Welcome Guest | Sign In
LinuxInsider.com
MediaFire's Derek Labian: Cloud Storage Is an Everyday Need
October 15, 2013
Security and privacy concerns may be far outweighed for many users by the convenience and appeal of the cloud, but users need to view cloud access as more than just another storage utility on the desktop. That's according to Derek Labian, CEO of cloud storage service MediaFire. Instead, cloud users need to focus on cloud performance and application functionality, Labian suggests.
Hackers Purloin 2.9M Adobe Customers' Data
October 04, 2013
Adobe on Thursday announced what has become depressingly familiar news to consumers and security experts: It has been hacked, and on a large scale. "Very recently, Adobe's security team discovered sophisticated attacks on our network, involving the illegal access of customer information as well as source code for numerous Adobe products," said Brad Arkin, the company's chief security officer.
Coverity's Zack Samocha: Software Quality and the Open Source Advantage
October 01, 2013
Software quality is a topic close to most developers' hearts, whether they work with open source or proprietary code. Assessing quality, however, isn't always a simple matter. As a result, several efforts have sprung up to tackle the challenge, including the Coverity Scan project. Coverity began work in 2006 on the open source project, which is a joint endeavor with the Department of Homeland Security.
Revisiting Risk Assessment in the Cloud
October 01, 2013
The case for cloud is compelling for a number of reasons, but one of the more compelling reasons from a technologist's point of view has to do with the ability to abstract lower levels of the application stack. Depending on the model of cloud employed, varying amounts of the underlying technology components move out of the scope of your direct control.
Google Adds Remote Locking for MIA Androids
September 25, 2013
Google on Tuesday rolled out a feature for its recently launched Android Device Manager that lets users lock down a stolen Android device from anywhere, via the Web. "This is something that should be built into the OS and the platform because it's an inherent security feature," said tech analyst Rob Enderle. Google is late to the game in rolling out its remote lock capability.
AlienVault's Barmak Meftah: Time to Put Hackers on the Defensive
September 24, 2013
As CEO of AlienVault, Barmak Meftah faces enemies every day who play out their attacks from faraway lands using seemingly unbeatable weapons. One of the weapons AlienVault uses with the support of the open source community is a global report called the Open Threat Exchange that tracks threats to computer networks. The results make it possible to identify trouble spots and take corrective action.
BYOD Security Is All About Juggling Risks
September 23, 2013
Allowing workers to use personal phones and tablets to do their jobs has created security risks in the workplace, but those risks can be minimized if they're managed. What should such a risk management program do? "The first step is you have to protect the device," said IBM Application, Data and Mobile Security Director Caleb Barlow. That includes everything from provisioning to data wiping.
Cracking the BYOD Security Nut
September 23, 2013
While so-called BYOD isn't necessarily new -- IT departments, after all, have been supporting mobile road warriors since the 1980s -- the rising tide of end users seeking the use and support of their own consumer devices is different. It's so different that IT departments are grasping for any standard or proven approaches that make BYOD access of enterprise resources both secure and reliable.
RSA Warns Customers Off Suspected NSA-Tainted Crypto Tools
September 21, 2013
RSA has advised its customers to make a configuration adjustment to its BSafe security software products. This follows an announcement issued by NIST not to use a security standard it designed and published. The standard is the Dual Elliptic Curve Deterministic Random Bit Generator. The Dual_EC_DRBG is believed to contain an NSA backdoor that would in essence nullify the standard's security.
Heavy Attacks Expected as Microsoft Scrambles to Fix IE Flaw
September 18, 2013
Microsoft revealed Tuesday it was investigating a previously unknown security flaw affecting all versions of its IE Web browser. Hackers have attempted to exploit the vulnerability in targeted attacks on users of versions 8 and 9, it reported in a security advisory. "The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code," the advisory says.
Symantec Exposes Crackerjack Cybercriminal Group
September 17, 2013
Symantec on Tuesday disclosed the existence of a group of 50 to 100 top-rate hackers. Named "Hidden Lynx," the group is an advanced persistent threat that has skills well ahead of similar organizations in the region, such as APT1, Symantec said. "The Hidden Lynx group is methodical in its approach and leverages zero days quickly," said Vikram Thakur, a researcher at Symantec Security Response.
Web App Firewalls Blunt Attacks
September 16, 2013
Web applications have become attractive targets for hackers because they allow bad actors to maximize the reach of their mischief with a minimum of effort. That's what originally attracted the Internet underworld to programs like Windows and Adobe Acrobat, and it's what continues to attract them to Java. A vulnerability in one of those programs can be exploited in millions of machines.
Needle in a Haystack: Harnessing Big Data for Security
September 14, 2013
The combination of the polymorphic nature of malware, failure of signature-based security tools, and massive amounts of data and traffic flowing in and out of enterprise networks is making threat management using traditional approaches virtually impossible. Until now, security has been based largely on the opinions of researchers who investigate attacks.
Neutralizing the 'Weapons Grade' Enterprise Cybersecurity Threat
September 09, 2013
IT leaders are improving security and reducing risks as they adapt to new and often harsh realities of doing business online. CSC and HP, for example, have entered a strategic partnership to help companies and governments better adapt to the tough cybersecurity landscape. "The reality is that we are under attack and have been for quite some time," said Dean Weber, CTO of CSC Global Cybersecurity.
Samsung Enlists Lookout for Android Enterprise Security
September 05, 2013
Samsung will bundle a forthcoming business suite from Lookout into its flailing Knox enterprise security solution for the Android platform. Knox, an end-to-end solution that provides security from the hardware all the way through to the application level, is Samsung's approach to the security threats posed by BYOD. The announcement is drawing mixed responses from security professionals.
No End to the Headaches Endpoints Give System Defenders
September 03, 2013
If there's one attack surface that's attracting growing attention from digital marauders, it's a system's endpoints. With the proliferation of BYOD, securing connections can be a defender's nightmare. Endpoints have an allure for attackers because they offer multiple attack vectors, such as social engineering attacks, spearphishing, USB infection, and compromise of WiFi networks and routers.
4 Quick and Dirty SaaS Technical Controls
September 03, 2013
Because of the rapid pace of SaaS adoption, many security practitioners have found themselves scrambling to ensure the security of the specific technologies their enterprises want to employ. However, the dynamics of SaaS can make this a challenging exercise. This is because most of the options for specific security controls are, by necessity, of the contractual or procedural variety.
Major US Media Succumb to Unsophisticated Syrian Hack Attacks
August 16, 2013
The Syrian Electronic Army on Thursday claimed credit for hack attacks that took control of portions of a handful of major U.S. news sites via an article-recommendation service they all use. SEA reportedly gained control of them by entering an administration portal for Outbrain and inserting links in some of the recommended articles at the bottom of the Web page, thereby redirecting readers to its own site.
White House Incentivizes Cybersecurity Framework Adoption
August 09, 2013
The White House this week released incentives meant to encourage private companies to join the administration in its efforts to cut down on cyberattacks. The initiatives are a follow-up to the cybersecurity executive order President Obama signed in February, following Congress' failure to agree on cybersecurity legislation last year. The order was intended to facilitate more information-sharing.
DDoS Attackers Change Their Game Plans
August 05, 2013
DDoS attacks have long been a weapon of Internet dissidents to punish those they disagree with, while cybercriminals use them to create a digital smoke screen to hide their misdeeds. DDoS attackers typically flood a website with traffic, denying legitimate users access to the server. That tactic still works, but the firepower needed to launch an effective attack is steadily increasing.

See More Articles in Enterprise Security Section >>
Facebook Twitter LinkedIn Google+ RSS