Russia Uses 'Single Register' Law To Selectively Block Internet Content

Wed, 22 May 2013 15:53:28 GMT

“Won't somebody please think of the children?” seems to be Russia's refrain when it comes to their recent inception of internet censorship laws. I ...

Building Trust and Security through Transparency of Service

Tue, 21 May 2013 19:36:07 GMT

By David Baker

With the growing movement of enterprises to the cloud, it’s more important than ever that service providers demonstrate and prove good security practices to their customers, in good times and in bad. During an incident, how a cloud provider communicates to its custo ...

Liability and the “Commercially Reasonable” Standard

Mon, 20 May 2013 13:31:45 GMT

When new technology introduces new legal questions, it can take a long time for courts to sort matters out, and cybersecurity is no exception to the rule. Cyberattacks that yielded major breaches of financial companies in 2008 or 2009 have spawned a series of lawsuits that aim to determine liab ...

Plugging "Cloud Identity Leaks": Why Your Business Should Become an Identity Provider

Wed, 15 May 2013 18:43:59 GMT

By Mark O’Neill

Most people have used the Facebook, Twitter, or Google Apps buttons located on websites to log into third-party services. This approach is useful within consumer IT as it enables the user to access various services via their own Facebook, Twitter or Google Apps pas ...

Securing Credit Card Voice Transactions

Thu, 09 May 2013 11:20:57 GMT

This afternoon, I met the CEO (and co-founder) of Semafone, Tim Critchley. When the invitation to interview him landed in my inbox, I was all set to turn it down. As Critchley himself admits, ca ...

Talking Infosec Awareness and Training with Kaspersky Labs’ David Emm

Fri, 03 May 2013 16:40:20 GMT

Shortly before the chaos of Infosecurity Europe, I joined David Emm, senior security researcher at Kaspersky Lab, for lunch in a lovely quiet gastro pub ...

Should Information Security Professionals be Licensed to Practice?

Thu, 02 May 2013 21:08:03 GMT

Last week we published accompanying editorials from our most recent print edition that asked a rather simple question: Should information security professionals be licensed to practice?

Arguing in favor of such a licensing scheme,

Identity Management Plays a Key Role in Mobile Device Management (MDM)

Tue, 30 Apr 2013 15:21:27 GMT

By Dan Dagnall

As BYOD and other mobile device related initiatives take hold, sooner rather than later, identity management will once again be considered as an ...

How to Adopt the Public Cloud While Attaining Private Cloud Control and Security

Fri, 26 Apr 2013 16:44:36 GMT

By Gerry Grealish

Earlier this year, McKinsey & Company released an article titled “Protecting information in the cloud,” discussing the increased us ...

Cloud-Based Identity Management: Best Practices for Rapid End-User Adoption

Fri, 26 Apr 2013 16:21:45 GMT

By Glenn Choquette

Identity Management (IdM) is not new. Yet, after all this time on the market, organizations still have mixed results for end-user adoption, as many organizations that rolled-out IdM years ago still haven’t achieved their goals: end-users keep calling the help de ...

Will CISPA pass this time?

Mon, 22 Apr 2013 16:22:03 GMT

Recently the controversial Cyber Information Sharing and Protection Act (CISPA) was passed by the US House of Representatives for the second time. The bill would mean that technology and web comp ...

Live on-stand interviews & wine: What we're up to at Infosecurity Europe...

Fri, 19 Apr 2013 11:45:38 GMT

Well, it's our last day in the office before we all go on site for Infosecurity Europe next week. There's a lot of excitement (and panic!) in the air...A few bits of news about what myself and the rest of team Infosecurity will be up to at the even ...

At War with the World

Thu, 18 Apr 2013 15:45:23 GMT

In February, security firm Mandiant made headlines when they declared the hacking team APT1, “likely government-sponsored and one of the most persistent of Ch ...

Web Scrubbing in China

Mon, 15 Apr 2013 15:03:06 GMT

Within days of China being pinpointed as the home of a massive hacking base, the BBC has alleged that China has been regularly blocking their radio and TV broadcasts and their Chinese-language website. A BBC news crew highly publicized cyber attacks on US banks. These attacks took the form of Distributed De ...

All that Glitters is Not Gold

Fri, 12 Apr 2013 01:29:19 GMT

The old saying “all that glitters is not gold” can have a particular resonance with us in the Information Security profession, especially at this time of the year. I say this as we are now starting to move into the heart of the information security conference season; the RSA Conferenc ...

Policing the Virtual Perimeter

Thu, 11 Apr 2013 18:01:17 GMT

A recent spate of targeted denial of service attacks on organisations such as Spamhaus and according to HP’s current management a big turnaround in fortune is underway). However, ...

A Little too Much Access, Thank You

Fri, 29 Mar 2013 15:14:57 GMT

So now that it appears the Internet Apocalypse is over and we can all return to life as we know it, (assuming we

Of Sequestration & Cybersecurity Frustrations…

Fri, 29 Mar 2013 14:36:52 GMT

With sequestration cuts underway across the federal government, and the plight of the federal information security workforce being traditionally viewed as non-mission essential, one can only hope that the historically underfunded budgets of the federal CISO will survive the carving knives of th ...

Going Up? Safety First, then Send your Data to the Cloud

Thu, 28 Mar 2013 15:02:14 GMT

By Joe Sturonas

As the proliferation of data continues to plague businesses, the pressure is on for companies to migrate away from their physical data centers. Cloud computing is being adopted at a rapid rate because it addresses not only the costs for physical space, but also rising en ...

A Chat with Dimension Data: Data Centric Security, Data Breaches, and Why Old is New in Security

Wed, 27 Mar 2013 09:23:48 GMT

This week I sat down with Anna Watson, general manager of security solutions, Europe, at Dimension Data, to have a chat ab ...

How to Harden Your APIs

Tue, 26 Mar 2013 18:04:45 GMT

By Andy Thurai

The market for APIs has experienced explosive growth in recent years, yet the major issues that providers still face are protection and hardening of the APIs that they expose to users. In particular, when you are exposing APIs from a cloud-based platform, this becomes ver ...

If Your iPhone Could Talk...

Mon, 25 Mar 2013 18:56:16 GMT

Andy Greenberg at Forbes has shown us the information that law enforcement can recover via a seized iPhone. The article is essentially in response to one

Three Critical Features that Define an Enterprise-Grade Cloud Service

Fri, 22 Mar 2013 19:32:30 GMT

By David Baker

The line between enterprise and consumer is fading as employees work from all manner of devices to access the on-premises, cloud and even consumer applications needed to get work done. But it’s important to not confuse enterprise and consumer services from a securit ...

Why Should I Get My Certificate of Cloud Security Knowledge (CCSK)? Or Train to be a CCSK Trainer?

Wed, 20 Mar 2013 20:14:02 GMT

“The CSA, in providing a set of goals through the CCSK, is challenging security practitioners to become the cloud thought-leaders we need today and tomorrow to ensure safe and secure cloud environments. In developing the CCSK, CSA is 'setting the bar' for security professi ...

The Shrinking Security Model: Micro-perimeters

Wed, 20 Mar 2013 19:14:24 GMT

By Ed King

As cloud and mobile computing make enterprise IT ever more extended, the traditional security model of keeping the bad guys out and allowing only the good guys in no longer works well. While the reach of the enterprise has expanded, the security perimeter may actually have t ...

My morning at CrestCon/IISP Conference

Wed, 20 Mar 2013 14:29:31 GMT

So far, I’ve listened to three talks - sadly I wasn’t allowed to attend the keynote given by CESG – and will be returning after lunch (I’m currently camped out in Café Nero regaining some charge on my laptop and iPhone) to hear some more.

Information securi ...

Net Neutrality: Is it Necessary?

Fri, 15 Mar 2013 16:22:15 GMT

At the moment, the US Federal Communications Commission (FCC) is fighting an on-going legal battle with the telecommunications company Verizon over their net neutrality rules, which were initially proposed in ...

I Want My Nua Mek 2...Yes, Hackers Watch TV Too

Thu, 14 Mar 2013 19:11:28 GMT

We’ve all been disappointed when a favorite show is canceled, be it Arrested Development, Freaks and Geeks or, more recently, 666 Park Avenue (err…or is that just me?). But Thailand’s National Broadcasting Commission (NBC) got more than it bargained f ...

The Age of Bring-Your-Own-Identity (BYOID)

Mon, 11 Mar 2013 11:19:14 GMT

Sellers of computer security products and services sometimes fret that their messaging is too scary as they go on about risk, data loss and regulatory fines. To get around this, every so often they like to remind potential buyers that their wares are also business enablers. The case is easier to ...

It’s McAfee. James McAfee.

Tue, 05 Mar 2013 20:34:49 GMT

A game of high-stakes, technical espionage that targets the highest levels of government? A bevy of presumably beautiful female double agents? A nefarious foe bent on the destruction of the US, operating in the shadows under a cover of legitimacy? These are not the trappings of a new James Bond i ...

APTs and Oscar Wilde

Fri, 01 Mar 2013 19:54:20 GMT

“The only thing worse than being the victim of an APT is *not* being the victim of an APT.”

Or, at least, that’s probably how Oscar Wilde would have seen it, had he been following the news recently.
(He rather famously said something similar when told that a ...

The Trouble Heading for your Business in 2013

Fri, 01 Mar 2013 13:58:23 GMT

Facebook, Twitter, Apple and Microsoft: all icons of the information technology industry and all the focus of targeted attacks in Feb 2013. The bad news for us all is, that even those that should be some of the most tech-savvy companies in the wor ...

Cruising the Misinformation Superhighway

Thu, 28 Feb 2013 13:23:58 GMT

Long before there was a World Wide Web, when the internet was largely a playground for academics and the military, and most people still thought spam was a canned meat, there were already hoaxes and scams (pyramid schemes, Ponzi schemes, lures into premium rate phone services, fa ...

Censorship’s Losing Battle in China

Wed, 27 Feb 2013 15:49:25 GMT

Recently, Brad Pitt was the latest celebrity to join up to China’s foremost micro-blogging platform, Sina Weibo, joining the likes of Selena Gomez, Paris Hilton, Emma Watson, an ...

RSA 2013: Interview with security evangelist Stephen Cobb

Wed, 27 Feb 2013 02:04:16 GMT

I’ve just spent a fascinating 45 minutes picking the brain of ESET security evangelist, Stephen Cobb.

Below are the key statements made by ESET's ...

Language is a Virus (Editorial from Q1 issue)

Mon, 25 Feb 2013 02:25:24 GMT

This year we are scaling back on the quantity of issues produced (the magazine will now be published quarterly) in order to allow the editorial team to increase the output of online content.

Not only will we be producing more daily news stories, but we will be publishing featur ...

Finally, a Step Forward in Cybersecurity

Thu, 21 Feb 2013 22:30:18 GMT

Some of the most successful blockbuster films released in the last two decades have been themed on the potential destruction that computer hackers can cause. Her ...

Could Microsoft solve the scareware problem?

Thu, 22 Oct 2009 07:58:24 GMT

This morning I read the following article: Microsoft can help kill fake antivirus threat. And interesting approach. The proposal is that we could white-lis ...

Compromised Web Servers Host Koobface Malware Cocktail

Wed, 21 Oct 2009 22:59:35 GMT

The Koobface gang has struck again using compromised web servers to deliver a potent mix of malware. eSoft threat researchers have found hundreds of newly exploited sites hosting malware which includes downloaders, keyloggers and multiple variants of the Koobface worm.

Attackers u ...

Why it pays to be secure – Chapter 3 – But how do I?

Sun, 18 Oct 2009 19:32:16 GMT

Security — you hear about it every day. Being responsible for information security can be a daunting task, so where do you begin?

From the design of acceptable use policies to preventing insiders from stealing data, the job can be a challenging one. Join Senior Security Strategist w ...

Unresolved Compromised Fox Sports Host Heading Into Third Week

Sat, 17 Oct 2009 01:17:07 GMT

eSoft first detected a compromise on the Fox Sports website two weeks ago and as of today, at least one Fox Sports host continues to contain automatic links to a multitude of dangerous exploits. E ...

How the US military has weaponised hacking

Fri, 16 Oct 2009 09:33:41 GMT

“Our technological advantage is a key to America's military dominance. But our defence and military networks are under constant attack. Al Qaeda and other terrorist groups have spoken of their desire to unleash a cyber attack on our country -- attacks that are harder to dete ...

How common is the hacking of secure wifi?

Fri, 16 Oct 2009 09:15:56 GMT

AJAX-JSON - Inside Crux

Tue, 13 Oct 2009 08:34:07 GMT

The development is occurring at a rapid pace. The innovation is going on. The web is transitioning from the web 1.0 to web 2.0. The implementation structures of various technologies have changed. The Web 2.0 has revolutionized the web in a stringent manner from all the perspectives. The Asynchron ...

Recapping the Fox Sports Website Compromise

Fri, 09 Oct 2009 16:18:13 GMT

On October 2nd eSoft published a blog warning visitors of the Fox Sports website about compromised pages with the potential to serve malicious software. To date, the threat remains on their website ...

Web 2.0 – Truth and Lies in AJAX World

Thu, 08 Oct 2009 04:41:07 GMT

Web 2.0 has metamorphosed the complete scenario of internet.

In the AJAX world, most of the working functionality is derived by efficient technology methods and ingrained software dependency. In order to scratch deep down the bottom the differential aspect of this technology must ...

The Africa Cable – A Chance for Africa! – A Threat for the Internet?

Wed, 07 Oct 2009 15:15:25 GMT

The development in Africa especially with the new broadband services to me is a huge chance for the whole continent.

I just found a map (Image 1) on the next two years.

Even though I have not been in Africa over the last few months, I heard that in different cities fiber is brough ...

Why Linux servers are more secure than Windows

Tue, 06 Oct 2009 13:49:18 GMT

The Linux/Windows debate is an oldie but a goodie, and there have been many long threads on most computer related forums discussing their relative merits. Linux is free, open-source and community based. Windows is expensive, professionally developed and has ...

Your password isn't safe - take this simple test to find out how many minutes it would take to crack

Tue, 06 Oct 2009 13:42:14 GMT

There's a well-known saying in information security that the weakest part of any computer system is the person using it. One area where this becomes abundantly clear is in the use of passwords. Allowing users to choose their own passwords can be fatal, with most people not having the first clue a ...

When hacking is legal

Tue, 06 Oct 2009 13:37:20 GMT

The Merriam-Webster dictionary gives two different definitions of “hacker” related to computer security. A hacker is either “an expert at programming and solving problems with a computer” or “a person who illegally gains access to and sometimes tampers with informati ...

Why retina scanning works better for James Bond than it ever would for us

Tue, 06 Oct 2009 12:18:10 GMT

Since the late 80s retinal scanning has been featured in a whole bevy of sci-fi and action films. It's been the security system of choice for some of the silver screen's top spies: James Bond used it in GoldenEye and Ethan Hunt in the Mission Impossible movies. As a result, whilst retinal scannin ...

Which famous Twitter accounts have been hacked?

Mon, 05 Oct 2009 16:41:01 GMT

Early in 2009, Twitter suffered two major security lapses. Once when a wave of highly successful phishing campaigns were successful in obtaining a lot of Twitter passwords, and then again when an 18 year old hacker and student of computer games development brute-force'd an administrator account. ...

Thoughts on the registered traveler programmes at airports

Wed, 30 Sep 2009 17:07:11 GMT

When I entered the US this time, I got a brochure on how I could avoid the line at immigration and just get a fast track by registering with the Global Entry Program, a programme, which would pre-screen ...

Hey, You, Get Off of My Cloud

Sun, 27 Sep 2009 00:47:15 GMT

I recently had different discussions with different customers and we were looking into the key questions to ask, when you plan to move to the cloud (yes, I am working on a corresponding blog post). I was then asked whether we have an answer to these questions – well no. For sure not fo ...

Why it pays to be secure - Chapter 2 - Vulnerabilities

Wed, 23 Sep 2009 23:05:49 GMT

The Microsoft Security Intelligence Report (SIR) provides an in-depth perspective on the changing threat landscape including software vulnerability disclosures and exploits, malicious software (malware), and potentially unwanted software.

In my first post here, I opened the field for a series on “Why it pays to be secure”. As I told you there, Henk van Roest, our Security Support Program Manage ...

Why it pays to be secure

Fri, 11 Sep 2009 10:59:07 GMT

You might all know that feeling: You need money to finance security activities and you are asked why this money shall be invested. And then we start to argue that if we do not do it – bad things happen. These are questions that myself and our support get often. That was the reason why we st ...

Infosecurity - Blog

Russia Uses 'Single Register' Law To Selectively Block Internet Content

Building Trust and Security through Transparency of Service

By David Baker

Liability and the “Commercially Reasonable” Standard

Plugging "Cloud Identity Leaks": Why Your Business Should Become an Identity Provider

By Mark O’Neill

Securing Credit Card Voice Transactions

Talking Infosec Awareness and Training with Kaspersky Labs’ David Emm

Should Information Security Professionals be Licensed to Practice?

Identity Management Plays a Key Role in Mobile Device Management (MDM)

By Dan Dagnall

How to Adopt the Public Cloud While Attaining Private Cloud Control and Security

By Gerry Grealish

Cloud-Based Identity Management: Best Practices for Rapid End-User Adoption

By Glenn Choquette

Will CISPA pass this time?

Live on-stand interviews & wine: What we're up to at Infosecurity Europe...

At War with the World

Web Scrubbing in China

All that Glitters is Not Gold

Policing the Virtual Perimeter

A Little too Much Access, Thank You

Of Sequestration & Cybersecurity Frustrations…

Going Up? Safety First, then Send your Data to the Cloud

By Joe Sturonas

A Chat with Dimension Data: Data Centric Security, Data Breaches, and Why Old is New in Security

How to Harden Your APIs

By Andy Thurai

If Your iPhone Could Talk...

Three Critical Features that Define an Enterprise-Grade Cloud Service

By David Baker

Why Should I Get My Certificate of Cloud Security Knowledge (CCSK)? Or Train to be a CCSK Trainer?

The Shrinking Security Model: Micro-perimeters

By Ed King

My morning at CrestCon/IISP Conference

Information securi ...

Net Neutrality: Is it Necessary?

I Want My Nua Mek 2...Yes, Hackers Watch TV Too

The Age of Bring-Your-Own-Identity (BYOID)

It’s McAfee. James McAfee.

APTs and Oscar Wilde

The Trouble Heading for your Business in 2013

Cruising the Misinformation Superhighway

Censorship’s Losing Battle in China

RSA 2013: Interview with security evangelist Stephen Cobb

Language is a Virus (Editorial from Q1 issue)

Finally, a Step Forward in Cybersecurity

Could Microsoft solve the scareware problem?

Compromised Web Servers Host Koobface Malware Cocktail

Why it pays to be secure – Chapter 3 – But how do I?

Unresolved Compromised Fox Sports Host Heading Into Third Week

How the US military has weaponised hacking

How common is the hacking of secure wifi?

AJAX-JSON - Inside Crux

Recapping the Fox Sports Website Compromise

Web 2.0 – Truth and Lies in AJAX World

The Africa Cable – A Chance for Africa! – A Threat for the Internet?

Why Linux servers are more secure than Windows

Your password isn't safe - take this simple test to find out how many minutes it would take to crack

When hacking is legal

Why retina scanning works better for James Bond than it ever would for us

Which famous Twitter accounts have been hacked?

Thoughts on the registered traveler programmes at airports

Hey, You, Get Off of My Cloud

Why it pays to be secure - Chapter 2 - Vulnerabilities

Why it pays to be secure