Editor's News

A move to Ireland has been described as sending a strong message to companies who care about the privacy and security of their data that this is a country that can support that.   Following a report in the Guardian, where it was claimed that Home Secretary Theresa May had called Yahoo to an “urgent meeting to raise security concerns after the company announced plans to move to Dublin where it is beyond the reach...

The Open University has launched a new post graduate computing programme, with a strong focus on digital forensics. Developed with industry organisations including the BCS and CGI, the University said that this offers IT professionals the opportunity to learn to gain digital forensics qualifications. The masters course also includes new modules on software development courses to help organisations adopt the latest agile methodologies without scaring their customers and board members. According to the Open University,...

Symantec has confirmed that president and CEO Steve Bennett’s position has been terminated, and replaced with Michael Brown as an interim.   In a statement, Symantec said that Bennett resigned from the board of directors. He was in the position for just under two years, following the departure of Enrique Salem, who has remained in the security sector and serves on the boards of FireEye, Box and Forescout.   Symantec said that a special committee...

A browser which claims to be a mobile version of the Tor software has been detected, but it reportedly is ridden with malware.   According to a discussion on the Tor project website, the Tor Browser in the Apple App Store is fake, with a user claiming “it's full of adware and spyware” and a move to have it removed has been mooted.   A mobile researcher told IT Security Guru that the malware was...

Twitter’s eighth birthday has been marred by a certificate issue that saw users face a warning page on its “First Tweet” page.   The page, which offered to show users their first ever tweet, worked on a standard HTTP request, but when using HTTPS users faced a page warning them that the connection was untrusted. Amar Singh, CISO and head of the UK chapter of ISACA, told IT Security Guru that despite the website being...

The United States Internal Revenue Service (IRS) has admitted that an employee took home a USB drive containing unencrypted data on 20,000 fellow workers.   According to Bloomberg, the tax agency systems were not breached despite the Social Security numbers, names and addresses of employees and contract workers being potentially accessible online because the thumb drive was plugged into the employee’s unsecure home network.   The IRS said it had no knowledge of the information...

Malware research hub and mailing list Full-Disclosure has announced that it is to close after 12 years of operation.   According to founders Len Rose and John Cartright, they are “suspending service indefinitely”.   In a statement, Cartwright said that upon the creation of the list in 2002, they knew that it would “have our fair share of legal troubles along the way” and after requests to delete things, requests not to delete things and...

Speaking to the company board of directors and fellow employees should not be diluted down, but it often ends up that way.   Speaking at the CRESTcon conference in London, HP's Andrea Simmonds said that some people have learned a lot but are not good communicators, while others are competent but do not know how to apply it, and the challenge for security professionals is how to pass knowledge on in a way that others...

Portcullis has announced its acceptance into the CREST Cyber Security Incident Response (CSIR) Scheme.   Established by CREST in collaboration with CESG, the information security division of GCHQ, and the Centre for the Protection of National Infrastructure (CPNI), the scheme creates a set of standards for incident response when dealing with attacks for both the private and public sector.   According to the company, Portcullis achieved CSIR certification based on its Cyber Threat Analysis and...

Information security has been described as a career by design, but one that needs to be certified globally.   Speaking at the CRESTcon conference in London, BT's Ray Stanton said that the security professional has to have standards in a time where there is inconsistency. While an audience member said that there was a danger that this would create an elite and leave small businesses behind, they admitted that there needs to be a level...