The Incredible Power of XKeyscore

Der Spiegel makes light of an incredible tidbit they extracted from a 50-page catalog of exploit technology apparently developed by the NSA’s Tailored Access Operations (TAO).  The German newspaper describes, and dismisses as not very threatening the ability of an analyst using XKeyscore to identify a target’s machine, probably by IP address. Then, if that machine ever files a…

Details

IT Security Industry Has a New Adversary

My coverage of the NSA’s massive data gathering and attacks on fundamental security technology has been focused on the expected impact on the IT security industry. I was one of the first to publish trepidation a day after the first Snowden report (NSA Surveillance Threatens US Competitiveness, June 7, 2013) and again a week later…

Details

Getting Real About Network Access Control (NAC)

The two biggest concerns organizations have when considering the use of cloud based services are the safety of personal data and complying with data protection laws (see complimentary Quocirca report, “The adoption of cloud based services,” downloadable here). The report shows that these are issues that those recognizing the benefits of such services overcome by…

Details

Samsung Galaxy S4 Allegedly Vulnerable to Attack

Organizations and government agencies that use Samsung’s flagship Galaxy S4 smartphone are at risk of having their confidential data including emails, file transfers and browser activity breached, according to cyber security researchers at Ben-Gurion University of the Negev (BGU). The BGU researchers said they discovered the alleged “critical vulnerability” in the Samsung Knox software, an…

Details

Update – Nefarious Pseudo Random Number Generator Never Actually Used in SSL

(Updates with RSA denial) There has been a lot of furor over the Random Number Generator that the NSA, with a rather heavy hand, apparently forced NIST to accept into its encryption standards. Bruce Schneier, wrote “ The NSA Is Breaking Most Encryption on the Internet “ and The Guardian reported extensively on the NSA’s project Bullrun, which is apparently…

Details

Working Group to Develop Security Standards for Mobile Apps

The establishment of the Mobile App Security Working Group, (MAS), was announced at the Amphion Forum in San Francisco last week. Member companies will collaborate to develop security standards for mobile applications that interact with each other. The MAS charter members are Mocana, SAP, FireEye, McAfee and Wind River. The rise of connectivity between industrial control systems is…

Details

Payment Card Manufacturer Datacard Group to Acquire Digital Certificate Pioneer Entrust

Datacard Group today announced that they are acquiring Entrust a digital certificate and identity services provider. Financial details were withheld by both private entities, the companies said in a release. Entrust will be a separate business unit led by its former CFO, David Wagner, while Entrust’s CEO, Bill Conner, will stay on in an advisory role for up…

Details

Enterprises in APAC Increasingly Adopt Managed Security Services

Managed Security Services (MSS) in Asia-Pacific (APAC) region will more than triple by 2019, climbing to an estimated $5.34 billion according to industry analyst firm Frost & Sullivan. Enterprises in the APAC region are being driven to increasingly outsource network infrastructure security as they find themselves “ill-equipped to handle complex and multiple cyber threats.” Frost…

Details

Federal Judge Rules Against NSA Phone Data Mining, Likely Violates Constitution

A Federal District Court judge today ruled that the National Security Agency (NSA) program that once-secretly collected records of all Americans’ phone calls likely violates the Constitution and called the program’s technology “almost Orwellian.” District of Columbia Judge Richard J. Leon in a 68-page ruling ordered the government to stop collecting data on two plaintiffs’ personal…

Details