• Preparing your organization for Stuxnet-like attack

    A cybersecurity expert describes Stuxnet as “this epochal change”; he says that although Stuxnet was of such complexity and required such significant resources to develop that few attackers will be in a position to produce a similar threat in the near future, we now know that the dangers of Stuxnet-like threats are no longer theoretical

  • Strikeout! Yankees release ticket holders' personal data

    Apple and Google, Sony and Microsoft have all made news with security failures in the last weeks; the venerable New York Yankees baseball franchise now joins that list with the release of personal information of half of their season-ticket holders; this is but the latest example of cyber vulnerability owing to human fallibility

  • U.S. reducing number of data centers, moving to the cloud

    The U.S. government operates 2,100 data centers; these centers, together, occupy more than 350,000 square feet; to cut cost and increase security, the government plans to close 137 of the centers by the end of the year, part of a broader plan to close 800 data center within the next five years; in addition, 100 e-mail systems serving about one million government employees will be moved to the cloud

  • Sony's gaming network hacked, Microsoft's follows suit

    Gamers are in a frenzy over Sony’s announcement that its PlayStation network security had been breached, resulting in the exposure of a large amount of each user’s personal and financial information; the first of an expected flood of lawsuits, as well as class action is filed in U.S. District Court; Microsoft announces an exploited vulnerability in one of their game titles leading to phishing attempts, and acknowledged that previously banned “modded” consoles were attaching to the network again

  • Ceelox unveils fingerprint authentication for cloud networks

    Ceelox, Inc. recently announced the release of Ceelox ID Online which is a biometric solution designed specifically for cloud computing applications; users can now use their fingerprints to securely authenticate their credentials, minimizing the threat of having their user name and password stolen or compromised; stolen passwords and online identity theft has risen dramatically in recent years; from mid-2005 to mid-2006 alone, roughly fifteen million Americans were the victims of fraud related to identity theft; with Ceelox ID, users also have the flexibility to use one password for all their accounts to increase flexibility and convenience, while maintaining security

  • Google joins Apple in privacy furor

    iPhones transmit locations back to Apple, and Apple is not alone in this activity; Google has disclosed that its Android cell phones have been transmitting location data for some time; members of the Congress and Senate have begun to demand answers and explanations

  • Cell phone privacy

    Apple faces questions about an undisclosed, hidden geographical tracking file in its 3G products; the existence of the system was included in an operating system update downloaded and installed by users; a free mapping program can be downloaded to view your own history

  • Dramatic increase in critical infrastructure cyber attacks, sabotage

    A new study by McAfee and CSIS reveals a dramatic increase in cyber attacks on critical infrastructure such as power grids, oil, gas, and water; the study also shows that that many of the world’s critical infrastructures lacked protection of their computer networks, and revealed the staggering cost and impact of cyberattacks on these networks

  • Government plan for consolidated online ID unveiled

    Last Friday President Obama unveiled a plan to establish federal standards to create consolidated secure online passwords; the ultimate goal of National Strategy for Trusted Identities in Cyberspace (NSTIC) is to create a more secure environment for online transactions where users only have to register once and can use a common password for multiple sites; NSTIC lays out the industry standards and technology policies around the new authentication methods but leaves the development and deployment of the technology entirely in the hands of the private sector to avoid the establishment of a government-led national ID; privacy advocates worry that it could create an environment where authentication is increasingly required

  • Weak passwords get robust protection

    The combination of simple codes and Captchas, which are even more encrypted using a chaotic process, produces effective password protection; the passwords of the future could become more secure and, at the same time, simpler to use; researchers have been inspired by the physics of critical phenomena in their effort significantly to improve password protection; the researchers split a password into two sections; with the first, easy to memorize section they encrypt a Captcha — an image that computer programs per se have difficulty in deciphering; the researchers also make it more difficult for computers, the task of which it is automatically to crack passwords, to read the passwords without authorization; they use images of a simulated physical system, which they additionally make unrecognizable with a chaotic process; these p-Captchas allowed the researchers to achieve a high level of password protection, even though the user need only remember a weak password

  • Firm pushes for open wireless sensor data

    As wireless sensors are becoming increasingly ubiquitous in electrical grids, homes, and businesses, electronic enthusiasts and programmers believe that this data could be used to create a host of new devices with practical uses; making sensor data freely available allows engineers to build software and apps that monitor data in real time for things like local radiation levels, water quality, or even your home’s energy consumption; leading the push for open sensor data is U.K. based Pachube (pronounced “patchbay”) which has developed a network of sensors that collect six million points of data per day; the majority of sensor information is currently encrypted and therefore inaccessible

  • Siemens, McAfee team up to defend against critical infrastructure attacks

    McAfee and Siemens will work together to help secure critical infrastructure against cyber attacks that target industrial control processes like the Stuxnet worm which destroyed nuclear centrifuges at an Iranian nuclear enrichment facility; the two companies are targeting Advanced Persistent Threats aimed at the manufacturing and process industry; this new security product could help ease security fears for critical infrastructure operators who rely on industrial control programs for nearly every automated process; McAfee says it’s Application Control system product would have protected Iran’s centrifuges from the Stuxnet virus that caused them to spin out of control

  • Russian bloggers fall victim to cyber attacks

    Earlier this month LiveJournal, a major Russian blogging site, was the victim of a large cyber attack; bloggers believe that it was a move meant to silence political dissent in advance of the country’s elections; the site was brought down by a distributed denial of service (DDos) attack; SUP, the owners of LiveJournal, said that the recent attacks were the worst in its company’s history and unprecedented in that it targeted the entire website rather than individual blogs; the majority of Russia’s opposition leaders and political activists maintain blogs on LiveJournal that they use as platforms to gain support and spread their message

  • Joint EU and U.S. cyber security exercise to be held this year

    The United States and the European Union (EU) recently announced that they will hold joint cyber war exercises by the end of 2011; the exercise comes as part of a broader agreement to expand efforts to jointly defend against cyber security threats; the two sides agreed to share best practices, engage the private sector, and increase global cyber incident response capabilities; in particular, the agreement will focus on fighting botnets, securing industrial control systems, and enhancing the resilience and stability of the internet

  • Iran admits Stuxnet's damage

    A senior Iranian official admitted that the Stuxnet malware, which infected tens of thousands of computers and servers used in Iran’s nuclear weapons complex inflicted serious damage on Iran’s nuclear program, including large-scale accidents and loss of life