Privacy

 

Why certain Heatbleed exposures won’t be so easy for bad guys to exploit

Heartbleed + Android: A Not-So Love Story from Lookout By Byron Acohido, Last Watchdog KINGSTON, Wash. – The security headaches raised by the Heartbleed coding flaw keep expanding. Ars Technica reporter Dan Goodin has broken stories about how the Canadian government and Yahoo Mail have been bitten by Heartbleed exploits in the wild. And there […]

A roadmap for triaging Heartbleed exposures

By Byron Acohido, Last Watchdog The acute notoriety of Heartbleed is a good thing in this sense: it ought to compel CIOs and CISOs to drill down on developing a roadmap for dealing with exposures that could run very deep. The most worrisome aspect of Heartbleed arguably is the fact that  this gaping security hole […]

Heartbleed threat should boost Always On SSL as a best practice

Web site owners who are taking a closer look at their use of the SSL/TSL cryptographic protocols in the aftermath of the disclosure of the Heartbleed bug would be wise to heed the The Online Trust Alliance’s longstanding call to adopt Always On SSL. This best practice calls for using SSL/TLS across the entire website, […]

Q&A: Why FireEye alerts failed to stop Target hackers

By Byron Acohido, Last Watchdog KINGSTON, Wash. – Target paid good money to install FireEye’s malware detection technology last year. FireEye caught the bad guys already inside Target’s network. Alerts were issued – but ignored, according to Bloomberg Businessweek. Were the tools oversold or poorly implemented? Or was dysfunction in Target management more to blame? […]

‘Snake’ cyber spying gang slithers into high-value targets

By Byron Acohido, Last Watchdog JEFFERSON BEACH, Wash. — In Greek mythology, uroburos refers to a tail-swallowing serpent. Uruburos, or Snake, is the moniker assigned to an advanced cyber spying tool recently discovered to be the  favorite of the latest cyber spying collective to be flushed out into the open by security researchers. Last month […]

Why we are ‘in the dark’ as RSA 2014 gets under way

By Byron V. Acohido SAN FRANCISCO — Complexity. That’s the  theme saturating the keynote speeches, workshops, panel discussions and product exhibits at the gaint RSA cybersecurity conference unfolding all week here at the Moscone Convention Center. Tech security vendors flock to this massive conference to drive home why enterprises and SMBs were wise to spend […]

Q&A: HVAC firm’s logon used in Target breach

SEATTLE – In his latest scoop, investigative blogger Brian Krebs makes the case that the Target vendor whose network credentials were used to tap into 110 million customer accounts may have been a heating, ventilation and air conditioning (HVAC) contractor. Krebs reports that intruders accessed Target’s network on Nov. 15, 2013 using network credentials stolen […]