The recent release of I2P 2.5.0, an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew of improvements and new features that will certainly intrigue security practitioners. This release aim...
In its recent annual security report, Cisco predicted VOIP abuse as a potential area for cyber crime growth. "Criminals use brute-force techniques to hack private branch exchange (PBX) systems to place fraudulent, long-distance calls; usually international," the report states. "These incidents, often targeting small or midsize businesses, have resulted in significant financial losses for some companies."
Mixed IT infrastructures, including cloud and non-cloud systems, will be the norm at many companies for many years. Learn about key cloud security concerns and solutions from three early cloud users. For all the talk about public clouds versus private clouds, many organizations will likely end up with a mixed IT environment that includes both types of cloud as well as non-cloud systems and applications
In the first article of this two-part series, I looked at physical protection of laptop computers outside the office. Today we'll review fundamentals of protecting data and data communications. This pair of articles is designed to be useful in security-awareness training for employees who take corporate laptop computers out of the office.
A new web site, socialnetworksecurity.org, has been set up to publish details of security vulnerabilities in social networks such as Facebook, Lokalisten, Friendscout24.de, wer-kennt-wen.de and XING. Most of the vulnerabilities listed could be exploited for cross-site scripting (XSS) attacks. Jappy.de, for example, contains one such vulnerability which allows contacts' cookies to be stolen.
A second area of focus must be in the way we understand and address threats. The threat landscape has evolved dramatically in the past three years: Starting in 2008 with the growing ability of viruses and malware to evade anti-virus signature technologies; to the pandemic scale of attacks launched by criminals in 2009 for profit; to more sophisticated attacks organised by nation states in 2010.
DON'T shortchange remediation. Surprisingly, organizations will perform vulnerability scans, or hire someone to conduct a scan, get a report and then not follow through. They may cherry-pick one or two critical items and neglect the rest. The result is that the organization has spent time and money without doing much for its security.
Botnets are insidious. They spread like digital weeds and infect thousands to tens of thousands of machines at a time. Their only purpose is to enrich and empower the botnet owners as they infiltrate endpoints on consumer systems, colleges, and enterprises around the world. These botnets are used to send spam, launch denial of service attacks, and
A new report from Akamai Technologies shows that hackers appear to be increasingly using the Telnet remote access protocol to attack corporate servers over mobile networks.
The cloud is the current Next Big Thing in computing, and the Next Big Thing in attacks could be a new breed of economic denial-of-service attacks intended to use up resources and drive up the cost of cloud computing, warns a senior security researcher at Adobe Systems.
An old threat has reappeared in the new year, researchers said this week. According to a blog by researchers at Websense, the Waledac botnet appeared in a new version in the last days of 2010, sending out large amounts of new year-related spam messages.
The Wireshark development team has released version 1.2.14 and 1.4.3 of its open source, cross-platform network protocol analyser. According to the developers, the security updates address a high-risk vulnerability (CVE-2010-4538) that could allow a remote attacker to initiate a denial of service (DoS) attack or possibly execute arbitrary code on a victim's system.
As a information security executive, what are your concerns related to disaster recovery and business continuity of your cloud applications? In Organizing sensitive data in the cloud, I mention configuration information for each cloud service layer (software, platform, infrastructure, and security) needs to be kept in a directory. I have a significant concern though.
The concept of Distributed Denial of Service (DDoS) attacks finally entered the mainstream public consciousness this month after assaults on the websites of Visa, MasterCard and PayPal made front page news.
The British national security adviser, Sir Peter Ricketts, has advised all government departments to review their computer security in light of the recent WikiLeaks attacks.
The U.S. Department of Homeland Security has spent $3 million over the past few years on research aimed at bolstering the security of the Internet's routing system. Now, as this research is being deployed across the Internet, DHS wants government agencies and their carriers to be among the earliest adopters of the new Resource Public Key Infrastructure (RPKI) system that it helped create.
Due to a vulnerability in the design of the WebSocket protocol, the Mozilla Foundation has decided to disable support for this protocol in the forthcoming Firefox 4 Beta 8 release. The vulnerability in the code for transparent proxies can potentially be exploited to poison the proxy cache and inject manipulated pages.
The cloud -- and outsourcing in general -- breaks off pieces of the stack beneath any given application. That removes the stack from an enterprise CISO's control, and that's not good.
VeriSign has announced the rollout of its cloud-based DNSSec Signing Service for registrars, which allows DNSSec provisions to be added to second-level domain names. Pat Kane, assistant general manager of naming services at VeriSign, told V3.co.uk that progress being made is at the registry and root levels.