Think Information. Think Security.
 
Picture
We are currently deep in the throes of a global data center refresh cycle, driven by technology and business drivers. Virtualization and cloud computing are changing how data centers are being architected. The new threat landscape has framed the challenge of securing data and applications in a new light, and secure mobility and the extended enterprise have amplified the complexity of data center access. 

As organizations look at data center consolidation or new data center designs, it’s a great time to be thinking of security, and building it into the network architecture instead of attempting to bolt it on later. This principle of “building security into the network” isn’t new. Security architects have long espoused the benefits of doing so, as adding security after the fact is likely to increase costs and complexity. 


 
Picture
HTML5, the new Web standard that will make it easier to develop websites and applications that run on various screen sizes, is also vulnerable to stealth attacks and silent exploits, a security researcher said at the Black Hat security conference. It faces a number of threats, including cross-site scripting and resource hijacking, Shreeraj Shah, founder of application security vendor Blueinfy, told attendees at the Black Hat security conference in Las Vegas Thursday. 

Even though it is still new and evolving, attacks against the new standard is already on the rise, HTML5 pulls together many components, including XMLHttpRequest (XHR), cross-origin resource sharing (CORS), webSQL, and localstorage. In addition to the elements included in the specification such as Web messaging, Web sockets, and Canvas 2D, HTML5 includes related technologies such as SVG for graphics, CSS3 for stylesheets, Geolocation, and APIs for Calendar and File, among others.


 
Picture
South Korean police have arrested two men who allegedly stole the personal information of about 8.7 million cellphone customers from KT Corp., the second biggest mobile carrier in South Korea. The company alerted police on July 13 after detecting traces of hacking attacks. The data was collected for the last five months, starting in February 2012.

The duo developed a hacking program that stole the customers' names, phone numbers, residential registration numbers, and phone contract details of more than half of KT Corp.'s customers. Seven other people who allegedly bought and distributed the hacking program and the stolen personal data were also booked without physical detention.


 
Picture
Olympic security officials are bracing for an onslaught of cyber assaults that could easily surpass the 12 million attacks a day, or 500,000 an hour, that were logged during the Beijing Olympics four years ago. The London Olympics is particularly vulnerable because it will be the most technologically interconnected, social media-driven event yet, security analysts said.

The threats could range from hackers trying to put up a message on a scoreboard to more nefarious attempts to disrupt the games by knocking out London's electricity grid. London security officials say they are well prepared. More than 3500 information technology engineers and technicians have been assigned to monitor the Games' computer systems and networks. Atos, the IT company that is overseeing computer security for the Olympics, is monitoring more than 11,000 computers and servers from a "deployment centre" and the Games' organisers said earlier this month they were ready to repel cyber attacks.


 
Picture
Dealing with computer security can be a thankless job. Most of the times you are preventing stuff from happening and no matter how much you think these changes are necessary the people who you are protecting do not. They think that you are just being overly cautious and that there is probably nothing to worry about. Yeah, they have heard all of the black hat hacker threats but they are not worried about it. They do not think that there is a big chance that your company will be attacked so you are worried over nothing.

And sometimes that thought process can be mirrored by the people who are signing your paychecks as well. They may think that because you are doing such a good job that they might not even need you anymore. Why hire someone when we are not being attacked? You know that you are keeping the bad guys away but does anyone else? Well they will find out when that big attack eventually does happen. 


 
Picture
Researchers have unearthed new malware that turns a Mac into a remote spying platform that is able to intercept e-mail and instant-message communications. The malware uses internal microphones and cameras to spy on people in the vicinity of the OS X machine.

Backdoor.OSX.Morcut, as antivirus provider Kaspersky Lab is calling it, isn't circulating widely, but its complexity is the latest testament to the growing sophistication of malware targeting the Apple platform. It requires no administrative password to be installed, survives reboots, and targets a wide variety of applications including Skype, Adium, and MSN Messenger. "In short, if this malware managed to infect your Mac computer it could learn an awful lot about you, and potentially steal information which could read your private messages and conversations, and open your e-mail and other online accounts," according to a separate analysis published Thursday by antivirus firm Sophos.


 
Picture
In a packed room at the Black Hat computer security conference in Las Vegas yesterday, an Android smartphone was tapped with a white plastic card, and within seconds it was running malicious code that allowed an attacker to remotely access the device.

The demonstration was given by high-profile hacker Charlie Miller, who was the first person to demonstrate a way to seize control of the iPhone, in 2007, and who has demonstrated many novel attacks on Apple devices since. He outlined a number of reasons why the contactless near-field communication, or NFC, chips appearing in smartphones will bring new security worries as well as convenient new features—a talk that was the result of nine months of research. "NFC is cool [for hackers] because you don't need to have the user do anything," said Miller. In contrast, in order to compromise a computer or non-NFC phone, criminals typically have to trick users into doing something out of the ordinary, such as opening a Web page or e-mail attachment they shouldn't.


 
Picture
According to secure cloud hosting company FireHost, its users were protected from a total of 17 million cyber attacks during the period of April to June 2012. It also claimed that there was a 69% increase in SQL Injection attacks between Q1 and Q2, rising from 277,770 blocked attacks to 469,983.

SQL Injection attacks are often automated, many website owners may be blissfully unaware that their data could actively be at risk, said Chris Hinkley ,  senior security engineer  at FireHost and Todd Gleason, director of technology at FireHost, said: “Some of the data theft incidents that are reported in the media are precisely targeted, but a more substantial risk to most comes from an abundance of automated, malicious bots that attack websites in a more random fashion.”


 
Picture
Hackers penetrated the defenses of Gamigo, a free gaming website based in Germany which exposed hashed passwords, usernames and other, unspecified "additional personal data in Gamigo database. The 11 million-password leak four months later raises the possibility that users who chose the same passwords to secure other site accounts may remain at risk, since the dump contained e-mail addresses from Gmail, Yahoo, Hotmail, IBM, Siemens, ExxonMobil, and Allianz, to name a few.

The list of passwords, which were scrambled using a one-way cryptographic hash algorithm, were published earlier this month to a forum on the password-cracking website Inside Pro, according to an article published Monday by Forbes which contained 8.2 million unique e-mail addresses, including 3 million accounts from the US, 2.4 million accounts from Germany, and 1.3 million accounts from France.


 
Picture
David Jeffers over at PC World has an article up about why convenience is the enemy of security. Jeffers's premise is: "tools that make your life more convenient also tend to make it less secure. Technologies that make you more secure are also generally inconvenient." Jeffers uses the case of passwords as an example. Enforcing strong password policies can be burdensome and, yes, inconvenient. Using biometrics like facial recognition and fingerprint match can be fooled. He advocates two-factor authentication as an alternative if it's not too inconvenient.

Using password manager  for keeping track of strong passwords from all of the different sites is rapidly moving beyond the capabilities of the average human. He's much with facial recognition or perhaps voice or some other unique identifier for  convenience and security. Facial recognition, for instance. The use of own laptop, nothing stops a person from using a picture of someone. For that matter, what stops someone from cutting off a finger or cutting out an eye to use it to fool fingerprint or retina recognition.