Der Spiegel makes light of an incredible tidbit they extracted from a 50-page catalog of exploit technology apparently developed by the NSA’s Tailored Access Operations (TAO). The German newspaper describes, and dismisses as not very threatening the ability of an analyst using XKeyscore to identify a target’s machine, probably by IP address. Then, if that machine ever files a…
DetailsMy coverage of the NSA’s massive data gathering and attacks on fundamental security technology has been focused on the expected impact on the IT security industry. I was one of the first to publish trepidation a day after the first Snowden report (NSA Surveillance Threatens US Competitiveness, June 7, 2013) and again a week later…
DetailsThe two biggest concerns organizations have when considering the use of cloud based services are the safety of personal data and complying with data protection laws (see complimentary Quocirca report, “The adoption of cloud based services,” downloadable here). The report shows that these are issues that those recognizing the benefits of such services overcome by…
DetailsOrganizations and government agencies that use Samsung’s flagship Galaxy S4 smartphone are at risk of having their confidential data including emails, file transfers and browser activity breached, according to cyber security researchers at Ben-Gurion University of the Negev (BGU). The BGU researchers said they discovered the alleged “critical vulnerability” in the Samsung Knox software, an…
Details(Updates with RSA denial) There has been a lot of furor over the Random Number Generator that the NSA, with a rather heavy hand, apparently forced NIST to accept into its encryption standards. Bruce Schneier, wrote “ The NSA Is Breaking Most Encryption on the Internet “ and The Guardian reported extensively on the NSA’s project Bullrun, which is apparently…
DetailsWe’ve all had or seen server room doors protected by combination locks. Most safes these days are protected by electronic keypads, like the ones used to safeguard on-site backup tapes. Using digital keypads, one’s fingers transfer a minute amount of heat to each key pressed. This heat can be read by thermal imaging cameras for a…
DetailsThe establishment of the Mobile App Security Working Group, (MAS), was announced at the Amphion Forum in San Francisco last week. Member companies will collaborate to develop security standards for mobile applications that interact with each other. The MAS charter members are Mocana, SAP, FireEye, McAfee and Wind River. The rise of connectivity between industrial control systems is…
DetailsDatacard Group today announced that they are acquiring Entrust a digital certificate and identity services provider. Financial details were withheld by both private entities, the companies said in a release. Entrust will be a separate business unit led by its former CFO, David Wagner, while Entrust’s CEO, Bill Conner, will stay on in an advisory role for up…
DetailsManaged Security Services (MSS) in Asia-Pacific (APAC) region will more than triple by 2019, climbing to an estimated $5.34 billion according to industry analyst firm Frost & Sullivan. Enterprises in the APAC region are being driven to increasingly outsource network infrastructure security as they find themselves “ill-equipped to handle complex and multiple cyber threats.” Frost…
DetailsA Federal District Court judge today ruled that the National Security Agency (NSA) program that once-secretly collected records of all Americans’ phone calls likely violates the Constitution and called the program’s technology “almost Orwellian.” District of Columbia Judge Richard J. Leon in a 68-page ruling ordered the government to stop collecting data on two plaintiffs’ personal…
Details