Profile of Larry Greenemeier
News & Commentary Posts: 1064
Articles by Larry Greenemeier
Although disasters make headlines, 80% of all IT outages are caused by human error. To defend against downtime or service interruptions, organizations need to maintain strong business continuity plans.
Because so much of Estonia's economy relies on the Internet, when the Internet was down, citizens couldn't perform the most basic functions, such buying milk, bread, or gas.
Despite the several ways to break down a Web site built using Ajax, all is not lost, according to SPI Dynamics.
The former federal counterterrorism adviser tells security pros at the Black Hat USA conference that continuing to build more of the global economy on cyberspace as it exists today is dangerous business.
Four men have pleaded guilty to using phony point-of-sale PIN-pad terminals to steal customers' data and passwords and then defraud stores.
The new threat comes from a number of newly registered Web sites that pretend to represent Italian organizations, but are really just vehicles for using malicious IFrames to spread malware.
A House committee hearing shows that the security dangers of file sharing over peer-to-peer networks is still a major problem.
The 13 months Yahoo will keep search data is shorter than the 18 months announced by Microsoft and Google.
Microsoft outlines incremental improvements to its privacy principles for its Live Search and online advertising services.
Don't expect to see a big crowd for EC-Council University home football games: The program's inaugural Master of Security Science class consists of only six students and all are taking their courses online.
Allied Cash's database administrator Christian Alvarez has been working to secure the company's new Web-based user interface in recent months.
Can cybercrooks successfully attack at will, and are those who report the details of these attacks causing more harm than good?
GE Healthcare already has rolled out encryption capabilities on 120,000 laptops as part of a five-pronged encryption strategy initiated in mid-2005.
The author of a new book, "Exploiting Online Games," says that cheaters are infesting online worlds like World of Warcraft and Second Life, and they could become a threat to mainstream business systems.
The No. 1 tactical security priority for U.S. companies in 2007, according to 37% of respondents, is creating and enhancing user awareness of policies. But this is down from 42% in 2006.
The biggest problem is the availability of tools that make it easy for the average person to launch spam campaigns, including those that employ phishing to steal personal information.
The South Florida bust resulted in the recovery of about 200,000 stolen credit card account numbers used in fraud losses roughly calculated to be more than $75 million.
The consortium will help federal government agencies develop IT networks and systems that more efficiently and securely share information.
The PDF image spam is just one of a litany of creative attempts to fool e-mail users into downloading malware or visiting phishing sites, says Symantec in its monthly spam report.
The Taiyuan University of Technology is testing software agents that crawl through any search engine looking for searched keyword results as well as any personal data that's been collected about the surfer.
Even if someone is the victim of identity theft, it's difficult to figure out how that person's sensitive personal information fell into the wrong hands, the agency said.
Experts say U.S. companies need to take the increasing use of cyberwarfare tactics and tools very seriously.
Al-jinan.org went undetected for more than four years, allowing users to use their own computers to launch denial-of-service attacks against anti-Islamic sites.
One organization suggests recent surges in Internet disruptions are a political play to influence December's elections in the Russian Federation.
U.S. businesses would be greatly impacted by any large-scale cyberattacks because most of that infrastructure is run by companies in the private sector.
The Government Accountability Office says it could take up to a decade to find a practical way to implement biometric exit capabilities at land ports of exit.
Top-level business executives, including CEOs, presidents, CIOs, and CFOs, are being directly targeted by e-mails containing malicious Trojans.
Officials are investigating the possible theft and misuse of records containing information on about 1,120 aspiring veterinarians who'd applied to UC Davis School of Veterinary Medicine.
The School Safety Index indicates that while 95% of districts surveyed are blocking Web sites, only 38% have a closed network that lets them control the content students can access.
Cruise.com has until the end of the week to decide whether to collect $330,000 in damages for being called a "spammer" by Mark Mumma, or seek a new trial.
The company will add malware- and spam-inspection capabilities to its firewalls using technology from its recent acquisition of IronPort Systems.
Law enforcement officials, including all 92 assistant U.S. attorneys, will meet to coordinate efforts against zero-day vulnerabilities and other online threats.
We're not at war with France, at least not the last time I checked, but that doesn't mean that the French want their state secrets coursing through the U.S. telecommunications infrastructure, courtesy of French government officials addicted to les BlackBerrys. Sure, BlackBerrys come with built-in encryption, but is that enough when you really, really don't want anyone to get their hands on the
The case is the second this year in Switzerland focusing on Islamic terrorism, but the first-ever terrorism case there involving the Internet.
The acquisition comes the same day HP introduced a number of security initiatives designed to help promote its diversification into several key areas of security.
The all-stock transaction will result in a company with more than 5,000 customers worldwide.
Red Hat Enterprise Linux 5 running on IBM servers now meets government security standards allowing Linux to be used in homeland security projects and command-and-control operations.
The attacks represent a "quantum leap" for hackers in terms of their technological sophistication and pose a serious challenge to the IT community, one security firm reports.
Quova's software is designed to help organizations identify in real time any devices connecting into their Web sites.
McAfee's new chief said growth will come from selling suites of security products and services, particularly those that address security risk management, rather than individual products and services.
With a new version of ePolicy Orchestrator, McAfee can manage and report on its own antivirus software as well as antivirus software from competitor Symantec.
The latest sales figures are positive, but the retailer is facing a flood of lawsuits from store customers and financial institutions.
IBM expects Watchfire's technology to complement existing IBM Tivoli offerings by better incorporating security and compliance testing into the application development lifecycle.
Some 57% of those attending the Gartner IT security summit keynote session believe that vulnerability labs set up by security researchers are a useful public service.
With new and increasingly inventive cyberscams surfacing every week, the Postal Inspection Service's workload isn't likely to get any lighter.
Product announced Monday promises to deliver security information about clients, servers, and networks to a single console.
His treatment consisted of, among other things, chemotherapy, a bone marrow transplant, and permission to play Re-Mission as often as possible.
HopeLab claims that cancer patients who play Re-Mission have more successful treatment than those who don't play the game.
The two states wrangle with the laws surrounding the Payment Card Industry data security standard.
Most companies are more concerned with blocking Web site categories, such as those labeled "adult" or "gambling," than with targeting individual Web sites, a new report notes.
The cyberattacks against Estonia were particularly damaging, as the country had to shut down key computer systems for their own protection.
A panel of data security veterans shared their recommendations on how to avoid trade-secret compromises.
The Payment Card Industry data security standard has emerged as a primary driver of IT security spending and some serious rethinking of how data and systems are secured.
With nearly all DDoS attacks and spam coming from bots, infections have become a growing concern for businesses as well.
Businesses, governments, and reporters will use virtual communities to gather information.
Many of the biggest breaches in recent years were inadvertent disclosures, Dartmouth business school researchers found.
Securent Entitlement Management Solution can be used to manage entitlement privileges not only to applications but to databases as well.
The ink was barely dry on last year's InformationWeek cover story analyzing the credibility of IT analysts when the e-mails started hitting my inbox. Some readers applauded our efforts to examine the criticism often leveled at the analyst market, while others thought the story fell flat for lack of specific or new examples. Funny thing about the latter -- whenever I'd get a supposedly jilted customer
The move would add 800 Cybertrust employees to Verizon's security services team of 300 and give it access to Cybertrust operations in 30 locations in the Americas, Europe, the Middle East, and Asia-Pacific.
There's a danger in focusing security efforts more on controlling admission to IT environments and less on managing users, BT Radianz's security chief suggests.
Industry analysts suggest some 45 million credit and debit card data could have been poached from a thief with a laptop, a telescope antenna, and a wireless LAN adapter.
Three security bulletins affect Office, while two affect Windows. Exchange is affected by one bulletin as is Microsoft BizTalk business-process management server and Capicom, a Microsoft ActiveX control.
The Education Department has been criticized for not keeping better tabs on how student information is used, particularly by companies looking to market products and services to students and their families.
Nine of the vulnerabilities addressed in the patch can be exploited by an attacker remotely over a network without the need to have a valid username and password for authentication.
Profiling tactics from Barracuda and other companies are designed to block e-mails that smell fishy but whose IP addresses or domain names haven't been blacklisted.
New advances in IP-based digital video surveillance cameras, recorders, and analysis software promise to help retailers and other businesses put the kibosh on theft.
AT&T and Trend Micro are both expanding the network-based security services they're offering to business customers.
The intrusion hands the retailer the dubious honor of surpassing the 40 million stolen customers record mark, something that only CardSystems had been able to achieve.
Enrolling users within the Bioscrypt system means first casting a 40,000-point infrared mesh grid over the user's face in order to take measurements.
$8 million in fraudulent purchases uncovered and traced back to T.J. Maxx parent company's data breach.
Detailed context is a differentiator for Endeca.
The U.S. military's latest maneuver could improve search efforts beyond basic keywords and apply search technologies that better help its personnel connect the dots.
Thieves used the stolen customer data to create dummy credit cards for purchasing Wal-Mart and Sam's Club gift cards, and then used those to hit stores in 50 of Florida's 67 counties.
The companies say they can equip a small fleet of emergency response vehicles with enough gear to quickly turn a regular field tent into a temporary command center.
Fortify Software, which has for the past year offered an on-the-fly approach to securing Java-based Web applications, has extended that coverage to include .Net as well.
Virtual machines can improve a system's security, but beware of the many pitfalls.
Blue Lane Technologies debuts an intrusion-prevention system for virtual machines running on the VMware Infrastructure 3 platform.
The Federal Trade Commission's look into TJX, parent of T.J. Maxx, Marshalls, and HomeGoods, is believed to stem from a recent data breach, which allowed cyberintruders to steal customer data.
Less than 3% of all stolen data actually ends up being used to commit fraud, according to industry experts.
''Security on the Net is actually an arms race in its most classic form,'' says CEO Meg Whitman.
Visa USA president and CEO John Philip Coghlan insists that technology is the solution to combating fraud -- not the cause of it.
Security firms say it depends on whether you believe Microsoft should be judged on how far it's come or how far it has yet to go.
More than 64% of the 627 IT pros surveyed by Ponemon say their companies use identity and access management technology, but few respondents have centralized systems.
The deal between HID and IOActive shows how delicate a line security researchers walk when they seek to present their work to the public.
The dustup revives the issue of how much license security researchers should be given when presenting their findings in the name of better security.
With products like Boot and Nuke, Data Eraser, Cybercide, and Evidence Eliminator, industry experts offer their tips on how to secure information and intellectual property.
As data hacks proliferate, Massachusetts lawmakers target retailers for restitution
Slipups like the ones at T.J. Maxx and Stop & Shop stores could force companies to pay to cancel or reissue cards, stop payments, or block transactions, if the legislation passes.
The U.S. Postal Service inspires the highest level of trust, while the National Security Agency scored the lowest.
The retailer's parent company believes portions of the credit and debit card transactions at its U.S., Puerto Rican, and Canadian stores from January 2003 through June 2004 were compromised.
An increasing number of companies are learning about proper customer data protection the hard way.
Company scientist downloaded 22,000 sensitive documents and accessed 16,000 others as he got ready to take a job with a competitor
Small to mid-size companies that allow their employees to open lines of credit in the executive's name, could be most at risk.
A research chemist who worked for DuPont for 10 years before accepting a job with a competitor downloaded 22,000 sensitive documents and viewed 16,706 more in the company's electronic library.
In concert with Mirage, the company's new ISS Proventia Management SiteProtector software stems from its recent acquisition of Internet Security Systems.
Familiar, yes, but more relevant than ever as the number of security companies continues to shrink
As long as cybercrime continues to grow as an industry, don't count on malicious attacks to abate on their own, the company's CEO says.
IBM and other large IT infrastructure companies are bulking up in an attempt to provide a one-stop shop for comprehensive security systems.