Terrorists could use any one of several free US-based Web email services but they prefer Gmail, according to former NSA and CIA director Michael Hayden.
The US National Security Agency (NSA) spent $25.1 million on software bugs from grey market vulnerability vendors in financial year 2013 as part of a larger offensive security program aimed at foreign networks, according to a recent report from Washington Post.
A big-data passenger matching system being implemented by the Australian Customs and Border Protection Service (ACBPS) will comply with Australian and European Union privacy-protection requirements despite offering unprecedented visibility into the personal details and movements of travellers, the agency has promised.
A new service tracking the online distribution of sensitive personal information may not always be able to stop fraudsters from distributing sensitive data, but it is still customers’ best chance of knowing what’s been done with their leaked information, Pure Hacking’s chief operating officer has asserted.
Australian authorities have requested private data from Twitter about users more than any other country except the United States and Japan, according to the company’s latest transparency figures.
Just a few short years ago, all a PC needed for protection was a basic antivirus program to guard against any malware that arrived via an e-mail attachment, embedded in a shareware application or piggy-backed on a floppy disk.
These days barely a day goes by where there isn’t some sort of network security breach or hack or malfunction of some sort. This year too we had the rise of groups such as Anonymous and Lulz that sought out attention for their activities. Here we take a look at the year in pictures of some of the key security problems that grabbed our attention.
- Amazon, Apple and Google know more about you than your doctor or lawyer - and Commbank is jealous as hell. - Don’t trust an organisation that doesn’t have a face - because then you can’t punch it in when they screw up, said Marcus Ranum. - 78 percent of the world’s population doesn’t have access to a computer or the internet and therefore avoid all IT security problems.
Destroying data to protect against fraud.
The complexity of encryption schemes has been increased dramatically in an attempt to outpace the development of computational tools designed to crack them. Now it's important to devise algorithms that can't be brute forced for trillions of years in the hopes that they will remain secure long enough to be useful before they, too, are broken. Here's a quiz about encryption to see how well you are versed in one of security's most important components. Keep track of your score and check at the end to see how well you stack up.
3 steps to total compromise – why Google’s 86,000 indexed printers should have your IT team jumping.
There’s been bit of coverage in the technology press about Google’s “Indexing” of tens of thousands of publicly available printers connected directly to the Internet.
Over the last 2-3 years cloud computing has promised, and in many instances delivered, a lower total cost of ownership. This has helped organisations return the focus of operation to their core activities—reducing the effort spent on managing IT infrastructure and applications.
Insider threats — for example, data theft, intellectual property loss, privacy breaches and financial fraud — can be the most challenging IT risks for an organisation to address because they may or may not be happening. But if an insider threat occurs, it could no doubt hurt financially and/or publically. So how do you implement early detection to discover and expose these threats?
This is not just what is stolen; but also the loss of business or credibility that comes from informing customers that their data has been compromised. How would your customers react if you told them that their financial data or personal information had been taken by persons unknown?
Sign up now »
Ultimate protection for your small or medium-sized business
Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).
- Have an incident response plan.
- Pre-define your incident response team
- Define your approach: watch and learn or contain and recover.
- Pre-distribute call cards.
- Forensic and incident response data capture.
- Get your users on-side.
- Know how to report crimes and engage law enforcement.
- Practice makes perfect.
I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.