Users Still Careless With Email
4/25/2011Company employees still consistently send confidential and sensitive information via email in violation of rules and regulations, according to a survey by VaporStream.
Post a Comment
Author
Profile of George V. Hulme
Blog Posts: 966An award winning writer and journalist, for more than 20 years George Hulme has written about business, technology, and IT security topics. He currently freelances for a wide range of publications, and is security blogger at InformationWeek.com.
Articles by George V. Hulme
Company employees still consistently send confidential and sensitive information via email in violation of rules and regulations, according to a survey by VaporStream.
Post a Comment
So What If iPhones Spy User Locations
4/22/2011The iPhone keeps track on its owner's whereabouts, but without that crucial location data, many services that help make the smartphone so popular wouldn't function.
Post a Comment
Iranian Official Claims Siemens Partially Responsible For Stuxnet
4/19/2011The Iranian military has accused German electronics and industrial engineering firm Siemens of taking part in the development of the Stuxnet worm.
Post a Comment
Researchers Aim To Stop Android Data Leaks
4/14/2011Security capabilities shouldn't need to be bolted onto the mobile operating system, but unfortunately we're headed down the same painful path with smartphones and tablets that we took with desktops and notebooks.
Post a Comment
Application Security: Much More Than Secure Development Frameworks
4/11/2011If your organization is considering putting a secure application development initiative in place, you need to look beyond all of the technicalities and dig into the organizational challenges first.
Post a Comment
Dept. Of Education Proffers New Privacy Rules
4/10/2011The U.S. Department of Education has proposed a number of new initiatives aimed to better safeguard student privacy.
Post a Comment
Microsoft’s Massive April Patch Tuesday
4/7/2011Many security teams may wish it was March once again. Last month Microsoft issued patches for just four vulnerabilities within three security bulletins.
Post a Comment
NSA Investigating Nasdaq Hack
3/31/2011Last month when we covered the attack on the Nasdaq's Directors Desk collaboration platform, we said the incident posed plenty of questions, while the Nasdaq proffered (at least publicly) few answers. It seems the National Security Agency agrees.
Post a Comment
(Slightly) More Organizations Proactively Managing Security Efforts
3/30/2011Security vendor survey at the RSA Conference 2011 shows more organizations planning and coordinating their security efforts across security and IT operations teams and risk management groups. But don't plan on a party and fireworks celebration just yet - the improvements are minor.
Post a Comment
"Trusted" Sites Fail To Clean Malvertising Scourge
3/27/2011Reports indicate that users of Facebook and the European music service, Spotify, have been exposed recently to malvertising attacks.
Post a Comment
Shocker! (Not Really): Users Apathetic When It Comes To Mobile Security
3/26/2011Survey conducted by the Ponemon Institute shows just how lax users really are when it comes to securing their smartphone devices.
Post a Comment
Are Industrial Control Systems The New Windows XP
3/24/2011Earlier this week a security researcher posted nearly three dozen vulnerabilities in industrial control system software to a widely read security mailing list. The move has Supervisory Control and Data Acquisition systems (SCADA) system operators scrambling, and the US CERT issuing warnings.
Post a Comment
RSA Breach Leaves Customers Bracing For Worst
3/18/2011RSA, the information security division of EMC Corp., disclosed in an open letter from RSA chief Art Coviello that the company was breached in what it calls an "extremely sophisticated attack." Some information about its security products was stolen. Customers are bracing for more details.
Post a Comment
Trojan Attacks Remain Most Popular
3/16/2011Anti-malware vendor Panda Security's PandaLabs has found that the number of threats . . . surprise, surprise . . . have risen significantly year over year. What's interesting is how large a percentage of attacks Trojans have become.
Post a Comment
NERC Creates Cyber Assessment Task Force
3/12/2011The North American Electric Reliability Corporation (NERC) recently announced the formation of a Cyber Attack Task Force. The task force will be charged with identifying the potential impact of a coordinated cyber attack on the reliability of the bulk power system.
Post a Comment
Botnet Threat: More Visibility Needed
3/11/2011According to a report released by The European Network and Information Security Agency the current ways botnets are measured are lacking - and it just may be hurting the fight against the zombie plague.
Post a Comment
Watch Where You Swipe
3/10/2011We tend to focus attention toward online data and identity theft and forget that we can be targeted just as easily offline.
Post a Comment
Sophisticated Trojan Targets Some Banking Sites
2/28/2011S21sec, a Spanish information security firm, claims to have spotted a new Trojan with advanced infiltration and attack techniques.
Post a Comment
New Mac OS X Backdoor Trojan Surfaces
2/27/2011Researchers at anti-virus firm Sophos say they've identified a new Trojan designed to infect Mac OS X users.
Post a Comment
Security Departments Stretched Too Thin, Firefighting
2/24/2011While application vulnerabilities, mobile computing, and malware top the list of IT security vulnerabilities and threats, a just released survey from ISC2 and Frost & Sullivan reveals an underlying, more systemic threat.
Post a Comment
Researchers: SSD Drives Pose Data Sanitation Risk
2/22/2011Researchers from the University of California, San Diego are warning that traditional methods to clear data from hard drives may not work as well on Solid State Disks.
Post a Comment
Security Coming To Mobile And Embedded Devices
2/21/2011Security firm McAfee expects 50 billion mobile and connected embedded devices by the year 2020. And guess who is promoting new tools promising to protect them. But is this a layer of protection we are going to need?
Post a Comment
Hacks From China Strike Canadian Government
2/20/2011CBC is reporting that attacks from IP addresses based in China have managed to successfully breach networks within the Finance and the Treasury Board of Canada, as well as Defence Research and Development Canada. The attack is the latest in a string of attacks aimed at high level government agencies.
Post a Comment
Cyberwar: Experts Have Hard Time Defining It, Let Alone Defending Against It
2/17/2011Rather than wait for a catastrophic event, government and private industry should develop a framework for dealing with state sponsored attacks aimed at the critical infrastructure.
Post a Comment
Successful Security: It Is In The Details
2/15/2011Security is both hard to do right, and easy to make the simple mistakes that could jeopardize the security of most any organization. It may be a mistake that comprises of being a single digit off. And that one number could be the difference between a secure network and one that is readily breached. That was the overriding message in a Security B-Sides Conference presentation given today by Mike Lloyd, chief scientist at security software maker Red Seal Systems.
Post a Comment
Think That iPhone Isn't A Corporate Security Risk?
2/11/2011If so, you had better think again. Researchers have shown how the passwords on the iPhone can be revealed in less than six minutes.
Post a Comment
Nasdaq Hack. Lots of Questions. Few Answers
2/6/2011According to a news report this weekend, hackers breached web-based applications owned by the NASDAQ. How deep did the attacks go, and who was behind them?
Post a Comment
Data Leak Vulnerability In Android Gingerbread
1/31/2011Google's Android Gingerbread (version 2.3) operating system is affected by a data-leak vulnerability that is very similar to a vulnerability in an earlier version that was supposed to have been fixed.
Post a Comment
Is Apple (Finally) Stepping Up Its Security Game?
1/29/2011Apple's reported recent hire of noted security author and expert, David Rice, is yet another step the company has made in the past year to help improve its sloppy security image.
Post a Comment
Russia To NATO: Investigate Stuxnet
1/27/2011The Stuxnet worm is alleged to have set back Iranian's controversial uranium enrichment program significantly. Now, the Russians are asking NATO to find some answers.
Post a Comment
New Age of Mobile Malware On Way
1/24/2011New types of malware are emerging, designed specifically to exploit the unique features of mobile handsets.
Post a Comment
WikiLeaks Targeting P2P Networks?
1/23/2011That is the allegation in a news report that ran last week. While the outcome from the investigation could have a profound impact on whether the anti-secrecy organization is a media outlet – there is a bigger lesson.
Post a Comment
Report: Stuxnet Joint Israeli-U.S. Operation
1/16/2011A story published this weekend adds evidence to what many have suspected all along: that the Stuxnet worm was nation-state designed and developed to set-back Iran's nuclear ambitions.
Post a Comment
Kudos To Tucson University Medical Center For Firing Alleged Snoops
1/13/2011The Tucson University Medical Center reportedly has let go three employees for accessing the medical records of those involved in the Tuscon shooting tragedy without authorization.
Post a Comment
Security Doesn't Matter To Brands: A Counter Point
1/10/2011A recent video blog entry made the assertion that security doesn't matter to a company's brand. The post was strong on opinion, light on facts. I say lax security and breaches do have an impact on brand. And I back up this assertion with a few data points.
Post a Comment
Japan To Ban Virus Creation? Bad Idea
1/5/2011The Japanese paper, the Yomiuri Shimbun, ran a story during the holidays about how the Japan Ministry of Justice wants to criminalize the creation of viruses. If they pursue this course, it's only going to get messy for security professionals there.
Post a Comment
Dell Adds Security To Its Acquisition Binge
1/4/2011Dell today entered an agreement to acquire managed security services provider SecureWorks for an undisclosed sum. I didn't see this one coming, but I should have.
Post a Comment
Three 2011 Security Resolutions (for the uninitiated)
12/31/2010Chances are, when it comes to keeping your data safe, you aren't doing many of the things that you should. In fact, most of us don't do the good data hygiene things we should. Here's a short list of three essential things you need to be doing if you are not already.
Post a Comment
Meet The "SMS of Death"
12/30/2010If a pair of German security researchers are correct, a successful SMS attack could cripple vast segments of mobile networks.
Post a Comment
Information Security Predictions 2011
12/29/2010Here's my take on what big events will shape information security in the year ahead. (Or, maybe not).
Post a Comment
SCADA Security Heats Up
12/27/2010The use of Supervisory Control and Data Acquisition (SCADA) devices is growing. That growth is expected to continue to soar. According to research firm Frost & Sullivan SCADA revenues will grow from $4.6 billion last year to nearly $7 billion in 2016. Question is: What about security?
Post a Comment
Microsoft Moves To Block Zero Day Attack
12/22/2010A French IT security firm recently warned of a new vulnerability that opens most versions of Microsoft Internet Explorer open to attack.
Post a Comment
Security Design Fail
12/19/2010It's common for routers to enable an HTTPS interface so that the device can be remotely administered. However, as was made clear this weekend, many routers are secured with hard-coded SSL keys that can be extracted and used by others.
Post a Comment
Reputation Can't Be Delegated
12/16/2010A massive e-mail breach affecting Walgreens, McDonald's and others proves that while services can be outsourced, and responsibility delegated - reputation stays with you.
Post a Comment
Patch Tuesday: Too Big To Ignore?
12/13/2010Any IT administrators hoping to get an early jump on the holidays this week face a big disappointment: 40 software updates coming from Redmond this month.
Post a Comment
Researchers: Major Ad Networks Serving Malware
12/11/2010Researchers at web security firm Armorize Technologies recently discovered that DoubleClick and Microsoft ad networks were serving (for a brief time) a banner ad tainted with malware. The attack could had of impacted millions, the researchers day.
Post a Comment
California Does Health Care Data Breaches Right
12/7/2010Since this spring, the California Department of Public Health has fined 12 health facilities about $1.5 million as a result of data breaches. Let's hope they keep fining organizations that fail to properly protect patient data.
Post a Comment
Verizon's VERIS Aims To Push Security Beyond Fuzzy Numbers
11/30/2010When it comes to sharing data in IT security the bad guys always seem to be way ahead. They employ far-flung networks used for sharing stolen data, buying and selling exploits, and information on how to launch successful attacks. However, when it comes to enterprises sharing attack and breach incident data there has not been a lot of sharing going on.
Post a Comment
Confirmation? Chinese Government May Have Been Behind Operation Aurora Hacks
11/29/2010We suspected there would be some interesting cyber security related news to come out of the thousands of cables released by WikiLeaks over the weekend. We were not disappointed.
Post a Comment
Healthcare Breach Highlights Need For More Security Insight
11/29/2010Triple-S Management, a managed care services provider in Puerto Rico, suffered a security breach that could have exposed the personal health care information of more than 400,000 customers.
Post a Comment
Sophos Sees Macs OS Infected With Windows Sludge
11/23/2010Anti-virus firm Sophos shows that while Macs may be under increasing malware threats, most of the sludge its anti-virus software found targeted Windows systems - Apple users aren't out of the woods.
Post a Comment
Researchers: Be Wary Of New Trojan Attacks
11/21/2010A yet to be named developer has released a free software development kit for a new Trojan horse considered to be similar to the Zeus banking Trojan - prompting a warning from researchers at a German security firm.
Post a Comment
Dangerous Safari Bugs Patched
11/18/2010Just days after Apple Inc. patched about 150 vulnerabilities in OS X, the company is releasing yet another batch of security updates for Safari that runs on both OS X and Windows.
Post a Comment
Emergency Patch From Adobe Arrives
11/16/2010Adobe today released a patch designed to patch a number of critical flaws in Adobe Reader. You'll want to patch this one, quickly.
Post a Comment
Security M&A: Where Innovation (Too Often) Goes To Die
11/11/2010Following a handful of high profile security acquisitions this year, the ever-simmering topic of security industry consolidation has once again surfaced.
Post a Comment
Microsoft Internet Explorer Zero-Day Under Attack
11/8/2010The risk surrounding a new zero-day Microsoft Internet Explorer vulnerability increased significantly over the weekend and could prompt an emergency patch release from the software company at any time.
Post a Comment
Don't Be A Sheep
11/6/2010Thanks to the new Firefox plug-in dubbed Firesheep, snoops and attackers now have an easier shot at hijacking some of your Internet sessions. Don't let this opportunity go to waste.
Post a Comment
State Sues WellPoint Over Data Breach Notification
10/31/2010The state of Indiana's attorney general is suing insurer WellPoint Inc. for $300,000 for not notifying customers in a timely enough manner that their data was at risk.
Post a Comment
Java Worm Targets Mac OS X
10/30/2010A just uncovered Trojan horse is employing an old social engineering ploy on social networks to lure Mac users.
Post a Comment
More Patient Data Dumps
10/25/2010Yet another case where patient medical records are left in a dumpster and out in plain sight.
Post a Comment
Apple FaceTime Mac Beta Ships With Pedestrian Security Flaw
10/21/2010On Wednesday Apple announced its FaceTime for Mac beta. Problem is the beta software shipped with a security flaw that could enable attackers to access iTunes accounts. However, the flaw could be indicative of much more systemic problems.
Post a Comment
Social Media Best Practices For Healthcare
10/19/2010It's no secret that there have been instances of medical workers abusing social networking sites and violating patient privacy rights. A medical association has recently published a social media toolkit designed to help with more responsible use of social media.
Post a Comment
CloudAudit Now Under Cloud Security Alliance Umbrella
10/17/2010We've blogged often about the need for organizations to be able to see and understand the regulatory compliance and security efforts of their cloud providers. Now, two organizations - the Cloud Security Alliance and CloudAudit - that have been working toward exactly that are joining forces.
Post a Comment
Microsoft Steps Up To Dethrone Zeus
10/15/2010Microsoft is throwing another punch at this most nasty and extremely active botnet.
Post a Comment
It's Not (Just) About EMR Software Security
10/12/2010We recently discussed a report that provided an overview of the security breach trends at 300 health care providers. Some took the post to be a condemnation of EHR security. That is too narrow of an interpretation. The post was meant to convey the lack of maturity, pervasive in the health care industry, when it comes to security controls.
Post a Comment
Insiders Still Remain Potential Powerful Threat
10/10/2010While malware and hacker attacks continue to make the headlines, recent events remind us that insiders still pose a potent threat.
Post a Comment
Record Microsoft Patch Tuesday Ahead
10/7/2010Administrators, get your rest this weekend. According to Microsoft's advanced warning, next Tuesday is going to be a record-setter when it comes to software vulnerability updates.
Post a Comment
In Software We (Can't) Trust
9/30/2010I can't think of more than a few attacks in the past decade that involved stolen certificates as part of the malware or exploit code. However, recent attacks, and new research highlights the increasing danger of trusting signed digital certificates.
Post a Comment
Google To Warn Admins Of Malware Infestations
9/29/2010It's been made very clear that one of the greatest threats to Web safety is reputable Web sites getting nailed with malware - and their web masters don't even know it. That malware then infects users - who also go unaware that they've been pwned. This week, Google is taking steps to try to turn that tide.
Post a Comment
Stuxnet Pwned Iran. Are We Next?
9/27/2010For the past few weeks rumors had run rampant about the purported targets of the Stuxnet worm. One of those rumors was that the worm was targeting Iran's controversial nuclear sites. Now, according to news reports that hit yesterday, those rumors may very well be right. There's a warning in all of this for the United States.
Post a Comment
Zeus Targeting Mobile Phone Authentication
9/26/2010A new variant of the Zeus botnet aims to circumvent an increasingly popular mode of two-factor authentication among financial institutions and other enterprises.
Post a Comment
Twitter Under Attack
9/21/2010There's a cross-site site scripting flaw aggressively spreading across the social networking site Twitter. I know, I was hacked first thing this morning. . .
Post a Comment
Steady Bleed: State of HealthCare Data Breaches
9/19/2010Study reveals that, for many healthcare providers, patient data breaches continue - month after month - at an alarming rate.
Post a Comment
Cloud Security And Compliance: Clear The Ambiguity
9/13/2010The fact that business consumers of public cloud computing services don't get much in the way of transparency into the governance and security efforts of their cloud providers has been an obvious hindrance to cloud adoption. Here's an example at how a nascent, but encouraging, standard - CloudAudit - aims to change that.
Post a Comment
iPhone iOS Devices Jailbroken
9/9/2010Hackers are claiming to have uncovered a flaw within iPhone and iPod Touch hardware that will make it easy for users to jailbreak their devices. And, if these reports prove accurate, it'll not be a trivial workaround for Apple to fix.
Post a Comment
Twitter Hit With Another Cross-Site Scripting Vulnerability
9/7/2010Over this Labor Day weekend developers at Twitter had to do a bit of additional labor that they should have previously completed - and that's to close a potentially dangerous cross-site scripting (XSS) vulnerability before things slid out of hand.
Post a Comment
Apple's Ping Stumble Highlights Systemic Security Problem
9/4/2010Within 48 hours of Ping's launch, Apple's foray into music social networks, more than one million users joined. Too bad, like so many other applications and services on the Internet, security was an afterthought, and those users were plagued with spam comments.
Post a Comment
Dangerous Internet Explorer QuickTime Flaw Surfaces
8/31/2010Spanish security researcher Ruben Santamarta has discovered a way to exploit Apple QuickTime on Microsoft Windows systems and bypass advanced security defenses to take complete control of targeted systems.
Post a Comment
Microsoft Software Security Development Lifecycle (SDL) Unleashed
8/30/2010While many industry watchers may not acknowledge it, Microsoft has been one of the few software makers to put a serious, and highly public, effort behind the development of secure software. Now, much of what the company has learned about secure software development is going to be even more accessible.
Post a Comment
CloudAudit Gets Real
8/22/2010For enterprises, one of the biggest challenges with cloud computing include transparency into the operational, policy and regulatory, and security controls of cloud providers. For cloud providers, one of their pressing challenges is answering all of the audit and information gathering requests from customers and prospects. CloudAudit aims to change that.
Post a Comment
Intel Buys (Overpays For?) McAFee For Growth
8/20/2010Chipmaker Intel buys security software maker McAfee for $7.68 billion. The question is: why?
Post a Comment
Anti-Virus Suite Protection? Not Much
8/17/2010It's no secret that anti-virus software doesn't do much to protect you against new and rapidly moving viruses, so it shouldn't come as much of a surprise that these suites don't do much good defending you against exploit code, either. A fresh evaluation from NSS Labs reveals just how vulnerable you really are.
Post a Comment
Analysis: Healthcare Breach Costs May Reach $800 Million
8/15/2010According to an analysis by the Health Information Trust Alliance (HITRUST), regulated health care organizations that have reported health information breaches of 500 or more people could cumulatively spend upwards of $1 billion in related costs.
Post a Comment
Apple Plugs Jailbreak Flaw, Exploit Code Released
8/12/2010About a week after JailbreakMe 2.0 surfaced, Apple has plugged the flaws in iOS that made the Jailbreak possible. If you've not jailbroken your phone, you'll want to get the update ASAP as the exploit code has been released.
Post a Comment
Post Patch Tuesday. Don't Stop There
8/11/2010While you may be well underway testing and deploying this month's hefty batch of patches from Redmond, it's never too soon to ask: how secure do the rest of your applications and servers look?
Post a Comment
Brace For Heavy Patch Tuesday
8/5/2010This Tuesday Microsoft is expected to release a record number of security bulletins that affect many versions of Windows and an assortment of applications.
Post a Comment
On iPhone, Jailbreaking, And Security
8/3/2010It may not be the fashionable decision, but I choose not to jailbreak my iPhone. That's primarily out of security concerns. However, it turns out that Jailbreaking (read: pwning) an iPhone is now as simple as visiting a web page.
Post a Comment
Be Careful What You Search For
7/31/2010Viruses and malware used to spread and try to find computer users to infect. Today, research released at DefCON 18, shows that increasingly search engines are bringing users are going straight to the malware.
Post a Comment
Rite Aid's $1 Million Settlement: More Good Enforcement News
7/30/2010Rite Aid Corp. having to pay a $1 million settlement to possible Health Insurance Portability and Accountability Act (HIPAA) violations is another right step in the direction of enforcement.
Post a Comment
Verizon Data Breach Report: Some Big Surprises
7/28/2010One of the most comprehensive data breach reports available found the number of breaches to have declined significantly last year, and significant changes in how attackers are infiltrating companies.
Post a Comment
Mozilla Patches Critical Firefox Security Patch
7/26/2010Just a few days after issuing more than a dozen security updates, many of them critical, the foundation that published the popular Firefox web browser issues a patch to fix its patch.
Post a Comment
Healthcare Breaches Spin Out Of Control
7/22/2010If the past week is any indication (and I'm afraid it is), health care companies are doing an abysmal job at protecting personal health care data.
Post a Comment
Microsoft Warns Of Critical Vulnerability
7/18/2010Microsoft Friday warned its customers that attackers are targeting an unpatched and critical Windows vulnerability.
Post a Comment
Mozilla Raises Security Bug Payout
7/16/2010If you are a bug finder, finding security flaws in Mozilla software products, such as the Firefox web browser, just became much more profitable after the foundation raised its bug bounty from $500 to $3,000. But will this move help improve your security?
Post a Comment
Patch Tuesday: XP SP 2, Windows Help Center Patches Coming
7/12/2010Tuesday Microsoft said it will patch the critical Windows Help and Support Center vulnerability that has been widely attacked. This month's Patch Tuesday will also the last day of support for Windows 2000 and Windows XP Service Pack 2.
Post a Comment
Social Networking: Keeping It Real
7/8/2010Another demonstration on the security and privacy implications of using social networking sites reveals their real weakness. And I say: so what.
Post a Comment
The Kraken Botnet Returns
7/1/2010The return of the Kraken botnet from its reported death in 2009 shows just how difficult squashing the botnet threat really is.
Post a Comment
Which Platform Is Safer: Android, Blackberry, or iPhone?
6/30/2010With the hand-held platform battle over market share heating up, more people are wondering just which platforms may be safer from attackers and snoops.
Post a Comment
Hackers Busted In Online Poker Cheats
6/28/2010Korean police nabbed 33 hackers who were using bots to cheat online poker players from November 2009 through May of this year.
Post a Comment
Android, iPhone, "Kill Switch" Capabilities
6/27/2010The recent security related events surrounding Google Android highlights why users must exercise constant vigilance in the applications they choose to install on their handsets, and raises questions about the ability for vendors to reach into your handset to remove potentially nasty software.
Post a Comment
Research: 2014 State of Database Technology
IT's stuck in neutral. Exciting techs like NoSQL, DBaaS, and distributed architectures are in use by few of our 956 respondents. Just 5% have Hadoop in production, and a mere 1% use Amazon DynamoDB for critical functions. What will it take to jump-start innovation?
White Papers
Current Issue
Video
Slideshows
Twitter Feed
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.
- Featured UBM Tech Sites
- InformationWeek |
- Network Computing |
- Dr. Dobbs |
- Dark Reading
- Our Markets:
- Business Technology |
- Electronics |
- Game & App Development
- Working With Us:
- Advertising Contacts |
- Event Calendar |
- Tech Marketing Solutions |
- Corporate Site |
- Contact Us / Feedback
Tweet This