Editor's News

AT&T has settled with the US Federal Communications Commission for $25 million to resolve an investigation into consumer privacy violations at the telco’s call centres.   According to the FCC statement, the data breaches involved the unauthorised disclosure of almost 280,000 US customers’ names, full or partial Social Security numbers and unauthorised access to protected account-related data by employees at call centres used by AT&T in Mexico, Colombia and the Philippines.   These employees accessed...

There is a greater interest in fixing bugs after a year of major flaws were revealed.   12 months on from the public revelation of the Heartbleed bug in the widely deployed OpenSSL software, industry experts claim that there is a renewed focus on fixing bugs faster. In an email to IT Security Guru, Robert Hansen, VP of WhiteHat Labs, said that he thought there had been a much greater interest in looking at technologies...

Just two weeks after introducing the "opportunistic encryption" feature to Firefox, Mozilla has disabled it in order to fix a critical security bug that allowed malicious websites to bypass HTTPS protections.   According to Arstechnica, the bug was introduced in Firefox 37 where the vulnerability, which resides in functionality related to opportunistic crypto, in some cases gave attackers an easy way to present fake TLS certificates that wouldn't be detected by the browser.   Mozilla...

Singapore Telecommunications Limited has entered into a definitive agreement to acquire Trustwave   Asia's leading communications group providing a portfolio of services including voice and data solutions over fixed, wireless and internet platforms as well as infocomm technology and pay TV, Singtel has presence in Asia, Australia and Africa.   The acquisition will strengthens Singtel's information security capabilities and bolster Trustwave's ability to expand its position in managed security services globally. According to Reuters, the acquisition is...

Critical infrastructure businesses have battled attackers who tried to shut down networks, delete files and attempted to “manipulate” equipment through a control system.   According to a survey of 575 critical infrastructure organisations throughout North and South America by the Organization of American States, found that 40 per cent of respondents had battled attempts to shut down their computer networks, 44 per cent had dealt with bids to delete files and 54 per cent had...

EY has launched the second Startup Challenge, inviting new businesses to compete for a place in an eight week mentoring programme.   According to the company, this year’s EY Startup Challenge will search for start-ups with innovative technologies focussed on finding new ways to achieve more intelligent customer interactions and increased visibility along the supply chain to avoid shocks and minimise risk.   Richard Taylor, advisory sector lead for consumer products at EY, said: “Innovative start-up technologies...

Mozilla has announced the availability of “opportunistic encryption”, offering unauthenticated encryption over TLS for data that would otherwise be carried via clear text.   Introduced in Firefox 37 which was released this week, it provides better integrity protection for data than raw TCP does when dealing with random network noise. In a blog post, Mozilla developer Patrick McManus said that this would benefit those with a long tail of legacy content that you cannot yet...

A year on from the revelations of the Heartbleed bug, only six per cent of users of the top 100 websites have changed their websites.   Despite being deemed to be “the most dangerous security flaw on the web”, research by Dashlane of 95,000 strictly anonymised accounts worldwide, 4,950 of which were in the UK, found that 52 per cent of UK-based users had not changed any of their passwords at all since April 2014,...

President Barack Obama has announced a new sanctions program that authorises the sanctioning of malicious cyber actors whose actions threaten the national security, foreign policy, or economic health or financial stability of the United States.   Stating that cyber threats are at the top of the President’s list of security concerns and “at a transformational moment” in how we approach cyber security, the statement by Lisa Monaco, assistant to the President for Homeland Security and...

The online community needs to develop industry-based mitigation technologies that incorporate mechanisms to distribute attack source information into ISPs, so they can squelch the attacks closer to the source.   As part of a survey released yesterday, Rodney Joffe, senior vice president and technology fellow at Neustar, said that the industry needs to improve visibility and understanding of activities in the criminal underground, so their command and control structures can be disabled rapidly.   In...