Editor's News

The first version of the FIDO Alliance standard has been published to enable service providers, enterprises and device manufacturers to offer stronger authentication that is more secure and easier to use. Removing the need for usernames and passwords, the FIDO Alliance 1.0 draft of its two specifications – Universal Authentication Framework (UAF) and Universal 2nd Factor (U2F), enables members to implement and market solutions around FIDO-enabled strong authentication, and non-members to freely deploy those solutions....

More time should be spent on training and enabling people and police and on sharing information to create a more secure United Kingdom. Speaking at the (ISC)2 EMEA Congress in London, former Home Secretary David Blunkett MP, said that we commonly find that simple solutions can work, and while companies do spend money, he asked if they are spending it wisely? He said: “Training is of critical importance, as you are only as good as...

Security experts have dismissed reports of a new ransomware campaign, calling it “a hype”.   Jamie Blasco, director of research at AlienVault Labs, said that what he had seen of PowerLocker and PrisonLocker was “a hype”, since the only information available was from one person who was supposedly developing it, but it was still not ready. “We don't know the status of the project but one thing is clear, there are no samples available of...

More industry speakers have dropped out of next month’s RSA Conference in San Francisco in protest against the company’s alleged $10 million deal with the NSA.   Following the likes of F-Secure chief research officer Mikko Hypponen and Jeffrey Carr, security commentator, Christopher Soghoian announced on Twitter that he had withdrawn from a panel session he was due to be speaking on.   According to the Washington Post, a further five speakers have pulled their...

The European Data Protection Directive is effectively dead, due to the infringement upon European citizens’ human rights. Speaking to IT Security Guru, privacy consultant Martin Hoskins said that the European Commission’s justice and home affairs legal team has deemed it to be “unlawful” as it breaches the human rights of customers as they may have to go to a foreign jurisdiction rather than their national privacy commissioner. “If the lead regulator was in Ireland, then...

Free applications may offer premium content at no cost, but they often require personal information to be surrendered.   According to Michael Sutton, director of security research at ZScaler, those privileges may allow a user to be monitored, and sensitive information potentially viewed and compromised. In the case of the owner of a company-owned device being allowed to download applications, they may download a free application that could monitor and access connections.   Sutton said...

McAfee parent Intel has announced that it plans to remove the name of the security company and rename it as “Intel Security”.   Intel, who acquired McAfee in 2010 for a fee of around £5 billion, said at the 2014 International Consumer Electronics Show in Las Vegas that the new brand will identify Intel products and services in the security segment and retain the red shield logo.   Intel CEO Brian Krzanich said that the...

Authentication will move to be more of a cloud-based solution, and specifically offered in a service-based model.   Speaking to IT Security Guru, Jason Hart, vice president of cloud solutions at SafeNet, said that the adoption of cloud is happening as users want to use context-based authentication. “There are different authentication mechanisms, it is about being able to mix and match,” he said.   “The software is there, and I think we will see an...

The Yahoo.com domain served malicious advertisements which redirected users to the “Magnitude” exploit kit.   According to a blog by Fox-IT, five iframes were infected which redirected users to websites that were served by an IP address in the Netherlands. This exploit kit exploits vulnerabilities in Java and can install different malware including ZeuS and Andromeda.   Fox-IT claimed that its examination of a traffic sample found that this mainly affected users in Europe, specifically Romania...

FireEye has announced the acquisition of security services vendor Mandiant for $1 billion (£608 million). Together, the two companies will offer FireEye’s virtual execution and sandboxing technology along with Mandiant’s incident response management and remediation solutions. According to FireEye, this acquisition creates the industry’s leading advanced threat protection vendor with the ability to find and stop attacks at every stage of the attack lifecycle. Under the terms of the merger agreement, FireEye will issue an...