Security Magazine

After Facebook, Google, Microsoft and PayPal, Apple has started offering two-factor authentication to help its customers secure their Apple IDs against hacking. Initially, two-step verification is being offered in the U.S., UK, Australia, Ireland, and New Zealand. Additional countries will be added over time, per Apple’s support website. Read more...

In a previous article I explained what an APT looked like. Most organisations I talk to believe they are not likely to be a target of an APT, the logic being that they have nothing of interest that a foreign government would need. Read more...

One of the big themes of InfoSec 2013 was APT’s. A number of talks specifically targeted (excuse the pun) this topic. The perception is that APT’s are state sponsored attacks, this perception is driven by the cost and resources required to implement this type of attack. The reality is however that if you have digital assets that are worth going after, you are at risk of this type of attacks. Read more...

I currently work for a security vendor that has over 25 years of Information Security experience, a significant majority of that experience in the Anti-Malware, Anti-Virus space. Having seen the virus distribution industry (nefarious as it is) grow from a new virus a month to over 100,000 new viruses a day, and the hacking culture morph from a teen hobbyist activity to a full fledge career choice (nefarious as it is); it is fair to say we have seen a lot and we have made it our purpose, for our existence, to understand the evolving threat landscape. Read more...

Imperva have released a whitepaper on the supposed effectiveness of Anti-Virus products. The conclusion? Anti-Virus products are less effective against malware it has not seen previously. Read more...

The UK Information Commissioner Office is starting to ramp up its efforts to ensure organisations are taking the Data Protection Act seriously. In 2012 alone the ICO has issued over eighteen organisations or individual penalties with an average cost of over £125,000 and a total cost of over £2,200,000. Read more...

Security professional that focus on web application security will have heard of WebGoat. It is a project by OWASP (Open Web Application Security Project), which is designed to teach web application security to web developer. Inspired by this project, OWASP have release a similar learning tool for iOS (using in iPhone and iPad) developers called iGoat. Read more...

This week, NIST (National Institute of Standards and Technology) has release the guidelines for managing and securing of mobile devices in the enterprise (Guidelines for Managing and Securing Mobile Devices in the Enterprise - SP 800-124 Revision 1). Read more...

Cloud computing has been one of the latest hype’s in the technological world today. It encompasses different technologies, models and platforms which allows for a more efficient computing by centralizing several resources. There are several advantages of cloud computing to companies compared to the conventional computing creating “thirst” for the cloud. Read more...

Antivirus software is a critical component in PC and server protection, but which product provides the best virus protection? Read more...

The Next Generation of Cryptography is the 923bit pairing-based cryptography and should take approximately several hundred thousand years to crack. Therefore government agencies across the globe, along with large multi-nationals are adopting the new standard. Read more...

I have been in the IT Security industry for over dozen years, before Facebook was popular, before Amazon was popular and even before Google was popular. Over the years the definition of what is secure has changed. It use to be install an Anti-Virus product and you are good to go. But now days as the internet become a must have we need to understand what security is essential for a safe browsing environment and what we can live without. Read more...

There is a new trend in IT security, Active Defence. The name sounds innocuous enough, but in reality it is a pivot point in Information Security. The concept is simple, strike back. When a hacker attacks you, you attack the hacker. Read more...

"The trouble with quotes on the internet is that it’s difficult to determine whether or not they are genuine" - Abraham Lincoln

I saw this quotation at a recent webinar and it got me thinking about how important digital content is to both my personal life and business life. Major and minor decisions are made routinely based on digital content that we have available to us. Most of us are relatively trusting people but we generally seek some reassurance of the information we use to make decisions. As an IT industry and business veteran of over 33 years I know something about the digital world, however I also decided to consult some experts who re enforced my understanding that for all the benefits of the digital world the educated professional or even gifted amateur can manipulate digital data quite easily. According to IDC, in 2010 over a zettabyte (one trillion GB) of data was created. According to same report only half of all data that should be protected is protected. Read more...

Information security awareness training can be best defined as training conducted in an organization so that the staff can understand the importance of security within an organization. Today environment, information threats can’t be left in the hand of the Information Security team as newer threats are arising from social engineering. An informed user community will ensure such threats are contained and the users are informed on what to do when an incident occurs. Read more...

Splunk, the network analysis tool provider splurged forward on its IPO. The San Fran based company sold shares at $17 apiece, raising $229. 5 million; valuing the company at $1.57 billion. On April 16, Splunk increased the proposed price range for its IPO to $11 to $13 apiece, from a prior target of $8 to $10. Read more...