Doug Vitale Tech Blog

Latest IT news and commentary

Decrypt SSL traffic to detect hidden threats

CSO Online, 2 Feb 2016 – The percentage of encrypted Internet traffic continues to grow, creating a space where not only private information but also criminals can travel about undetected. While the exchange of information via the Internet is secured, bad guys can also linger unnoticed. Criminals, of course, know this and use it to their advantage, cloaking their attacks within Transport Layer Security (TLS) or Secure Sockets Layer (SSL) traffic. [More]

Cloud Security: It’s Become A People Problem

Dark Reading, 29 Jan 2016 – Times have changed and even former hold-outs in regulated industries have warmed to cloud technology. Last year, US Chief Information Officer Tony Scott called for organizations to “get to the cloud as fast as [they] can” for better security, and a recent survey from the Cloud Security Alliance confirmed this attitude among rank and file IT professionals, with 64.9% of respondents describing cloud software as a service as secure or more secure than on-premises software. [More]

Panda Security Spotted Over 80 Million New Malware Samples in 2015

InfoSecurity Magazine, 28 Jan 2016 – Over a quarter of all the malware ever recorded appeared in 2015, according to startling new statistics from Panda Security. PandaLabs researchers claimed to have seen a staggering 84 million new malware samples last year, which equates to a daily average of 230,000 and marks an increase of nine million from 2014. [More]

Cybersecurity much more than a compliance exercise

CSO Online, 21 Jan 2016 – In a poll of more than 1,100 security executives around the world, 91 percent of respondents consider their organization to be vulnerable to internal or external data threats. And yet, 64 percent of respondents express the view that compliance is a “very” or “extremely” effective strategy in staving off data breaches, up six percentage points from last year’s survey. [More]

The five big lies of the encryption debate

TheVerge, 12 Jan 2016 – The FBI loves to talk about criminals and terrorists “going dark” — a scary way of saying “talking in a manner not accessible by court order.” If only Apple and Google would stop them from going so dark! The phrasing is important: “going dark” suggests they weren’t in the dark already. We used to be able to listen in, and now we can’t. [More]

The cloud and the Internet of Things are inseparable

InfoWorld, 12 Jan 2016 – The annual Consumer Electronics Show (CES) last week featured plenty of cloud-related announcements from a wide variety of companies. Indeed, most new devices, from refrigerators to cars, have a massive cloud-based back end. The cloud components of these technologies are becoming more systemic. Indeed, the cloud is assumed. More and more, people expect everything to be connected. No matter if it’s a washer and dryer, a refrigerator, or a car, they all communicate or will communicate with cloud servers. [More]

Could a Privacy Breach be Deadly?

Eradium, 9 Jan 2016 – How dangerous are potential consequences of a privacy breach? So far we heard about cases with multi-million dollar financial losses, damage to a brand reputation, and executive career crashes. Could a privacy breach lead to a loss of human life? [More]

602 Gbps – Possible Largest DDoS Attack in History

Hacker News, 9 Jan 2016 – The group calling itself New World Hacking claimed responsibility for taking down both the BBC’s global website and Donald Trump’s website last week. The group targeted all BBC sites, including its iPlayer on-demand service, and took them down for at least three hours on New Year’s Eve. [More]

And the cloud provider with the best uptime in 2015 is…

NetworkWorld, 9 Jan 2016 – An analysis of downtime at IaaS public cloud providers in 2015 by CloudHarmony reveals that despite having the largest cloud offering on the market, Amazon Web Services had the least amount of outages among major vendors. CloudHarmony, which is owned by Gartner, monitors the health status of providers by spinning up workload instances in the public cloud and constantly pinging them. [More]

Antivirus software could make your company more vulnerable

CIO, 8 Jan 2016 – Since June, researchers have found and reported several dozen serious flaws in antivirus products from vendors such as Kaspersky Lab, ESET, Avast, AVG Technologies, Intel Security (formerly McAfee) and Malwarebytes. Many of those vulnerabilities would have allowed attackers to remotely execute malicious code on computers, to abuse the functionality of the antivirus products themselves, to gain higher privileges on compromised systems and even to defeat the anti-exploitation defenses of third-party applications. [More]

Dutch govt. says no to backdoors, slides $540k to OpenSSL

The Register, 4 Jan 2016 – The Dutch government has formally opposed the introduction of backdoors in encryption products. A government position paper, published by the Ministry of Security and Justice on Monday and signed by the security and business ministers, concludes that “the government believes that it is currently not appropriate to adopt restrictive legal measures against the development, availability and use of encryption within the Netherlands.” [More]

Cybersecurity as a Competitive Advantage

Bank Info Security, 4 Jan 2016 – Cybersecurity strategies must align with business objectives, but that’s difficult because most boards of directors don’t understand security, says Lance Hayden, managing director at the consultancy Berkeley Research Group. As organizations develop a better understanding of cybersecurity, they’ll “start realizing there is so much more to this in terms of what we can do with it strategically than just making sure that things don’t break on our watch,” Hayden says. “Boards that get ahead of that curve and figure out how to leverage it as an asset are going to see themselves … pulling ahead of their competitors, because they’re going to use cybersecurity as part of their portfolio of strategic assets. [More]

Human Behavior as the “Biggest Threat to Company Security”

Information Security Buzz, 4 Jan 2016 – Global security intelligence and information management technology company Nuix has released the findings from a new survey of corporate information security practitioners that indicates a move toward a stronger focus on insider threats and more understanding of cybersecurity issues at the board level. The report found that there’s a greater focus on insider threats since the first report was conducted in 2014. Nearly three-quarters (71%) of respondents reported that they have an insider threat program or policy, and 14% said that they allocate 40% or more of their budget to insider threats. [More]

The Biggest Security Threats We’ll Face in 2016

Wired, 1 Jan 2016 – Hackers are nothing if not persistent. Where others see obstacles and quit, hackers brute-force their way through barriers or find ways to game or bypass them. And they’ll patiently invest weeks and months devising new methods to do so. Here’s our take on what to expect in 2016: extortion hacks, attacks that change or manipulate data, chip-and-pin attacks, the rise of the IoT zombie botnet, and more backdoors. [More]

Archive (search for keywords with site search engine)

November – December 2015
September – October 2015
July – August 2015
May – June 2015
March – April 2015
January – February 2015

November – December 2014
September – October 2014
July – August 2014
May – June 2014
March – April 2014
January – February 2014

November – December 2013
September – October 2013
July – August 2013
May – June 2013

Written by Doug Vitale

July 31, 2013 at 12:13 PM

%d bloggers like this: