Editor's News

If as much media and business attention was paid to awareness days as there were to data breaches, the problem may not be so prevalent. Speaking to IT Security Guru, Sarb Sembhi, an analyst and director of Incoming Thought, said that days like Data Privacy Day do not make the public more aware of breaches, as the public is only concerned momentarily when they think they are affected.. “It is a shame that there isn't...

BlackBerry has defended its use of the controversial Dual Elliptic Curve Deterministic Random Bit Generator (Dual_EC_DRBG) saying that it does not consider the “backdoor” to be a vulnerability.   According to security blogger Jeffrey Carr, BlackBerry is the patent-holder for Dual_EC_DRBG, following its acquisition of Certicom in 2009, who licensed its Elliptic Curve cryptography technology to the NSA for $25 million in 2003.   Carr said in a blog that this was the year before the NSA convinced...

More than two-thirds of IT managers experienced a security breach or incident in the past 24 months. According to the study “Cyber Security Incident Response: Are we as prepared as we think?”, from the Ponemon Institute and Lancope which surveyed 674 IT security professionals, found that CEOs and members of management teams are in the dark about potential cyber attacks against their companies. Mike Potts, president and CEO of Lancope, said that headlines from 2013...

Neiman Marcus has admitted that its breach may have affected around 1.1 million credit cards.   According to a statement by Neiman Marcus president and CEO Karen Katz, while it can confirm that social security numbers and birth dates were not compromised and its Neiman Marcus and Bergdorf Goodman cards have not seen any fraudulent activity, approximately 1,100,000 customer payment cards could have been potentially visible to the malware.   She confirmed that malware was...

50 professors and researchers have signed an open letter to the US Government saying they “deplore” the practice of surveillance and urge that it be changed. The open letter criticised the reported actions of the US Government, specifically that it “conducts domestic and international surveillance on a massive scale, that it engages in deliberate and covert weakening of internet security standards, and that it pressures US technology companies to deploy backdoors and other data-collection features.”...

Intelligence agents have been described as good people trying to do the right thing by Edward Snowden, who were “worried about the same things I was”.   In a live Q&A session, Snowden said that he felt that the USA would recover from the NSA story as “what makes our country strong is our system of values, not a snapshot of the structure of our agencies or the framework of our laws”. He also said...

Security professionals are so focused on tools that they forget about the human element, and what people and process can add.   Speaking at an industry roundtable hosted by Websense, Mark Brown, director or risk advisory at EY, said that the accountancy industry spent 300 years trying to get to a shared qualification, but security professionals are trying to achieve that in a generation in “a leap of faith, but they are worried about making...

Security B-Sides London returns in 2014, and is delighted to welcome back platinum sponsors Nebulas, MWR Security and Tenable Network Security.   Held on Tuesday, 29th April under the banner of “Connecting People & Agents of All Kinds”, the community-driven event will again be held at Kensington Town Hall, conveniently located next to High Street Kensington tube station and a short tube ride from Earls Court.   Martyn Ruks, technical director at MWR Security, said: “At...

A new Twitter spam campaign has been detected, which gets around safety blocks within the direct messaging (DM) functionality.   According to Malwarebytes researcher Christopher Boyd, the tactic sees attackers compromise legitimate accounts and send links to Tweets posted by spam profiles / other compromised accounts, rather than send a direct URL.   “They are compromising legitimate accounts then sending links to Tweets posted by spam profiles/other compromised accounts. The linked Tweet will then send...

LogMeIn has announced that it is to end its free remote access product to unify its product range,   In a blog post, LogMeIn said that it will only offer a paid-for product and offer “what we believe to be the best premium desktop, cloud and mobile access experience available on the market today”.   It said: “Starting in January, we will gradually migrate users of LogMeIn branded remote access offerings and Ignition branded remote access offerings to...