Security Port

Security Forums
Security Articles
Security Port Blog
Security Blogs
Security Books
Security Glossary
Security Definitions
Security Directories
Security Wikis
Security Tradeshows
Security Newsletters
Security Alerts
Buyers Guides
Security Newsgroups
Security Organizations
Submit Security Sites
Security Magazines
Security Feeds
Security News
Security Software
Security Products
Search Databases


Security Port
Contains relevant information that pertains to security related issues and solutions.

Security Port

A Security Port Blog

 
Smart Wearables Pose Risks
05/01/2014

From thermostats, to TVs, gaming consoles, baby monitors, microwaves and even smart refrigerators, cyber criminals are hacking into a growing selection of smart devices, stealing personal information, infecting other devices and spreading malicious content.

These new security issues led Trend Micro, a business security specialist, to offer consumers a list of tips that could help prevent their personal information from being compromised. To ensure smart appliances stay protected, the company recommends users correctly install and set up the device, making sure to set a secure password for the appliances connectivity. The company also advising against leaving the password set to the appliances default password.

Consumers are also advised to steer clear from opening emails from unknown senders, which will ensure users do not open malicious spam emails sent from hacked appliances.

Basic Home Security
04/30/2014

Seattle resident Steve Hollis spends his days working for Amazon. You’d think working for Jeff Bezos moonshot factory would satiate the Canadians hunger for disrupting the status quo, but as it turns out, Hollis has a moonshot in mind of his own.

For the last few years, he and a couple partners have been working to create an ultra low-cost home security solution called Korner. Korner uses a patent-pending single piece sensor design that can be self-installed in minutes and allows for monitoring and communication via a smartphone app.

Satellite Security
04/29/2014

Satellite communication terminals, relied upon by US military aircraft, ships, and land vehicles to move in harmony with one another, are susceptible to cyber-attack through digital backdoors and other vulnerabilities, according to a new report that has sent a tremor through the global satellite telecommunications industry.

The report by IOActive, a Seattle-based cyber-security firm, arrives amid heightened concerns over a surge in cyber-attacks against satellite communications systems and vendors worldwide, industry experts say.

According to the IOActive report, a forensic security analysis of computer code buried inside the circuit boards and chips of the worlds most widely used SATCOM terminals found multiple potential hacker entry points. Many terminals use small dishes or receivers that ride on the roof of a military vehicle, the bridge of a ship, or inside a troop transport aircraft, the report said.

Android Trojan
04/28/2014

An Android Trojan app that sends SMS messages to premium-rate numbers has expanded globally over the past year, racking up bills for users in over 60 countries including the U.S., malware researchers from Kaspersky Lab said.

The malware program, which Kaspersky products detect as Trojan-SMS.AndroidOS.FakeInst.ef, dates back to February 2013 and was originally designed to operate in Russia.

Sharing Cyber Security Information
04/25/2014

Sharing information between companies about threats to cybersecurity is not likely to raise antitrust concerns, the Justice Department and the Federal Trade Commission said Thursday.

In a new policy document that describes their stance, the regulators outlined ways in which the sharing of cyber-threat information differs from the sharing of competitive information, such as pricing data and business plans.

Digital Security Spring Cleaning
04/24/2014

Clean up and secure your digital life:

1. Do away with useless files. Go through all folders, including the recycle bin, and discard files that you no longer use.

2. Organize media. Put music, photos, etc., in appropriately labeled folders. Maybe create a master folder for different kinds of related media.

3. Consolidate desktop icons. Perhaps you can put a few icons into another one if the topic is related: Put the Muffin and Rover files in one file labeled Pets. A desktop cluttered with icons will slow boot-up time. Consider removing an icon you hardly use; this will not delete the program, but will get rid of the shortcut.

4. Uninstall programs you will never use. This will speed things up and reduce potential malware targeted software.

5. Review passwords. Update as necessary, making them unique, never the same, and use different characters upper/lower case and numbers. Install a password manager. Google it.

6. Make backups of important data on a flash drive or use online storage. Ideally, make a backup of your prized data that exists outside your house. I backup on 3 local drives and in the cloud in two places.

7. Consider reinstalling your operating system.

8. Mop up your systems registry.

The Grid A Security Risk
04/24/2014

The inspector general of the Energy Department declared late Wednesday that leaked information about electric grid vulnerability should have been worthy of classified status, leaving some senators concerned that national security may be at risk.

NSA Takes Advantage of Security Holes
04/23/2014

Stepping into a heated debate within the nation’s intelligence agencies, President Obama has decided that when the National Security Agency discovers major flaws in Internet security, it should in most circumstances reveal them to assure that they will be fixed, rather than keep mum so that the flaws can be used in espionage or cyberattacks, senior administration officials said Saturday.

Change Your Passwords
04/22/2014

Internet security experts are scrambling to assess the extent of the breach caused by a massive bug called Heartbleed in the OpenSSL technology that runs encryption for two-thirds of the web and went unnoticed for two years until last week

A newly discovered bug in software supposed to provide extra protection for thousands of the world’s most popular websites has exposed highly sensitive information such as credit card numbers, usernames, and passwords, security researchers said.

The discovery of the bug, known as Heartbleed, has caused several websites to advise their users to change their passwords.

Security Lessons Learned
04/21/2014

The Department of Homeland Security today revealed what it has learned in the wake of the Boston Marathon bombing, just a week shy of the deadly attacks first anniversary.

In a 19-page report, written in response to a hot wash review ordered by then-DHS Secretary Janet Napolitano and titled Boston One Year Later: DHS’s Lessons Learned, the department outlines three areas of focus: the importance of partnerships, the need for effective and reliable communications and the need to further boost anti-radicalization efforts.

Heartbleed Security Details
04/18/2014

When the Heartbleed bug was disclosed on Monday, the attention focused on the fallout for major Internet companies like Yahoo and Amazon. But security experts said the potential for harm could extend much further, to the guts of the Internet and the many devices that connect to it.

By Thursday, some of the companies that make those devices began revealing whether they had been affected.

Cisco Systems, the dominant provider of gear to move traffic through the Internet, said its big routers and servers, as well as its online servers a big business were not affected. If they had been, that would have had a significant impact on virtually every major company that connects to the Internet.

Certain products the company makes were affected, it said  some kinds of phones that connect to the Internet, a kind of server that helps people conduct online meetings, and another kind of device used for office communications. Cisco also posted a list of products it had examined for the vulnerability, which it was updating as it continued inspecting its equipment.

Marathon Bandits a Security Risk
04/17/2014

At most marathons, unregistered runners known as bandits are considered freeloaders preying on the good will of race organizers and official entrants.

Yet the Boston Marathon has long handled bandits with a light touch, turning a frowned-upon practice into a back-of-the-pack tradition.


But with tightened security for this year’s race, organizers have warned bandits they will not be allowed, and could be removed from the course.

For the running community at large, which denounces bandits as freeloaders, the crackdown is no cause for tears. But for those who have run the race illicitly, and for groups who have raised money for charity in the process, the break with tradition has brought disappointment.

Heartbleed Is Worth Than Expected
04/16/2014

Warnings from Cisco and Juniper suggest the encryption bug is much more widespread—and potentially catastrophic—than initially thought as the networking companies check the vulnerability of their browsers

The Heartbleed Internet security bug is shaping up to be worse than researchers first realized, possibly compromising routers and other networking infrastructure for a variety of companies.

Tesla Hackable
04/15/2014

A recent blog post by Nitesh Dhanjani, a respected security researcher and author, explains why Tesla needs to rethink many of its security standards. By cracking a users login credentials, a hacker can unlock the doors of a Tesla Model S, track the vehicle through GPS, and operate the roof, lights and horn.

To understand the full extent of this issue, it helps to know how basic password cracking works. There are many ways to obtain a targets password. Dictionary attacks cycle through a list of words found in a dictionary file until the correct password is found. This rudimentary method can be thwarted by simply using an original combination of characters.

Brute force attacks take dictionary attacks to the next level by inputting any alpha-numeric combinations possible example: aaaa1, aaaa2, …… zdh3sl8, zdh3l9. Rainbow table attacks make an attempt to crack the encrypted password that the system receives and take less time than cracking the actual password. Malware can even record the users password entries and send them back to the software developer.

The Tesla Model S is vulnerable to many different types of attacks due to the simplicity of its user management system and its password requirements in particular.

NSA Spying
04/14/2014

American officials have long considered Huawei, the Chinese telecommunications giant, a security threat, blocking it from business deals in the United States for fear that the company would create back doors in its equipment that could allow the Chinese military or Beijing-backed hackers to steal corporate and government secrets.

But even as the United States made a public case about the dangers of buying from Huawei, classified documents show that the National Security Agency was creating its own back doors directly into Huaweis networks.

The Rise of Data Centric Security
04/11/2014

Big Data is big news everywhere.  As data grows, it is the holder of great promises for companies everywhere. What it is doing is transformational, delivering the ability to deeply and quickly analyze information, delivering a new level of insight, and giving companies competitive advantages that were previously out of reach.  On the flip side of this is the perspective of security and risk especially if information is not secured and managed properly.  For as much as big data delivers a data advantage, it also runs the chance of becoming a data goldmine.

Amazon Meets DoD Security Requirements
04/10/2014

Amazon Web Services said it met the Department of Defenses security requirements in all regions in the U.S.

Specifically, AWS regions such as its AWS GovCloud received a Department of Defense authorization for its cloud security level 1-2.

Simply put, AWS has shown that it can meet the DoD's security and compliance requirements and that means more agencies can become customers. The DoDs security authorization means it will be easier to move workloads to AWS.

Secret Service Aware of Partying
04/09/2014

Findings of a report by the Department of Homeland Security’s Inspector General show that roughly 10 percent of the 2,575 Secret Service employees surveyed were aware of excessive alcohol consumption by colleagues that causes a security concern.

Natural Security Alliance Launches New Security Standards
04/08/2014

The Natural Security Alliance has just released the newest specifications for its strong authentication standard.

According to the company, the standard defines a strong authentication method, for payment and access to services, across all channels, without compromising security or privacy. This authentication method combines local biometric verification, a personal device and wireless technology, and can be implemented into various form factors, including a smartcard, micro-SD Card, mobile phone, secure element and token.

The latest specifications are the result of a working group of key retailers, banks, vendors and payment specialists involved in Natural Security Alliance since 2008 and represent 180 man-years of development, the group said in an announcement.

The newly released core specifications define the architecture and the different components required to enable a transaction based on a wireless acceptance device used by an acceptance user and a wireless personal device used by an individual.

Blackberry Gets Security Clearance
04/07/2014

BlackBerry on Wednesday announced that its enterprise mobile security offering is now cleared for government use.

The Canadian phone makers Secure Work Space software, which lets those with iOS and Android smartphones separate their work and personal information, has received the coveted Federal Information Processing Standard 140-2 certification. The FIPS validation, which is recognized by the U.S. and Canada, assures that a given cryptographic technology has passed a battery of tests and was deemed adequate to encrypt and secure sensitive information.

More Security Guards than Teachers
04/05/2014

There are now more people working as private security guards than high school teachers.

TSA Security Recommendations
04/04/2014

The Transportation Security Administration released a 25-page report to Congress on Wednesday that includes 14 recommendations to improve airport security after a nationwide review prompted by last years fatal shooting at Los Angeles International Airport. Authorities say a gunman targeted TSA officers in his attack, which resulted in the agencys first line-of-duty death. Two other officers and a passenger were wounded.

Some of TSAs recommendations:

—Require armed law enforcement officers at security checkpoints and ticket counters during peak hours.

—Make active shooter training and exercises for TSA officers mandatory; airports should also conduct twice yearly active shooter training and exercises.

—TSA supervisors should mention emergency procedures to staff at the beginning of each shift and have evacuation drills twice a year.

—Provide automatic notification to federal air marshals when there's an active shooter; most were notified by phone about the LAX shooting.

—Require weekly testing of panic alarms at airports, add more alarms if necessary, and have the alarms link to security cameras.

—Ensure all TSA wireless devices are programmed with the local airport's emergency numbers. AP reported that 911 calls at LAX on Nov. 1 weren't routed to the airport police.

—Extend deployment of special teams of air marshals, baggage inspectors and others who conduct random security sweeps.

—Require airport security plans to state how long it should take police to get to a security checkpoint when an officer isn't stationed there. The review discovered that 71 airports without officers stationed at checkpoints didn't state a required maximum response time.

Securing Nuclear Weapons and Material
04/03/2014

The Hague this week made important progress on securing nuclear materials around the world and keeping them out of the hands of terrorist groups like Al Qaeda. There is still a long way to go to address the challenges of a world awash in nuclear materials and weapons, but many countries are taking constructive action.

The most dramatic gesture came from Japan, which announced that it would turn over to the United States for disposal an estimated 1,100 pounds of weapons-grade plutonium and highly enriched uranium.

Turkey Blocks YouTube
04/02/2014

Turkish Prime Minister Tayyip Erdogan on Thursday denounced as villainous the leaking of a recording of top security officials discussing possible military action in Syria to the video-sharing site YouTube.

Turkish authorities ordered the shutdown of the site.

Security Failings in Target Breach
04/01/2014

The proposed class-action, filed in Chicago by Trustmark National Bank and Green Bank NA on behalf of all financial institutions affected by the breach, accuses Trustwave of conducting a shabby security assessment of Target’s networks and failing to uncover glaring security problems that, had they been found and fixed, might have prevented hackers from compromising the data of 40 million bank cards and the personal information, including emails and street addresses, of more than 70 million Target customers.

The lawsuit contains a number of false assumptions and assertions for one thing, it claims that companies are required to encrypt all card data all the time. But the action gets at the core of a problem that has gone unresolved for years.

That is, that security standards and audits imposed on businesses by Visa and other members of the payment card industry do not work. It also raises important questions about the liability of third party companies that audit and certify the trustworthiness of restaurants, retailers and others that accept bank card payments.

Target Security Breach
03/31/2014

A lawsuit stemming from the security breach at Target Corp.  spotlights a private Chicago firm that does most of the payment-security checks in the U.S., including the retail giants.

In a lawsuit filed in U.S. district court in Chicago this week, two U.S. banks say that Trustwave Holdings Inc. is liable for the theft of 40 million credit- and debit-card numbers from Target last year.

The banks, Trustmark National Bank and Green Bank N.A., had to reimburse their card customers who experienced fraudulent charges after shopping at Target, which along with Trustwave was named as a defendant in the suit.



Current Blog

2014 Security Blog Archive
April Archive
March Archive
Jan & February Archive

2013 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2012 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2011 Security Blog Archive

December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2010 Securty Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2009 Securty Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2008 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
July-August Archive
May-June Archive
April Archive
March Archive
February Archive
January Archive

2007 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2006 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive


Security Alerts
Locate security alerts, and security feeds via a security rss feed directory.