Spy On Me, I’d Rather Be Safe

Thanks to the hijinks of Edward Snowden, and just this week, the news that a group of eight tech giants, including Google and Microsoft, are asking for governments worldwide to address surveillance of individuals and data access regulations, the public’s attention is again focused on how the Federal government goes about protecting Americans against potential…

Details

Researchers Find Off-the-Shelf Parrot AR Drones Susceptible to Hacking

Security researchers have discovered a weakness in off-the-shelf aerial drones that could potentially carry nefarious payloads, which could allow law enforcement officials to take control of the unmanned crafts in mid air. The Parrot AR drone tested is a freely available, off the shelf quadrocopter equipped with a high definition camera and controlled via a WiFi…

Details

Two Million Passwords Stolen Worldwide from Popular Websites

Cyber security researchers discovered that about two million credentials were stolen from end users frequenting popular websites earlier this year, making it easier for hackers to use their credentials to send spam. Trustwave’s SpiderLabs, the research team that discovered these thefts said more than 318,000 of the stolen credentials came from Facebook, nearly 60,000 from Yahoo, more…

Details

Reported Data Breaches Double in New Zealand

Data breach notifications in New Zealand more than doubled in the year ending June 30, 2013 climbing to 107, New Zealand’s Office of the Privacy Commissioner stated in its annual report last week.  Three quarters of the breaches originated in the public sector. Breach reporting, which has no formal definition in New Zealand, is voluntary…

Details

Akamai to Acquire Prolexic for Some $370 Million in Move to Bolster its DDoS Protection

Akamai Technologies, Inc. (NASAQ: AKAM) today announced that it had signed a definitive agreement to acquire Prolexic Technologies, Inc. for approximately $370 million, in a deal expected to close during the first half of 2014. Akamai said the deal would extend its web optimization and security offerings by adding cloud-based security solutions for protecting data…

Details

Several UK Banks Hit by Cyber Attacks in Past Six Months

Several UK banks and financial market infrastructures experienced cyber attacks, some of which disrupted service, in the past six months according to the Bank of England. “While losses have been small relative to UK banks’ operational risk capital requirements, they have revealed vulnerabilities. If these vulnerabilities were exploited to disrupt services, then the cost to…

Details

“I am Not Satoshi” – Security Researcher Debunks Rumors that He is the Elusive Inventor of Bitcoin

(Updates with the reported retraction from the two researchers regarding a link between Bitcoin and the Silk Road marketplace.) Recent speculation that Dustin Trammel is the mysterious inventor of Bitcoin and somehow connected to the Silk Road marketplace drove this Texas-based security researcher to post a denial to his website. Bitcoins are the first form of…

Details

How You Should Be Thinking About the Information Security Budget

So, how did you do this year with your security budget requests?  And how does the plan look for next year?  With information security representing a competitive arms race with the bad guys, you want enough funding to insure you are practicing commercially reasonable security, and to support mission critical business strategies. Many organizations don’t…

Details

Twitter Enables Perfect Forward Secrecy to Bolster Security

Twitter Inc. said it has enabled Perfect Forward Secrecy (PFS) in a move to increase protections around users’ information following reports of secret data mining by the National Security Agency (NSA). “Forward secrecy is just the latest way in which Twitter is trying to defend and protect the user’s voice,” Twitter said in a blog post issued…

Details

PCI Security Standards Council Updates Credit Card Data Security Standard

The PCI Security Standards Council (PCI SSC), a worldwide forum that develops payment card security standards for its corporate members, has published its latest version of those standards for implementation in January, 2014. The most recent updates include recommendations for blending the PCI Data Security Standard (PCI DSS) and the PCI Payment Application Data Security…

Details