluetooth technology attached to most devices also emits signals that allow remote geo-tracking even when users are not trying to transmit data.

Lastly, the researchers found that many users automatically agree to privacy policies that undermine their privacy just by turning on these tackers. Some companies state in their privacy policies that they can share/sell user data, often in the form of non-identifying aggregate data, to third-parties that are interested in knowing a variety of information about their target audiences.

Apple is overdoing a security check by bricking peoples iPhones and iPads
03/11/2016

Apple is getting flack for a security check in recent iPhone and iPad models that can disable all use of a device when it has been fixed by a non-Apple-certified repair person.

Apple says this error is the result of a security procedure that checks whether a Touch ID sensor in the home button—which enables fingerprint recognition—has been tampered with.

How Mobile Technology Will Increase Stadium Security
03/09/2016

In the months and years following September 11, one of the most noticeable changes was the experience of going through an airport — longer lines, no liquids, taking off your shoes. What used to feel out of the ordinary is now expected.

After the tragedies in Paris targeting live entertainment venues, the Stade de France and Bataclan concert hall, the experience of attending a live event in the U.S. changed. The NFL increased police presence and the NBA and NHL both had new guards posted at the entrance to games.

Unfortunately, increased on-site security comes at a high cost to teams and the professional leagues; and the added lines and wait time can hurt the fan experience. Unlike the travel industry, where consumers have to endure the airport experience in order to travel by air, fans could easily choose to just stay home. The live event industry must then rethink its approach to security.

When Security Products make Systems less Secure
03/07/2016

There has been an increase in reports pf security products recently which make user systems less secure when they are installed, used or even just present on the system.

Many antivirus companies have added tools and products to their security programs in recent years to increase the perceived value of the product, add new features to them that users may find useful, and to add new revenue opportunities in form of custom search deals.

It is quite common for instance that companies deploy browser extensions on systems that change the search provider, new tab page or home page. Others have created custom versions of the Chromium browser to improve user security while the browser is being used, often calling these custom browsers secure or safe to indicate that.

Google started to analyze browser extensions and custom browsers recently and the results are quite disturbing.

The three custom Chromium-based browsers the company analyzed were found to weaken security instead of improving it

Do Not Be Hacker Bait: Do This One-Hour Security Drill
03/04/2016

Ask a hacker if your digital security is at risk, and the answer is always yes. You could hide in a mountain bunker lined with tin foil and twigs, and somebody still might drain your bank account.

1. Update Your Software
2. Fix your passwords
3. Encrypt your drives
4. Bolster your browser privacy
5. Conduct an app census

Cyber security expert in warning to Northern Ireland over education
03/02/2016

A cyber security expert says Northern Ireland could be at a disadvantage because pupils are not studying the best courses available.

It is estimated that cyber crime costs the local economy more than £100m a year.



Current Blog

2016 Security Blog Archive
March Archive
February Archive
January Archive

2015 Security Blog Archive
November / December Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2014 Security Blog Archive
November / December Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
Jan & February Archive

2013 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2012 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2011 Security Blog Archive

December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2010 Securty Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2009 Securty Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2008 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
July-August Archive
May-June Archive
April Archive
March Archive
February Archive
January Archive

2007 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2006 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive


Security Alerts
Locate security alerts, and security feeds via a security rss feed directory.