|
|
Free Newsletters
|
|
|
|
|
|
IT trainer offers master's degree for hackers In an effort to produce the next generation of chief security officers and IT systems defense experts, an online training company is offering a new master's degree program in security science. France drags its feet on online security With Internet fraud on the rise, French banks and merchants are not putting in place antifraud technology to catch bad online transactions, an official from France's central bank said Thursday. September 27, 9:23 a.m. PDT Security experts pitch 'culture of data' The companies that are having the most success in advancing their data security efforts today are those that are finding a way to protect sensitive information without getting in the way of business users, industry experts maintain.  September 25, 2:53 p.m. PDT Security outsourcing on the rise As one of the world's largest outsourcing providers, Wipro Technologies is ramping up its security services business in a big way. September 20, 2:30 p.m. PDT Fear of insider threats hits home The more money that companies spend on securing their IT operations from external attack, the more it seems they become aware that the potential threat posed by their own employees remains their most significant risk. September 18, 10:42 a.m. PDT Mobile phones with SafePass help secure BofA online banking Bank of America customers can now use their mobile phones to make online banking more secure. September 11, 5:49 a.m. PDT Security researcher intercepts embassy passwords from Tor A security researcher who collected thousands of sensitive e-mails and passwords from the embassies of countries such as Russia and India blamed systems administrators on Monday for not using encryption to shield their traffic from snooping. September 10, 6:20 a.m. PDT Forrester security show stresses risk management Enterprise security decision makers have long been more likely to be swayed by flashy new technologies than by the notion of comprehensive IT restructuring to protect data and other corporate assets, but the situation is evolving rapidly, according to experts participating in Forrester Research's ongoing Security Forum. September 5, 11:33 a.m. PDT Oracle buys Bridgestream for employee role mapping Oracle has acquired Bridgestream, a maker of software that helps companies map employee responsibilities, Oracle said Wednesday. September 5, 7:32 a.m. PDT FBI: Enterprises need counterintelligence The Chinese government has denied involvement in a series of hacks carried out against IT systems at the Pentagon in June this week, but the threat of technology-driven espionage has forced the FBI to push businesses and academic institutions to better prepare for such attacks. September 4, 3:45 p.m. PDT Intel's vPro chips in more security for businesses With the introduction of its latest vPro microprocessors on Monday, Intel contends it is injecting a heavy dose of new security capabilities for the benefit of business customers and third-party technology providers alike. August 27, 8:00 a.m. PDT Intel adds desktop NAC to latest chips Intel's move to provide new integration with NAC (network access control) tools in its latest vPro desktop processors could provide interesting opportunities for use with the device authentication systems while further strengthening the technology standards it supports, according to industry watchers. August 27, 8:00 a.m. PDT Get paranoid: Information brokers are bungling your data Anybody who requests a background or credit check on you -- or provides them to others -- has a ton of sensitive information about you that (a) may not be accurate and (b) is highly vulnerable to spills. That includes data brokers, credit bureaus, banks, insurance companies, cell carriers, and your employer. August 27, 3:00 a.m. PDT Get paranoid: Your Wi-Fi net is wide open Got a secure Wi-Fi connection? Good for you. But your neighbors may not be so lucky. August 27, 3:00 a.m. PDT Get paranoid: The Feds are on your tail If the National Security Agency is spying on you, you're probably connected in some way to a terrorist investigation -- even if it's just because you invited your neighbor Ahmed over for a barbecue. August 27, 3:00 a.m. PDT Get paranoid: Your boss is watching Ever get the feeling your boss -- or your boss's IT department -- is lurking through the network, spying on you? Odds are quite good your instinct is right. And the bigger the organization, the more likely it monitors employees' e-mail, IM, or Web surfing. August 27, 3:00 a.m. PDT Get paranoid: There's a spook in your inbox Remember when the CIA was a dark, malevolent force lurking in the shadows of our lives, tapping our phones, reading our mail, and planting explosive devices in Castro's cigars? Well, they're baaaack. Only now it's the National Security Agency, and they're snooping into your e-mail, cell phone conversations, and Lord knows what else. August 27, 3:00 a.m. PDT Get paranoid: You are your own worst enemy Got a MySpace page? LinkedIn résumé? Facebook profile? August 27, 3:00 a.m. PDT Get paranoid: Your ISP knows too much If you think Google knows more about you than your parents do, imagine the kind of dope your ISP could drop if pushed to give up the goods. August 27, 3:00 a.m. PDT Get paranoid: Hollywood wants to terminate you No, the Recording Industry Association of America and the Motion Picture Association of America aren't spying on you. They've got people for that, specifically companies such as BayTSP and SafeMedia, which infiltrate peer-to-peer networks so they can record file swappers' IP addresses and the types and number of files they're sharing. An IP address isn't proof positive of your identity, but it's good enough for most civil suits -- unless, of course, it belongs to a dead person or someone who doesn't actually own a computer. August 27, 3:00 a.m. PDT Security SaaS maturing fast Security technologies delivered via the SaaS (software-as-a-service) business model may still be in their nascent stage, but some early adopters are already piecing together multiple offerings to outsource a significant portion of their IT systems defense infrastructure. August 22, 11:06 a.m. PDT Government-industry security group expands The Transglobal Secure Collaboration Program (TSCP), an IT security standards consortium that includes heavyweights such as the U.S. Department of Defense (DoD) and many of the largest government contractors in the world, is looking to broaden its ranks. August 14, 1:15 p.m. PDT Apps security to dominate Black Hat Black Hat kicks off this week in Las Vegas with a big shift in focus from Internet viruses to application security. July 31, 3:00 a.m. PDT Weird tech: Clearing the fog of war with text messaging Regardless of one's stance on armed conflict, the death of servicemen by friendly fire is a troubling eventuality of war that stirs a very high level of discomfort in all. In the confusion of battle, the risk of being wounded or killed by comrades-in-arms is by no means trivial, and while the Pentagon states that the rate of deaths by friendly fire has diminished in recent conflicts, it still occurs in Afghanistan and Iraq. July 30, 3:00 a.m. PDT Take a byte out of ID crime More than a year after President Bush commissioned a task force on the topic, the Department of Justice has finally drawn up legislation to combat identity theft. And if the DoJ's efforts remain consistent with the objectives stated in the task force's strategic plan (PDF), the new bill could in fact mark significant progress in protecting personal identity data. July 27, 3:00 a.m. PDT Identity framework moves into next phase The Liberty Alliance Project has started developing technical specifications for how companies can protect sensitive personal data within their IT systems and securely share that data with other organizations. July 25, 4:43 p.m. PDT Organized crime infiltrates financial IT In Martin Scorsese's hit movie "The Departed," actor Matt Damon plays the part of a mole -- someone who helps his connected mob friends stay a step ahead of the cops by becoming one of the very law enforcement officials assigned to stop them. July 23, 11:14 a.m. PDT Piecing together IBM's security puzzle IBM owns some of the world's leading IT security talent, products, and services, but executives with the massive company say it will likely never aim to become what people might label as a true "security vendor." July 23, 3:00 a.m. PDT Texas state Web site leaks sensitive information Troy Aikman may not be happy about it, but the State of Texas has made his address and social security number available via the Internet. July 19, 4:52 a.m. PDT Oracle to buy ID theft detection company Bharosa While most of Oracle's recent purchases have focused on growing its applications business, the vendor's latest proposed purchase will beef up its growing identity management operation. July 18, 8:52 a.m. PDT Mounting scrutiny for Google security Much as the ubiquity of Microsoft's Windows operating system and Office productivity tools has made the software giant a focal point of security research, search giant Google is facing new scrutiny as it diversifies its products and moves further into the business environment. July 12, 4:24 p.m. PDT Secret Service helps bust ID, credit card theft rings The U.S. Secret Service has cracked down on an international ID theft ring that is responsible for more than $14 million in fraud losses, the agency said Monday. June 25, 4:15 p.m. PDT UK delays procurement for ID, passport projects The U.K. is delaying the start of the procurement process for the IT systems that will eventually issue ID cards for an estimated 50 million U.K. citizens over the next decade. June 25, 6:10 a.m. PDT Cisco pushes IronPort smarts to firewalls Cisco Systems will begin offering IronPort's security filtering tools to its firewall customers after the networking giant's acquisition of the company closes on June 25. June 22, 10:05 a.m. PDT Homeland Security to detail IT attacks Officials from the U.S. Department of Homeland Security will hold a hearing on Capitol Hill on June 20 to discuss the findings of an investigation into the agency's own problems in battling electronic attacks and IT systems intrusions. June 15, 11:26 a.m. PDT Helping retailers wipe ID data issue When data breach investigator Bryan Sartin gets a call to check into an incident involving customer records loss at a retailer, he knows that the situation most likely involves information that has been lifted from a company's point-of-sale systems. June 13, 8:44 a.m. PDT Germany adds digital fingerprints to passports Germany will store digital fingerprints in addition to digital photos in passports as one of several biometric security measures planned to fight organized crime and international terrorism. June 8, 8:20 a.m. PDT 2007 InfoWorld CTO 25: Aristotle Balogh Here in San Francisco, where the San Andreas fault shifts the ground beneath our feet, most of us try to ignore the fact that the Big One is coming. At VeriSign offices down the road in Mountain View, they worry about a different kind of Big One -- namely, a cataclysm that wipes out the Internet. Not only that, they pin all the responsibility for survival on a single guy: CTO Ari Balogh. June 8, 3:00 a.m. PDT Vendors seek unity on identity protocols Microsoft will participate in a meeting later this month with vendors and organizations that are backing several different identity management systems, an indication that cooperation between the software giant and its peers is improving. June 6, 5:10 a.m. PDT Microsoft unveils integrated security Microsoft shared details of its long-term security product strategy as part of its ongoing TechEd 2007 training conference on June 4, lifting the lid on plans to deliver an integrated suite of its software by mid-2009. June 4, 7:24 a.m. PDT EMC buys authentication service provider Verid Looking to extend its RSA division's authentication product line, EMC has purchased identity verification services vendor Verid. June 4, 4:21 a.m. PDT 2007 InfoWorld CTO 25: Sekhar Sarukkai Lots of executives feel a sense of entitlement. Sekhar Sarukkai, CTO and co-founder of Securent, actually develops software to manage it. June 4, 3:00 a.m. PDT Microsoft, TCG get closer on NAC The Trusted Computing Group (TCG) is tying its authentication software standard to Microsoft's proprietary network access protection platform -- a move that leaders in the network access control (NAC) segment tout as a major step toward getting products made by different vendors to work together. May 21, 8:20 a.m. PDT Update: Verizon Business to acquire Cybertrust Verizon Communications Inc.'s Business unit plans to acquire managed security vendor Cybertrust in an effort to pump up its cybersecurity offerings, Verizon announced Monday. May 14, 11:45 a.m. PDT Social Security, spyware bills go to House vote The House Energy and Commerce Committee unanimously approved a pair of bills on May 10 that aim to bolster consumers' protection against misuse of their social security numbers and computer-borne spyware. May 11, 11:23 a.m. PDT Building trust in downloads no simple feat The Truste group's goal of creating an online ecosystem through which software makers are held accountable for the functions of their programs and end users are given the power to keep unwanted applications off their devices won't be achieved easily, according to security researchers and participants in the nonprofit's Trusted Downloads project. May 10, 5:04 p.m. PDT Symantec pitches rootkit tech as Veritas validation Some industry watchers may still question why Symantec moved to acquire storage software maker Veritas for $10.2 billion in 2004, but the fruits of the companies' combined labors are already proving the deal as a winner, according to executives with the massive security firm. May 9, 4:26 p.m. PDT Infrastructure security powers up He may not have known it at the time, but Lonnie Charles Denison helped prove the need for tighter security at many infrastructure businesses when he launched a multifaceted attack against California Independent System Operator, a quasi-governmental agency responsible for management of the state's power grid. May 9, 4:17 a.m. PDT UK tightens border controls through biometrics The British government -- beset by fears of terrorists, crime, and illegal immigration -- has drawn up wide plans to drop a tight electronic curtain over its borders over the next seven years. It is testing several technologies as part of its "e-Borders" program, which aims for more thorough oversight over travelers coming to the U.K. May 3, 9:28 a.m. PDT VeriSign to use one-time passwords for bank cards VeriSign Inc. is looking to offer bank cards with an integrated one-time password generator, a slimmer way than key chains to implement two-factor authentication. May 2, 7:03 a.m. PDT Making sense of Websense's SurfControl buyout Websense's $400 million buyout offer for rival network filtering specialist SurfControl should help position the two companies for short-term growth and possible acquisition in the future, according to market watchers. May 1, 11:27 a.m. PDT Olympics to bring London IT security challenges Britain's IT industry is likely to see business surge as London prepares to spend at least £1 billion ($2 billion) on security when it hosts the 2012 Olympics. April 24, 9:58 a.m. PDT Bottom line impact of data breaches unclear Despite the fact that unwanted exposure of consumer data has become a hot-button issue in the media and among legislators nationwide, experts admit that it remains unclear just how much damage the events will cause to the finances and reputations of companies that experience major incidents. April 13, 3:01 p.m. PDT McAfee: Cyber-crime will continue to pay The latest research report from McAfee's Avert Labs paints a frightening picture for enterprise IT administrators and end-users, predicting continued maturation of cyber-crime and the technological means being used to carry out external attacks. April 10, 9:00 p.m. PDT When identity theft becomes standard operating procedure TJX Companies suffers a long-term hacker breach and information related to more than 45 million credit cards is accessed by unauthorized parties. To put this in perspective, there are only about 180 million adults in the United States (out of more than 300 million people). If you assume that most of those adults have some form of available credit (many won’t because of personal choice, incarceration, bankruptcy, etc.), this breach alone compromised a quarter of the U.S. population’s cards. April 6, 3:00 a.m. PDT Debate lingers over federal data-handling laws Even as the federal government appears poised to create new consumer data protection laws in 2007, businesses and privacy advocates in the United States remain at odds over the parameters of such legislation and its potential impact. April 3, 6:59 p.m. PDT ShmooCon hacker event gets under way The third annual ShmooCon convention kicked off in Washington, D.C., on March 23 and will run throughout the weekend with a series of lectures and presentations covering a wide range of enterprise security issues. March 23, 2:12 p.m. PST TJX stolen data used in Florida crime spree Law enforcement officials in Florida have arrested six individuals suspected of carrying out a fraud scheme built around the misuse of credit card data stolen from retailer TJX Companies. March 21, 9:25 a.m. PST Liberty releases new client ID specifications The Liberty Alliance released a new set of specifications aimed at protecting identity information transmitted by mobile devices during Web-based transactions. March 21, 4:39 a.m. PST Liberty Alliance offers guide for identity roll-out The Liberty Alliance Project has published a document outlining the legal issues enterprises should consider when networking their Web applications and identity systems with those of other businesses. March 7, 6:04 a.m. PST Sun releases Java Enterprise System 5.0 Sun Microsystems has released a new version of its Java Enterprise System (Java ES) set of subscription-based enterprise middleware with the emphasis on making the offering more modular. March 2, 8:36 a.m. PST Microsoft pledges support for OpenID Microsoft Corp. has thrown its weight behind OpenID, an emerging Web authentication standard. February 6, 10:46 a.m. PST Oracle submits identity framework to Liberty Alliance Oracle has released a technology and policy blueprint for how organizations can exchange sensitive identity information among applications. February 6, 7:55 a.m. PST Enemy inside the firewall Corporate security lapses are once again sweeping the news hour, but these days the culprit is just as likely to be an inside source -- a paid employee at a reputable company -- as a hacker doing evil somewhere in a Moscow basement. February 2, 3:00 a.m. PST Europe preps for battle with U.S. over traveler data The European Parliament has delayed a vote on how to react to the U.S.' growing appetite for personal information about European citizens, in order to intensify its opposition. February 1, 7:29 a.m. PST Gemalto sees online safety in USB smart card At next week's RSA Conference in San Francisco smart card vendor Gemalto will introduce new technology designed to give online shoppers an easy way to log on to their accounts using a smart card device that plugs into any PC. January 31, 4:51 a.m. PST Portal aids development of identity-based apps A new portal has been launched to help developers who are building applications using identity management technology. January 23, 9:04 a.m. PST EMC reports strong Q4, full-year results EMC reported record revenue for its fourth quarter on Tuesday, propelled by strong growth in its RSA Security division and VMware subsidiary. January 23, 8:39 a.m. PST Seven pass latest Liberty Alliance conformance tests Seven companies' products passed the Liberty Alliance's latest round of conformance tests for interoperability of identify management services, the consortium announced Tuesday. January 16, 7:26 a.m. PST Support is strong for gov't use of biometric IDs Despite some misgivings, an overwhelming number of Americans favor the use of biometric identifiers in passports, driver's licenses and Social Security cards, according to a new survey by Truste, a non-profit online privacy certification organization based in San Francisco. January 10, 8:54 a.m. PST Liberty Alliance, Microsoft discuss identity protocols The Liberty Alliance, a consortium working on policy and technology issues for identity management, is discussing with Microsoft how to reconcile their competing sets of protocols for secure Web transactions. January 10, 4:38 a.m. PST 2006 Year in Reviews: Security Given a sharp nudge from federal and state mandates, the security focus has shifted from intruders and malware to data protection and the insider threat — and the likes of Vontu, Reconnex, Oakley Networks, and PortAuthority are meeting the challenge. December 18, 3:00 a.m. PST Easing the burden of SaaS Of all the issues IT will deal with in 2007, from maintaining regulatory compliance to building out SOAs, SaaS (software as a service) could quickly become the new focus of IT. In fact, forget about SaaS vendors’ claims that the SaaS model eliminates the need for significant IT oversight; the opposite is actually closer to the truth. December 5, 3:00 a.m. PST IBM offers new single sign-on tool for SMBs IBM has added a new single sign-on tool to its Tivoli software range to make life easier for small and medium-size businesses (SMBs) to link their Web sites with those of partners and customers. November 20, 5:01 a.m. PST Microsoft plans CardSpace plug-in for Firefox Microsoft will write a software plug-in that allows the Firefox open-source Web browser to work with Microsoft's CardSpace identity management technology. November 16, 4:25 a.m. PST Security threat changing, says Symantec CEO The threat posed to computer users and companies by hackers is shifting from attacks on the computers to attacks on electronic transactions, according to the head of one of the world's largest security software vendors. November 3, 4:46 a.m. PST US government biometric smart-card deadline looms Many U.S. agencies are "on track" to meet a Friday deadline to begin issuing smart identification cards, although the U.S. government is not giving out the specific number of agencies likely to be in compliance. October 26, 11:17 a.m. PDT UK police count 8,500 victims in data theft British electronic-crime detectives are investigating a massive data theft operation that stole sensitive information from 8,500 people in the U.K. and others in some 60 countries, officials said Tuesday. October 24, 10:10 a.m. PDT US agencies tap ActivIdentity smart cards The U.S. Department of Defense (DOD) and Transportation Security Administration (TSA) have chosen a smart-card authentication product from ActivIdentity Corp. as the U.S. government faces a deadline for using new identity cards. October 24, 8:57 a.m. PDT Managing Linux, the Windows way A couple of weeks ago, I took BEA to task for insinuating that the open source community wasn't capable of delivering good management tools for its software. A few readers leapt to the defense: BEA is right, they said. Management is critical in complex environments, and the management capabilities of open source software are often pretty poor. October 23, 3:00 a.m. PDT Symantec taps VeriSign, Accenture for security boost Symantec is teaming with VeriSign and Accenture as part of its Security 2.0 strategy for protecting consumers and enterprise users from the latest and greatest security threats, which the company says are increasing in complexity and scope. October 10, 11:37 a.m. PDT Virtual ID card identifies 'Net users Parents with children who love to chat on the Internet are familiar with the problem of how to keep their kids safe from online predators. October 3, 12:48 p.m. PDT In Brief: Sun buys into identity management with Neogent Sun Microsystems plans to buy identity management services vendor Neogent. Neogent sells automated software tools designed to speed up the implementation of identity management systems based on Sun's Java System Identity Manager software. September 28, 4:16 a.m. PDT National personality, national identity Every seven years since 1964, the filmmaker Michael Apted has released another installment of "The Up Series." These films document the lives of a diverse group of Britons from the ages of 7 to, most recently, 49. One of the patterns that emerges is a dramatic illustration of the Jesuit motto that inspired the series: “Give me a child until he is 7 and I will give you the man.” You can clearly see how these kids’ very different personalities were fully formed at age seven. September 27, 3:00 a.m. PDT Keep data confidential -- or else Multiple laws and regulations exist to protect customer data. The unfortunate consequence of multiple laws governing confidential data and encryption is that none offers prescriptive guidance. Whether encryption solutions and strategies satisfy a particular law is left up to the auditors and lawyers. Still, there are several legal requirements that address confidential data. September 1, 3:00 a.m. PDT Encryption fuels security trends Two new trends in data protection are using encryption to accomplish their goals: controlled rights and self-deleting data. September 1, 3:00 a.m. PDT BearingPoint awarded agency smart-card contract The U.S. General Services Administration (GSA) has awarded IT systems integrator BearingPoint Inc. a five-year contract worth up to $104.6 million to help U.S. agencies move to mandated smart-card identity systems. August 18, 2:13 p.m. PDT E-government Group forms within Liberty Alliance A new group within the Liberty Alliance will address government concerns with federated identity projects, the organization said Wednesday. August 17, 5:31 a.m. PDT Hackers beware: You are what you type As anyone who’s ever held forth in a barroom debate can attest, strange topics attract strange people. And no one knows that better than Dr. Neal Krawetz, computer science Ph.D. and renowned expert in “nonclassical” computer forensics, who focuses on ways to identify otherwise anonymous people online. Krawetz, who is the head of Hacker Factor Solutions, is a pioneer in offbeat methods of identification — finger tapping, syntax slips, errant blog posts — they’re all fodder for Krawetz’s analysis, which pieces together bits of incriminating evidence to pin down online bad guys. August 14, 3:00 a.m. PDT Intel issues patches for wireless vulnerabilities Intel has issued patches for three vulnerabilities for its wireless hardware and software. August 2, 9:23 a.m. PDT Banks face Web security deadline For some bank IT managers, last fall's release of federal guidelines on validating the identities of online users helped catalyze ongoing efforts to adopt so-called strong authentication measures. July 31, 8:36 a.m. PDT Betting on authentication If Paul Roberts ever goes to the track, I’m gonna let him place a few bets for me. He has a knack for picking winners. Case in point, a few weeks back, the InfoWorld senior editor suggested the time was right for a story on the enterprise’s need for stronger, brainier authentication to clamp down on fraud. No sooner had he finished writing this week's authentication cover story than EMC announced plans to buy authentication vendor RSA Security. A week later, it was Secure Computing buying CipherTrust (with its e-mail reputation system), while digital identity vendor Entrust snapped up fraud-detection company Business Signatures. The vendors clearly appreciate Roberts’ trend-spotting abilities. July 24, 3:00 a.m. PDT UK national ID card running late U.K. government officials doubt whether a national ID program will be ready by 2008 because of procurement and project management concerns, according to a series of leaked e-mails published Sunday. July 10, 4:37 a.m. PDT Anticipating the new Active Directory Just as Windows Server 2003 made significant improvements to Active Directory, Longhorn promises to follow suit. When AD was first deployed under Windows 2000, managing a Windows domain became much easier. With Server 2003, Microsoft kicked it up a notch, adding such functionality as group editing, simpler object editing, and a more fluid management interface. But AD was still far from a glowing example of form and function. June 26, 3:00 a.m. PDT FTC laptops stolen, along with personal data The U.S. Federal Trade Commission is notifying 110 people that two laptop computers containing their personal data were stolen from a locked vehicle. June 23, 3:06 a.m. PDT Lawmaker: VA's offer of credit monitoring not enough The U.S. Department of Veterans Affairs' (VA's) offer of free credit monitoring to the 26.5 million military veterans affected by a recent data theft is not enough to fix the problem, the chairman of a U.S. congressional committee said Thursday. June 22, 12:19 p.m. PDT Privacy protection: The government is no help Does a day go by in which there are no stories about millions of confidential records stolen or lost? June 16, 3:00 a.m. PDT Veterans Affairs ignores cybersecurity warnings U.S. lawmakers on Wednesday questioned why the U.S. Department of Veterans Affairs (VA) continues to suffer from cybersecurity problems despite multiple warnings from government auditors. June 14, 12:49 p.m. PDT How do you tell humans and computers apart? CAPTCHA me if you can! June 9, 3:00 a.m. PDT Ping Identity addresses ID management Targeting companies looking for more secure authentication systems, Ping Identity announced on Monday two products addressing identity federation and SSO (secure single sign-on). June 5, 6:06 a.m. PDT > Security |
|
|
||||||||||||||||||
