Editor's News

Bug bounty programs are a great step forward for the security industry, but the impact could be reduced if vendors focused on secure coding.   Speaking at 44CON in London, Katie Moussouris, chief policy officer at HackerOne said that the tide turned in 2010 with bug bounties when professional penetration testers began making money for their skills.   Asked if the more bug bounty programs there are, the lower price would be offered overall? Moussouris...

A printer can run 1990s computer game Doom and spy on documents to establish a gateway into a network.   Speaking at 44CON in London,  Mike Jordon, head of research at Context, said that the ability to compromise internet-connected devices raises more questions about security of the Internet of Things (IoT). At the conference, researchers successfully managed to remotely access the web interface on a Canon Pixma printer and modify firmware to run Doom.   “This...

Know how to measure, use and resolve risk issues and use it to deal within your organisation.   Speaking at 44CON in London, security director Thom Langford said that many companies struggle with their risk appetite and do not understand it and not without reason, as it may change from one country, culture and office to another.   “Accepting risk is a good way of dealing with it as you aware of it and you understand...

Supermarket tablets often offer a factory reset wipe option, but this often leaves personally identifiable information behind.   Speaking at 44CON in London, Ken Munro, partner at Pen Test Partners said that end-users do not realise that tablets are small computers and everything that goes into it gets cached and stored locally. People do not understand how much content is on them - they are cheap and given to kids and if they break, they are...

Automated incident response is a rising trend as security teams battle with Big Data sets.   Speaking at 44CON in London, Phil Huggins, vice president at Stroz Friedberg, said that there is a rising trend with data enabled investigations, particularly when it does not take three weeks to process data and tools allow the opportunity to manipulate the data, and this reduces the time to investigate.   “This is a Hunter type investigation and it is...

Security for the Internet of Things (IoT) must be fixed for the long term, and requires top-level guidance.   According to Beecham Research, the potential damage to people, possessions, businesses and national critical infrastructure from a successful attack on cyber-physical systems through the IoT cannot be underestimated.   Professor Jon Howes, one of the authors of the report and technology director at Beecham Research, said that devices must be securely managed over their entire lifecycle,...

Research collective “I am The Cavalry” may be forced to change their name, due to misunderstanding about what its intention is.   Speaking at 44CON in London, member Beau Woods called the movement “A path forward for public safety”, but admitted that, more a year into its action, it was considering changing the name as it is “not recognised in Asia or Europe as we are not riding in on horses and firing pistols”.  ...

Centify's mobile management solution has been selected to power Samsung's KNOX enterprise mobility management cloud-based service.   Following a collaboration period, KNOW EMM has been developed for all Samsung Galaxy devices and the multiple offerings. KNOX EMM is a cost-effective cloud-based service for organisations that want to enable Samsung Galaxy smartphones or tablets for business use with a simple remote device and mobile app management solution. Additionally, KNOX EMM is also available as a solution...

Security is changing for the better, but if you do not you are doomed as the next industrial revolution is upon us.   In the closing keynote at the Gartner Security and Risk Management system, Gartner managing vice president F. Christian Byrnes said that the current state of security is promising for professionals, as a survey of 900 security staff across USA, Canada, Germany, UK, Brazil and India between March-April 2014 showed that boards of directors...

Selling mobile security to the board can be done if you focus on the benefits presented by securing people and email.   Speaking at the Gartner Security and Risk Management summit in London, John Girard, vice president and distinguished analyst in Gartner's Info Security and Privacy Research Centre said that the best way to sell mobile security to the board is “people, people, people, people and people”.   He said: “If we sell security on the basis of fear, and if we...