Data Security - Infoworld http://www.infoworld.com/t/2101 en Tests confirm Heartbleed bug can expose server's private key http://www.infoworld.com/d/security/tests-confirm-heartbleed-bug-can-expose-servers-private-key-240403?source=rss_data_security <p>Four researchers working separately have demonstrated a server's private encryption key can be obtained using the Heartbleed bug, an attack thought possible but unconfirmed.</p> <p>The findings come shortly after a challenge created by CloudFlare, a San Francisco-based company that runs a security and redundancy service for website operators.</p> Security Data Loss Prevention Data Security Encryption Open Source Software Vulnerability Assessment Web Security Mon, 14 Apr 2014 12:00:32 +0000 admin 240403 at http://www.infoworld.com Akamai admits its OpenSSL patch was faulty, reissues keys http://www.infoworld.com/d/security/akamai-admits-its-openssl-patch-was-faulty-reissues-keys-240405?source=rss_data_security <p>Akamai Technologies, whose network handles up to 30 percent of all Internet traffic, said Sunday a researcher found a fault in custom code that the company thought shielded most of its customers from the <a href="http://www.infoworld.com/t/security/5-no-bull-facts-you-need-know-about-heartbleed-right-now-240269">Heartbleed bug</a>.</p> <p>As a result, Akamai is now reissuing all SSL (Secure Sockets Layer) certificates and security keys used to create encrypted connections between its customer's websites and visitors to those sites.</p> Security Data Security Encryption Open Source Software Vulnerability Assessment Web Security Mon, 14 Apr 2014 11:45:35 +0000 admin 240405 at http://www.infoworld.com Twitter says it dodged the horrors of Heartbleed http://www.infoworld.com/d/security/twitter-says-it-dodged-the-horrors-of-heartbleed-240220?source=rss_data_security <p>Twitter was not affected by the <a href="http://www.infoworld.com/d/security/heartbleed-bug-in-openssl-puts-encrypted-communications-risk-240054" target="_blank">Heartbleed</a> Internet vulnerability that rocked the Web security world this week, making one less password consumers need to change to protect themselves, but users still need to be careful how they respond to the threat.</p> Security Data Security Encryption Hacking Thu, 10 Apr 2014 10:57:06 +0000 admin 240220 at http://www.infoworld.com World hit by record wave of 'mega' data breaches in 2013 http://www.infoworld.com/d/security/world-hit-record-wave-of-mega-data-breaches-in-2013-240161?source=rss_data_security <p>What do Target, AOL, LivingSocial, Evernote, and Adobe have in common with one another? Answer: they were all victims of huge data breaches during 2013, part of a phenomenon that a new Symantec report calcuates has reached epidemic levels.</p> Security Cyber Crime Data Security Hacking Wed, 09 Apr 2014 14:36:46 +0000 admin 240161 at http://www.infoworld.com 'Heartbleed' bug in OpenSSL puts encrypted communications at risk http://www.infoworld.com/d/security/heartbleed-bug-in-openssl-puts-encrypted-communications-risk-240054?source=rss_data_security <p>Computer security experts are advising administrators to patch a severe flaw in a software library used by millions of websites to encrypt sensitive communications.</p> <p>The flaw, nicknamed "Heartbleed," is contained in several versions of <a href="http://www.openssl.org/" target="_blank">OpenSSL</a>, a cryptographic library that enables SSL (Secure Sockets Layer) or TLS (Transport Security Layer) encryption. Most websites use either SSL or TLS, which is indicated in browsers with a padlock symbol.</p> Security Data Security Encryption Hacking Tue, 08 Apr 2014 11:10:18 +0000 admin 240054 at http://www.infoworld.com Businesses face rising political pressure from data breaches http://www.infoworld.com/d/security/businesses-face-rising-political-pressure-data-breaches-239953?source=rss_data_security <p>The data breaches like the one at Target and more recently a unit of credit bureau Experian are fueling consumer protection efforts that could have an impact on business.</p> <p>Last week, the Federal Trade Commission urged Congress to pass national breach notification legislation, while in California, a bill introduced recently in the state Legislature would ban businesses from storing certain customer data for long periods of time.</p> Security The Industry Standard Federal Regulations Data Security Security Mon, 07 Apr 2014 12:25:50 +0000 admin 239953 at http://www.infoworld.com Yahoo turns on encryption between data centers http://www.infoworld.com/d/networking/yahoo-turns-encryption-between-data-centers-239756?source=rss_data_security <p>Yahoo said Wednesday it was encrypting traffic flowing between its data centers, several months after leaked documents revealed the government had been sniffing those links.</p> Networking Security Yahoo Internet Data Loss Prevention Data Security Encryption Internet Privacy Web Services Search Engines Social Networking Video Conferencing Thu, 03 Apr 2014 12:19:19 +0000 admin 239756 at http://www.infoworld.com Bank pulls out of class-action suit against Target, Trustwave http://www.infoworld.com/d/security/bank-pulls-out-of-class-action-suit-against-target-trustwave-239462?source=rss_data_security <p>One of the two banks suing Target and security vendor Trustwave over responsibility for one the largest data breaches in history has pulled out of the lawsuit.</p> <p>Trustmark National Bank, of New York, filed a <a href="https://www.documentcloud.org/documents/1099613-notice-of-dismissal-by-trustmark.html" target="_blank">notice of dismissal</a> of its claims on Friday in U.S. District Court for the Northern District of Illinois.</p> Security Data Security Mon, 31 Mar 2014 11:28:42 +0000 admin 239462 at http://www.infoworld.com The NSA's spying has in fact hurt U.S. cloud providers http://www.infoworld.com/d/the-industry-standard/the-nsas-spying-has-in-fact-hurt-us-cloud-providers-239168?source=rss_data_security <div id="tw-edit" style="padding: 8px; background: none no-repeat scroll center top #ffffff; position: relative; float: right; width: 243px; height: 182px;"><img src="http://www.infoworld.com/sites/infoworld.com/files/media/image/04OPsecadvise_hp_1.jpg" alt="The NSA's spying has in fact hurt U.S.</div> Cloud Computing Security The Industry Standard Edward Snowden Cloud Security Data Security Hacking Government Thu, 27 Mar 2014 10:00:00 +0000 Bill Snyder 239168 at http://www.infoworld.com Cyber security expert: Internet of things is 'scary as hell' http://www.infoworld.com/d/networking/cyber-security-expert-internet-of-things-scary-hell-239104?source=rss_data_security <p>The terms "Internet of things" (IoT) and "connected home" are two of the trendiest buzzwords in the technology world today. And while both clearly offer very real potential, they also introduce their own share of risk, particularly if they're not approached with caution, according to Jerry Irvine, an owner and CIO of IT outsourcing services firm, <a href="http://www.prescientsolutions.com/" target="_blank">Prescient Solutions</a>.</p> Networking Security Internet of things Cyber Crime Data Security Intrusion Detection Wed, 26 Mar 2014 12:07:02 +0000 admin 239104 at http://www.infoworld.com Security vendor Trustwave named in Target data breach suit http://www.infoworld.com/d/security/security-vendor-trustwave-named-in-target-data-breach-suit-239119?source=rss_data_security <p>Security vendor Trustwave was accused in a class-action suit of failing to detect the attack that led to <a href="http://www.infoworld.com/d/security/target-now-says-70-million-affected-data-breach-233966">Target's data breach</a>, one of the largest on record.</p> <p>Target, which is also named as a defendant, outsourced its data security obligations to Trustwave, which "failed to live up to its promises or to meet industry standards," alleged the suit, filed Monday in U.S. District Court for the Northern District of Illinois.</p> Security Cyber Crime Data Security Intrusion Detection Malware Wed, 26 Mar 2014 11:45:46 +0000 admin 239119 at http://www.infoworld.com Worried about the government? Internet giants also snoop through your email http://www.infoworld.com/d/security/worried-about-the-government-internet-giants-also-snoop-through-your-email-238911?source=rss_data_security <p>Security protections have been tightened at many of the major online services, as firms like Google and Microsoft pledge to protect their users against unwanted prying eyes. But while many people fret about unwarranted government access to their data, the Internet firms themselves play by their own set of rules.</p> Security Google Microsoft Yahoo Internet Data Security Internet Privacy Mon, 24 Mar 2014 11:42:43 +0000 admin 238911 at http://www.infoworld.com Don't blame Android for being like a PC http://www.infoworld.com/d/mobile-technology/dont-blame-android-being-pc-238437?source=rss_data_security <div id="blog-edit" style="padding: 8px; background: none no-repeat scroll center top #ffffff; position: relative; float: right; width: 243px; height: 192px;"><img src="http://www.infoworld.com/sites/infoworld.com/files/media/image/android_security.jpg" alt="Don't blame Android for being like a PC" width="243" height="182" align="right" /><br /><em><p align="right">Credit: iStockphoto</p> Mobile Technology Security Android Anti-spyware Anti-virus Data Security Fri, 21 Mar 2014 10:00:00 +0000 Galen M. Gruman 238437 at http://www.infoworld.com Court approves first-of-its-kind data breach settlement http://www.infoworld.com/d/security/court-approves-first-of-its-kind-data-breach-settlement-238550?source=rss_data_security <p>Courts have generally tended to dismiss consumer class-action lawsuits filed against companies that suffer data breaches if victims can't show that the the breach directly caused a financial hit.</p> <p>A federal court in Florida broke the mold by approving a $3 million settlement for victims of a data breach in which personal health information was exposed when multiple laptops containing the unencrypted data were stolen.</p> Security Cyber Crime Data Loss Prevention Data Security Tue, 18 Mar 2014 11:40:14 +0000 admin 238550 at http://www.infoworld.com The bad guys have your credit card info -- so what? http://www.infoworld.com/d/security/the-bad-guys-have-your-credit-card-info-so-what-238558?source=rss_data_security <div id="tw-edit" style="padding: 8px; background: none no-repeat scroll center top #ffffff; position: relative; float: right; width: 243px; height: 182px;"><img src="http://www.infoworld.com/sites/infoworld.com/files/media/image/IFW_Hacking3.jpg" alt="The bad guys have your credit card info -- so what?" width="243" height="182" align="right" /></div> <p>I'm constantly perplexed by the sensational headlines claiming this or that breach resulted in millions of credit cards being stolen.</p> Security Cyber Crime Data Security Hacking Identity Management Tue, 18 Mar 2014 10:00:00 +0000 Roger A. Grimes 238558 at http://www.infoworld.com At Cebit opening ceremony, data privacy takes center stage http://www.infoworld.com/t/computer-hardware/cebit-opening-ceremony-data-privacy-takes-center-stage-238031?source=rss_data_security <p>Protecting privacy was on the minds of almost all the dignitaries assembled in Hanover, Germany, on Sunday night to open this year's Cebit trade show, the theme of which is "datability," or big data with responsibility.</p> <p>Referring to the accelerating accumulation of digital data, German Chancellor Angela Merkel said: "This digital world has to be given a legal framework, an underlying order. We're only at the beginning of that. National laws alone will not suffice."</p> Computer Hardware Security Data Security Internet Privacy Computer Hardware Government Mon, 10 Mar 2014 12:04:35 +0000 admin 238031 at http://www.infoworld.com The paranoid's survival guide: How to protect your personal data http://www.infoworld.com/d/security/the-paranoids-survival-guide-how-protect-your-personal-data-237493?source=rss_data_security <p>Who says privacy is dead? While it's true that marketers, the government, data aggregators and others are gathering and analyzing more data than ever about every individual, you can still exert some control over what's out there, who's tracking you and what they do with that information.</p> Security Data Security Internet Privacy Mon, 03 Mar 2014 15:24:50 +0000 admin 237493 at http://www.infoworld.com Sears says it finds no evidence of data breach -- yet http://www.infoworld.com/d/security/sears-says-it-finds-no-evidence-of-data-breach-yet-237471?source=rss_data_security <p>Sears Holdings said a review of its systems does not show evidence yet of a data breach as retailers continue to stay on guard in the light of payment card terminal hacking at <a href="http://www.infoworld.com/d/security/target-says-40-million-cards-likely-skimmed-in-security-breach-232946">Target </a>and Neiman Marcus.</p> <p>The department store chain, with 2,500 stores in the U.S. and Canada, is the latest company to say it is investigating a possible breach, following the hotel management company White Lodging Services and the arts and crafts chain Michaels.</p> Security Cyber Crime Data Loss Prevention Data Security Hacking Mon, 03 Mar 2014 15:13:05 +0000 admin 237471 at http://www.infoworld.com Security firm spots suspicious 'Uroburos' rootkit: Is this Russia's Stuxnet? http://www.infoworld.com/d/security/security-firm-spots-suspicious-uroburos-rootkit-russias-stuxnet-237474?source=rss_data_security <p>'Uroburos' is an advanced rootkit that has been infecting networks since as far back as 2011, quietly stealing data after setting up rogue P2P networks within its high-level targets.</p> Security Data Security Malware Mon, 03 Mar 2014 12:36:03 +0000 admin 237474 at http://www.infoworld.com Gameover malware tougher to kill with new rootkit component http://www.infoworld.com/d/security/gameover-malware-tougher-kill-new-rootkit-component-237430?source=rss_data_security <p>A new variant of the Gameover malware that steals online banking credentials comes with a kernel-level rootkit that makes it significantly harder to remove, according to security researchers from Sophos.</p> <p>Gameover is a computer Trojan based on the infamous Zeus banking malware whose source code was leaked on the Internet in 2011. Gameover stands apart from other Zeus-based Trojan programs because it uses peer-to-peer technology for command and control instead of traditional servers, making it more resilient to takedown attempts.</p> Security Microsoft Windows Cyber Crime Data Security Encryption Intrusion Detection Malware Vulnerability Assessment Fri, 28 Feb 2014 20:12:16 +0000 admin 237430 at http://www.infoworld.com