Editor's News

Half of British firms are aware of the proposed European data protection changes and a significant number feel that the new directive will create significant challenges for them.   The survey of 850 IT decision makers by Trend Micro, which included 250 British respondents, found that 84 per cent felt that they would need to take steps to be compliant, with 57 per cent feeling the need to spend on data protection or IT security...

The National Institute of Standards and Technology (NIST) has announced that it has removed the Dual Elliptic Curve Deterministic Random Bit Generator (Dual_EC_DRBG) cryptographic algorithm from its draft guidance on random number generators.   Following a review period, the algorithm has been removed from draft guidance on random number generators, and recommended that current users of Dual_EC_DRBG transition to one of the three remaining approved algorithms as quickly as possible, NIST said.   NIST previously...

The Bank of England is to oversee an ethical hacking programme as part of a broader assessment of the reliability of its information security defences According to a report by the FT, this is part of an assessment of more than 20 major banks and other financial players in the UK and the scenarios will draw on intelligence reports of the latest threats from attackers and be overseen by Andrew Gracie, the director of the...

More than 3,000 signatures have been collected in a petition against the proposed sale of HMRC data. The petition, organised and hosted by the Open Rights Group, calls on the Government “to halt plans to sell personal tax data to private companies and researchers”. It says “anonymisation is not foolproof and it is my right to object to my information being shared in this way. Any access to my personal information held by the government...

The number of Brute Force attacks conducted on cloud and hosting environments rose by 14 per cent in 12 months, as attackers looked for vulnerable systems. According to research by managed service provider Alert Logic, the number of detected brute force attacks climbed from 30 per cent to 44 per cent of customers. Drawing data from 232,364 incidents, the statistics also showed that the number of vulnerability scans against data centres and hosting environments increased...

A spike in point-of-sale (POS) intrusions and the plethora of online identities have led to another year of data breaches.   Featuring data from 50 global organisations from 1,367 confirmed data breaches and 63,447 incidents, the seventh annual Data Breach Investigation Report (DBIR) from Verizon found that three threat patterns cover 72 percent of the security incidents in any industry: web application attacks; distributed denial of service (DDoS); and card skimming.   Speaking to IT...

A 19 year old Canadian student has been named as the first man to be charged with offences relating to the Heartbleed vulnerability.   According to CBC, Stephen Arthuro Solis-Reyes has been charged with stealing over 900 security security numbers, with one count of unauthorised use of a computer and one count of mischief in relation to data.   He had been threatened to be arrested in the middle of a class at Western University...

A number of companies have begun to issue “all clear” messages in regard to the Heartbleed flaw.   Following an issue regarding Akamai, where it issued an update where it admitted to having a bug where it could protect only three parts of a six-part RSA key, technology vendors have now begun issuing statements where they are stating that they have checked, certified and clarified that there are no issues.   In its statement, Dell...

The Heartbleed vulnerability is affecting devices as well as websites, with reports claiming that both routers and mobile devices could be affected by the flaw.   According to the Guardian, Cisco has confirmed that a number of its products are vulnerable, including desktop phones, video conferencing hardware and VPN software, while Belkin said that its routers, as well as those of its Linksys subsidiary, while neither Netgear nor BT have spoken publicly about whether or not their...

Tools being used to detect the OpenSSL vulnerability often contain bugs too.   According to research by CNS Security, methods for detecting whether your systems are affected have bugs themselves which is leading to false negative results.   Adrian Hayter, blogger and penetration tester at CNS Security, said: “I was called upon to perform checks against numerous systems during the week, and I noticed that some of the scripts would find a vulnerability whilst others...