Security Port

Security Forums
Security Articles
Security Port Blog
Security Blogs
Security Books
Security Glossary
Security Definitions
Security Directories
Security Wikis
Security Tradeshows
Security Newsletters
Security Alerts
Buyers Guides
Security Newsgroups
Security Organizations
Submit Security Sites
Security Magazines
Security Feeds
Security News
Security Software
Security Products
Search Databases


Security Port
Contains relevant information that pertains to security related issues and solutions.

Security Port

A Security Port Blog

 
Windows XP Is the Newest Dinosaur
07/31/2013

Microsoft will no longer provide updates and security patches for Windows XP as of April 8, 2014, so the tech giant and its partners are now trying to get users off the ancient operating system.

The Computer Emergency Response Team-India is one the latest important names that joined Microsofts efforts to move consumers to a newer platform.

The end of support of Windows XP Operating System means that Microsoft will not provide security updates, non-security hotfixes, free or paid assisted support and any online technical support for the Windows XP, CeRT-IN said in a security advisory according to Business Standard.

Security for Small Businesses
07/31/2013

If your small-to-midsized business is like most, you're playing a game of chicken with cyber-criminals. You probably know that your defenses probably are not able to repel today's sophisticated, persistent attacks, yet you hope that you will be overlooked.

IT security is complex, and security professionals are mired in a nonstop arms race against cyber-criminals. It is easy to read headlines and think, If the DoD can be penetrated, how am I going to ward off would be attackers?

True enough, but there's an old security maxim to keep in mind: You do not have to have the most secure house on the block; you just have to have better security than your neighbors.

Tumblr Password Reset
07/30/2013

Tumblr urged users to download an important update for its iOS apps on Tuesday, after a security vulnerability put passwords at risk.

Unisys to Help Border Security
07/29/2013

U.S. border security systems will be operated, managed and enhanced by Unisys Corp. under a contract from the U.S. Department of Homeland Security.

The indefinite-delivery/indefinite-quantity award from DHS' Border Enforcement and Management Systems Program Office is for a five year period -- one base year of performance and four one-year option periods -- and has a ceiling value of $460 million.

The award represents new work that significantly builds upon Unisys' success as an industry partner to Customs and Border Protection for more than a decade, the company said.

complete article

Test Your Security Smarts
07/26/2013

Some people would have you believe that simply turning on your Android cell phone puts you at risk, while others think that mobile security is just a cash grab run by a cabal of security companies. The truth is somewhere in the middle: mobile security software can help you stay safe, but so can knowing what the dangers face the Android user. Do you have the mobile security know-how to pass our quiz?

While Android users enjoy more freedoms with their phones than Apple allows, that does leave them vulnerable to malicious software and a host of other threats. Surprisingly, malware has not been the biggest threat and Google has managed to keep their Play store relatively safe. Third-party stores, particularly those outside the U.S., have become havens of malicious apps.

complete article

Benghazi Survivors Asked to Sign Non-Disclosures
07/25/2013

Rep. Frank Wolf, R-Va., is calling on the Obama administration to explain why the survivors of last years deadly attack in Benghazi, Libya, were reportedly asked to sign non-disclosure agreements that prevent them from talking about the attack.

In a letter to Secretary of State John Kerry, Defense Secretary Chuck Hagel and CIA Director John Brennan, Wolf said his office has received reports that some survivors of the attack were asked to sign the confidentiality agreement as recently as this summer.

Google Offices Hacked
07/25/2013

Two hackers from Irvine gained access in April to the air conditioning and water systems of a Google Inc. office in Sydney, Australia.

Because Google had failed to install a security patch to a software program that remotely tracks and controls building systems, the hackers could have easily raised the office's temperature to an unbearable level or caused water pipes to burst by increasing pressure.

Luckily for Google, the hackers were working for Cylance Inc., an Irvine company that has been grabbing headlines for uncovering security holes that could allow malicious hackers to do serious damage to crucial infrastructure such as hospitals, oil pipelines and banking systems.

TSA Security Lines
07/24/2013

The U.S. Transportation Security Administration for the first time will let travelers apply directly for expedited airport screening to avoid lanes requiring shoe removal and laptop checks.

In the agencys biggest expansion of eligibility for its PreCheck program, U.S. air travelers will be able to apply online or at airports for access to speedier security lanes. PreCheck was previously restricted to frequent fliers nominated by airlines or enrolled through U.S. Customs programs for international travelers.

3rd Party Security Fix for Android
07/22/2013

Almost two-weeks after Bluebox Security announced a vulnerability in Android's security model that could enable attackers to convert most Android applications into Trojans, and more than a week after Google released the fix for it, the vast majority of Android OEMs has yet to patch the hole. So, Duo Security and Northeastern Universitys System Security Lab (NEU SecLab) have released an app, ReKey, which fixes it for you.

Security Outsourced
07/21/2013

The company with the biggest share of contracts is under a federal investigation into possible criminal violations involving its oversight of background checks, officials familiar with the matter told The Associated Press.

Even with fresh congressional scrutiny, the federal government appears wedded to the incumbent screening system. Nearly three-quarters of the governments background checks are done by private companies, and of those, more than 45 percent are handled by the U.S. Investigations Services, or USIS, according to the U.S. Office of Personnel Management, the agency overseeing most of the governments background checks.

Security and Privacy
07/20/2013

A mystery gunman who allegedly fired 700 road-rage-inspired bullets at German drivers during the past five years was finally arrested in late June. Digital sleuthing was credited with ending the reign of driving terror. Germany’s E-ZPass-like system is off-limits to law enforcement, so police set up a temporary network that tracked license plates on the road and used the data to catch the suspect.

While the arrest has been celebrated, civil rights advocates have complained that thousands of innocent drivers were also caught up in the police dragnet, and have questioned its legality. The argument might sound absurd to American ears — would Germans really rather be shot at than have their license plates recorded? — but Germans are more sensitive to government overreach than Americans. A rabid debate about security and privacy has begun.

Database Security Breaches
07/19/2013

Digital warfare and worldwide cyberattack rates are on the rise, and protection on corporate networks is even more crucial.

Databases are a key target for cybercriminals due to the often valuable nature of sensitive information locked away inside. Whether the data is financial or holds intellectual property and corporate secrets, hackers worldwide can profit from breaching a businesses' servers and plundering databases.

According to a new report issued by Dark Reading, there are a number of key security failures that cybercriminals take advantage of. However, it is often the staff of an enterprise — database developers, administrators and the like — who create the environment necessary for attacks to gain access to data.

Cyber Security Can Make or Break a Business
07/18/2013

Hackers have attacked news organizations, social media sites, major corporations, and government agencies, accessing private documents and personal information. Corporations must develop a proactive strategy so they are not forced to react when there is a threat or security breach, say the researchers.

The cost to a corporation or the customer if hackers gain access to secure information is one factor to consider. With the growing demand for digitally shared data and information, security can no longer be viewed as just a necessary cost of business

Mobile Security
07/17/2013

BlackBerry today rolled out a new security option for BlackBerry Enterprise Service 10 that will let those with iOS and Android smartphones separate their work and personal information.
The move comes as more and more people use their personal smartphones for work-related activities. With Secure Work Space, employees no longer have to have a BlackBerry for work and an iPhone or Galaxy S 4 for home.

From an iOS or Android device, workers can tap into work documents without having to log on to VPN, including integrated email, calendar and contacts, and a secure browser for access to a company intranet.

What is Your Gmail Account Worth?
07/16/2013

The brainchild of researchers at the University of Illinois at Chicago, Cloudsweepers account theft audit tool scans your inbox and presents a breakdown of how many accounts connected to that address an attacker could seize if he gained access to your Gmail. Cloudsweeper then tries to put an aggregate price tag on your inbox, a figure thats computed by totaling the resale value of other account credentials that crooks can steal if they hijack your email.

Privatization of National Security
07/15/2013

The story of Edward Snowden and how he got to be in a position where he could leak details of the National Security Administration’s (NSA) surveillance program is revealing a great deal about the privatization of our national security system. Much of what we are seeing is not pretty.

It turns out that even the background check that provided the basis for Snowdens security clearance was done by a private contractor. USIS, a company based in northern Virginia, did the background check on Snowden and many other people with security clearance.

Where is the oversight?

In the last two decades, private corporations have come to play a large role in a wide range of national security tasks. This is troubling since private companies are answerable to their shareholders, not the general public.

How to Protect Digital Content
07/12/2013

Just like writers, photographers, and other creative artists have learned, protecting content is one of the primary struggles that webmasters face on a daily basis. It takes time and talent to develop quality content, and there are few things more frustrating than to discover that your content has been poached by another website.

There are a number of actions that webmasters can take to proactively protect their work from being used without authorization by people on the web who are simply looking to cut corners. Take the following steps to proactively guard your content...

How to Protect Digital Content

Cruise Ship Security
07/11/2013

A cruise ship is akin to a se­cure build­ing open 24 hours a day. So nat­ural­ly, there are se­cu­ri­ty rules and reg­ula­tions that need to be fol­lowed. You can not get aboard a cruise ship these days with­out prop­er doc­umen­ta­tion, es­pe­cial­ly in a post-9-11 en­vi­ron­ment where the pos­si­bil­ity of a ter­ror­ist at­tack is some­thing cruise lines take very se­ri­ous­ly and have even planned for. Once you're on­board, as a pas­sen­ger you will be briefed on what to do in the event of an emer­gen­cy — even one not qui­te as se­ri­ous as the Cos­ta Con­cor­dia dis­as­ter in 2012. There are al­so re­quire­ments when you go ashore in for­eign coun­tries and rules that need to be fol­lowed when you're wel­comed back to the U.S. Ig­nor­ing any of this can mean has­sles, if not dan­ger.

Cruise Doc­uments:

No more than a week be­fore your cruise (typ­ical­ly a month be­fore) you willl ei­ther re­ceive your print­ed cruise doc­uments in the mail —in­clud­ing your air tick­et and trans­fers if you booked through the cruise line — or be di­rect­ed to print all that on­line. The num­ber of doc­uments you will re­ceive varies; con­sult your line's web­site to make sure you got ev­ery­thing you need.

Security Clearance
07/10/2013

The United States is biding its time in its effort to get fugitive leaker Edward Snowden delivered to its custody, hoping that Russia wearies of him and Ecuador decides against granting him asylum, senior U.S. officials said Wednesday.

Snowden, the former National Security Agency computer contractor who exposed details of U.S. surveillance programs, faces espionage charges if shipped back home.

Executive Security
07/09/2013

The SEC is getting pretty explicit about information security risk. You have to identify it, you have to declare it, and you have to manage it.The problem is, a lot of the CEOs I talk with have no clue what they are accepting when they sign off on information security risk.

Sometimes, they blindly accept the cryptic recommendations from their chief information security officers.  Sometimes, their guts tell them there may be a problem, but they do not know which questions to ask to figure out what is really going on.  In both cases, I think it is a problem that senior business managers are accepting risks they do not fully understand.  How can this represent the best interests of your stakeholders?

Bug Bounty
07/08/2013

Microsoft said today it will pay up to $100,000 to security researchers who find and report novel methods for bypassing the security built into the latest version of the company’s flagship operating system. Researchers who go the extra mile and can also demonstrate a way to block the new attack method they have reported can earn an extra $50,000.

The bug bounty program is a remarkable shift for a company that has for the most part eschewed paying researchers for finding security vulnerabilities in its products. But unlike tech giants like Facebook, Google, Mozilla and Twitter — which have for some time now offered bounties ranging from a few hundred to several thousand dollars to researchers who report bugs in their products or Web properties — Microsoft is reserving its reward money for research on products that are still in beta.

Fraud in Security Checks
07/05/2013

The process of conducting background checks for national security clearances is riddled with extensive fraud that can not be adequately combatted, a government watchdog is set to tell a Senate subcommittee Thursday.

The clearance system has come under increased scrutiny after Edward Snowden, a government contractor with such a clearance, leaked information about government surveillance programs to the press.

Balancing Security and Privacy
07/04/2013

Under fire for authorizing expansive secret surveillance programs, President Obama selected James B. Comey as his new F.B.I. director on Friday, choosing a lawyer best known for refusing to sign off on a private data collection plan in the Bush administration.

Obama Meeting with Security Watchdog Group
07/03/2013

President Barack Obama will meet with a national security watchdog Friday afternoon, in an attempt to reassure them over the recent National Security Agency surveillance scandal.

Obama will sit down with the Privacy and Civil Liberties Oversight Board, a five-person independent agency that has been largely dormant since 2008, Reuters reported.

It held its first full-fledged meeting on Wednesday after the Senate confirmed David Medine as its chairman last month.

Five Essential Security Measures
07/02/2013

Paranoia—in small doses—is an excellent preventive medicine. If you think your business is too small to be a target for hackers, identity thieves, and similarly unsavory characters, you’re dangerously underestimating the value of your business.

IT security might seem to be a daunting prospect for a small business without an expert staff, a large budget, or expensive consultants, but you can take a number of easily implemented measures to lock down the personal computers your business relies on. Here are five simple security tips you should implement today.

Microsoft Bug Bounty
07/01/2013

Microsoft has recently announced a bug bounty program for Windows 8.1 Preview and Internet Explorer, offering rewards of up to $100,000 for those who find security flaws in these two products.

Of course, this attempt is specifically supposed to help the tech giant make its future software solutions a bit more secure, especially because Windows 8.1 is going to be a major overhaul for the existing Windows 8.

Cyber Cooperation
06/30/2013

The United States and Russia will exchange cyber-threat data as part of an information-sharing program to increase cooperation between the two countries on cyber-security issues.

At the G-8 Summit earlier this week in Northern Ireland, Russia and the U.S. agreed to improve communications regarding their cyber-security activities to reduce the possibility that a misunderstood cyber incident could create instability or a crisis in our bilateral relationship, the White House said in a fact sheet released Monday. The two countries will begin sharing threat data on a regular basis within the next month.



Current Blog

2013 Security Blog Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2012 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2011 Security Blog Archive

December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2010 Securty Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2009 Securty Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2008 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
July-August Archive
May-June Archive
April Archive
March Archive
February Archive
January Archive

2007 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2006 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive


Security Alerts
Locate security alerts, and security feeds via a security rss feed directory.