Corporate Partners

Top IT Security Bloggers

  • Unsolved cipher mystery: Spaniard says he's cracked Dead Pigeon code

    Sophos - Naked Security
    A pigeon skeleton from WW2 with a coded message strapped to its leg was found in England in 2012.

    The challenge: unscramble the message!
  • Google accused of rigging search results by India's competition cops

    Sophos - Naked Security
    "Yep, Google's a search bully," agree Facebook, Nokia's maps division, MakeMy-Trip.com, Flipkart and several other companies.
  • Wikipedia blocks sockpuppet accounts amid blackmail claims

    Sophos - Naked Security
    As part of an internal investigation, the Wikimedia Foundation found that rogue editors had violated its terms of use by creating new pages, as well as modifying existing ones for the purposes of financial gain.
  • The RMS Titanic and cybersecurity

    Network World - Networking Nuggets and Security Snippets
    Little known fact: Yesterday was the 30th anniversary of Bob Ballard’s discovery of the RMS Titanic, several hundred miles off the coast of Newfoundland Canada. I’ve recently done some research into the ship, its builders, and its ultimate fate and believe that lessons learned from Titanic may be useful for the cybersecurity community at large. The Titanic tragedy teaches us of:
    The dangers of technology hubris. The Titanic was designed with the latest technology at the time to withstand severe storms in the north Atlantic. Because of this, the shipbuilders at Harland and Wolff decided to market the ship as “unsinkable.” Likewise, our industry has this absolute love affair with technology. I’m constantly briefed on the latest and greatest prevention or detection engine designed to withstand anything hackers can throw at it. Like the “unsinkable” Titanic, this is nothing but hot air. Bad guys will find ways around all of our defenses over time. Strong security demands people, process, and technology so the industry love affair with technology alone is counterproductive and leaves us susceptible to a sea of cybersecurity icebergs.
    The need for organizational coordination. There were two inquiries into the Titanic disaster, one in the U.S. and one in England. In both cases, investigators learned that the crew of the Titanic was inexperienced and various groups that made up the Titanic’s staff did not work well together. This lack of coordination could have contributed to the disaster. Similarly, strong cybersecurity depends on a collaborative effort between cybersecurity professionals, business management, and different IT groups (i.e. IT operations, DevOps, data center infrastructure, etc.). A lack of cooperation could also lead to disastrous results.
    Tradeoffs between business objectives versus risk management. A man named Thomas Andrews was tasked with the Titanic’s overall design and construction. Andrews wanted 64 life boats to guarantee space for all passengers, but the management of Harland and Wolff didn’t want to waste precious space on the promenade deck, so higher-ups decided to go with the legally acceptable minimum – 16 lifeboats (and 4 tenders). The rest, as they say, is history. Similarly, business managers often go full-speed ahead with business initiatives without considering cybersecurity risks. Alternatively, they minimize cybersecurity investment, eschewing good security for “good enough” security. The lesson here? Don’t make blind or best-case risk management assumptions or you could hit an iceberg that is much larger than you think.

    There are plenty of other lessons I could come up with but I’m sure you get my point.  Organizations should approach cybersecurity with humility, reality, and a comprehensive team effort.  In lieu of this end-to-end approach, CEOs shouldn’t be surprised when their organizations suffer data breaches, their stock prices sink, and their careers end up in Davy Jones’ locker.  To read this article in full or to leave a comment, please click here
  • OPM (Mis)Spends $133M on Credit Monitoring

    Krebs on Security
    The Office of Personnel Management (OPM) has awarded a $133 million contract to a private firm in an effort to provide credit monitoring services for three years to nearly 22 million people who had their Social Security numbers and other sensitive data stolen by cybercriminals. But perhaps the agency should be offering the option to pay for the cost that victims may incur in "freezing" their credit files, a much more effective way of preventing identity theft.
  • Lone Rangers of the Underground

    Trend Micro - Cloud Security Blog
    When we speak about online crime, we do so often in terms of “organised crime” or of highly-skilled nation-state sponsored activity. So much so in fact that you could be forgiven for thinking that solo online criminals represent the bottom-feeding, “script-kiddie” side of the business. Trend Micro’s second quarter roundup “A Rising Tide: New Hacks...
  • Installing or Upgrading Trend Micro Security on your PC or Mac

    Trend Micro - Cloud Security Blog
    If you’re a frequent Internet user (as most folks are in the 21st century), browsing the web or receiving emails without good security software is inviting disaster. Sophisticated malware is rampant on the net, coming in the form of socially-engineered phishing emails that can trick you into visiting bad websites that host malicious files or...
  • Microsoft Word Intruder Revealed - inside a malware construction kit

    Sophos - Naked Security
    What happens when cybercrooks take a leaf out of the Advanced Persistent Threatsters' book?

    Gabor Szappanos of SophosLabs investigates...
  • WHSmith contact form spams out personal customer data

    Sophos - Naked Security
    Users of UK newsagent chain WHSmith's online services have reported large amounts of email arriving in their inboxes, containing personal contact data on other users.
  • Uber hires the guys who hacked a Jeep to develop safer driverless cars

    Sophos - Naked Security
    Charlie Miller and Chris Valasek, security researchers who caused huge headaches for Fiat Chrysler when they showed the world how to remotely hack a Jeep, have hacked their way into new jobs with Uber.

Market Place