During a cyber attack, every second counts. While an attack can happen in an instant, it can take months to remove it from an organization’s infrastructure. For some organizations, there can be more attacks in one hour than a well-staffed security team can address in an entire day. That's a big problem.
Historically, attackers have had the advantage over defenders by being able to choose from a broad array of tools, around-the-clock attack windows, and innumerable attack types. If one type of attack failed, an attacker could simply try again and again until vulnerabilities were discovered. Moreover, cyber attacks are easy to organize and cheap to enact.
We've looked at the two public builds of the Windows 10 Technical Preview -- the initial, disappointing, embryonic build 9841, and the very slightly less disappointing build 9860 -- but of course the best is still to come. There are many features we expect to find their way into the final build, such as Cortana, and there are sure to be many surprises. One interesting inclusion is built-in two-factor authentication.
The presence of this valuable security feature is revealed by Jim Alkove in a post on the Windows blog in which he talks about the importance of identity protection and general security. He explains that Windows 10 will start to move users away from single factor authentication -- the humble password -- in favor of more secure options.
The office supply store Staples has announced that it is investigating a possible breach of payment card data, making it the latest US store to be targeted.
The retailer has notified the relevant authorities, but has not disclosed details of the data breach publicly.
Google has long been unhappy with traditional passwords. And rightly so, they are a headache. If they are easy to remember, they can become easy to guess. There are problems with reuse, attackers are getting them through compromised third party applications, and there are more problems than I care to list. It is hard enough to follow good practice as an informed and security conscious individual -- imagine the struggle for the "non-techy".
Google has long been looking into proximity based credentials as alternatives, and placing them in objects like rings. Last Google I/O, the company released an upcoming feature in Chrome OS that uses your authorized, unlocked phone to unlock your computer simply by having them near to each other (unlocking your phone indicates you are near your computer).
Two factor authentication (or two step verification, if you prefer) is very a la mode at the moment. Actually, it has been pushed by companies for some time, but a number of high profile security problems recently has brought it back to public attention again.
Enabling the security feature usually means entering a password as normal, in addition to a passcode sent to a mobile device. Today, Google makes things a little easier for, in its own words, "particularly security-sensitive individuals" by introducing support for Security Key.
If you happened to miss it, then some background information is in order. The Marriott hotel chain, or actually one branch of it, was caught red-handed blocking Wi-Fi hotspots that its guests brought along on their trip. The hotel giant claimed security reasons, but people didn't buy the excuse. More importantly, the FCC didn't bite on it either.
It seems the Gaylord Opryland Hotel would have preferred customers to pay the exorbitant rates it charges for internet access. The Federal Communications Commission saw things differently and slapped the hotel with a $600,000 fine.
The security of the internet is an on-going concern. Whether you're online for fun, or you're conducting business, there are all manner of pitfalls you may encounter. Issues such as viruses and malware are now widely known about, but these are far from being the only security issues to concern yourself with. Security has been thrown into the limelight once again by high-profile stories like the Fappening, problems with SnapChat, concerns about the Whisper app, and the POODLE SSL 3.0 vulnerability.
A large proportion of companies and individuals are aware of the importance of anti-virus and anti-malware tools, firewalls and the like. Security tools are all well and good, but there's also a lot to be said in favor of changing online behaviors; it's something that the online community and businesses are increasingly coming to understand. Much of what this entails -- taking care about the personal information you share and educating yourself about services before you use them -- is common sense, but it bears repeating.
Snapchat has enjoyed a meteoric rise in popularity. But for software and apps popularity also means becoming a bigger target. There's been no shortage of news recently regarding systems being breached, with Kmart being the most recent victim.
In this case the victim isn't Snapchat, at least not directly, but a third-party app that uses the chat service's API. While the company is happy that so many want to use its API, it felt forced to issue a warning to the folks who decide to use these apps.
The tabloids are abuzz with tales of hackers stealing salacious celebrity selfies stored on the Cloud, and of course the furor dies with next week’s issue of People Magazine.
The thought of Cloud based business data being compromised is a different matter, and you’re right to be concerned about ubiquitous computing resulting in ubiquitous hacking attempts. Fortunately, efforts to secure the cloud are maintaining the pace of the unprecedented growth of the cloud itself.
Following all of the NSA revelations, mass surveillance has increased the general level of paranoia to be found online -- although it could be argued that not all surveillance is bad. With everyone on such high alert it's little wonder that an app that described itself as "an anonymous social network that allows people to express themselves" should be so popular. Whisper encourages users to embrace the supposed anonymity it offers and reveal secrets they would not otherwise feel comfortable sharing.
Most people are aware that they need to have some form of protection on their PC if it's attached to the internet. Yet it seems that a lot of users still don't know how to properly protect themselves.
Many believe that the security software that comes with their PC is enough to protect them. Security company Check Point ZoneAlarm has released an infographic which shows that 71 percent don’t have both a firewall and antivirus solution on their PCs.
Data breaches continue to make the news on a regular basis and payment details are high on the hacker’s shopping list when it comes to protecting information. We reported yesterday on Intel introducing a new secure solution for protecting payments and card providers are engaged in a continuing arms race to stay secure. The latest part of this is the introduction of more secure EMV (EuroPay, MasterCard and Visa) compliant payment terminals around the world. Banks are issuing the new chip cards as current cards expire or need replacement. Retailers are installing new chip-enabled terminals.
As the holiday shopping season approaches keeping your details safe as you hit the shops is at the top of many people's thoughts. We spoke to Carolyn Balfany, SVP, Product Delivery and EMV of payment card specialists MasterCard to find out about what consumers can do to help protect themselves as they shop.
We have known for quite some time that the next incarnation of Android will pack a kill switch. This feature has long been requested, as it would prevent unauthorized reuse and, therefore, make a serious dent in smartphone and tablet theft. It is even imposed under Californian law, going into effect next year. But even though Google has not mentioned it yet, the kill switch is indeed baked into Android 5.0 Lollipop.
The kill switch in Android 5.0 Lollipop is officially known as "Factory reset protection", and is offered as an opt-in feature which only works in conjunction with a passcode. After it is enabled, the user's credentials (Google account and password) are required in order to reset the device, to allow a person other than the original user to use the device as intended.
Independent testing organization AV-Comparatives has released the results of its latest Real World Protection and File Detection tests showing which security products perform best at dealing with malware.
The Real World Protection test results are based on over 600 live threats including drive-by downloads, malicious URLs, and infected email attachments. 22 products were tested and rated against the 'out of the box' protection provided by Windows (80.4 percent).