Saturday, September 20, 2014
Friday, September 19, 2014
Tuesday, September 16, 2014
The Internet of Things (IoT) is something of a buzz-phrase right now, and locking down the IoT is certainly something that vendors across both security and hardware industries are talking up. The problem with the publicity surrounding stories of 'things' that have been hacked is that, well, they never really have much potential impact right here, right now, to you or your business. So someone managed to break into an Internet-connected baby monitoring device and make creepy announcements over it, or there's the potential to control an Internetified self-driving car in the future; neither of which fill me with dread about the security of my data as is, it has to be said. However, maybe you and I are missing the point. Maybe we need to broaden our definition of what things this Internet of them actually comprises. How about printers, for example? Stand up if you have a printer which isn't connected to your network and the Internet beyond? I'm guessing there are lots of you still sitting down, I certainly am. There's part of the IoT right there which represents a very real threat to your security posture, and you probably didn't know it.
Monday, September 15, 2014
There can be little doubt that applications that talk to the cloud are on the ascendency, but the same cannot be said about security awareness when it comes to the APIs that facilitate communication between the two. When Evans Data looked into the area of cloud application updates, for example, it discovered that 37 per cent of developers were releasing new versions at a frequency of at least one per week. This is good news from the usability perspective, as these small tweaks can be installed invisibly and as soon as they are coded. The cloud is killing point upgrades and patches, at least when it comes to minor programmatic changes rather than huge functionality overhauls, and that has to be a good thing. Or is it?
Thursday, September 11, 2014
Reports started circulating yesterday that Gmail had been hacked, with some 5 million logins at risk. This follows the publication, on Tuesday, of a plain text list of Gmail usernames and passwords on a Russian Bitcoin forum. Within 24 hours the 'hack hysteria' had taken hold and people were being advised to check if their accounts had been compromised, change their passwords etc. Trouble is, there appears to be absolutely no actual evidence that Gmail has been hacked at all, and plenty to suggest that this credentials list is just another composite; constructed with passwords taken from lists already published concerning other breaches. The Gmail connection is, at the most, that people whose credentials were exposed at those other sites and services had used a Gmail address to register their accounts.
Wednesday, September 10, 2014
It was also no big wow that Apple quickly responded to such a major reputational shafting by insisting it takes security very seriously (yada yada yada), and had not been 'hacked' and will take steps to ramp up account protection in future. Some, including myself, would argue Apple should be doing this already. It's pretty much right there in the first chapter of Cloud Security for Complete Newbies, after all. Flick to chapter two of this virtual tome and the heading would probably be something like 'Use Two-Factor Authentication' which, funnily enough, Apple also says it will be encouraging more people to do now.
Some interesting research from security outfit Proofpoint was published this morning which reveals that unsolicited email heading towards users in the UK is three times more likely to contain malicious URLs than that destined for users in the United States, or Germany, or France for that matter. It's not, as you may think at first glance, just a matter of the UK getting more spam. The research conducted over the summer, using the US as a baseline, shows Germany getting more spam as a percentage than the UK, US and France. The prevalence of spam and malicious URLs in the total email traffic are not, Proofpoint conclude, therefore correlated. Instead, UK users are being targeted with less spam but with a higher volume of infected spam. Compared to Germany, as much as five times as high in fact. Which begs the question 'why are cybercriminals targeting the UK so relentlessly when compared to other nations?'
Friday, September 05, 2014
If Edward Snowden has taught us anything, it is surely that Big Brother really is watching after all; it's not just a conspiracy theory any more. With the cloud at the heart of the average enterprise data storage strategy these days, and regulatory compliance issues coupled with basic data protection laws regardless of where you are based to consider, taking responsibility for ensuring your data remains private has become even more of a priority. Don't get too hooked up on the NSA spy scandal though, there's also 'accidental' data leakage and intentional hacking to throw into the security mix as well. Doing nothing is no longer an option, unless you relish being fined for compliance/Data Protection Act violations or seeing your reputation tank.
Thursday, September 04, 2014
According to the statement, about 10% of stores (or 20 Goodwill members if you prefer) using the same third-party vendor were involved; Goodwill insists that there is no evidence of malware on internal systems. The breach was of third-party systems containing payment card information of certain Goodwill members’ customers. Those numbers may appear quite small, but actually when delved into equate to 330 stores in 20 states and an estimated 868,000 payment cards compromised.
The Heartbleed bug is yesterday's news and no longer something we need to worry about, right? Wrong. The problem is too many people think this way, which has led to the situation where many enterprises still have machines that are unprotected from the flaw. Security outfit Venafi probed the Forbes Global 2000 list of companies 10 days ago and discovered more than half - across banking, health and retail sectors - still had devices that were vulnerable. In fact, 1,219 out of the 2,000 companies, and 448,000 potentially vulnerable servers, were detected.