Editor's News

Wireless security is at a critical stage, and research has found that of 81,743networks surveyed, around 30 per cent were using either the known-broken Wired Equivalent Privacy (WEP) algorithm, or no security encryption at all. In an exercise, James Lyne, global head of security research at Sophos, used wifi scanners on a bicycle in an project named “warbiking” and found that 52 per cent of networks were using WiFi Protected Access (WPA). “Our experiment found...

Vast data stores and small-sized removable media is enabling whistle-blowers and will enable more in future.   Speaking in his keynote address at Infosecurity Europe, Mikko Hypponen, chief research officer at F-Secure, said that whistle-blowing has “been around forever” and arms insiders who believe that they can fix their wrong-doings, which can be serious or something more “down-to-earth”, like employers mis-treating employees.   He said: “Chelsea Manning would have needed a truck to steal information,...

Efficient visibility can be enhanced with good analytics.   Jan Hof, international marketing director at Forescout, said that everything is behind the firewall and the challenge was to be more efficient, and while virtualisation and cloud have taken off, they are hard to control so provide more challenges. “Companies are replacing legacy systems and how they implement next generation security infrastructure, there is a real need for real-time visibility and that will happen every year,”...

Intrusion prevention systems (IPS) are far from a dead technology, but the industry needs to work them better and push vendors on detection rates.   Speaking at BSides London, chief security officer Arron Finnon cited Gartner's 2010 analysis that $1 billion will be spent on stand-alone IPS, but the industry “spends billions on products that do not work, and if you don't detect a compromise immediately it will be between 18-24 months before it is...

There is no clear line when it comes to online attacks in a conflict, but in the case of a land war, the critical national infrastructure will be a target.   Speaking to IT Security Guru, Tom Cross, director of security research at Lancope, said that “cyber war” will fit most contexts, but it is another theatre and Governments are learning from this. “Estonia suffered as its infrastructure was very modern and the attack had...

In his talk at BSides London, Stephen Bonner, partner in the information protection and business resilience at KPMG, said that privacy is key and is “enshrined in our human rights”.   One of the problems of privacy is we cannot control it, he said, and while efforts to protect against CCTV have been made, you need more. “You need to oppress the control that CCTV provides, with facial recognition and monitor people who may choose...

AOL has seen around two per cent of its user base compromised, after an attack saw hackers obtain email addresses, postal addresses, encrypted passwords and answers to security questions used to reset passwords.   According to IT News, tens of millions of email account holders have been told to change their passwords and security questions, although there was no indication that the encryption on that data had been broken, nor that customer financial information had...

The first zero-day flaw to affect Windows XP users has been disclosed.   Affecting Internet Explorer versions from six to the most recent 11, the vulnerability is a remote code execution vulnerability which exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated.   According to an advisory,an attacker could host a specially crafted website that is designed to exploit this vulnerability through...

Cloud security-as-a-service (SaaS) solutions provider Alert Logic has announced the opening of its first data centre and security operations centre (SOC) in the EMEA region.   Based in Cardiff, development for the data centre and SOC are underway, while sales, marketing and support teams will be created to engage directly with customers in the UK. Gray Hall, CEO of Alert Logic, said: "With over 300 Alert Logic customers in the UK already, we are excited...

Funding that is allocated to the development and improvement of open source code should be redirected to bug bounty programs.   In an email to IT Security Guru, TK Keanini, CTO of Lancope, said that while he welcomed the move to boost open source code by the Linux Foundation, he would like to see a renewable and talented set of security researchers rewarded for finding flaws in these open source projects so that they can be fixed...