The US National Security Agency (NSA) reportedly knew about the Heartbleed bug flaw and regularly used it to gather critical intelligence, according to the Bloomberg news agency. Heartbleed is the name given to a software vulnerability in OpenSSL, an open-source cryptographic library widely used to secure Internet communications. OpenSSL is commonly used by Web servers, VPN software,…
While Bruce Schneier may have been jumping to conclusions when he said: “At this point, the probability is close to one that every target has had its private keys extracted by multiple intelligence agencies.” It did not take long for at least a couple of traces of recorded network traffic, as reported by Ars Technica,…
When the point of sale terminals at Target were hacked last December, issuing banks (the banks that issued credit cards to consumers) were on the hook for millions of dollars it cost to reissue these credit cards to their customers and potentially for the cost of fraudulent charges on these stolen cards. So they went…
After presenting this week at InfoSecWorld 2014 on Why Risk Management Fails, I was asked by a frustrated risk management professional how to build an IT security program. The days are gone when I could just sketch out a list of technologies to deploy, as I did for the newly appointed CISO of a government…