Security News & Analysis
| Thursday Sep 11, 2014
Around five million Gmail usernames and passwords were published late Tuesday on a Russian bitcoin forum. But Google has told account holders not to worry.
According to a post on Google’s online security blog, only 2 percent of the usernames and passwords might have actually worked, and Google’s automatic anti-hijacking systems would have blocked many of those login attempts.
| Tuesday Sep 2, 2014
Jumpin' Jehoshaphat, Batman! Looks like Microsoft is defending email privacy. This, after it confirmed over the weekend that it would not be handing over email data to US federal regulators.
The decision follows a ruling on Friday by a US judge, which instructed the company to turn over email stored in Ireland to US prosecutors. But Microsoft does not plan to turn over the emails, and plans to appeal, a company spokesperson said.
| Tuesday Sep 2, 2014
Traditional identity and access management strategies aren't enough anymore. As modern threats continue to emerge and evolve, organizations need a multitude of authentication technologies to control and grant access to their resources, including multi-factor authentication.
Multi-factor authentication has long been a staple for “secure” access to resources. It is usually a combination of at least two of the following:
- Something you know (e.g. password, PIN, or pattern)
- Something you have (e.g. smart card, mobile phone, X.509 certificate, hard token)
- Something you are (e.g. biometrics)
That makes means it is much stronger authentication than username and password alone.
| Thursday Aug 28, 2014
Microsoft has taken another step to secure data in SharePoint Online with the introduction of Data Loss Prevention (DLP). The only thing surprising is that it has taken this long to do it, given that Microsoft already provides DLP for Exchange, Outlook and Outlook Web App (OWA).
However, it wouldn’t make a lot of sense to introduce DLP to SharePoint Online without also applying it to OneDrive.
So Microsoft has gone ahead and done that, too. With it, users will be able to to search for sensitive content in the enterprise eDiscovery Center, but keep the content where it was originally located.
| Tuesday Aug 26, 2014
A lot of businesses and marketers spend a lot of time developing strategies around the Internet of Things (IoT). But guess what?
Recent research from the Acquity Group shows most consumers are clueless about the IoT — and companies and brands may be putting the cart before the horse by trying to sell smart technologies to consumers.
In fact, the research shows ignorance about the IoT is the biggest barrier to adoption. A stunning 87 percent of the people surveyed don’t know what it is — and consequently can't see any value in it.
| Sunday Aug 24, 2014
Today brought more hacker woes for Sony's PlayStation Network (PSN) and Sony Entertainment Network in the form of a crippling distributed denial-of-service (DDoS) attack from a vandal collective known as "Lizard Squad.”
In addition, the FBI is investigating the diversion of a flight carrying a top Sony executive amid reports of a claim that explosives were on board. An American Airlines flight carrying Sony Online Entertainment President John Smedley from Dallas to San Diego was grounded because of a bomb threat.
It appears that the same group behind the current PlayStation Network outage is responsible for the bomb threat on flight 362, which was safely diverted to Phoenix. The group, in fact, retweeted Smedley's tweet:
| Thursday Aug 21, 2014
Google is attempting to sink information pirates by processing more than one million takedown requests every day. The number of Digital Millennium Copyright Act (DMCA), requests has rocketed since Google started making the information public and looks set to grow for the rest of the year.
In the last week alone, according to figures that appeared on Google’s Transparency Report today, Google received 7.8 million requests, up 10 percent from the previous week.
| Wednesday Aug 13, 2014
You may have heard that some cyber criminals in Russia recently stole more than a billion user IDs and passwords -- yes, that's billion with a "B."
In the past year, online security and data theft has been making international headlines, as evidenced by huge security breaches at retailers like Target and Neiman Marcus.
How bad is it? With our lives becoming more digitally entwined, it makes sense that potential security threats are more visible. Think about how many times a day you exchange digital information using either an Internet connection or a mobile device.
Despite the security hysteria, experts say there are simple ways to take steps to tighten up your Internet security -- whether for your own personal or business use. CMSWire reached out to a collection of Internet security experts to find what's going on.
| Tuesday Aug 12, 2014
Hot on the heels of the CrossIdeas acquisition two weeks ago, IBM plans to buy the business operations of Lighthouse Security Group (LSG), again for an undisclosed sum.
LSG and CrossIdeas will be integrated with IBM’s existing identity and access management offering to provide a full suite of software that will protect and manage users’ identity.
| Friday Aug 8, 2014
Is the notion of online security as passé as the illusion of privacy? Maybe.
Just this week, we learned that a small group of hackers in Russia amassed a database of 1.2 billion stolen user IDs and passwords.
Hold Security, the Milwaukee, Wis.-based company that disclosed the incident, described the incident as "arguably the largest data breach known to date."
The Russian cyber gang targeted websites indiscriminately, hitting Fortune 500 companies and mom and pop sites alike. Hold Security reported the thieves "amassed more than 4.5 billion records, mostly consisting of stolen credentials. 1.2 billion of these credentials appear to be unique, belonging to over half a billion e-mail addresses."
| Friday Aug 8, 2014
As part of the growing movement toward encrypting web data, Google announced this week that it will boost the search status of web sites that use HTTPS (Hypertext Transfer Protocol Secure) to encrypt data, shedding more light on its own motivations to lock and further anonymize the web.
| Thursday Aug 7, 2014
The message today to the millions of users of WordPress and Drupal content management systems: Fire up those security updates.
The web content management system (CMS) providers released security updates this week after an industry expert tipped them off to a potential attack that shuts down websites and servers running on the WordPress or Drupal engine.
Nir Goldshlager, a security researcher from Salesforce.com's product security team, first caught the potential bug.
In a blog post, he wrote that he detected XML Denial of Service in both WordPress and Drupal. This phenomenon, he wrote, is predicated on a well-known cyber attack, known as the XML Quadratic Blowup Attack.
| Wednesday Aug 6, 2014
I've been planning on writing a Top 5 article on SharePoint administration and management for the past six months, but now that I'm finally doing it I find I must expand the scope. What's different?
The pace of change has accelerated.
Having worked in the SharePoint space for the past 10 years, it's easy to note the changes, the biggest shift being what is happening with Office 365. With OneDrive for Business, Microsoft has taken aim at the online drive space. And just as the competitors, they are trying to replace your hard drive and file shares with a cloud version, providing 1 terabyte of storage for each user.
| Thursday Jul 31, 2014
IBM seems hungry for acquisitions, even though its revenues are down two percent on the year. The latest buy comes in the shape of CrossIdeas, a Rome, Italy-based cyber security vendor.
Financial details of the deal were not disclosed, which means Big Blue probably got it relatively cheap. It also underlines IBM’s growing strength in the security space after it took third position as the biggest security vendor globally after Symantec and McAfee, pushing Trend Micros into fourth place.
| Wednesday Jul 30, 2014
Security concerns are developing faster than the Internet of Things (IoT). But HP claims it is tackling IoT related concerns head on and has identified what it describes as the top five issues for businesses to consider.
The research, carried out by Fortify, part of HP Enterprise Security Products, confirms those security concerns. It shows 70 percent of the most commonly used IoT devices contain vulnerabilities, including password security, encryption and general lack of granular user access permissions.