• Need for digital security spurs growth of cyber security field

    The growing need for digital security has made the shortage of cyber security professionals in the United States even more apparent, and the U.S. government is now engaged in a campaign to train, hire, and retain thousands of cyber professionals; the private sector is doing its share, too: Raytheon initiated the MathMovesU program in 2005, to inspire middle school students to consider math, science, and engineering education and careers; Raytheon awards more than $2 million annually in scholarships and grants to students, teachers, and schools nationwide

  • U.S. intensifies campaign to train, hire, retain cybersecurity professionals

    The cyber threats to both government and public network intensify, and the U.S. federal agencies must find ways to attract qualified workers and develop new skills internally; NIST’s Dr. Ernest McDuffie: “We’ve got a problem of where the next generation of engineers are going to come from— Awareness, education, workforce, and training all have to come together”

  • Pentagon describes 2008 attack as a "network administrator's worst fear"

    The Pentagon admits that a 2008 cyber attack on the Pentagon’s computers was a “network administrator’s worst fear”; a USB device was
    plugged into a military laptop located on an undisclosed base in the Middle East, causing a malicious code to link highly sensitive machines to networks controlled by an unnamed foreign intelligence agency

  • Intel wants security built directly into silicon

    A consensus is emerging that the main reason for Intel’s acquisition of McAfee is that Intel wants to build directly into its hardware the kind of security features more traditionally provided by software like McAfee’s

  • Technological challenges to Intel's embedded security approach

    Embedding security in silicon faces many challenges, among them: how much can be placed into a chip, and the fact that patching hardware or firmware is when a security vulnerability is discovered, is much harder than patching software

  • Powerful GPU processor puts password security system at risk

    A readily available piece of hardware, a graphics processing unit (GPU) costing only a few hundred dollars, now brings supercomputer-level power to any desktop; this new capability puts power into many hands — and could also threaten the world’s ubiquitous password-protection model because it enables a low-cost password-breaking technique that engineers call “brute forcing”

  • Software vendors will be forced to fix vulnerabilities under deadline

    Software vendors tend to take their time fixing security vulnerabilities discovered in their products; Zero Day Initiative, which serves as a broker between security researchers who find flaws and software companies who need to fix them, says there are 122 outstanding vulnerabilities that have been reported to vendors and which have not been patched yet; the oldest on the list was reported to IBM in May 2007 and more than thirty of the outstanding vulnerabilities are older than a year; Zero Day Initiative has just announced a new policy: vendors will now have six months to fix vulnerabilities, after which time the Zero Day Initiative will release limited details on the vulnerability, along with mitigation information so organizations and consumers who are at risk from the hole can protect themselves

  • Criminals, spies dominate cyber world, with little to deter them

    White House cyber security coordinator Howard Schmidt says the U.S. economy essentially rests on safe Internet facilities; last year saw $10 trillion in online business, a figure forecast to hit $24 trillion in another decade, he noted; yet, incredibly, the business world has yet to grasp the threat that online thieves and vandals pose; almost half of small businesses don’t use antivirus software and even fewer use it properly, Schmidt warned

  • Worry: Hackers can take over power plants

    In many cases, operating systems at power plants and other critical infrastructure are decades old; sometimes they are not completely separated from other computer networks used by companies to run administrative systems or even access the Internet; those links between the administrative networks and the control systems provide gateways for hackers to insert malicious codes, viruses, or worms into the programs that operate the plants

  • Commerce Department seeks comments on cybersecurity and its impact on innovation

    The U.S. Commerce Department seeks comments from all stakeholders, including the commercial, academic and civil society sectors, on measures to improve cyber security while sustaining innovation; the department says that the Internet has become vitally important to U.S. innovation, prosperity, education, civic activity, and cultural life as well as aspects of America’s national security, and that a top priority of the department is to ensure that the Internet remains an open and trusted infrastructure, both for commercial entities and individuals

  • Five hot topics to be discussed at Black Hat and Defcon

    Among the many topics to be discussed at Black Hat, which opens today, and DefCon, which opens Friday, is SCADA networks vulnerability; many of these networks have developed a no man’s land between IT and industrial systems, and these networks’ computers are often at risk because nobody seems to take complete ownership of them; there will be a talk about where bugs show up in the infrastructure; the speaker is Jonathan Pollet, whose company, Red Tiger Security, has collected data on 38,000 vulnerabilities — and the types of exploits that have been written for them

  • First puzzle of U.K Cyber Security Challenge competition cracked

    The United Kingdom suffers from a dearth of cybersecurity experts; several private and public organizations have launched the Cyber Security Challenge competition — a series of challenges and games that would test the talent and skills of people; the challenges is built around eight key skill areas which include digital forensics, network analysis and logical thinking; enthusiasts claim they have already solved he first test of the challenge

  • Black Hat opens Wednesday in Las Vegas, DefCon to follow Friday

    Black Hat, one of the more important cybersecurity event, opens this Wednesday in Las Vegas; Black Hat gives way on Friday to DefCon, “Black Hat is a place where security researchers go to show off their work and get peer feedback,” said Jeff Moss, who founded and runs both gatherings; “DefCon is the fun stuff they don’t have time to do in their day jobs”; DefCon’s array of activities includes a lock picking village and a “capture the flag” contest to see who can break into a computer network and fend off rivals

  • New report: Apple software has the most vulnerabilities

    The usual suspects lead the list of software makers whose software come with most vulnerabilities — Apple, Microsoft, Oracle, and Adobe; new vulnerabilities report offers support to the notion that a high market share correlates with a high number of vulnerabilities

  • The worst database security breaches in the U.S., U.K.

    On 6 February 2010 AvMed Health Plans announced that personal information of current and former subscribers have been compromised by the theft of two company laptops from its corporate offices in Gainesville, Florida; the information was comprehensive, including Social Security numbers and protected health information; attempts the thwart the theft have been unsuccessful, leaving the identity data of nearly 1,100,000 vulnerable; this is only one of many cases of database breaches — and the number of cases is growing