Editor's News

A survey of 300 UK IT directors and managers by Cyber Security EXPO found that more than a third (37 per cent) were most concerned about a shortage of security technology, compared to nine per cent who cited lack of budget as the most significant challenge. Almost a quarter (23 per cent) claimed the biggest challenge was the shortage of well-qualified people. Asked if it was a surprise that professionals were bemoaning a lack of...

Camelot has admitted that it does not offer security advice to winners, despite a recent winner's profile being wide open. The winner, who did not return emails to IT Security Guru, had won a multi-million pound prize and had appeared in the national press, but his Facebook profile displayed information on his interests, family and occupation. Speaking to IT Security Guru, Andrew Barratt, managing director, Europe for technology audit and advisory services at Coalfire, said...

Qualys has released a tool to help detect the Bash/Shellshock vulnerability.   The vulnerability check has been added to its Freescan technology, allowing any organisation to verify the security of an internet facing server. It also said that Qualys customers can detect the flaw bug by scanning with the Qualys Vulnerability Management (VM) cloud service as QID 122693 and 13038, so users can get reports detailing their enterprise-wide exposure whenever they next scan their assets.   Wolfgang Kandek,...

SSL certificates are to be issued to all users of CloudFlare, including the two million websites that user the free version. In a blog post, CEO and co-founder Matthew Prince said it was rolling the service out to all users today. Saying that there was a mission to help build a better internet, one of the most important things it could do was enable Universal SSL for all paying and free customers. He said: “Even if it...

The size of a recent payment card breach may affect around 324 US restaurants. As reported last week, the US sandwich chain is investigating a potential data breach at 216 of its sandwich shops that may affect credit and debit cards used at its franchises between June and September of this year. However the breach is also being investigated by point of sale technology manufacturer Signature Systems, who believed that some 324 restaurants may be affected, according...

The Shellshock/Bash flaw will be persistent for several years, and will divide security professionals who know and do not know UNIX systems.   Speaking to IT Security Guru, CISO and GiveADay founder Amar Singh believes that not many people will understand the complexity of the flaw. “Those who know Windows will not understand Bash unless they have worked with UNIX for two to three years, and a lot of CISOs' only experience has been with...

Within hours of the Shellshock/Bash vulnerability being disclosed, attacks targeting it in the wild to download additional malware were detected.   According to Zscaler’s ThreatLabZ research team, upon successful exploitation of the CVE-2014-6271 vulnerability, an attacker is able to download and install a malicious ELF binary on the target Linux system. The malware connects to a predetermined Command and Control server on a specific port and awaits further instructions from the attacker.   Other reports of attacks...

Rumours of the legal case regarding patent infringement by Appthority are premature and incorrect, claims its President.   Speaking to IT Security Guru, Domingo Guerra said that reports about the ruling over patent infringement brought by vendor Veracode were not correct, as only the jury verdict had been returned and the judge was due to return to deliver his final judgment in November or later.   He said: “Veracode is trying make it seem the case is...

The Bash software bug may be bigger than Heartbleed, as it allows hackers to control the command prompt on many Unix computers.   The flaw in the shell, or command prompt software, could allow hackers to exploit a bug in Bash to take complete control of a targeted system.   Details of the flaw, which credited discovery to “Unix/Linux and telecom specialist “ Stephane Chazelas, said that this related to how environment variables are processed. As this vulnerability...

Apple was apparently aware of the flaw in iCloud for as long as six months before it was exploited.   According to emails obtained and published by the Daily Dot, software developer Ibrahim Balic informed Apple of a method he’d discovered for infiltrating iCloud accounts. He admitted that while the exploit shares a stark resemblance to the exploit allegedly used in the so-called "Celebgate" hack, it was unclear if it was the same vulnerability.   In an email sent on...