Security Port

Security Forums
Security Articles
Security Port Blog
Security Blogs
Security Books
Security Glossary
Security Definitions
Security Directories
Security Wikis
Security Tradeshows
Security Newsletters
Security Alerts
Buyers Guides
Security Newsgroups
Security Organizations
Submit Security Sites
Security Magazines
Security Feeds
Security News
Security Software
Security Products
Search Databases


Security Port
Contains relevant information that pertains to security related issues and solutions.

Security Port

A Security Port Blog
Internet of Things Security
05/01/2015

To get an idea of where potential security problems can arise, lets consider the topography of a network of things. It is a collection of objects equipped with sensors which generate data and transmit it over a communications network to each other and to servers which control the sensors and collect data from them.

A classic example is a smart metering system, which involves a network of electricity meters that measure consumer electricity usage and send the data back to an electricity companys servers. The servers may also send data, such as tariff changes or firmware updates, back to the meters.

I Pledge Allegiance to Google
04/30/2015

Some of us have pledged our allegiance to Google: We have Gmail accounts, we use Google Calendar and Google Docs, and we have Android phones. Others have pledged allegiance to Apple: We have Macintosh laptops, iPhones, and iPads; and we let iCloud automatically synchronize and back up everything. Still others of us let Microsoft do it all. Or we buy our music and e-books from Amazon, which keeps records of what we own and allows downloading to a Kindle, computer, or phone. Some of us have pretty much abandoned e-mail altogether … for Facebook.

These vendors are becoming our feudal lords, and we are becoming their vassals. We might refuse to pledge allegiance to all of them – or to a particular one we don’t like. Or we can spread our allegiance around. But either way, it is becoming increasingly difficult to not pledge allegiance to at least one of them.

Hybrid Cloud
04/29/2015

Given the ever-evolving world of cloud security, here are my predictions on what we can expect for the cloud security market in 2015:

The evolution of the hybrid cloud will occur
The private cloud has been a popular choice in recent years as enterprises looked to take advantage of the control, customization and other benefits offered by the cloud while simultaneously ensuring their security requirements were met. While the hybrid cloud approach will become commonplace, an interesting new twist will occur. Look for a hybrid data model approach to public cloud adoption to take hold. This approach will let enterprises keep their most sensitive data in their own data centers while adopting multi-tenant public cloud SaaS applications. The best part? The enterprise's cloud end-users will not even realize this data hybridization is occurring behind the scenes.

New Google Security Chief Looks for Balance with Privacy
04/28/2015

Austrian-born Gerhard Eschelbeck has ranged the British city of Oxford; cavorted at notorious Def Con hacker conclaves, wrangled a herd of startups, and camped out in Silicon Valley.

He now holds the reins of security and privacy for all-things Google.

In an exclusive interview with AFP, Eschelbeck spoke of using Googles massive scope to protect users from cyber villains such as spammers and state-sponsored spies.

Plane Vulnerabilities
04/27/2015

One of the world’s foremost experts on counter-threat intelligence within the cybersecurity industry, who blew the whistle on vulnerabilities in airplane technology systems in a series of recent Fox News reports, has become the target of an FBI investigation himself.

Chris Roberts of the Colorado-based One World Labs, a security intelligence firm that identifies risks before they're exploited, said two FBI agents and two uniformed police officers pulled him off a United Airlines Boeing 737-800 commercial flight Wednesday night just after it landed in Syracuse, and spent the next four hours questioning him about cyberhacking of planes.

Hacker Tweets About Plane Hack...
04/24/2015

The first rule is: do not tweet about hacking flight systems when using the on-board Wi-Fi. But pro hacker and founder of One World Labs, Chris Roberts, did just that on a trip from Denver to Syracuse yesterday.

Android security scans over 200 million devices a day
04/23/2015

Google has released a white paper detailing what the Android security team's been working on in the last year. Of course, this is the company reporting on itself, but it at least offers an insight into the degree of security threats the company has to deal with. In 2014, the company noted 79 vulnerabilities, with 41 of them moderate. There's also high and critical severity levels, but nothing reached red alert status last year. 73 of these issues have already been delivered to Android's open source project, with six left to be added.

Credit Card Security
04/22/2015

Wal-Mart has, for years, been on the forefront as far as fighting credit card fraud. Wal-Mart was one of the first companies to install EMV-capable chip card readers. EMV, or EuroPay Mastercard Visa readers were installed in Walmart stores as early as eight years ago. Many are being used now. Still, Cook feels that further security measures, such as having an PIN as well as the chip card for further security.

Many retailers in general are wary of the system. In the U.K., for example, a chip-and-PIN system has been introduced, and the result is a dramatic reduction of fraud issues revolving around counterfeit or stolen credit car

TrueCrypt Security Audit
04/21/2015

The ongoing audit of the TrueCrypt whole-disk encryption tool used by millions of privacy and security enthusiasts has reached an important milestone—a detailed review of its cryptographic underpinnings that found no backdoors or fatal flaws.

The 21-page Open Cryptographic review published Thursday uncovered four vulnerabilities, the most serious of which involved the use of a Windows programming interface to generate random numbers used by cryptographic keys. While that's a flaw that cryptographers say should be fixed, there is no immediate indication that the bug undermines the core security promise of TrueCrypt. To exploit it and the other bugs, attackers would most likely have to compromise the computer running the crypto program. None of the vulnerabilities appear to allow the leaking of plaintext or secret key material or allow attackers to use malformed inputs to subvert TrueCrypt.

Android Security Improved in 2014, yet Risks Remain
04/20/2015

Of the Android devices that Google was aware of in 2014, less than 1 percent had some form of what Google refers to as a Potentially Harmful App installed in 2014. The rate of PHA installation declines for those devices that only download apps from Google play, where only  0.15 percent of devices had a PHA. Overall, Google claims that the rate of PHA installations declined by nearly 50 percent between the first and fourth quarters of 2014.

The Cloud is Safer?
04/17/2015

Conventional IT wisdom says that you are safer and more secure when you control your own on-premises datacenter. Yet if you think about every major data breach over the last two years, whether Anthem, Sony, JPMorgan or Target, all involved on-premises datacenters, not the cloud.

In fact, if a cloud service has proper controls, it could be safer than running your own datacenter. Amazon, Google, Salesforce and Box to a company have much more at stake when it comes to security. A breach could prove devastating to their businesses.

Uber Steals Security Exec from Facebook
04/16/2015

Uber has hired, Joe Sullivan, its first security chief executive, right out from Facebook Inc. Mr. Sullivan had been with the social media giant for over half of its timeline and had been a key player as a security chief executive at the company. Reflecting on Uber’s recent history of safety inefficiencies, it is a solid move for the San Francisco-based transportation network company, getting a cyber security expert on board.

The commonly-recognized Uber app on mobiles is a method for networking-transportation, and is prominent in the newly emerged industry. On Thursday, Uber announced that it had poached the chief security executive of Facebook in its attempt to make the service more secure.

Security for Hospitals
04/15/2015

Violent crime in U.S. hospitals increased by 25 percent from 2012 to 2013, according to an International Healthcare Security and Safety Foundation report, and disorderly conduct has increased by 40 percent over the same time period. In January, a cardiovascular surgeon was shot and killed in his office at Brigham and Women’s Hospital by the son of a former patient.

Newton-Wellesley is training its officers to use the Pro V2, a high-tech device designed specifically for security staff.

Cyber Security Bill
04/14/2015

Leaders of the House Intelligence Committee unveiled a bipartisan bill Tuesday that would make it easier for private companies to share cyber-threat information with the government to thwart attacks by hackers.

The bill contains stronger privacy protections than previous legislation, said Chairman Devin Nunes, R-Calif., and Rep. Adam Schiff, D-Calif., who introduced the bill and have scheduled a committee vote for Thursday.

Varying Cockpit Security
04/13/2015

Policies for locking airline cockpit doors — reinforced throughout the industry after the terrorist hijackings on Sept. 11, 2001 — differ among countries.

A French prosecutor, Brice Robin, said Thursday that the captain of the Germanwings airplane that crashed in the French Alps left the cockpit when the plane reached cruising altitude and the co-pilot, Andreas Lubitz, refused to allow him back in. The captain pounded on the door as the Airbus A320 descended and crashed into a mountain. The information was obtained from the cockpit voice recorder of Flight 9525, which suddenly began an eight-minute descent before smashing into the mountains Tuesday.

Food Security
04/10/2015

Despite encouraging progress combating food and nutrition insecurity over the past years, one in nine people worldwide still live in extreme hunger. This number can be further reduced by empowering small-scale producers and women through initiatives and programs that are sustainable and effective.

That is why InterAction, the largest coalition of U.S.-based nongovernmental organizations (NGOs), remains dedicated to supporting and building upon global food and nutrition security initiatives. In addition to educating people around the topic and providing strategic backing for effective on-the-ground programs, InterAction strongly supports the commitment U.S. leadership has shown to ending hunger and malnutrition.

Laptop Security
04/09/2015

Take proactive steps to secure your investment and personal and business information with these seven laptop security tips:

1.) Password-protect it
2.) Put up a firewall
3.) Install anti-everything
4.) Update often
5.) Avoid public Wi-Fi
6.) Invest in physical security
7.) Back it up


Open Source Security
04/08/2015

If there is a poster child for the challenges facing open source security, it may be Werner Koch, the German developer who wrote and for the last 18 years has toiled to maintain Gnu Privacy Guard (GnuPG), a pillar of the open source software ecosystem.

Since its first production release in 1999, GnuPG has become one of the most widely used open source security tools in the world, protecting the email communication of everyone from government officials to Edward Snowden.

Yet Koch found himself struggling to make ends meet in recent years. The estimated $25,000 he collected on average in annual donations since 2001 were not enough to support his efforts. As reported by Pro Publica, the 53-year-old was close to throwing in the towel on GnuPG when Edward Snowdens NSA revelations shocked the world, convincing Koch to soldier on. I am too idealistic, he said.

The story has a happy ending. After the ProPublica story broke, donors from around the world rushed to support Koch. He easily surpassed the $137,000 fundraising goal he had set to support his work, enabling him to hire a part-time developer. Koch was awarded a one-time grant of $60,000 from the Linux Foundations Core Infrastructure Initiative.

No Budget for Mobile Security
04/07/2015

While mobile is everywhere -- and regarded by most enterprises as a key computing mode for enabling access by employees, partners and customers -- security appears to be almost non-existent. In a new survey of 400 large enterprises, a full 50 percent were found to devote zero budget whatsoever -- nada -- towards mobile security.

These are large companies we're talking about. Put that in the context that today's enterprises spend millions of dollars on security, locking down everything from databases to desktops. However, scant attention is being paid to today's client of choice: mobile apps.

These findings come from new research released by IBM and the Ponemon Institute, which looked at the two sides of mobile security -- the apps that enterprise teams produce for customers, employees and clients. Looking at internal app development, the study concludes that mobile security is virtually non-existent, even in the largest corporations. In fact, the findings show nearly 40 percent of large companies, including many in the Fortune 500, are not taking the right precautions to secure the mobile apps they build for customers.

Homeland Security Official Did Not Break Law on Visas, Inspector Says
04/06/2015

The inspector general of the Department of Homeland Security told a House committee on Thursday that he did not believe  there was criminal activity involved when the head of the United States Citizenship and Immigration Services agency directly intervened to expedite the consideration of visas for foreign investors with close ties to prominent Democrats.

But John Roth, the inspector general for Homeland Security, said his offices investigation found evidence that Alejandro Mayorkas, the department’s deputy secretary who previously ran the visa agency, created the perception that certain well-connected Democrats had special access and would receive special consideration for foreign investor visas, known as EB-5 visas. The review took more than two years.

France Seeks U.N. Security Council Resolution on Mideast Talks
04/03/2015

France signaled on Friday that it would press the Security Council to adopt a resolution soon to spur talks between Israel and the Palestinians, a step that the United States resisted last year.

Security Clearances Down
04/02/2015

The number of security clearances issued by the U.S. Department of Defense has plummeted in the past two years. The big question: Is it because of the Snowden leaks or just because U.S. military spending is down? Yeah, you read that right. Military spending is down.

During fiscal year 2013, there were 4.6 million DoD employees and contractors with security clearance. Today, that number is down to 3.9 million people — a 15 percent drop in just two years. The new data come from the latest report on the Insider Threat Program, an initiative instigated by President Obama in 2011 to clamp down on leakers.

Nobody is saying precisely why security clearances are down yet, and it is unlikely we will ever get a firm answer. This is, after all, about who gets to know government secrets.

Keeping Military Safe on Social Media
04/01/2015

Practicing good operational security helps combat risks that arise from using social media, namely by protecting critical information. The Interagency OPSEC Support Staff lists several examples of CI:

~ Usernames, passwords, computer and networking information
~ Job title, location, salary, grade and clearances
~ Operational, security and logistical data
~ Social Security numbers, credit card and banking information
~ Work/personal addresses and phone numbers



Current Blog

2015 Security Blog Archive
April Archive
March Archive
February Archive
January Archive

2014 Security Blog Archive
November / December Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
Jan & February Archive

2013 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2012 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2011 Security Blog Archive

December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2010 Securty Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2009 Securty Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2008 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
July-August Archive
May-June Archive
April Archive
March Archive
February Archive
January Archive

2007 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2006 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive


Security Alerts
Locate security alerts, and security feeds via a security rss feed directory.