Editor's News

Funding that is allocated to the development and improvement of open source code should be redirected to bug bounty programs.   In an email to IT Security Guru, TK Keanini, CTO of Lancope, said that while he welcomed the move to boost open source code by the Linux Foundation, he would like to see a renewable and talented set of security researchers rewarded for finding flaws in these open source projects so that they can be fixed...

A project to fund and support critical elements of the global information infrastructure is being backed by major technology names.   Formed by The Linux Foundation and backed by companies including Cisco, Microsoft, Dell, Google and Facebook, the initiative will collaboratively identify and fund open source projects that are in need of assistance.   Following the OpenSSL Heartbleed flaw revelations, the first project under consideration to receive funds from the Initiative will be OpenSSL, which...

There are likely to be flaws in all software, in both those that are open source and closed.   Speaking to IT Security Guru, Mike Janke, CEO of Silent Circle, said he hated to be the pessimist, but he felt that there are flaws in just about everything. “The key is what type of flaw and what type of product?,” he said.   “For example, if there is a flaw in an Open Source code...

Online casino operators are fuelling the increase in cyber crime by making it easy to “cash in”, according to McAfee.   In a new report about money laundering through online gambling, McAfee allege that the websites have become hotbeds of criminal activity, which not only fuel money laundering, but allow criminals to hide their illicit gains from the police.   This is enabled by the anonymity users can enjoy, as in some instances, gamblers are not even...

Half of British firms are aware of the proposed European data protection changes and a significant number feel that the new directive will create significant challenges for them.   The survey of 850 IT decision makers by Trend Micro, which included 250 British respondents, found that 84 per cent felt that they would need to take steps to be compliant, with 57 per cent feeling the need to spend on data protection or IT security...

The National Institute of Standards and Technology (NIST) has announced that it has removed the Dual Elliptic Curve Deterministic Random Bit Generator (Dual_EC_DRBG) cryptographic algorithm from its draft guidance on random number generators.   Following a review period, the algorithm has been removed from draft guidance on random number generators, and recommended that current users of Dual_EC_DRBG transition to one of the three remaining approved algorithms as quickly as possible, NIST said.   NIST previously...

The Bank of England is to oversee an ethical hacking programme as part of a broader assessment of the reliability of its information security defences According to a report by the FT, this is part of an assessment of more than 20 major banks and other financial players in the UK and the scenarios will draw on intelligence reports of the latest threats from attackers and be overseen by Andrew Gracie, the director of the...

More than 3,000 signatures have been collected in a petition against the proposed sale of HMRC data. The petition, organised and hosted by the Open Rights Group, calls on the Government “to halt plans to sell personal tax data to private companies and researchers”. It says “anonymisation is not foolproof and it is my right to object to my information being shared in this way. Any access to my personal information held by the government...

The number of Brute Force attacks conducted on cloud and hosting environments rose by 14 per cent in 12 months, as attackers looked for vulnerable systems. According to research by managed service provider Alert Logic, the number of detected brute force attacks climbed from 30 per cent to 44 per cent of customers. Drawing data from 232,364 incidents, the statistics also showed that the number of vulnerability scans against data centres and hosting environments increased...

A spike in point-of-sale (POS) intrusions and the plethora of online identities have led to another year of data breaches.   Featuring data from 50 global organisations from 1,367 confirmed data breaches and 63,447 incidents, the seventh annual Data Breach Investigation Report (DBIR) from Verizon found that three threat patterns cover 72 percent of the security incidents in any industry: web application attacks; distributed denial of service (DDoS); and card skimming.   Speaking to IT...