Welcome!


Despite the data privacy protections supposedly conferred by regulations like HIPAA and HITECH, consumers’ confidential health and personal information is still not safe enough. That’s the lesson to be learned from Franklin, TN-based Community Health Systems’ (CHS) August 18 regulatory...
Target. Home Depot. Community Health Systems. Nieman Marcus. Their names have been all in the news over the past year, though probably not in a way they would like. All have had very public data breaches affecting anywhere from 350,000 (Nieman Marcus) to 4.5 million (Community Health S...
The earliest challenge to the original homebrew microcomputer geeks was to get little indicator lights to flash. Then, by toggling several switches to turn the lights on and off, the computer would start doing other things, processing instructions within the confines of several hundred...
The Open Web Application Security Project (OWASP) is focused on improving the security of software. Their mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks and their OWASP Top 10 ...
In a Feb 2014 survey, 94 percent of organizations surveyed reported running applications or experimenting with infrastructure-as-a-service[1]. According to research firm Nasumi, there is over one exabyte currently stored in the cloud. An exabyte is over a billion GB[2]. Considering the...
The telecommunication service-provider industry is gaining new business analytic value and strategic return through the better use and refinement of their big data assets. It’s no secret that communication service providers (CSPs) are under a lot of pressure as they make massive inves...
Encryption is a key element of a complete security strategy. The 2013 Global Encryption Trends Study shows a steady increase in the use of encryption solutions over the past nine years. Thirty-five percent of organizations now have an encryption strategy applied consistently across the...
It’s certainly no secret that cloud solutions have become an important and increasingly necessary part of how companies do business today. For enterprises, implementing cloud-based services can help boost productivity, enhance efficiency and reduce costs. Private cloud solutions take ...
Rivetz Corp. has been named as one of the AlwaysOn Global 100 Companies to Watch, congratulations! Please tell us, what is Rivetz all about and what do you do? Steven Sprague: Rivetz is leveraging the trusted execution technologies in new devices powered by Intel and ARM to protect th...
Ransomware is the latest example of the increasingly sophisticated and damaging inventions of hackers. Individuals and organizations of all sizes are finding that their data has been locked down or encrypted until a ransom is paid. One program, CryptoLocker, infected more than 300,000 ...
The cloud has hit the mainstream. Businesses in the United States currently spend more than $13 billion on cloud computing and managed hosting services, and Gartner projects that by 2015, end-user spending on cloud services could be more than $180 billion worldwide. It is estimated tha...
Despite all the news about hackers infiltrating major corporations, most businesses continue to leave themselves woefully unprotected. Some surveys estimate more than 70% of businesses perform vulnerability tests on less than 10% of their cloud, mobile and web applications. A majority ...
The threats facing network operators all over the world, spanning service providers, enterprises, cloud and hosting providers and mobile operators alike, are by no means stalling. While optimism is always the name of the game, we know all too well in security that trying to keep pace w...
Incident response involves addressing and managing the security events on a network and the execution of proper responses to those events. The end game is to limit the damage and reduce recovery time and costs. This is achieved with the implementation of an incident response plan tha...
If your organization’s got a lot riding on the continued security of its confidential or proprietary data, then you need to stay informed on the threats and how to address them. One of the most worrying threats of late, especially when it comes to cloud data security, is government spy...
The online world has become a dangerous place. According to a survey, 90 percent of all companies fell victim to a security breach in the last twelve months. Hacking and advanced persistent threats (APTs) have rendered the two-factor authentication token, now over 20 years old, essenti...
The introduction of the Cloud has enabled the fast and agile data recovery process which is effectively more efficient than restoring data from physical drives as was the former practice. How does this impact Backup & Recovery, Disaster Recovery and Business Continuity initiatives? Cl...
The era of Big Data is upon us. The volume, variety and velocity of data now being generated is unprecedented in human history. This poses a challenge for those tasked with data integration: how can we manage all this data, particularly across distributed data centers around the world?...
How do we blaze a better path to a secure mobile future? How do we make today’s ubiquitous mobile devices as low risk as they are indispensable? As smartphones have become de rigueur in the global digital economy, users want them to do more work, and businesses want them to be more pr...
As we become more connected online, the old system of site-specific passwords and user identity are no longer equal to the task. We need to find new ways of providing identities and authorization.
As the number of companies adopting cloud-based solutions continues to increase, security remains top of mind for vendors, companies and their customers. Organizations of all types and sizes are opting for cloud e-signatures for many reasons including speed-to-market, agility and a low...
We’ve written before about some of the high-profile data breaches occurring in recent months – security breaches that cause some to question the safety of the cloud to store and/or process sensitive data. It seems these stories are reported with increased regularity (sometimes delayed,...
In many industries, cloud computing is now vital to remaining competitive. The cloud typically offers superior flexibility, scalability, accessibility, and high availability, enabling businesses to grow more agile and responsive. Regulatory compliance concerns often make banks and othe...
In 2013, the total cost of natural disasters reached $192 billion, according to recent research from Impact Forecasting, a division of reinsurance company Aon Benfield, who conducts these reports each year. In 2012, Hurricane Sandy topped 2013’s most costly natural disaster. With dam...
Until this week the biggest anxiety when dealing with eBay has likely been fretting over a negative rating, concerns about slow shipping or a delayed refund. Then suddenly yesterday the media jumped all over the story that eBay had been hacked and users need to change their passwords. ...
Heartland, based in Princeton, New Jersey, has improved governance results in innovative ways across the organization, thanks to both security best practices and HP Fortify tools. Heartland Payment Systems has successfully leveraged software-assurance tools and best practices to driv...
There are two pieces of good news to come out of Heartbleed. First, we haven’t heard of any significant security breaches, which mean that the industry as a whole is getting better at fixing problems as they arise. The second is that, because Heartbleed presented every single cloud pr...
As recent events have confirmed once again, no single company, organization or government is up to the task of securing the Internet. The never-ending cat and mouse game of exploits chasing vulnerabilities continues. The stunning Heartbleed discovery has shaken the online security esta...
Given the mountains of data now floating around, it is perhaps inevitable that the very function of data analytics is seen as somehow intrusive. There’s a constant glut of reports, columns and other stories bemoaning the lack of data privacy – and at times, they’re entirely justified. ...
Cloud computing brings a myriad of benefits for any enterprise, but it is also a cause for concern in a world where, according to InformationWeek, cyber criminals are now targeting "any company where they can find data to resell, disrupt or exploit." Moving your company's sensitive da...
Last year’s revelations of government surveillance programs by the NSA and others, along with possible lack of enforcement of the Safe Harbor program by the FTC, caused the European Civil Liberties Committee to recommend suspending the entire EU-U.S. Safe Harbor approach. If the recomm...
These predictions have been made by Graeme Newman of CFC Underwriting in the Advisen’s third Cyber Liability Journal (CLj). These predictions are from the view point of an insurer … but I find the … Sep. 4, 2012 02:00 AM EDT  Reads: 6,233
One of the great revelations of the Internet has been how many gone-wrong sociopaths, thieves and spies there are in the world. Symantec, Kaspersky and Intego are reporting a hard-to-detect and hard- to-eradicate Trojan that sneaks onto VMware implementations, “making it possibly...
Just because your password meets complexity requirements does not necessarily make it a strong password. It is a given that many sites require you to have a password of a minimum length of at least six or eight characters, and some go so far as to require the addition of a number and a...
The Open Group's Jim Hietala recaps presentations at the recent Open Group Conference on cybersecurity and protecting global supply chains. Cybersecurity is at a critical juncture, and conference speakers highlighted the threat and attack reality and described industry efforts to move...
Keylogging has taking center stage, and it now deserves our proper attention. After all, keyloggers have been identified as the #1 Global Threat to consumers, corporations and government agencies in the recent 2012 Verizon Data Breach Investigations Report. Symantec Corporation coined ...
The OpenSSL is based on SSLeay library developed by Eric A. Young and Tim J. Hudson and licensed under an Apache-style license. OpenSSL has lots of features but I will cover encoding, checksums, encryption, passwords and pass phrases. Many Linux distributions have OpenSSL as part of ...
If you watch the news regularly, it is easy to notice that in almost any given week some company seems to have experienced an electronic break-in or in some other way experienced a form of computer or network compromise. While computer security professionals can help to mitigate such r...
Ever wondered how to use the autopwn feature in Metasploit on Unbuntu? Want to run nessus from within metasploit? What database should I use: sqlite3 or postgres? I will explain the benefits of both. Nessus is a vulnerability scanner program, it is free for personal use using the ness...
There's been a flurry of discussion this week among Internet and Web standards heavy-hitters around WebSocket, the new communications protocol supported in Chrome 4 and Safari 5. What was the main issue? Is there some kind of fundamental security vulnerability with the WS protocol? Web...