Lifestream / Bio / Archive
This Week's Issue
Free Print Subscription
SubscribeCurrent Government Issue
In this issue:
Subscribe Now
- Going Mobile: As federal agencies embrace devices and apps to meet employee demand, the White House seeks one comprehensive mobile strategy.
- Smartphone Security: The National Security Agency is developing technologies to make commercial devices suitable for intelligence work.
- Read the Current Issue
Technology Whitepapers
- Creating the Enterprise-Class Tablet Environment - by Yankee Group
- How To Regain IT Control In An Increasingly Mobile World - by BlackBerry
- The BlackBerry PlayBook tablet's Good Bones - by BlackBerry
- Red Alert: Why Tablet Security Matters - by BlackBerry
- New Visual and Wizard-Driven Paradigms for Exploring Data and Developing Analytic Workflows
Featured Reports
Featured Webcasts
- Maximize ROI with Database Consolidation onto Private Clouds
- Effective IT Inventory and Asset Management: From Quagmire to Quick Fix
- Outsourcing Security: What Every Potential Cloud Security Customer Should Know
- The ABC's of Cloud Computing in the Midmarket
- Five Jobs You Can Do Better with Intelligent Decision Automation
Users Still Careless With Email
April 25, 2011
Company employees still consistently send confidential and sensitive information via email in violation of rules and regulations, according to a survey by VaporStream.
| Read Article »
So What If iPhones Spy User Locations
April 21, 2011
The iPhone keeps track on its owner's whereabouts, but without that crucial location data, many services that help make the smartphone so popular wouldn't function.
| Read Article »
Iranian Official Claims Siemens Partially Responsible For Stuxnet
April 19, 2011
The Iranian military has accused German electronics and industrial engineering firm Siemens of taking part in the development of the Stuxnet worm.
| Read Article »
Researchers Aim To Stop Android Data Leaks
April 14, 2011
Security capabilities shouldn't need to be bolted onto the mobile operating system, but unfortunately we're headed down the same painful path with smartphones and tablets that we took with desktops and notebooks.
| Read Article »
Application Security: Much More Than Secure Development Frameworks
April 11, 2011
If your organization is considering putting a secure application development initiative in place, you need to look beyond all of the technicalities and dig into the organizational challenges first.
| Read Article »
Dept. Of Education Proffers New Privacy Rules
April 10, 2011
The U.S. Department of Education has proposed a number of new initiatives aimed to better safeguard student privacy.
| Read Article »
Microsoft’s Massive April Patch Tuesday
April 07, 2011
Many security teams may wish it was March once again. Last month Microsoft issued patches for just four vulnerabilities within three security bulletins.
| Read Article »
NSA Investigating Nasdaq Hack
March 31, 2011
Last month when we covered the attack on the Nasdaq's Directors Desk collaboration platform, we said the incident posed plenty of questions, while the Nasdaq proffered (at least publicly) few answers. It seems the National Security Agency agrees.
| Read Article »
(Slightly) More Organizations Proactively Managing Security Efforts
March 30, 2011
Security vendor survey at the RSA Conference 2011 shows more organizations planning and coordinating their security efforts across security and IT operations teams and risk management groups. But don't plan on a party and fireworks celebration just yet - the improvements are minor.
| Read Article »
"Trusted" Sites Fail To Clean Malvertising Scourge
March 27, 2011
Reports indicate that users of Facebook and the European music service, Spotify, have been exposed recently to malvertising attacks.
| Read Article »
Shocker! (Not Really): Users Apathetic When It Comes To Mobile Security
March 26, 2011
Survey conducted by the Ponemon Institute shows just how lax users really are when it comes to securing their smartphone devices.
| Read Article »
Are Industrial Control Systems The New Windows XP
March 24, 2011
Earlier this week a security researcher posted nearly three dozen vulnerabilities in industrial control system software to a widely read security mailing list. The move has Supervisory Control and Data Acquisition systems (SCADA) system operators scrambling, and the US CERT issuing warnings.
| Read Article »
RSA Breach Leaves Customers Bracing For Worst
March 18, 2011
RSA, the information security division of EMC Corp., disclosed in an open letter from RSA chief Art Coviello that the company was breached in what it calls an "extremely sophisticated attack." Some information about its security products was stolen. Customers are bracing for more details.
| Read Article »
Trojan Attacks Remain Most Popular
March 16, 2011
Anti-malware vendor Panda Security's PandaLabs has found that the number of threats . . . surprise, surprise . . . have risen significantly year over year. What's interesting is how large a percentage of attacks Trojans have become.
| Read Article »
NERC Creates Cyber Assessment Task Force
March 12, 2011
The North American Electric Reliability Corporation (NERC) recently announced the formation of a Cyber Attack Task Force. The task force will be charged with identifying the potential impact of a coordinated cyber attack on the reliability of the bulk power system.
| Read Article »
Botnet Threat: More Visibility Needed
March 11, 2011
According to a report released by The European Network and Information Security Agency the current ways botnets are measured are lacking - and it just may be hurting the fight against the zombie plague.
| Read Article »
Watch Where You Swipe
March 10, 2011
We tend to focus attention toward online data and identity theft and forget that we can be targeted just as easily offline.
| Read Article »
Sophisticated Trojan Targets Some Banking Sites
February 28, 2011
S21sec, a Spanish information security firm, claims to have spotted a new Trojan with advanced infiltration and attack techniques.
| Read Article »
New Mac OS X Backdoor Trojan Surfaces
February 27, 2011
Researchers at anti-virus firm Sophos say they've identified a new Trojan designed to infect Mac OS X users.
| Read Article »
Security Departments Stretched Too Thin, Firefighting
February 24, 2011
While application vulnerabilities, mobile computing, and malware top the list of IT security vulnerabilities and threats, a just released survey from ISC2 and Frost & Sullivan reveals an underlying, more systemic threat.
| Read Article »
Researchers: SSD Drives Pose Data Sanitation Risk
February 22, 2011
Researchers from the University of California, San Diego are warning that traditional methods to clear data from hard drives may not work as well on Solid State Disks.
| Read Article »
Security Coming To Mobile And Embedded Devices
February 21, 2011
Security firm McAfee expects 50 billion mobile and connected embedded devices by the year 2020. And guess who is promoting new tools promising to protect them. But is this a layer of protection we are going to need?
| Read Article »
Hacks From China Strike Canadian Government
February 20, 2011
CBC is reporting that attacks from IP addresses based in China have managed to successfully breach networks within the Finance and the Treasury Board of Canada, as well as Defence Research and Development Canada. The attack is the latest in a string of attacks aimed at high level government agencies.
| Read Article »
Cyberwar: Experts Have Hard Time Defining It, Let Alone Defending Against It
February 17, 2011
Rather than wait for a catastrophic event, government and private industry should develop a framework for dealing with state sponsored attacks aimed at the critical infrastructure.
| Read Article »
Successful Security: It Is In The Details
February 15, 2011
Security is both hard to do right, and easy to make the simple mistakes that could jeopardize the security of most any organization. It may be a mistake that comprises of being a single digit off. And that one number could be the difference between a secure network and one that is readily breached. That was the overriding message in a Security B-Sides Conference presentation given today by Mike Lloyd, chief scientist at security software maker Red Seal Systems.
| Read Article »
Think That iPhone Isn't A Corporate Security Risk?
February 11, 2011
If so, you had better think again. Researchers have shown how the passwords on the iPhone can be revealed in less than six minutes.
| Read Article »
Nasdaq Hack. Lots of Questions. Few Answers
February 06, 2011
According to a news report this weekend, hackers breached web-based applications owned by the NASDAQ. How deep did the attacks go, and who was behind them?
| Read Article »
Data Leak Vulnerability In Android Gingerbread
January 31, 2011
Google's Android Gingerbread (version 2.3) operating system is affected by a data-leak vulnerability that is very similar to a vulnerability in an earlier version that was supposed to have been fixed.
| Read Article »
Is Apple (Finally) Stepping Up Its Security Game?
January 29, 2011
Apple's reported recent hire of noted security author and expert, David Rice, is yet another step the company has made in the past year to help improve its sloppy security image.
| Read Article »
Russia To NATO: Investigate Stuxnet
January 27, 2011
The Stuxnet worm is alleged to have set back Iranian's controversial uranium enrichment program significantly. Now, the Russians are asking NATO to find some answers.
| Read Article »
New Age of Mobile Malware On Way
January 24, 2011
New types of malware are emerging, designed specifically to exploit the unique features of mobile handsets.
| Read Article »
WikiLeaks Targeting P2P Networks?
January 23, 2011
That is the allegation in a news report that ran last week. While the outcome from the investigation could have a profound impact on whether the anti-secrecy organization is a media outlet – there is a bigger lesson.
| Read Article »
Report: Stuxnet Joint Israeli-U.S. Operation
January 16, 2011
A story published this weekend adds evidence to what many have suspected all along: that the Stuxnet worm was nation-state designed and developed to set-back Iran's nuclear ambitions.
| Read Article »
Kudos To Tucson University Medical Center For Firing Alleged Snoops
January 13, 2011
The Tucson University Medical Center reportedly has let go three employees for accessing the medical records of those involved in the Tuscon shooting tragedy without authorization.
| Read Article »
Security Doesn't Matter To Brands: A Counter Point
January 10, 2011
A recent video blog entry made the assertion that security doesn't matter to a company's brand. The post was strong on opinion, light on facts. I say lax security and breaches do have an impact on brand. And I back up this assertion with a few data points.
| Read Article »
Japan To Ban Virus Creation? Bad Idea
January 05, 2011
The Japanese paper, the Yomiuri Shimbun, ran a story during the holidays about how the Japan Ministry of Justice wants to criminalize the creation of viruses. If they pursue this course, it's only going to get messy for security professionals there.
| Read Article »
Dell Adds Security To Its Acquisition Binge
January 04, 2011
Dell today entered an agreement to acquire managed security services provider SecureWorks for an undisclosed sum. I didn't see this one coming, but I should have.
| Read Article »
Three 2011 Security Resolutions (for the uninitiated)
December 31, 2010
Chances are, when it comes to keeping your data safe, you aren't doing many of the things that you should. In fact, most of us don't do the good data hygiene things we should. Here's a short list of three essential things you need to be doing if you are not already.
| Read Article »
Meet The "SMS of Death"
December 30, 2010
If a pair of German security researchers are correct, a successful SMS attack could cripple vast segments of mobile networks.
| Read Article »
Information Security Predictions 2011
December 29, 2010
Here's my take on what big events will shape information security in the year ahead. (Or, maybe not).
| Read Article »
SCADA Security Heats Up
December 27, 2010
The use of Supervisory Control and Data Acquisition (SCADA) devices is growing. That growth is expected to continue to soar. According to research firm Frost & Sullivan SCADA revenues will grow from $4.6 billion last year to nearly $7 billion in 2016. Question is: What about security?
| Read Article »
Microsoft Moves To Block Zero Day Attack
December 22, 2010
A French IT security firm recently warned of a new vulnerability that opens most versions of Microsoft Internet Explorer open to attack.
| Read Article »
Security Design Fail
December 19, 2010
It's common for routers to enable an HTTPS interface so that the device can be remotely administered. However, as was made clear this weekend, many routers are secured with hard-coded SSL keys that can be extracted and used by others.
| Read Article »
Reputation Can't Be Delegated
December 16, 2010
A massive e-mail breach affecting Walgreens, McDonald's and others proves that while services can be outsourced, and responsibility delegated - reputation stays with you.
| Read Article »
Patch Tuesday: Too Big To Ignore?
December 13, 2010
Any IT administrators hoping to get an early jump on the holidays this week face a big disappointment: 40 software updates coming from Redmond this month.
| Read Article »
Researchers: Major Ad Networks Serving Malware
December 11, 2010
Researchers at web security firm Armorize Technologies recently discovered that DoubleClick and Microsoft ad networks were serving (for a brief time) a banner ad tainted with malware. The attack could had of impacted millions, the researchers day.
| Read Article »
California Does Health Care Data Breaches Right
December 07, 2010
Since this spring, the California Department of Public Health has fined 12 health facilities about $1.5 million as a result of data breaches. Let's hope they keep fining organizations that fail to properly protect patient data.
| Read Article »
Verizon's VERIS Aims To Push Security Beyond Fuzzy Numbers
November 30, 2010
When it comes to sharing data in IT security the bad guys always seem to be way ahead. They employ far-flung networks used for sharing stolen data, buying and selling exploits, and information on how to launch successful attacks. However, when it comes to enterprises sharing attack and breach incident data there has not been a lot of sharing going on.
| Read Article »
Confirmation? Chinese Government May Have Been Behind Operation Aurora Hacks
November 29, 2010
We suspected there would be some interesting cyber security related news to come out of the thousands of cables released by WikiLeaks over the weekend. We were not disappointed.
| Read Article »
Healthcare Breach Highlights Need For More Security Insight
November 29, 2010
Triple-S Management, a managed care services provider in Puerto Rico, suffered a security breach that could have exposed the personal health care information of more than 400,000 customers.
| Read Article »