Security Port

Security Forums
Security Articles
Security Port Blog
Security Blogs
Security Books
Security Glossary
Security Definitions
Security Directories
Security Wikis
Security Tradeshows
Security Newsletters
Security Alerts
Buyers Guides
Security Newsgroups
Security Organizations
Submit Security Sites
Security Magazines
Security Feeds
Security News
Security Software
Security Products
Search Databases


Security Port
Contains relevant information that pertains to security related issues and solutions.

Security Port

A Security Port Blog
Optomize Security Budget
02/24/2014

Parlaying off my previous article about getting the biggest bang for your security buck for small IT security shops, I thought it would be a good opportunity to write about how larger IT security teams can be more effective with their larger budgets. Larger IT security departments often spend on solutions that they do not really need or don’t address a business risk (and end up being a waste of money). It is certainly not unheard of for multiple security solutions to be thrown into the enterprise network infrastructure haphazardly and create security gaps instead of reducing risk.

In order to be more efficient with your hard-earned budget dollars, your enterprise information security team needs to evolve from focusing primarily on operational security controls to more of a business-centric endeavour encompassing activities such as risk assessments, asset valuation, IT supply chain integrity, and process optimization. Several months ago, security vendor RSA released a report outlining how to transform IT security. The report, in describing how next-gen security teams should function, serves well as a guiding document for how to reposition your budget spend.

Cyber Games
02/21/2014

Ever since cyber crooks stole massive amounts of customer’s private data from Target, people have become increasingly concerned about their confidential information.

The National Cyber Defense competition in Ames hoped to teach students ways to protect others.

Iowa State University Electrical and Computer Engineering professor, Doug Jacobson, says Saturday’s competition is similar to a cyber-game of capture the flag.

US Shut Out of Olympic Security
02/20/2014

U.S. intelligence officials are frustrated that the Russian government is withholding information about threats to Olympic venues coming from inside Russia, several lawmakers said during talk shows Sunday.

Source of Target Security Breach
02/19/2014

Targets investigation of the massive security breach which allowed hackers to take millions of credit and debit card numbers has revealed a stolen vendors credentials as a source of access.

Speaking to the Wall Street Journal, spokeswoman Molly Snyder confirmed that ongoing forensic investigation has indicated that the intruder stole a vendor's credentials which were used to access our system.

While Target has not revealed how the credentials were stolen or which particular outlet was at fault, the firm did say the particular portal now has limited access to its computer systems while the investigation continues.

Network Security Management
02/18/2014

Security teams must support internal and external compliance mandates, enable new services, optimize performance, ensure availability, and support the ability to troubleshoot efficiently on demand—with no room for error. That is a lot to balance when managing network security.

Balance Between Security and Compliance
02/17/2014

In truth, compliance-based security rarely provides effective protection against determined attacks. This was clearly the case in the recent breaches of retailers Target, Neiman-Marcus, and Michaels Stores.

Compliance requirements like the Payment Card Industry Data Security Standard give the illusion of reasonable security. This is not to say that these requirements do not reduce risk -- because they certainly do. They are merely incomplete because they fail to provide flexibility or the means to adjust according to a company's true security needs. An effective information security program requires a framework that allows a company to adjust based upon both the risks faced by the company and the market vertical the company serves.

Increased Security Has Not Decreased School Shootings
02/14/2014

There has been no real reduction in the number of U.S. school shootings despite increased security put in place after the rampage at Connecticut’s Sandy Hook Elementary School in December 2012.

In Pennsylvania and New Mexico, Colorado and Tennessee, and elsewhere, gunfire has echoed through school hallways, and killed students or their teachers in some cases. Lockdown is now part of the school vocabulary.

An Associated Press analysis finds that there have been at least 11 school shootings this academic year alone, in addition to other cases of gun violence, in school parking lots and elsewhere on campus, when classes were not in session.

Latest Security Breaches are Hotels
02/13/2014

In the latest in a spate of online attacks affecting American businesses, White Lodging, which manages hotel franchises for chains like Marriott, Hilton and Starwood Hotels, is investigating a potential security breach involving customers’ payment information.

White Lodging Services Corporation, which works with 168 hotels in 21 states, confirmed that it was examining the data breach.

Several Cyber Security Initiatives Lost After NSA Leaks
02/12/2014

Experts say several cyber security initiatives have been halted by Snowdens leaks of NSA data, leaving the U.S. more vulnerable.

Small Business Bell Canada Customer Info Hacked
02/11/2014

Bell Canada says 22,400 of its small business customers have had their account information compromised by hackers.

Bell says in a release the breach of usernames and passwords occurred when an Ottawa-based third-party supplier had its systems hacked. It says the information was posted to the Internet this weekend.

A hacking group calling itself Nullcrew is claiming credit for the attack, and tweeted a link to the data early Saturday.

10 Things Your Phone Can Do in An Emergency
02/10/2014

Owning a cell phone has come to be regarded as a necessity in modern society, and with the great advances that have been made in smart phone technology, most of us rely on our phones to help us in an array of situations. While most smart phone owners are acquainted with the helpfulness of features such as navigation apps and mobile broadband, many people have yet to discover the array of uses they may put their phones to in the event of a true emergency. We have compiled a list of 10 things your phone can do in an emergency to shed light on this exciting and important realm of development:

10 Things Your Cell Phone Can Do in An Emergency

US Security Cooperation
02/07/2014

The White House and U.S. officials say Washington and Moscow are cooperating closely on security for the Winter Olympic Games in Sochi, Russia. Officials briefed reporters Friday on preparations.

President Barack Obama's spokesman was asked for updates on steps to ensure security for the 230 U.S. athletes, 270 coaches and support staff, and possibly as many as 10,000 Americans, expected in Sochi. Jay Carney said the United States remains in regular contact with the Russian government, adding that State Department diplomatic security and FBI teams are in place in Sochi.

Is Text Messaging Ruining Our Youth?
02/06/2014

If you have noticed the apparent omnipresence of cell phones, as most of us surely have, it likely will not surprise you that about 86% of the worlds roughly seven billion people have access to a mobile phone, or that 80% of cell phone owners use their devices to send and receive text messages. You may also be unsurprised to learn that the vast majority of texts are sent by teenagers under eighteen, and that the average teen from this group sends over 3,300 texts each month. The story that these numbers tell is hardly something we do not know: while Generation X grew up with face-to-face communication and calls from the landline, the social sphere of todays youth exists on LCD screens.

complete article

Chip Security for Credit
02/05/2014

Late next year, the United States will begin to catch up with the rest of the advanced world in credit card security. We will begin adopting hard-to-crack chip technology on credit cards.

If we would had chips in our pockets last year, chances are that the massive data breaches at Schnuck Markets and Target would have caused consumers much less trouble. Thieves could not have used the stolen data to make counterfeit cards.

We’d have avoided the hassle of contesting fraudulent charges on cards, canceling them and waiting for replacements.

Western Europe, Canada and much of Asia already use “chip and PIN” technology on credit cards. Chips on the cards hold transaction information, and customers enter PINs — personal identification numbers — at cash registers.

Michaels Store Security Breach
02/04/2014

Irving-based Michaels Stores, Inc. said it is investigating a possible security breach of customer data.

A spokesman for the arts and craft store said the company recently learned of possible fraudulent activity on debit and credit cards used at its stores.

Michaels is now working with the Secret Service and data experts to determine if there is a threat to customers private information.

Neiman Marcus Security Breach
02/03/2014

Neiman Marcus says 1.1 million debit and credit cards used at its stores may have been compromised in a security breach last year.

The high-end retailer said Visa, MasterCard and Discover have found 2,400 Neiman Marcus and Last Call customer cards that were used fraudulently. Last Call is Neiman Marcus clearance chain. Neiman Marcus says it is notifying all customers who shopped in its stores in 2013 and offering them a free year of credit monitoring and identity-theft protection.

Malicious software installed in Neiman Marcus' system attempted to take customer card information from July 16 to Oct. 30, the company said. The malicious software has been disabled.

Kenyan Officials Ignored Warnings Before Attacks
02/02/2014

Kenyan security agencies did not heed information about an impending attack before an assault on the Westgate shopping mall in the capital last September that killed 67 people, the head of a parliamentary committee said on Sunday.

Background Checks Fall Short
01/26/2014

The company that conducted a background investigation on the contractor Edward J. Snowden fraudulently signed off on hundreds of thousands of incomplete security checks in recent years, the Justice Department said Wednesday.

The government said the company, U.S. Investigations Services, defrauded the government of millions of dollars by submitting more than 650,000 investigations that had not been completed. The government uses those reports to help make hiring decisions and decide who gets access to national security secrets.

In addition to Mr. Snowden, the company performed the background check for Aaron Alexis, a 34-year-old military contractor who killed 12 people at the Washington Navy Yard last year. Mr. Alexis, who died in a shootout with the police, left behind documents saying the government had been tormenting him with low-frequency radio waves.

The accusations highlight not just how reliant the government is on contractors to perform national security functions, but also how screening those contractors requires even more contractors. U.S. Investigations Service, now known as USIS, is the largest outside investigator for government security clearances. It is one of many companies that has found lucrative government work during the expansion of national security in the last decade.

Immigration a Security Issue?
02/01/2014

Homeland Security Secretary Jeh Johnson said on Friday that he thinks it is a matter of national security to establish a process that would allow those who have entered the country illegally a pathway to citizenship.

An earned path to citizenship for those currently present in this country is a matter of, in my view, homeland security to encourage people to come out from the shadows, he said, speaking at the U.S. Conference of Mayors in Washington, D.C., according to CNS News.

SnapChat Security Concerns
01/31/2014

A popular mobile app has experienced two security breaches in the past month and is now under scrutiny for user safety. Hackers have been able to access the application, Snapchat, and have leaked both the usernames and phone numbers of millions of users.

The initial security breach that took place affected close to 5 million people and the company tried to instill a new security feature but within 30 minutes, the app was hacked again.

Lockheed Martin Investing in Israeli Tech Security
01/30/2014

American security contracting giant Lockheed Martin on Sunday announced that it and EMC will invest in advanced technology projects in the fields of cloud computing, data analytics and related cyber technologies in Beershebas technology park.

Our goal is to foster applied research and continued growth in Israels technology sector, said Lockheed Martin vice president of international engineering and technology John D. Evans. We recognize evolving global needs, as well as the wealth of innovation taking place within Israel and its universities.

The announcement comes ahead of Israels first cyber security conference, meant to promote the country as a hub of digital security.

US Officials Site Security Steps for Olympics
01/29/2014

Citing rising threats of violence at the Olympic Games in Sochi, Russia, U.S. officials said Friday they are prepared to work with Russian security officials to help protect American athletes and the 10,000 American spectators expected to attend.

As host country, Russia has prime responsibility for protecting athletes and spectators. The opening ceremony is scheduled for Feb. 7, and U.S. officials are already in Sochi.

Defense Secretary Chuck Hagel said that he and Gen. Martin Dempsey, chairman of the Joint Chiefs of Staff, have talked to their Russian counterparts about security for the Olympics, including the need to ensure protections for U.S. citizens.

Russian Cossacks Helping With Olympic Security
01/28/2014

In their tall, fur hats and embellished traditional jackets, hundreds of Cossacks are patrolling the streets of Sochi, Russia, as the 2014 Winter Olympic Games approach.

These Russian soldiers, whose ancestry dates back thousands of years, are known in the West for their gravity-defying dance style. Closer to home, the Cossacks have long symbolized rebellion and military might in Western and Southern Russia and Ukraine.

That reputation was further enhanced by Russian literature giants Leo Tolstoy and Alexander Pushkin, whose writings contributed to the myth surrounding the Cossacks.

But within their high hats is hidden a dark history.

Known for rebelling against Russias feudal system, the Cossack state allied itself with Russias tsars to help create the monolithic Russian Empire. These warrior horsemen helped bring Russian rule to vast parts of the country, most notably Siberia.

During the 14th, 15th and 16th centuries, the Cossacks fought for the Russian crown in regional wars against the Russian people, garnering a reputation as the tsars' henchmen. Acting on behalf of the Russian Empire, the Cossacks carried out pogroms, or massacres of the Jews, in 19th century Russia.

Egypt Detains a US Man
01/27/2014

A Los Angeles man working in Cairo has been taken away by Egyptian security forces for unknown reasons.

Jeremy Hodges mother, Lisa de Moraes, says her son's friends in Cairo and Washington are assuring her that her son will be released unharmed, but no one knows where he is or why he was taken into custody.

Ed Snowden Wants to Come Home...
01/26/2014

In a live chat this afternoon, Edward Snowden gave the world a glimpse of the changes he hopes to see now that his bombshell leaks have the world fired up about government surveillance and digital privacy. But the text-based quetion and answers was not all about NSA spying. Snowden took the moment of publicity to call for whistleblower protection reform in the US and the chance for a fair trial. He made it clear he wants to come home...

Security Slap
01/13/2014

The theft of 40 million credit and debit card records from Target was not the biggest or most damaging data breach ever, but coming right before Christmas, it sure did get our attention – and maybe that is good.

Perhaps we needed a slap in the face to get us to focus on the growing problem of financial data theft. Keep in mind: Target was just one of about 600 publicly disclosed data breaches in 2013.

Boston Restaurant Group Security Breach
01/10/2014

Boston restaurant group is letting patrons know that its computer systems were breached.

The Briar Group, or BRG, says someone had unauthorized access to card data at their restaurants between October and early November.

Diana Pisciotta, a spokesperson for the group, says they have been working on identifying the source and method of the breach since they initially learned they had possibly been compromised in November.

She says that BRG shut down their system immediately after learning of the breach, and because of that, they are 99.99% sure that customers who used credit cards at their restaurants after the early days of those months are not at risk of having their data stolen.

The breach affects eight bars and restaurants, which include Anthem, City Bar, City Table, MJ O Connnors, Ned Devines, Solas, The Green Briar, and The Harp.

McAfee Sponsors UK Museum Exhibit
01/09/2014

A new UK museum on surveillance and cyber security has refused to include Snowdens revelations in its installation, sponsored by famous anti-virus magnate, McAfee. The decision was blasted by MPs who said Snowden should be considered part of history.

The Bletchley Park museum, which is chaired by former head of MI6 John Scarlet and is famous for its role as a center for code breaking during the second world war, is planning to open a new installation on cyber security but will not mention Edward Snowden for fear that it might imply it approves of Snowdens actions, it was reported in the Guardian.

Stolen PIN Data
01/08/2014

Target said PIN data of some customers’ bank ATM cards were stolen in a massive cyberattack at the third-largest U.S. retailer, but it was confident that the information was safe and secure.

The stolen PIN data was strongly encrypted when it was removed from Targets systems, spokeswoman Molly Snyder said in a statement Friday.

Security for Businesses
01/07/2014

Device-level security, from the factory, is next years big thing.

In days past, users were told to use passwords, told to use VPN connections—especially on public WiFi, told to update software and apps regularly, and told to encrypt their devices.

Here's the clue phone message that security folks, businesses, and manufacturers finally got: People are not gonna do it.

Security, for users, is inconvenient, is seen as unnecessary, and is annoying.

So, the security focus shifted to businesses.

Airport Security a Joke
01/06/2014

Airport security is flawed and the TSA's rules are inconsistent, but wait until you see this.

In this five-minute mini-documentary by Vice, it is revealed that the ingredients you need to build a bomb and all kinds of other insane weapons can be purchased from in-airport stores after you go through security.

Meet Evan Booth, an independent security researcher who has turned this into something of a hobby. Booth buys things from airport stores after going through the standard security screening, where everything is ostensibly safe and innocuous, and turns them into explosives, nunchucks, and projectiles

Advanced Persistent Threats
01/05/2014

You see them all over the news – reports of high-profile data breaches and computer attacks. This is a result of increased dependence on computers and increasing sophistication of the threats. Organizations and individuals who rely on computers, whether they sit in the boardroom or the family room, are wondering how they can protect against attacks, both old and new.

As technology evolves, so do the threats. While there have been significant improvements in software development, the complexity of modern systems, the demand for rapid software delivery and the improved organization of cyber criminals (along with the development of an underground hacker economy) have led to more and more attacks.

Criminals have figured out how to monetize the exploitation of software vulnerabilities, resulting in large amounts of theft of both financial assets and intellectual property. Now, hacking is big business, with losses measured in the billions of dollars. Some of these threats have been categorized with a relatively new label: Advanced Persistent Threats (APTs).

Snapchat Security Vulnerabilities
01/04/2014

App giant, Snapchat, appears to have ignored warnings about a security issue resulting from a loophole in its coding and application programming interface (API) that could allow for the hacking of user’s information, according to the online security firm, Gibson Security.

Gibson claims to have notified Snapchat of the potential issue back in August, but Snapchat  apparently chose not to act. Now the frustrated Gibson researchers have published the API and code for “two exploits” that could allow hackers to match phone numbers with names of users and also to create legions of fake Snapchat accounts. They explained that the problem could have been fixed earlier with just ten lines of code, but that Snapchat ignored their warnings and they felt they had to act.

Gibson cautions that both scams and stalking are possible as a result of the security issue ignored by Snapchat. Hackers could use phone numbers that they amass to uncover the actual identities of users as well as their general locations. They could even use the information gathered to create a profit-making database wherein Snapchat users’ phone numbers and social media profiles could be purchased by anyone providing only the individuals Snapchat username.

Python Murdered a Security Guard in Bali
01/03/2014

A python has killed a security guard near a luxury hotel in Bali, Indonesia.

A doctor told CNN that a mans corpse was brought to the RSUP Sanglah Denpasar Hospital in Bali on Friday. A large snake appears to have suffocated the man, said the doctor, who did not wish to be identified.

Home Security
01/02/2014

The latest advances in home security do not just make your home safer, they increase its IQ.

Modern next-generation security systems let you monitor your home — break-ins, smoke, comings and goings — using your smartphone, tablet or computer. Your home can talk to you, filling you in on whats happening with specific alerts, photos and video.

Since most newer systems use cellular connections, they're more reliable than older ones that relied on traditional phone line connections. If you lose electricity and phone service, cellular systems retain power for at least 24 hours, plenty of time to alert you and a security company that theres a problem.

Obamacare Website Security Problems
01/01/2014

Even the federal governments own agencies have admitted many of the major problems, with the Obamacare website and the potential disasters they could cause if left unaddressed. The vast majority of the public is suspicious as well. Now, some lawmakers and experts, concerned about the possible bonanza for hackers and identity thieves, want to shut down the whole website until proper security measures can be implemented. That, however, is expected to take months to address, at least — possibly more than a year. At that point, the whole ObamaCare scheme would have to be significantly delayed to avoid penalizing people who were not able to purchase ObamaCare-approved insurance before the deadline.

Android Security
12/31/2013

Security researchers have uncovered a trifecta of software issues that threaten Android devices, including two that could turn smartphones into spying microphones.

One problem results from a new form of malware which, remarkably, makes phone calls without the user's knowledge. The second comes from a poorly configured in-app advertising network, which demands so many permissions it could easily be exploited by attackers. The third stems from a coding oversight within Android itself.

Energy Security
12/30/2013

One of the biggest challenges facing modern society is energy security: how to guarantee a safe and secure supply of energy in an increasingly networked world where incidents on one side of the planet can have a significant impact on the energy supply on the other.

In the last few years, disputes between Russia and Ukraine over gas pipelines have cut off the supply to parts of Europe. Hurricane Katrina had a significant impact on the energy supply in the US and a terrorist attack on an Algerian gas facility earlier this year reduced the supply to Europe by 10 per cent. In March, the UK was left with just 6 hours’-worth of stored gas as a buffer for the entire country.

These kinds of crises are an inevitable part of the modern world. Preventing them simply is not possible. Instead, energy specialist have begun to think about mitigating their effects. The question is: how?

Security Droning On...
12/29/2013

Drones are a hot topic of discussion. From use as weapon combat vehicles to possibly even delivering your Amazon packages in a few years, drones have the potential to fundamentally change the way society operates, for better or worse.

Although the use of commercial drones is still awaiting regulation from the Federal Aviation Administration, it is not difficult to imagine a world filled with different types of drones tasked with new roles. In One Drone Future, designer Alex Cornell explores what semi-autonomous drones would look like if we allowed them to be used for security surveillance in large cities such as San Francisco.



Current Blog

2014 Security Blog Archive
Jan & February Archive

2013 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2012 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2011 Security Blog Archive

December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2010 Securty Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2009 Securty Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2008 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
July-August Archive
May-June Archive
April Archive
March Archive
February Archive
January Archive

2007 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2006 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive


Security Alerts
Locate security alerts, and security feeds via a security rss feed directory.