- Hackers try to blackmail plastic surgeon after stealing 500,000 patient records
- How to keep your smartphone (and its data) secure
- Today's Approach to Security is Broken
- Google introduces Chrome 'factory reset' pop-ups to tackle extensions hijacks
- Espionage outpacing financial crime as better reporting improves security picture: Verizon
Andrew Auernheimer, known online as "weev," has won an appeal against his conviction for exploiting a vulnerability in AT&T's website to collect the email addresses of Apple iPad users. The 2010 incident earned him a 41-month prison sentence.
Website and server administrators will have to spend considerable time, effort and money to mitigate all the security risks associated with Heartbleed, one of the most severe vulnerabilities to endanger encrypted SSL communications in recent years.
Almost a year and a half after the HTTP Strict Transport Security (HSTS) mechanism was established as a standard, its adoption rate by websites remains low because developers are not aware of its benefits and Internet Explorer still doesn't support it, according to advocacy group the Electronic Frontier Foundation.
Fourteen prominent security and cryptography experts have signed an open letter to technology companies urging them to take steps to regain users' trust following reports over the past year that vendors collaborated with government agencies to undermine consumer security and facilitate mass surveillance.
Organizers of The Day We Fight Back, a protest Tuesday against U.S. National Security Agency surveillance programs, called the effort a "tremendous success," with nearly 100,000 phone calls made to U.S. lawmakers and 185,000 people signing up to send email blasts to their congressional representatives.
Last week Gen. David Petraeus, the director of the Central Intelligence Agency, resigned in response to what has turned out to be a much bigger scandal than it first appeared.
Sign up now »
Manage and visualize the security and compliance of VMware, physical, and hybrid-cloud infrastructure from the RSA Archer eGRC Platform.
Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).
- Have an incident response plan.
- Pre-define your incident response team
- Define your approach: watch and learn or contain and recover.
- Pre-distribute call cards.
- Forensic and incident response data capture.
- Get your users on-side.
- Know how to report crimes and engage law enforcement.
- Practice makes perfect.
I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.