Editor's News

Internet auction website eBay has instructed users to change their passwords after it admitted to suffering an attack in February.   According to a statement published on its corporate website, company said it has no evidence of the compromise “after conducting extensive tests on its networks”, but there was no evidence that financial or credit card information had been accessed as this “is stored separately in encrypted formats”.   However, eBay’s 112 million users will...

As most code is derived from code bases, if you only test your own code, you are missing a large part of the attack surface.   Speaking to IT Security Guru, Chris Eng, vice president of security research at Veracode, suggested that most software is not written entirely from scratch; only ten per cent of code is, and 90 per cent comes from other libraries and products, such as OpenSSL for example.   Eng said...

There is a global distrust of passwords, as 97 per cent of IT professionals think they make their systems vulnerable to attack.   The research of 300 attendees at Infosecurity Europe found that 97 per cent said that they know that passwords make their systems vulnerable and pose a serious risk when accessing web applications, and yet we still use weak, static passwords for business critical applications, despite 66 per cent of IT professionals saying that...

Almost 90 per cent of businesses believe that the threat of privileged users will increase in the next two years.   According to a Ponemon Institute report, 88 per cent of 693 respondents believed that the risk of privileged user abuse will increase or stay the same in the next 12-24 months, while 69 per cent of respondents do not believe their organisations have the ability to identify an insider threat before it’s too late.  ...

The FBI has issued wanted posters for five Chinese army agents it is charging with cyber crimes. Named by the US Department of Justice as Wang Dong, Sun Kailiang, Wen Xinyu, Huang Zhenyu, and Gu Chunhui, the men were officers in Unit 61398 of the Third Department of the Chinese People’s Liberation Army (PLA), which Mandiant called the APT1 group in its 2013 report. The indictment alleges that Wang, Sun, and Wen among others known...

Deemed to not be meeting data security compliance standards, the CEO of Wallet app LifeLock has deleted all data stored by current users. In a blog post, LifeLock chairman and CEO Todd Davis, said that it has determined that certain aspects of its mobile app may not be fully compliant with payment card industry (PCI) security standards, and it was removing it from the App Store, Amazon Apps, and Google Play, and when users open...

Google has announced that it is to allow users to switch off adverts in apps and permanently removed all ads scanning in Gmail.   In ablog, Amit Singh, president of Google Enterprise, he said that it takes the responsibility to keep data safe “very seriously” and as well as implementing HTTPS connections for Gmail, it has also added mail routing, delivery controls and SMTP relay services to control the flow of information to and from...

Only a third of 250 security professionals would bother getting cyber insurance, while two-thirds (63 per cent) believe insurers would not actually honour a claim if one was made.   The research by AppRiver found that 32 per cent of UK businesses don’t bother seeking this increasingly vital cover.Jim Tyer, EMEA channel director for AppRiver, who conducted the survey at this year's Infosecurity Europe conference, said that findings were “alarming” that there was so little...

An enterprise version of the Nessus vulnerability scanner has been launched by Tenable.   Offering the capability to streamline scans and audits, Tenable technical director Gavin Millard told IT Security Guru that the enterprise version will allow scan data and results to be shared as well as larger deployments to be managed.   “We have 20,000 users of Nessus and this has become the default for scanning for vulnerabilities,” he said. “Users such as auditors and...

If exam time wasn't hard enough, an Atlanta university has accidentally wiped all PCs running Windows 7.   An accidentat Emory University this weekend saw a Windows 7 deployment image sent to all Windows machines, including laptops, desktops, and even servers. According to The Next Web, the reimaging started with a repartition/reformat set of tasks. As soon as the accident was discovered, the SCCM server was powered off – however, by that time, the SCCM server...