Security Port

Security Forums
Security Articles
Security Port Blog
Security Blogs
Security Books
Security Glossary
Security Definitions
Security Directories
Security Wikis
Security Tradeshows
Security Newsletters
Security Alerts
Buyers Guides
Security Newsgroups
Security Organizations
Submit Security Sites
Security Magazines
Security Feeds
Security News
Security Software
Security Products
Search Databases


Security Port
Contains relevant information that pertains to security related issues and solutions.

Security Port

A Security Port Blog
Critical decisions after 9-11 led to slow, steady decline in quality for Secret Service
12/31/2014

The Secret Service began struggling to carry out its most basic duties after Congress and the George W. Bush administration expanded the elite law enforcement agency’s mission in the wake of the Sept. 11, 2001, terrorist attacks.

According to government documents and interviews with dozens of current and former officials, the recent string of security lapses at the White House resulted from a combination of tight budgets, bureaucratic battles and rapidly growing demands on the agency that have persisted through the Bush and Obama administrations in the 13 years since the attacks. At the same time, the Secret Service was hit by a wave of early retirements that eliminated a generation of experienced staff members and left the agency in a weakened state just as its duties were growing.

Car Hacking is Filled With Potential Issues
12/30/2014

Safety and security features can be exploited by hackers to steal information, extort money or even control vehicles, motoring experts have warned.

Modern cars are being fitted with internet connections and wireless networks to allow for music streaming, internet searches and news updates.

Through these, hackers can access and control a vehicle’s systems, including steering, braking and acceleration, according to experts.

Security forces kill school massacre planner in Pakistan shootout
12/29/2014

The alleged planner of the deadly massacre at a school in Pakistan last week has been killed in a gun battle.

Security forces – acting on intelligence information-- stormed the Bara area Thursday night and engaged in an hour-long shootout with the militant, known only as Saddam, a top Pakistani government official in the Khyber tribal region said. Khyber borders the northwestern city of Peshawar.

Big Data: Cyber Securitys Silver Bullet?
11/27/2014

Cyber security has been a losing game of whac-a-mole for years as the malefactors manage to pop out of new security holes faster than IT and their software suppliers can plug the last batch. The game has also been a costly one for businesses and end users, which have collectively spent billions of dollars on an increasing array of products and annual upgrades to address each new threat category and set of exploits.

The Staggering Complexity of Application Security
11/26/2014

During the past few decades of high-speed coding we have automated our businesses so fast that we are now incapable of securing what we have built.

First, a few facts.

A typical, midsized financial organization has a portfolio of over a thousand applications. The largest firms exceed ten thousand applications. Each of these applications, on average, has hundreds of thousands of lines of custom code, and the largest can have over ten million lines. In addition, each application also includes anywhere from dozens to hundreds of software libraries, frameworks, and components that typically total over ten times the size of the custom code. And this portfolio is growing rapidly -- over 20% of these applications have new and updated code each year.

Data Security Goes Mainstream After High-Profile Hacks
11/25/2014

Personal online data is hacked or harvested for marketing purposes every day -- and public perception is finally changing after incidents like the celebrity photo iCloud incident and massive Target data breach, cybersecurity experts say.

Companies are trying to tap into that newfound public awareness with privacy-focused tools. But the concerns about data are complex, and solutions are elusive because personal information gleaned from how, when, and where people use the Internet is more valuable to marketers than ever before.

7 Deadly Sins of Startup Security
11/24/2014

For startups, user growth, product growth, virality, marketing usually goes on the top of their priority list. As part of product planning cycles, embedding information security into their product or service is the last concern for most startups.

Often you see devops engineers, systems engineers, infrastructure engineers or system administrators wear the security hat in these startups and performs some of the small security fixes or patches. Even though they can perform research on the procedures to apply patches, harden databases, or implement remediation as a result of the industry breaches, they might not take every decision or option from security perspective.

BrowserStack Hacked
11/21/2014

After a hacker sent email to BrowserStack customers, alleging the company had no firewalls in place, stored passwords in plain text and other shoddy security practices, BrowserStack admitted it was hacked. Yet the company claims the hacker only accessed a list of email addresses and promised to give customers an analysis of the attack later.

Car Hacking
11/20/2014

Former members of an Israeli intelligence unit dedicated to thwarting cyber crimes announced Friday they had remotely hacked into a vehicle that contained an aftermarket device with a big security hole.

Once they exploited the vulnerability in the device, called a Zubie, they controlled vehicle functions, like unlocking doors and manipulating instrument-cluster readings. The researchers, now founders of Argus Cyber Security, say they could have also controlled the vehicle's engine, brakes and steering components.

The remote breakthrough is a big one in an auto industry that has only recently started to take the threat of cyber attacks more seriously.

Industry officials have downplayed the possibility of someone with nefarious intent launching a remote attack. Previously, cyber-security researchers have hacked cars and controlled essential functions either via a physical connection to the vehicle or remotely from a short distance.

Postal Service Confirms Security Breach
11/20/2014

Chinese government operatives reportedly are suspected of hacking the U.S. Postal Service, in a security breach that may have compromised personal information for more than 800,000 workers.

The breach was announced Monday, as President Obama arrived in Beijing.

The Postal Service confirmed the incident in a written statement, saying personal information that may have been obtained in the attack includes employees' names, dates of birth, Social Security numbers, addresses, emergency contacts and other information.

The agency said customers at local post offices or those using its website, usps.com, were not affected. However, people who used its call center may have had telephone numbers, email addresses and other information compromised.

U.S. Homeland Security Spent $30,000 of Taxpayer Money on Starbucks
11/19/2014

Most Americans do not know that thousands of federal employees are given government credit cards to make micropurchases, which are any purchases under $3,000.

NBC Washington recently filed a Freedom of Information Act and reported that the U.S. government spent a staggering $20 billion on micropurchases in 2013.

Government employees micropurchases were made without public accountability because  U.S. agencies do not have to issue any itemized lists.

No Security No Business
11/18/2014

Target, Neiman Marcus, Goodwill, when will the list end? It feels like every day a large company reports a security breach, and this obviously doesn't make its customers very happy. Cloud control company HyTrust ran a snap poll of 2,000 consumers, and found that if companies don't crack down on their cybersecurity efforts they're going to lose business.

It Only Takes One Mistake
The majority of respondents believe that security breaches shouldn't be blamed on just the IT department; all officers of the company should be held responsible. Nearly half of these consumers also think that once a breach occurs, companies should be considered 'criminally negligent.' Fifty one percent of the respondents claimed that they would take their business elsewhere after a breach that compromises personal information, ranging anywhere from phone numbers and addresses to social security numbers, which more than a third of the consumers think is the worst piece of information to be compromised.

It only takes one data breach to for a consumer to lose trust in a company. Almost 46 percent of the respondents blame companies the minute a breach occurs, and this statistic only increases with age. Thirty four percent of 25 thorough 34 year-olds usually lay immediate blame while 51 percent of those aged 65 and older point fingers at the company. Sixty percent of the 35 through 44 year-old respondents were adamant about changing companies after a data breach.

Online Security Experts Link More Breaches to Russian Government
11/17/2014

For the second time in four months, researchers at a computer security company are connecting the Russian government to electronic espionage efforts around the world.

In a report released on Tuesday by FireEye, a Silicon Valley firm, researchers say hackers working for the Russian government have for seven years been using sophisticated techniques to break into computer networks, including systems run by the government of Georgia, other Eastern European governments and militaries, the North Atlantic Treaty Organization and other European security organizations

The report does not cite any direct evidence of Russian government involvement, such as a web server address or the individuals behind the attack, nor does it name the Russian agency responsible. The researchers have made the government connection because the malicious software used in the incidents was written during Moscow and St. Petersburg working hours on computers that use Russian language settings and because the targets closely align with Russian intelligence interests.

Setting Traps, and Other Internet Security Tips
11/14/2014

In the wake of cyberattacks on JPMorgan and other sophisticated companies, a computer security expert offers advice to those of us with far fewer resources.


After massive data breaches that affect tens of millions of people, like the recent cyberattacks on JPMorgan Chase and other major banks, I’m commonly asked: What can average people do to protect themselves? As a computer security expert, my professional advice is: use hard-to-guess passwords, keep your computer software up-to-date, encrypt your data, and save your backups. But I could have offered the same advice in 2004. The attacks we see in 2014 are so sophisticated that taking just the steps I mentioned is not really going to help you all that much. The honest 2014 answer is: Go outside, raise your hands in the air, and run around in circles screaming.

I am not entirely kidding.

Given the aforementioned breaches and those at major retailers like Target, Home Depot, Kmart, Staples, and so many others, chances are good that you, along with every other consumer, have had your personal information fall into the hands of undesirable people: a credit card number stolen, an online account taken over, and more.

Threats prompt new security warnings for military
11/13/2014

Military facilities around the U.S. are on alert, urging troops and their families to take precautions amid continued threats of violence from the Islamic State group.

The responses to that threat are being driven not just by the need to ensure protective measures are taken, but also to address increasing concerns being voiced by troops and family members who are worried about safety for their loved ones and themselves. It marks a shifting mindset, from one of full confidence that the military community was safe on its home turf to an unsettling sense that that is where they are newly vulnerable.

The Defense Department refuses to discuss the protective measures it has taken on behalf of the country's 2.1 million service members, and to date Washington has not issued universal guidance. But many senior leaders and installation commanders are taking matters into their own hands, issuing clear warnings of the potential for "lone-wolf" style attacks like those carried out in mid-October on military personnel in Canada.

Afghan President: Corruption, Security Top Issues
11/12/2014

Afghan President Ashraf Ghani Ahmadzai vowed Saturday to crack down on corruption and ensure security in his nation, even as insurgent attacks in an eastern province killed at least 12 local troops.

Speaking after returning from a four-day visit to China, Ghani Ahmadzai said that those who embezzled almost $1 billion from the Kabul Bank in 2010 would face justice in the courts. The incident decimated investor confidence in the country's already anemic financial sector.

Ghani Ahmadzai has made the battle against endemic graft a key policy initiative. One of his first actions after taking office was to reopen the Kabul Bank case and begin proceedings against the high-profile figures who have been accused of using the bank as personal slush funds.

On security, the president said that Beijing was committed to helping bring peace to Afghanistan after more than 30 years of war and that Afghan territory never again would be used as a base for insurgents to launch attacks on other countries.

Security Skills Gap Continues to Stymie Enterprise Cyber-Defenses
11/11/2014

Businesses will spend slightly more this year, but struggle with finding knowledgable security professionals, according to a survey by Ernst & Young.

Companies will spend marginally more money on technology and staff to defend their IT systems and data in 2015, but they continue to have problems hiring knowledgable security professionals, according to a survey conducted by business-services firm Ernst & Young.

About 52 percent of the more than 1,800 organizations surveyed expect security budgets to increase, compared to 43 percent whose budgets will remain unchanged. More than half of firms identified the lack of skilled professionals as a major reason for their inability to bolster system security, according to the survey.

China Approves Security Law Emphasizing Counterespionage
11/10/2014

President Xi Jinping of China has signed the new Counterespionage Law, replacing the 1993 National Security Law with an updated set of rules that will more closely target foreign spies and Chinese individuals and organizations who collaborate with them.

The new emphasis, demonstrated in the name change, mirrors concerns at the top of the Communist Party that China faces growing political threats from overseas, analysts said.

Computer-chip Security coming to Credit Cards
11/07/2014

That familiar swiping motion we make at the checkout is about to go the way of the Walkman.

Even if you're not one of the millions able to tap into Apple Pay or Google Wallet, changes in the security measures of traditional payment cards are prompting many merchants to switch to a new kind of credit card reader by October 2015.

Led by Visa and MasterCard, card issuers are adopting a new type of credit card that contains a computerized chip as a more reliable form of encryption than the magnetic strip on the back of credit cards, debit cards and ATM cards. Eliminating the strip eliminates several vulnerable points, including electronic skimmers criminals sometimes install on ATM machines to gather data.

U.S. Beefs Up Security At Some Federal Buildings
11/06/2014

The United States is beefing up security at some federal installations across the country, the Department of Homeland Security said on Tuesday.

In a statement, DHS Secretary Jeh Johnson said it would not detail the changes because they were law-enforcement sensitive. But, he said, the new measures will enhance Federal Protective Service presence and security at government buildings in D.C. and across the country.

Lollipop is Big Security Update for Android
11/05/2014

The Android team took to their blog today to highlight new security features found in Android 5.0 Lollipop and as the headline says to tout the leaps and bounds taken with security in Lollipop.

Keep it on lock down

Their first recommendation, and one that we heartily agree with, is that everyone should be using some kind of screen lock. You have more options than ever to get this done in Lollipop with the option to unlock based on a Bluetooth pairing, NFC or the now somewhat classic face unlock. They are also quick to point out that more rich notifications are available from the lock screen now which means you won’t be unlocking your phone as often anyway.

Virginia Court Rules On Phone Security Constitutional Protections
11/04/2014

A Virginia Circuit Court judge just ruled that fingerprints are not considered protected by the Fifth Amendment, which now precipitates a new conversation about personal security as our newest mobile devices can use fingerprints to unlock personal information.

It is a decision that overturns the previous conversation regarding security and the new iPhone 6 and iPhone 6 Plus (as well as the next generation Android phones) which can opt to have security features turned on. The new feature had originally upset law enforcement officials who claimed that the security measures could prevent police or other investigators from acquiring pertinent and sensitive information from mobile devices.

Essential Security Apps for your Phone or Tablet
11/03/2014

Hackers would love to weasel their way on to your smartphone or tablet, just like they try to do your computer. That's how they steal sensitive information like account details, passwords, important texts, intimate photos and whatever else possible.

Unfortunately for them, mobile gadgets are a bit harder to crack than the average computer. So hackers have to be even sneakier and use malicious apps, hidden Wi-Fi attacks or simply walk off with your gadget.

complete article



Current Blog

2014 Security Blog Archive
November / December Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
Jan & February Archive

2013 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2012 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2011 Security Blog Archive

December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2010 Securty Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2009 Securty Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2008 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
July-August Archive
May-June Archive
April Archive
March Archive
February Archive
January Archive

2007 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2006 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive


Security Alerts
Locate security alerts, and security feeds via a security rss feed directory.