What do Heartbleed, Shellshock and Poodle all have in common? Well apart from being software vulnerabilities discovered in 2014, they were all found in pre-built software components, used by developers to speed-up the development of their own bespoke programs. Heartbleed was in OpenSSL (an open source toolkit for implementing secure access to web sites), Shellshock…
DetailsAnother industry alliance joined the chorus urging businesses that process debit and credit cards to implement EMV payment chip technology to combat fraud. EMV stands for Europay, MasterCard® and Visa®, the developers of the technology. It has been used in Europe since 1992, and moves are underway to make it the standard payment type in the United…
DetailsIt’s a fact of life that most IT shops have, to one degree or another, a “security products graveyard” – i.e. security technology that’s past its prime, performing poorly, or that otherwise represents a drain on the security program. Note that by this, I’m not talking about technologies that have served their useful purpose and…
DetailsThe current flurry of breakups in the tech sector is gratifying to watch. The only conglomerate strategy I have ever seen work effectively is Alfred P. Sloan’s revolutionary “centralized decentralization” which allowed General Motors to become the dominant car manufacturer for decades. Roger Smith, the epitome green-visor accounting executive, destroyed that company by re-centralizing the divisions.…
DetailsHigh-level strategies for defending against attacks to steal identities are twofold: solutions on the back end, and what consumers and business partners can do to protect themselves. Almost daily, we hear about security breaches with millions of personal data records compromised, requiring companies to notify those affected, and to provide free credit and identity theft…
DetailsBy now you have heard about a new bug in one of the most popular Unix shell programs, the Bourne Shell, or bash. If you run Mac OSX you probably have used bash, it is the default terminal app. Shellshock is a “bug” in the way Heartbleed is a “bug.” A mistake in implementing code.…
DetailsSecurity is the pursuit of perfect protection through ongoing tightening of defenses and preemptive activities to cover vulnerabilities. Risk management, on the other hand, is a discipline that enables organizations to operate and measurably improve their security and compliance environments according to legal standards. Most companies are not accustomed to thinking of information as a…
Details[usp_status display=”email”] eSentire, a Canadian technology and security services company, said on Tuesday that it had raised $14 million in a series C investment round led by Georgian partners, with Cisco Investments and Northleaf Venture Catalyst Fund taking part. eSentire said that it secures the networks of more than 450 financial services companies, law firms…
DetailsAttackers are targeting Salesforce users with malicious emails designed to trick victims into downloading the Dyreza malware onto their computers, the software-as-a-service giant warned customers earlier this week. Salesforce said it was not aware of any customers who have been affected by the attacks. The attackers have not compromised Salesforce systems. The attacks typically utilize…
DetailsUp to 5 million passwords for Gmail accounts were posted on a Russian Bitcoin forum on Wednesday. As security incidents go, the password dump is a non-event, as the list seems to be a compilation of previous breaches over the past years and not a fresh data dump. Most of the passwords were more than…
Details