InfoWorld.com [Security]

Syndikovat obsah
Aktualizace: 3 roky 39 týdnů zpět

5 reasons why hackers own your organization

16 Září, 2014 - 12:00

Last week I noted that most companies are either already hacked or could easily be hacked -- and, when they have anything worth stealing, are probably already owned by multiple APT (advanced persistent threat) groups.

Kategorie: Hacking & Security

How network virtualization is used as a security tool

15 Září, 2014 - 16:08

When people think of network virtualization, the advantages that come to mind typically include faster provisioning of networks, easier management of networks and more efficient use of resources. But network virtualization can have another major benefit as well: security.

Kategorie: Hacking & Security

Sprint, Windstream traffic routing errors hijacked other ISPs

15 Září, 2014 - 12:46

Internet traffic routing errors made by U.S. operators Sprint and Windstream on the same day last week underscore a long-known Internet weakness, posing both security and reliability issues.

Both of the errors involved Border Gateway Protocol (BGP), an aging but crucial protocol that is used by networking equipment to route traffic between different providers. Traffic routes are "announced" using BGP, and the changes are then taken up by routers around the world.

Kategorie: Hacking & Security

Data protection authorities find privacy lapses in majority of mobile apps

12 Září, 2014 - 16:45

Many mobile apps request too many permissions and don't explain how they collect users' personal information, a study of 1,211 popular apps by the Global Privacy Enforcement Network has found.

The majority of the apps reviewed did not adequately explain to users how they were collecting and using information, according to the study, carried out by 26 privacy enforcement authorities in 19 countries. It also found that a third of the tested mobile applications requested excessive permissions that were outside the scope of their functionality.

Kategorie: Hacking & Security

Yahoo says it faced $250,000 daily fines for defying U.S. surveillance requests

12 Září, 2014 - 13:08

The U.S. government once threatened to fine Yahoo $250,000 a day if it failed to assist with its surveillance efforts, Yahoo said Thursday.

Yahoo said it was threatened with the fines after it challenged surveillance powers granted to the U.S. government under the Protect America Act of 2007. The information has come to light now because the Foreign Intelligence Surveillance Court, which oversees how those laws are implemented, agreed to unseal documents in the case.

Kategorie: Hacking & Security

Yahoo says it faced $250,000 daily fines for defying U.S. surveillance requests

12 Září, 2014 - 13:08

The U.S. government once threatened to fine Yahoo $250,000 a day if it failed to assist with its surveillance efforts, Yahoo said Thursday.

Yahoo said it was threatened with the fines after it challenged surveillance powers granted to the U.S. government under the Protect America Act of 2007. The information has come to light now because the Foreign Intelligence Surveillance Court, which oversees how those laws are implemented, agreed to unseal documents in the case.

Kategorie: Hacking & Security

How Google's tiff with certificate authorities can impact you

11 Září, 2014 - 16:04

Miffed certificate authorities are calling on Google to give websites more time to upgrade the security used in browser-to-server communications before displaying warnings in Chrome.

The CAs are upset over Google's roughly six-month timetable for ratcheting up the notices that begin this month for Chrome users visiting sites that do not upgrade from SHA-1 to SHA-2.

Kategorie: Hacking & Security

How Google's tiff with certificate authorities can impact you

11 Září, 2014 - 16:04

Miffed certificate authorities are calling on Google to give websites more time to upgrade the security used in browser-to-server communications before displaying warnings in Chrome.

The CAs are upset over Google's roughly six-month timetable for ratcheting up the notices that begin this month for Chrome users visiting sites that do not upgrade from SHA-1 to SHA-2.

Kategorie: Hacking & Security

Enemies no more, McAfee and Symantec agree to share threat data

11 Září, 2014 - 14:05

The recently launched Cyber Threat Alliance has been given a big boost with the news that Intel's McAfee division and former arch-enemy Symantec are to join the industry group whose mission is to create the first significant cross-vendor movement of threat data.

The CTA was announced in May with founder members Fortinet and Palo Alto Networks, an intriguing collaboration between two mid-level security firms that had something to gain from this kind of initiative.

Kategorie: Hacking & Security

Enemies no more, McAfee and Symantec agree to share threat data

11 Září, 2014 - 14:05

The recently launched Cyber Threat Alliance has been given a big boost with the news that Intel's McAfee division and former arch-enemy Symantec are to join the industry group whose mission is to create the first significant cross-vendor movement of threat data.

The CTA was announced in May with founder members Fortinet and Palo Alto Networks, an intriguing collaboration between two mid-level security firms that had something to gain from this kind of initiative.

Kategorie: Hacking & Security

3 security practices IoT will disrupt

11 Září, 2014 - 13:00

I made it back from DEFCON with both my phone and tablet intact, but I'm happy I didn't bring a light bulb. You see, if had brought a light bulb, and that light bulb was a smart LED bulb running Linux, it might be running someone else's software by now. 

Kategorie: Hacking & Security

3 security practices IoT will disrupt

11 Září, 2014 - 13:00

I made it back from DEFCON with both my phone and tablet intact, but I'm happy I didn't bring a light bulb. You see, if had brought a light bulb, and that light bulb was a smart LED bulb running Linux, it might be running someone else's software by now. 

Kategorie: Hacking & Security

Five million Gmail addresses and passwords dumped online

10 Září, 2014 - 20:11

An archive containing nearly 5 million Gmail addresses and plain text passwords was posted Tuesday on an online forum, but the data is old and likely sourced from multiple data breaches according to one security firm.

A user with the online alias "tvskit" posted the archive file on a Bitcoin security forum called btcsec.com and claimed that over 60 percent of credentials found inside are valid.

Kategorie: Hacking & Security

Five million Gmail addresses and passwords dumped online

10 Září, 2014 - 20:11

An archive containing nearly 5 million Gmail addresses and plain text passwords was posted Tuesday on an online forum, but the data is old and likely sourced from multiple data breaches according to one security firm.

A user with the online alias "tvskit" posted the archive file on a Bitcoin security forum called btcsec.com and claimed that over 60 percent of credentials found inside are valid.

Kategorie: Hacking & Security

Internet Explorer steals the Patch Tuesday spotlight again

10 Září, 2014 - 15:31

It's hard to imagine that we are already three-fourths of the way through 2014 -- at least as measured by Microsoft Patch Tuesdays. Today, Microsoft released four new security bulletins, but only one of them is Critical. Guess which one?

Kategorie: Hacking & Security

Internet Explorer steals the Patch Tuesday spotlight again

10 Září, 2014 - 15:31

It's hard to imagine that we are already three-fourths of the way through 2014 -- at least as measured by Microsoft Patch Tuesdays. Today, Microsoft released four new security bulletins, but only one of them is Critical. Guess which one?

Kategorie: Hacking & Security

Cloud security: We're asking the wrong questions

10 Září, 2014 - 12:00

In the wake of the celebrity photo breach, the media is humming with stories disparaging the safety of the cloud.

Kategorie: Hacking & Security

Cloud security: We're asking the wrong questions

10 Září, 2014 - 12:00

In the wake of the celebrity photo breach, the media is humming with stories disparaging the safety of the cloud.

Kategorie: Hacking & Security

Adobe fixes critical flaws in Flash Player, delays Reader and Acrobat updates

10 Září, 2014 - 00:21

Adobe Systems released a critical security update for Flash Player that fixes 12 security vulnerabilities, but pushed back its planned patches for Reader and Acrobat by a week.

The Flash Player updates, available for Windows, Mac, and Linux, address nine vulnerabilities that could lead to remote code execution and three that can allow attackers to bypass security features, including memory address randomization and the same-origin policy.

Kategorie: Hacking & Security

Adobe fixes critical flaws in Flash Player, delays Reader and Acrobat updates

10 Září, 2014 - 00:21

Adobe Systems released a critical security update for Flash Player that fixes 12 security vulnerabilities, but pushed back its planned patches for Reader and Acrobat by a week.

The Flash Player updates, available for Windows, Mac, and Linux, address nine vulnerabilities that could lead to remote code execution and three that can allow attackers to bypass security features, including memory address randomization and the same-origin policy.

Kategorie: Hacking & Security