Editor's News

Vulnerabilities in devices that are not typical hardware or software are often not fixed.   Speaking to IT Security Guru, Cris Thomas who was SpaceRogue in the hacker space L0pht and was appointed as technical manager of Tenable in January, said that the race to find vulnerabilities and earn money has led to security issues being found in technologies where they didn’t exist previously, or where no-one thought to look for them before.   He...

  As part of an effort to make its educational resources available to academia, ISC)2 has launched a Global Academic Programme.   In an effort to help meet the global demand for more skilled cyber security professionals, accredited academic institutions will have access to new resources and support from the CISSP community, with educational resources updated regularly by its members and industry luminaries, the (ISC)2 common body of knowledge incorporates disciplines within information security, software security, forensics...

Entrust has combined its IdentityGuard cloud services into a single platform. Now combining SSL, discovery, smart credentials, PKI and device certificates, the IdentityGuard allows users to go to a common place with different accessible services, according to Jay Schiavo, director of products and markets at Entrust. He said: “This is now a unified platform and the product solution has set the services together and we are responding to request for service. This is a common set...

Users are being encouraged to change their passwords because of the OpenSSL flaw, but there is no guarantee that sites have been patched.   Speaking to IT Security Guru, Thom Langford, director of the global security office at Sapient, said that advice to change passwords was “utterly pointless” and a knee jerk reaction to advise changing passwords on a compromised system as then the new password could be intercepted.   “You have to wait, it makes...

Microsoft released four patches on its final day of support for Windows XP last night.   Addressing issues in Windows, Internet Explorer and Office, the critical-rated MS14-018 addresses six vulnerabilities in Internet Explorer (IE) and affects all versions from IE6 to IE11, while patches were issued for XP service pack 3.   Wolfgang Kandek, CTO of Qualys, said: “Microsoft gives this bulletin an exploitability index rating of “1”, meaning that attacks can be expected with...

Streamlining and slimlining of standards is needed in information security.   Speaking on a panel at the EEMA and TDL Trust in the Digital World conference in Vienna, Demosthenes Ikonomou, head of the information and security and data protection unit at ENISA said that the recent Cybersecurity Coordination Group (CSCG) whitepaper was too “high level” in his view and as a result, he doubted it would work in practice. “It should have a number of key initiatives...

The UK computer emergency readiness team (CERT) has issued its first major advisory since it officially opened regarding the OpenSSL vulnerability.   In the advisory, CERT-UK said that it was aware of reports of the vulnerability, which is also known as the Heartbleed bug which affects versions 1.0.1-1.0.1f of the OpenSSL cryptographic library.   It said: “This potentially permits the stealing of information normally protected by SSL/TLS encryption, and could affect applications used for web...

Big Data is “octagonal” to security and in conflict with the European approach to privacy.   Speaking at the Trust in the Digital World conference in Vienna, Professor Bart Preneel from the Catholic University Leuven said that while there are some security companies based in Europe, the majority are in the US and Governments often fall behind.   He said: “We should stop Big Data and keep it local as it cannot work with democratic models....

The revelations about the NSA by Edward Snowden may be beneficial for Europe.   Speaking at the Trust in the Digital World conference in Vienna, Professor Bart Preneel from the Catholic University Leuven said that while the news undermined cryptographic standards and it was bad for NIST, it was an opportunity for Europe.   He said: “As cryptographers, we knew that there was a backdoor but we didn't know anyone was using it. This has proved...

The Edward Snowden revelations were “a wakeup call” and should not cause the EU Cyber Security Strategy to be “diluted”.   Speaking at the Trust in the Digital World event in Vienna, Zoran Stancic, deputy director general of DG Connect at the European Commission said that the pillars of the cyber security strategy were interlinked but headlines have caused the European Commission to get its “checks and balances right”.   Stancic said that trust and...