Do your workplace policies cover wearable devices? Many commercial and Government facilities ban cameras and cellular phones with cameras, but having such policies and not enforcing them can hurt you in the wake of a successful attack. If you routinely ignore a security policy and someone violates it, then you may be left holding the bag — I’ve…
DetailsWhen I predicted a surge in growth in the IT security industry last year (24% CAGR for ten years leading to a $640 billion industry by 2023) I pointed out that encryption would lead the way and that that was not possible without good key management. Perhaps because of that I have monitored key management…
DetailsBack in 2005 we launched a directory of IT security vendors as part of IT-Harvest. Three people in Salt Lake City worked 4 months to compile and categorize 1,200 vendors, their products, and their executives. On the day of the launch an engineer at a Canadian vendor wrote a script and systematically began sucking down…
DetailsThis series of articles and the accompanying videos are part of an ongoing project to illuminate the people, products, and vendors that make up the IT security industry. The vendors paid for the video production. In the early days of the Internet the most powerful driver was the opportunity to reduce telecom costs. Large enterprises…
DetailsNet neutrality is an idea referring to a complete lack of discrimination in the traffic on the Internet. In other words, net neutrality would mean that all packets of data are treated the same, with the same priority. When I watch Netflix, and my show stops while Netflix is buffering, I know some Internet Service…
DetailsTarget hired former General Motors executive Brad Maiorino as its first chief information security officer (CISO), the retail giant said. As the company’s new—and first—CISO, Maiorino will be responsible for Target’s information security and technology risk strategy. Maiorino is expected to begin his new role as CISO and senior vice president June 16. He will…
DetailsTwitter fixed a cross-site scripting flaw in its popular TweetDeck application Wednesday, after millions of users were hit with a malicious script targeting the vulnerability. The vulnerability allowed anyone to place a script in a tweet. Once the tweet appeared inside TweetDeck, the code could execute actions and be automatically re-tweeted to other accounts. The…
DetailsThere is a new exploit in OpenSSL that can allow a man-in-the-middle (MITM) to intercept and decrypt traffic and modify traffic between the vulnerable client and server, according to an OpenSSL advisory. The attack can only be performed between a vulnerable client and server. According to the advisory, all OpenSSL clients are vulnerable where servers…
DetailsLinkedIn announced in April that it had surpassed 300 million users. While LinkedIn has become a valuable networking tool and even somewhat of a useable social networking platform, especially its Groups, like all such platforms it attracts unsavory types. As of today there are actually 348,553,337 LinkedIn “accounts.” I can tell because I get several…
DetailsThe US department of Justice has announced with not just a touch of self congratulations that they have taken down the Gameover Zeus and Cryptolocker botnets. The Gameover Zeus malware intercepted the bank account numbers and passwords that unwitting victims typed into computers into the US which were then used to empty their accounts. In…
Details