TrueCrypt Dies, Not a Huge Issue for the Enterprise

The sudden and inexplicable demise of the popular TrueCrypt product is raising eyebrows this week. TrueCrypt was a free encryption product supported by anonymous developers. There was quite a bit of suspicion already about the provenience of TrueCrypt, which sparked an effort to independently validate that it did not contain backdoors or vulnerabilities. Last October…

Details

The Snowden Conversation We Are All Having in One Way or Another…

Edward Snowden did an important thing: He made an important conversation on security and ethics popular and international. On one hand, he told us something we always knew: Spies spy. That is they stealthily gathering secrets. This is usually associated with times of war or matters of national security. I’d venture to say spying may be the third oldest profession. Spying…

Details

“TrueCrypt is not secure,” Official SourceForge Page Warns of Crypto Program

The widely used open-source TrueCrypt encryption program is “not secure” and should not be used, according to SourceForge, one of the official webpages for TrueCrypt. The announcement posted at truecrypt.sourceforge.net states: “WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues,” text in red at the top of TrueCrypt page on SourceForge…

Details

“I was Trained as a Spy,” Snowden Says

National Security Agency (NSA) leaker Edward Snowden called himself a patriot who simply was defending the constitution during an interview with NBC “Nightly News” broadcast on Wednesday. The former NSA contractor told Williams during the interview held in Moscow, Russia where Snowden has been for nearly a year, that while at the NSA he had…

Details

F5 Networks Acquires Cloud DDoS Mitigation Provider Defense.Net

F5 Networks has acquired privately held cloud-based distributed denial of service (DDoS) mitigation provider Defense.Net for an undisclosed sum, according to a press release. F5 said it took the move to complement its existing on-premise DDoS protection capabilities. The Defense.Net service, founded by Barrett Lyon who is known as a pioneer in the field of DDoS…

Details

Security Industry Fights Surveillance State with Words

Cisco’s General Counsel Mark Chandler on May 13 reacted strongly to further news of NSA exploiting Cisco gear, sparked in part by the publication of Glenn Greenwald’s book on Snowden and the leaked documents. Chandler protested that the US government is causing damage to the tech industry. Along with the publishing of No Place to Hide:…

Details

Nearly 150 Million eBay Users Told to Reset Password

Nearly 150 million eBay users need to reset their password after unknown attackers accessed a database containing customers’ personal information, the retail giant said on Wednesday. Attackers used “a small number” of stolen employee login credentials to get onto eBay’s corporate network and access the database, eBay said. The compromise happened between late February and…

Details

Cisco Acquires ThreatGrid

Cisco announced this morning that they are adding ThreatGrid to their portfolio. ThreatGrid uses instrumented sandboxes to conduct its research of advanced malware. They address the issue created when advanced malware started to modify its behavior when it detected it was in a virtual environment, a common defense against sandboxing. Relying on emulation and a…

Details

Salary Sources for Security Professionals and Hiring Managers

How much is a security professional worth annually? A number of factors go into this equation, but suffice it to say, the security industry and the salaries have not felt the recession the same as other professions. And with suggested security professional unemployment at zero, it’s no wonder young security professionals are opting for (formal)…

Details

Sandbox Vendors Ignore Microsoft Licensing Agreements

An examination of Microsoft’s Customer License Agreement (CLA) for embedded systems indicates that there is no provision for a vendor to ship appliances with multiple virtual instances of Windows, or its popular Office productivity suite. In fact shipping Windows in a virtualized environment is expressly prohibited. From the CLA: (2b3) “Company may distribute more than…

Details