Editor's News

A fresh attack vector against SSL has been detailed, but analysts are mixed on the severity of the POODLE (Padding Oracle On Downgraded Legacy Encryption) flaw. After it was rumoured to be disclosed yesterday by the Register, it was later detailed as revealing a vulnerability in the way that SSL v3 uses ciphers and allows an attacker to extract the plaintext of targeted parts of an SSL connection, usually cookie data, and doesn't require such extensive control of the format of...

Bad password management costs businesses up to £130,000 and a year in lost productivity. According to research by Centrify, of 2,000 UK and US participants, it found that the average employee wastes £261 a year in company time on trying to manage multiple passwords, which for a company with 500 staff is a loss of more than £130,000 a year. Barry Scott, EMEA chief technology officer for Centrify, told IT Security Guru that the concept was...

A vulnerability which affects all versions of Microsoft Windows is being used in a Russian cyber-espionage campaign which targets NATO, the European Union and critical sectors. According to research by iSIGHT Partners the vulnerability, which impacts all supported versions of Microsoft Windows and Windows Server 2008 and 2012, and a patch will be made available today. The research found that exploitation of the vulnerability was discovered in the wild in connection with a cyber-espionage campaign that iSIGHT Partners attributed...

A greater proliferation of online service is enabling cyber criminals, but that is not being met with equal online law enforcement. Speaking at the ISSE 2014 Conference in Brussels, Troels Oerting, head of the European Cybercrime Centre (EC3) and assistant director of Europol's Operations Department, said that we need greater collaboration across the world as cyber criminals are not focused on territory. He said that in the Danish police, he had the authority to use...

There should be more effort to build a strong and trustworthy IT security industry in Europe. Opening the ISSE conference in Brussels, Norbert Pohlman, director of TeleTrust in Germany, said that the European strengths are high level of competence in security and data protection, with innnovative security solutions, extensive security research and high expertise and evaluation and an open crypto policy. “Culturally we are in a good condition, with traditionally reliable IT security with no...

Edward Snowden has recommended the public take a greater interest in secure products and avoid public products like Dropbox, Facebook and Google.   Speaking at the New Yorker Festival, Snowden said that there is a problem in the way that people do not feel that they have anything to hide, as they are “inverting the model of responsibility”. He said that if this is the attitude, we will get where Government's do not have to justify...

US retailer Kmart has admitted some customer payment cards have been compromised after it discovered that point of sale systems had been breached.   While investigations are ongoing, initial indications are that the infections had started early last month. In a statement, Kmart president and chief member officer Alasdair James said that the retailer is working closely with federal law enforcement authorities, its banking partners and security experts in an ongoing investigation.   He said that the IT...

It has been reported that 4chan hackers have hacked into at least 100,000 Snapchat images sent via unofficial third party apps. Snapchat have tweeted a response to the claims by hackers that ‘Snapchat’s servers were never breached and were not the source of these leaks.’ Snapchat seemed to put the responsibility on the users by stating the users were ‘victimised by their use of third-party apps.’ The company then go on to confirm that this is something...

American ice cream chain Dairy Queen has confirmed that the Backoff malware was responsible for the impact upon payment card data.   In a statement, Dairy Queen said that nearly 400 US restaurants were affected, and that systems were accessed due to a "third-party vendor's compromised account credentials."   The statement, posted on the front page and signed by president and CEO John Gainor, said that after the intrusion was detected in August, it launched an extensive investigation...

Microsoft will release nine security bulletins next week, three of which are rated as critical.   With another five rated as important and one rated as moderate, the updates are for Windows, Internet Explorer, Office, .NET Framework and ASP.NET. This is also the first monthly patch release since the Trustworthy Computing Group was closed.   Russ Ernst, director of product management at Lumension, said: “The security group anyway is definitely still hard at work. Given the very...