Articles about Security

Cooperating with the good guys: Is NSA snooping really that bad?

Ever since Edward Snowden, a former US National Security Agency (NSA) contractor, leaked information about the internet spying activities conducted by the NSA, there has been an unrest among Americans. The main concern for most people is that their privacy has been intruded without their permission.

Many Americans are also worried about the things that the NSA and the US administration could do with access to such "private" data. And the revelation about several tech giants, including Yahoo and Google, being involved has probably made people even more circumspect about using online services based in the US.

Continue reading

Apple vs FBI: Tim Cook concedes helping authorities is a theoretical possibility

In the Apple vs FBI fight, the issue is very black and white for many people; you support Apple's position of standing firm against the FBI, or you believe the FBI should have unfettered access to whatever data it wants, regardless of the consequences.

Tim Cook has been steadfast in his position, but in an interview with TIME the Apple CEO admits that the situation is not entirely binary. Presented with a thought experiment Cook appears to concede there are gray areas, opening up the possibility of assisting the FBI to break into the San Bernardino shooter's iPhone.

Continue reading

IT pros: Security solutions are slowing down our systems

Despite the inherent insecurities of the cybersecurity industry, a new report from Barkly, an endpoint security company, reveals that the biggest issue IT security teams have to face with current security solutions is that they slow down the system.

When asked about the options of productivity vs security and the potential downfalls of security solutions, 41 percent of respondents said that they were dissatisfied with their current solution, not because it failed to deliver security, but because it slows down their system.

Continue reading

LastPass Authenticator aims to make two-factor authentication simpler

LastPass has released LastPass Authenticator 1.0 for Android, iPhone and Windows Phone. It’s aimed at LastPass users who want a simple and convenient way to add two-factor authentication to their major online accounts.

The app is TOTP-compliant, so works with the same services as the better known Google Authenticator app, but aims to carve a niche for itself with a unique proposition for end users.

Continue reading

Android Marshmallow's Factory Reset Protection may be useless on your smartphone

Last year, Google introduced a kill switch in Android to prevent lost or stolen handsets from being reused. Formally known as Factory Reset Protection, this security feature has been designed to, among other things, only allow the intended owner to use the device after a factory reset has been performed. In theory, it is a great idea, so much so that some markets have actually made a kill switch mandatory, in an attempt to deter smartphone theft.

In practice, however, Factory Reset Protection is not as effective as you might expect -- it can be bypassed on the latest version of Android, 6.0.1 Marshmallow, and in the latest Android N preview.

Continue reading

Javelin attack simulator spears security gaps

Firewall

Web gateways remain one of the most attractive attack routes for hackers, and many of the most commonly used gateways remain vulnerable.

According to attack detection specialist Seculert popular gateways have allowed more than 40 percent of malicious communications to succeed in 2015. To combat this the company is launching a new outbound attack simulator called Javelin.

Continue reading

Third-party encryption renders iPhone backdoor useless

Let’s assume for a minute that the FBI got its way. It coerces Apple into disabling the self-destruct function on the San Bernardino terrorist’s iPhone, allowing it to brute force the password. Effectively, the FBI and Apple create a backdoor that theoretically works the same across all iPhones. Police even uses the same tactic on the dozens of other iPhones that are currently involved in active investigations. People across the world sacrifice their privacy, while the police has a new tool to fight terrorists.

Except they don’t, really. Sure, iMessage and other iCloud services could be decrypted without a password, but what Apple critics often fail to realize is the abundance of third-party encryption tools widely available. Free, open-source alternatives exist to encrypt chats, phone calls, files, and even entire hard drives. That pesky self-destruct function the FBI is so eager to remove? Alternatives for that exist as well, and they are all easily accessible with nothing more than a Google search. By removing the default encryption built in iPhones, the FBI isn’t stopping terrorists. It’s merely inconveniencing them.

Continue reading

Symantec introduces website encryption service

pixel padlock

Symantec today announced the global release of a new product which will help companies encrypt user data on their websites.

The new product is called Encryption Everywhere, and it will be offered through hosting providers. According to a press release following the announcement, there will be a couple of levels of encryption and general protection the new service will offer, but Symantec would love to see every "legitimate" website in the world have at least the basic level of encryption by 2018.

Continue reading

IT teams choose between performance and security

Speedometer

Although security breach stories regularly make the headlines, a new survey shows that the biggest worry IT teams have with current security solutions is that they slow down the system.

The study from endpoint security specialist Barkly also reveals that while only half of respondents are confident in their current endpoint solution, 80 percent believe that effective endpoint security is possible.

Continue reading

Malvertising campaign targets Americans through major websites including BBC and New York Times

security skull

Top news websites including the BBC, the New York Times and MSN were hit over the weekend by a co-ordinated malware campaign. Delivered through the advertising networks used by the sites, the malvertising attack aimed to install ransomware on victims' computers.

On-site ads are far from loved, hence the prevalence of ad-blocking tools. But as well as being an annoyance, online ads can also pose a serious security risk -- something highlighted by this attack. The infected ads redirected people to servers hosting the Angler exploit kit and was engineered to target US-based web users.

Continue reading

Google's Single Sign On adds support for Microsoft Office 365, Facebook at Work, Slack and more

Besides being the super poplar search engine, email provider, work and collaboration services provider, Google is also used, by a number of different services, as an identity provider.

It allows people to register and log into different online services using their Google account. Now, the company announced it’s expanding the feature to add a number of new services, some of which are direct competitors.

Continue reading

It is time to prioritize security for Internet of Things and wearables

pixel padlock

We are on the cusp of a totally connected world. The Internet of Things is no longer an emerging trend, it has arrived. If you want evidence -- real evidence rather than the speculation of industry analysts -- then take a look at the $1.4 billion Cisco reputedly put on the table at the start of February to acquire IoT platform provider Jasper Technologies.

Jasper, founded in 2004, came about as a result of an epiphany that CEO and founder Jahangir Mohammed had when, after seeing a warning light on his car dashboard, he needed to spend several hours finding a mechanic to diagnose a problem that a connected car could have done in seconds. Just 16 years later, in-car connectivity of some sort is expected as standard in most new cars.

Continue reading

Limiting encryption affects security and competitiveness

The Information Technology and Innovation Foundation (ITIF), a nonpartisan research and educational institute and policy think tank, today became the latest to come out and urge the US government not to limit the commercial use of encryption.

In its new report, entitled Unlocking Encryption: Information Security and the Rule of Law, co-author Alan McQuinn -- an ITIF research assistant -- argued that restricting encryption for use by law abiding citizens and businesses would reduce overall security and be ineffective at keeping encryption out of the hands of terrorists.

Continue reading

Registration-as-a-service makes for easier customer authentication

ID verification

With so much choice available online, if a business doesn't deliver on meeting customer expectations then it's likely to lose out. One of the main challenges in keeping customers happy is delivering effective authentication while maintaining security.

Identity management company Gigya is releasing a new registration-as-a-service (RaaS) offering to enable enterprises to more effectively authenticate consumers with consistent cross-device experiences.

Continue reading

Qualcomm Snapdragon SoC vulnerability could compromise IoT security

One of the greatest concerns surrounding the growth of the Internet of Things (IoT) is its security, and it seems that some people's worst fears have just been realized. Security experts at Trend Micro have discovered a vulnerability in Qualcomm Snapdragon-produced SoC (system on a chip) devices.

In fact, it is the same vulnerability that cropped up earlier in the month, affecting Nexus 5, Nexus 6, Nexus 6P and Samsung Galaxy Note Edge Android handsets. This in itself is concerning as these are devices that are no longer in line for security updates, but more concerning is the fact that the same chips are used in IoT devices. The vulnerability makes it possible for an attacker to gain root access to the hardware, and this is worrying in a world of inter-connected devices.

Continue reading

© 1998-2026 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.