Cloud Security Strategy 05/16/2012

Intel Corp. and its subsidiary McAfee on Friday unveiled a cloud security strategy they hope will overcome enterprise security concerns about cloud computing by bringing together Intels hardware-based security with McAfees security software.

Security for Cloud 05/15/2012

Cloud computing has clearly sparked the imagination of business leaders, who see it as a powerful new way to be innovative and gain first-mover advantages — with or without traditional ITs consent. This simply now means that the center of gravity for IT services is shifting toward the enterprise’s boundaries – moving increasingly outside their firewalls. And so how can companies have it both ways — exploit clouds promise but also provide enough security to make the risks acceptable? How can organizations retain rigor and control while pursuing cloud benefits?

Apple Security 05/14/2012

Unless Apple changes its security update practice, nearly half of all Mac users will be adrift without patches sometime this summer. Apple will launch OS X 10.8, aka Mountain Lion, in the next few months, and then will -- baring a change in a decade-old habit -- stop serving patches to OS X 10.6, or Snow Leopard. Although Apple has never spelled out its support policy for older operating systems, it has always dropped an edition around the time it has two newer versions in play.

Cyber Security Cold War 05/13/2012

The cyber-security cold war is real and expanding. In December 2011, Bloomberg News reported that the networks of at least 760 companies, research universities, Internet service providers and government agencies were hit over the last decade by elite cyber spies who use a proverbial vacuum cleaner to suck IP out of organizations by the terabyte. Based on what is known of attacks from China, Russia and other countries, a declassified estimate of the value of the blueprints, chemical formulas and other material stolen from U.S. corporate computers in the last year reached almost $500 billion.

Privacy vs Security 05/12/2012

On the face of it, the Cyber Intelligence Sharing and Protection Act  that the U.S. House of Representatives just passed seems to address the long-held notion that encouraging private and public sector concerns to share security information will improve our general security. And while the goal of CISPA is noble and the need warranted even coveted by some enterprises looking for a way to share information while reducing legal liability, the devil is in the details, and unfortunately CISPA goes too far in terms of trading off our liberties.

Olympic Security 05/11/2012

So how seriously is the British government's commitment to Olympic security? Well, it's sailing the largest carrier in the British naval fleet, the H.M.S. Ocean, up the Thames to a berth in London to serve as a base for the operation -- one that will involve more than 13,000 soldiers and marines in the largest domestic mobilization since World War II.

Personal Privacy on Facebook 05/10/2012

It is not news that Facebook, the behemoth of social networking, is less than aggressive about protecting the personal privacy of its 900 million users. But even relatively savvy users may not be aware of how much of their information is collected, how it is used and how little control they may have over it. And with millions of workers now using social networking in their professional as well as personal lives, those privacy risks extend in a very big way to the enterprise.

Facebook used for Nightclub Security 05/09/2012

It is claimed to be a means to ensure underage party-goers are not able to enter the establishments, and as the majority of young people appear to own a social media account, nightclub security is also assuming that access to these accounts through mobile devices is possible. The process was undertaken in order to match her driving license to her Facebook profile, verifying that identification cards belonged to the individual.

FTC Fines for Safari Breach 05/07/2012

The Federal Trade Commission is apparently ready to fine search engine giant Google millions of dollars for using an invasive advertising cookie on Apples Safari browser, according to Consumer Watchdog, who filed a complaint in February with the FTC after Stanford Researcher Jonathan Mayer, who identified the breach. Bloomberg reported on Saturday that Google is in the process of negotiating with FTC about how big the fine could be. The report cited a person familiar with the matter, saying that the fine could amount to more than $10 million dollars.

Security Vulnerabilities 05/02/2012

Fewer security vulnerabilities have been reported on an annual basis since 2006, but that does not mean the threats are getting any less severe, according to Hewlett-Packard. Published on Thursday, HPs 2011 Top Cyber Security Risks Report tackles what kinds of security threats are growing and the possible ramifications if/when they get out of control. Although the disclosure of new vulnerabilities in commercial applications dropped by nearly 20 percent in 2011 from the previous year, nearly a quarter of all new vulnerabilities disclosed in commercial applications in 2011 were rated as quite severe.

SBA Security 05/01/2012

Small businesses around the country can take advantage of free computer security workshops to help strengthen their information security, determine their readiness against security breaches and safeguard their business information from computer attacks. The U.S. Small Business Administration, Commerce Department's National Institute of Standards and Technology and the Federal Bureau of Investigations InfraGard will conduct a series of workshops on information security threats and solutions designed for small businesses. This joint federal partnership promotes information security training and computer protection for the nations small business community and will help to identify information security vulnerabilities that can put small businesses at risk and the protective tools and techniques used to assess, maintain and guard their information and systems.

Security Firm Bankruptcy 04/30/2012

A company whose security guards patrol the White House filed for bankruptcy with an emergency request to transfer a series of its government contracts to a competitor, a move to ensure that President Barack Obamas home and other federal buildings do not go unwatched.

Airline Security Deal 04/29/2012

Two years after the formal expiration of a controversial Bush-era pact requiring air passenger data be handed over to the U.S. Department of Homeland Security, a deeply divided European Parliament approved a new agreement Thursday with tighter protections but just as many concerns over privacy. In a vote of 409 in favor, 226 opposed and 33 abstentions, the European Unions governing body approved the Passenger Name Record agreement with the United States. Many who voted against the PNR pact contend that the new rules, like the ones they replace, violate civil liberties and privacy protections.

Romney on Security 04/28/2012

Mitt Romney has hired Richard A. Grenell, a veteran Republican communications strategist who served in the George W. Bush administration, as his national security and foreign policy spokesman, a campaign official said. Grenell brings foreign policy chops and more than a decade of political experience to the aggressive but relatively young Romney staff. His is one in a series of hires as the presumptive Republican nominee rapidly expands his small staff as it moves into the general election against President Obama.

Corruption Investigations at Homeland Security 04/27/2012

Dozens of corruption investigations within the Department of Homeland Security are getting a fresh look by federal officials, amid reports that some internal watchdog agents falsified records at a Texas field office, the Center for Investigative Reporting has learned. Officials from the departments Office of the Inspector General, the watchdog agency, met last week in Texas with the FBI, Drug Enforcement Administration and other homeland security agencies to discuss re-examining more than 80 criminal misconduct investigations, sources familiar with the meeting said.

Power Security and Cyber Threat 04/26/2012

The mysterious caller claimed to be from Microsoft and offered step-by-step instructions to repair damage from a software virus. The electric power companies were not falling for it. The caller, who was never traced or identified, helpfully instructed the companies to enable specific features in their computers that actually would have created a trapdoor in their networks. That vulnerability would have allowed hackers to shut down a plant and thrown thousands of customers into the dark. The power employees hung up on the caller and ignored the advice. The incident from February, documented by one of the government's emergency cyber-response teams, shows the persistent threat of electronic attacks and intrusions that could disrupt the countrys most critical industries.

Security in Syria 04/25/2012

The U.N. Security Council voted Saturday to establish a full-fledged U.N. mission, with up to 300 unarmed military observers and an unspecified number of civilian specialists, to monitor a shaky cease-fire between the Syrian government and armed opposition forces. The newly minted U.N. Supervision Mission in Syria is set to reinforce a small advance team that began testing the nine-day-old cease-fire this week with visits to a handful of Syrian towns, including a trip Saturday to the town of Homs, the scene of a military crackdown in recent months.

Apple Slow With Security Responses 04/24/2012

Stunned by the revelation that 1% of all OS X Macs may have been hijacked by a Java botnet named Flashback, in the largest Apple malware outbreak in history? For Mac security watchers, thats nothing compared with the first-time revelation from Apple--wait for it--that its still coding a fix for a security issue.

Education System is Causing Security Risks 04/23/2012

A new report finds that the United States education system is putting the countrys national security at risk. The independent study, sponsored by The Council on Foreign Relations, finds K-12 school systems across the country are failing to adequately prepare kids to grow up and protect the U.S.

DHS Network Monitoring 04/22/2012

An intrusion detection program that the federal government uses to protect its computer networks could raise privacy concerns under the Fourth Amendment, Congress policy research organization said in a recent report. In a March report, the Congressional Research Service said that the federal government's monitoring of network traffic under the Einstein network monitoring and intrusion detection and protection program could constitute unreasonable search and seizure under the Fourth Amendment, though it noted that the government has strong arguments that the program is constitutional.

Weak Passwords 04/21/2012

A  recent data breach that exposed the Social Security numbers of more than 255,000 people in Utah has once again highlighted the longstanding but often underestimated risks posed to organizations by weak and default passwords. The breach, involving a Medicaid server at the Utah Department of Health, resulted from a configuration error at the authentication layer of the server hosting the compromised data, according to state IT officials. Many security analysts see that as a somewhat euphemistic admission by the state that the breached server was using a default administrative password or an easily guessable one. By taking advantage of the error, the attackers were able to bypass the perimeter-, network- and application-level security controls that IT administrators had put in place to protect the data on the server.

E-Security Challenge 04/20/2012

The growth of internet and most importantly businesses dependent on internet has called for a different set of policing which can help maintain the web platform. With e-commerce seeing new heights, the need now is to have a sense of security, for the customers and companies as well.

OS Not a Security Fix 04/19/2012

It has been a rallying cry against Microsoft Windows for years: to avoid malware and security issues, just stop using Windows. The mantra has traditionally been embraced by both Mac and Linux users, but as Mac OS X users deal with the fallout from the Flashback malware attack, some Linux supporters are turning the tired attack even against the Apple OS. Admittedly, the Mac OS X platform is realizing some of the negative consequences that come with mainstream adoption. The rising prominence of the Mac OS has made it an inviting target for malware developers. Switching operating systems is not the answer, though.

Security Breaches in London 04/18/2012

Two eye-catching security breaches in London in recent days have embarrassed the authorities and focused attention on policing for the Olympics later this year. The British government is taking widespread precautions to try to thwart any terrorist attack. There are concerns that the biggest disruption, however, could come from a different kind of threat. 72 floors up with London laid out before them. A breathtaking, terrifying view from the top of the Shard, the highest building in Europe. The group who took this video call themselves the Urban Explorers. They say they do not set out to break the law - but their latest stunt has exposed an embarrassing security breach a few months before the Olympic Games open in London.

Facebook Security 04/17/2012

A security flaw in Facebooks mobile apps can be easily tapped by thieves searching for personal information about you. The problem is that Facebook's app for iOS and Android devices does not encrypt your login credentials, making them a sitting duck for bad apps or a poisoned USB connection.

20 Security Ideas Bought and Paid For 04/16/2012

Microsoft has received 20 submissions in the $268,000 contest it hopes will result in new security technologies being baked into Windows, a company security strategist said Tuesday.

Sophos Partner Portal Pulled 04/15/2012

Security firm Sophos has taken its partner portal offline and will reset every users password after it found signs of a potential security breach on the server hosting it.

Blackberry Security Not Secure 04/14/2012

The government took a call in the matter more than 18 months ago. Now, it has deciphered the mechanics of enabling security agencies to police the one million-strong exclusive preserve of BlackBerry Messenger users in India. Consequently, BlackBerry smartphone owners - who were interception-secure all these days - will have to brace for an invasion of their privacy. Their messenger service can be lawfully tapped citing security concerns. Indian security agencies confirmed to Mail Today on Friday that the process to access the BBM service, which operates with the highly protected 256-bit encrypted data, is underway and would be up and running soon.

Mass Mac Infection 04/13/2012

Security experts today could not confirm claims by Doctor Web, a little-known Russian antivirus company, that more than 600,000 Macs have been infected with a zero-day-exploiting Trojan, but they said the number was within reason.

Obama Embraces Security 04/12/2012

With a Republican opponent all but chosen and the general election campaign about to start, President Obama is preparing to emphasize an issue that few Democratic candidates have embraced in the past: national security, long the domain of the Republican Party. At the same time, the Obama campaign is seeking to portray Mitt Romney, the likely Republican nominee, as a national security neophyte whose best ideas are simply retreads of what the president is already doing, and whose worst instincts would take the country back to the days of President George W. Bush: cowboy diplomacy, the Iraq war and Americas lowest standing on the international stage.

Syria Still on Offense 04/11/2012

Syrian troops continued to strike opposition areas on Saturday, activists said, killing 74 civilians in an offensive that has sent thousands of refugees into Turkey before a cease-fire backed by the United Nations takes effect. Related At least 15 rebels and 17 members of government security forces were also killed, raising the death toll to more than 100. Each side has accused the other of intensifying assaults before a cease-fire brokered by Kofi Annan, the special envoy appointed by the United Nations and the Arab League. His plan calls for Syrian forces to pull out of towns and cities by Tuesday and for government forces and rebels to cease hostilities on Thursday.

Symantec Breaking Chinese Partnership 04/07/2012

Less than four years after Huawei Technologies and Symantec teamed up to develop computer network security products, the joint venture is being dismantled because Symantec feared the alliance with the Chinese company would prevent it from obtaining United States government classified information about cyberthreats.

Canadian Official Aiding Russia 04/05/2012

A Canadian naval officer accused of a major security breach had access to secrets circulating in a five-nation intelligence alliance and was passing information to Russia, American officials confirmed. At his arrest in January, the officer, Sub-Lt. Jeffrey Paul Delisle, was working at a high-security naval intelligence and communications center in Halifax, Nova Scotia, and earlier served at the militarys main intelligence clearing house in Ottawa. Canadian officials have remained tightlipped on the case, whose scale and scope remain a mystery. But the American officials said the breach was in a system open to the intelligence alliance, called Five Eyes, among the United States, Britain, Canada, Australia and New Zealand. In reaction, the members have met several times, including in New Zealand in late February and early March, to try to tighten safeguards. The officials were speaking on the condition of anonymity on the highly delicate case to confirm details first reported by The Wall Street Journal.

Security Grants 04/10/2012

The Department of Homeland Security has awarded $119 million in grants to non profit organization who fall victim to terrorist attacks or threats. Miami Security company, Bryant Security is in support of the grant, and offering complementary services to non-profits and religious institutions involved in the grant application. Non-profits across the country such as synagogues, community centers, schools, office buildings and elder-care centers have used the grants, for surveillance cameras, digital video recorders, vehicle barriers, lighting, perimeter fencing, bulletproof windows and identification systems, among other improvements. Bryant Security is in full support of the grant program as the South Florida security company writes security assessments and target hardening procedures for religious institutions, at no cost.

Guardian Angels 04/09/2012

U.S. military commanders in Afghanistan have assigned guardian angels — troops that watch over their comrades even as they sleep — and have ordered a series of other increased security measures to protect troops against possible attacks by rogue Afghans. The added protections are part of a directive issued in recent weeks by Marine Gen. John Allen, the top U.S. commander in Afghanistan, to guard against insider threats, according to a senior military official. And they come in the wake of a spike in attacks on U.S. and coalition forces by Afghans, including the point-blank shooting deaths of two U.S. advisers in Afghanistans Ministry of Interior.

Another Data Breach 04/08/2012

Four computer storage devices containing personal information for about 800,000 adults and children in Californias child support system – including their names and Social Security numbers – were lost by IBM and Iron Mountain Inc., officials announced.

Olympic Security Review 04/07/2012

Britain has planned for a dizzying array of security nightmares surrounding the Olympics, including a coordinated attack like the London transit bombings, a dirty bomb or a cyberattack. In the wake of Frances deadly shootings, one scenario weighing heavily on the minds of security officials is the self-starter operating with little or no help from others. And, they admit, there are limits to what security personnel can do.

Chrome Security Fixes 04/06/2012

Google on Wednesday released Chrome 18 to its Stable channel complete with several new features and fixes for nine security vulnerabilities. Officially named version18.0.1025.142, the new version of Googles open source browser offers improved graphics performance on both new and older hardware as well as closing numerous security holes, including three high-severity ones.

Tighter Security on Standardized Tests 04/05/2012

The millions of students who take the SAT or ACT each year will have to submit photos of themselves when they sign up for the college entrance exams, under a host of new security measures announced Tuesday in the aftermath of a major cheating scandal on Long Island. The two companies that administer the tests, the College Board and ACT Inc., agreed to the precautions under public pressure brought to bear by Nassau County District Attorney Kathleen Rice, who is overseeing the investigation. The measures take effect in the fall.

Solidarity in Gulf 04/04/2012

The United States will work with Gulf Arab nations to strengthen their shared defenses against threats including Iran, U.S. Secretary of State Hillary Clinton said on Saturday. Speculation about Tehrans nuclear ambitions is a source of anxiety among Sunni-led Gulf Arab states, for whom Shiite Iran has long been a regional rival.

Pakistan Security Warning 04/04/2012

Senior Pakistani security officials urged intense new security measures for lawmakers after the Taliban threatened to attack members of parliament if they vote to re-open a crucial land supply route for U.S. and other Western forces in Afghanistan.

FBI vs NYPD 04/03/2012

In the fall of 2010, the FBI and New York Police Department were working together on a terrorism investigation on Long Island. The cyber case had been open for more than a year at the U.S. attorneys office in Brooklyn. So, the Justice Department was surprised when, without notice, the NYPD went to federal prosecutors in Manhattan and asked them to approve a search warrant in the case. The top counterterrorism agent at the FBI in New York at the time, Greg Fowler, hit the roof. When two agencies don't coordinate, it increases the risk that the investigation and any prosecution could be compromised. In an email response, Fowler prohibited his agents from sharing information with the NYPDs intelligence unit. He also suspended the weekly management meetings of the Joint Terrorism Task Force, the primary pipeline through which information flows to federal, state and local law enforcement agencies. It slowed to a trickle.

DNS Protection 04/02/2012

Even though the deadline passed more than two years ago, several federal agencies still have not secured their domains to protect users from domain name hijacking and cache poisoning attacks. In a survey of Websites belonging to 359 government agencies, just a little over half, or 57 percent, had rolled out the DNS Security Extensions protocol, according to Secure64 Software. Of the agencies that have implemented the security measure, 78 percent have established the chains of trust necessary to validate the signatures, said Mark Beckett, marketing vice-president for Secure64 Software.

No More Private Security Forces 04/02/2012

n Afghanistan, international development organizations and some businesses must now stop using private companies to provide security for their operations and instead rely on the interior ministrys new Afghan Private Protection Force. President Hamid Karzai has long been opposed to the large number of private security companies in the country because he says many of them disregard Afghan laws and could grow into private militias. And, there have been cases of contractor abuse ranging from violence to cultural insensitivity that have given the private security industry a bad name among many Afghans.

Morale Low at Homeland Security 04/01/2012

If the homeland’s security were dependent on employee morale, we would be in big trouble. Fortunately, the men and women of the Department of Homeland Security are committed to the agencys mission, even as the agency fails to inspire them. You know things are bad for workers when a bipartisan congressional hearing is called to examine a departments drooping spirit. It ranks 31 among 33 large agencies in The Best Places to Work in the Federal Government survey published by the Partnership for Public Service.

Caribbean Cyber Security 03/31/2012

Most Caribbean governments and companies have yet to take seriously the threat posed by cyber attack. This is despite signs that the region is not immune to the actions of those who use the Internet to breach national security, undertake criminal activity or behave maliciously.

Education Linked to Security 03/30/2012

The nations security and economic prosperity are at risk if Americas schools do not improve, warns a task force led by former Secretary of State Condoleezza Rice and Joel Klein, the former chancellor of New York Citys school system.

Smart Phone Identity Theft 03/29/2012

Some 7% of smartphone owners became identity-fraud victims in 2011, the Javelin survey of 5,000 consumers found. Smartphone users are about one-third more likely to fall prey to identity fraud than the general public, the report found. Why? Because smartphones are minicomputers that store vast quantities of personal information, yet many users do not protect their smartphones the way they do laptops and PCs.

Verizon Breaches 03/28/2012

Out of 855 breaches investigated by Verizon, it was reported that hacktivism was responsible for the disclosure of 58% of the confidential information.  This information is typically posted publicly in order to embarrass companies and is quickly scraped and used by online criminals  and abused.

Current Blog

2012 Security Blog Archive
April Archive
March Archive
February Archive
January Archive

2011 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2010 Securty Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2009 Securty Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2008 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
July-August Archive
May-June Archive
April Archive
March Archive
February Archive
January Archive

2007 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2006 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive