Privacy

 

A roadmap for triaging Heartbleed exposures

By Byron Acohido, Last Watchdog The acute notoriety of Heartbleed is a good thing in this sense: it ought to compel CIOs and CISOs to drill down on developing a roadmap for dealing with exposures that could run very deep. The most worrisome aspect of Heartbleed arguably is the fact that  this gaping security hole […]

Heartbleed threat should boost Always On SSL as a best practice

Web site owners who are taking a closer look at their use of the SSL/TSL cryptographic protocols in the aftermath of the disclosure of the Heartbleed bug would be wise to heed the The Online Trust Alliance’s longstanding call to adopt Always On SSL. This best practice calls for using SSL/TLS across the entire website, […]

Q&A: Why FireEye alerts failed to stop Target hackers

By Byron Acohido, Last Watchdog KINGSTON, Wash. – Target paid good money to install FireEye’s malware detection technology last year. FireEye caught the bad guys already inside Target’s network. Alerts were issued – but ignored, according to Bloomberg Businessweek. Were the tools oversold or poorly implemented? Or was dysfunction in Target management more to blame? […]

‘Snake’ cyber spying gang slithers into high-value targets

By Byron Acohido, Last Watchdog JEFFERSON BEACH, Wash. — In Greek mythology, uroburos refers to a tail-swallowing serpent. Uruburos, or Snake, is the moniker assigned to an advanced cyber spying tool recently discovered to be the  favorite of the latest cyber spying collective to be flushed out into the open by security researchers. Last month […]

Why we are ‘in the dark’ as RSA 2014 gets under way

By Byron V. Acohido SAN FRANCISCO — Complexity. That’s the  theme saturating the keynote speeches, workshops, panel discussions and product exhibits at the gaint RSA cybersecurity conference unfolding all week here at the Moscone Convention Center. Tech security vendors flock to this massive conference to drive home why enterprises and SMBs were wise to spend […]

Q&A: HVAC firm’s logon used in Target breach

SEATTLE – In his latest scoop, investigative blogger Brian Krebs makes the case that the Target vendor whose network credentials were used to tap into 110 million customer accounts may have been a heating, ventilation and air conditioning (HVAC) contractor. Krebs reports that intruders accessed Target’s network on Nov. 15, 2013 using network credentials stolen […]

Concerns rise as hotel chains disclose data breach

SEATTLE — The disclosure of consumer data breaches at certain Marriott, Hilton, Sheraton and other major hotel chains managed by White Lodging Hotels comes as Congress is getting briefed about how cybercriminals are taking advantage of flaws in systems that collect and store sensitive data. News: White Lodging warns of breach Senators Al Franken, Dick […]