Editor's News

Intrusion prevention systems (IPS) are far from a dead technology, but the industry needs to work them better and push vendors on detection rates.   Speaking at BSides London, chief security officer Arron Finnon cited Gartner's 2010 analysis that $1 billion will be spent on stand-alone IPS, but the industry “spends billions on products that do not work, and if you don't detect a compromise immediately it will be between 18-24 months before it is...

There is no clear line when it comes to online attacks in a conflict, but in the case of a land war, the critical national infrastructure will be a target.   Speaking to IT Security Guru, Tom Cross, director of security research at Lancope, said that “cyber war” will fit most contexts, but it is another theatre and Governments are learning from this. “Estonia suffered as its infrastructure was very modern and the attack had...

In his talk at BSides London, Stephen Bonner, partner in the information protection and business resilience at KPMG, said that privacy is key and is “enshrined in our human rights”.   One of the problems of privacy is we cannot control it, he said, and while efforts to protect against CCTV have been made, you need more. “You need to oppress the control that CCTV provides, with facial recognition and monitor people who may choose...

AOL has seen around two per cent of its user base compromised, after an attack saw hackers obtain email addresses, postal addresses, encrypted passwords and answers to security questions used to reset passwords.   According to IT News, tens of millions of email account holders have been told to change their passwords and security questions, although there was no indication that the encryption on that data had been broken, nor that customer financial information had...

The first zero-day flaw to affect Windows XP users has been disclosed.   Affecting Internet Explorer versions from six to the most recent 11, the vulnerability is a remote code execution vulnerability which exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated.   According to an advisory,an attacker could host a specially crafted website that is designed to exploit this vulnerability through...

Cloud security-as-a-service (SaaS) solutions provider Alert Logic has announced the opening of its first data centre and security operations centre (SOC) in the EMEA region.   Based in Cardiff, development for the data centre and SOC are underway, while sales, marketing and support teams will be created to engage directly with customers in the UK. Gray Hall, CEO of Alert Logic, said: "With over 300 Alert Logic customers in the UK already, we are excited...

Funding that is allocated to the development and improvement of open source code should be redirected to bug bounty programs.   In an email to IT Security Guru, TK Keanini, CTO of Lancope, said that while he welcomed the move to boost open source code by the Linux Foundation, he would like to see a renewable and talented set of security researchers rewarded for finding flaws in these open source projects so that they can be fixed...

A project to fund and support critical elements of the global information infrastructure is being backed by major technology names.   Formed by The Linux Foundation and backed by companies including Cisco, Microsoft, Dell, Google and Facebook, the initiative will collaboratively identify and fund open source projects that are in need of assistance.   Following the OpenSSL Heartbleed flaw revelations, the first project under consideration to receive funds from the Initiative will be OpenSSL, which...

There are likely to be flaws in all software, in both those that are open source and closed.   Speaking to IT Security Guru, Mike Janke, CEO of Silent Circle, said he hated to be the pessimist, but he felt that there are flaws in just about everything. “The key is what type of flaw and what type of product?,” he said.   “For example, if there is a flaw in an Open Source code...

Online casino operators are fuelling the increase in cyber crime by making it easy to “cash in”, according to McAfee.   In a new report about money laundering through online gambling, McAfee allege that the websites have become hotbeds of criminal activity, which not only fuel money laundering, but allow criminals to hide their illicit gains from the police.   This is enabled by the anonymity users can enjoy, as in some instances, gamblers are not even...