Juniper gets rid of 'NSA-developed' security code
Juniper Networks has stated that it will no longer be using a segment of security code purported to have been developed by the National Security Agency (NSA) for the purpose of eavesdropping on clients’ VPN connections.
The code in question is based on Dual Elliptic Curve technology, and Juniper has stressed it will be replaced during the first quarter of 2016 for a version that is considerably more secure. The Silicon valley based company claims the new secure code will rely on greater numbers than those generated through the flawed Dual Elliptic Curve technology.
Data breaches and cyber-attacks are often caused by failing to patch known (and fixable) vulnerabilities
Data breaches were rarely out of the news last year, with the likes of VTech, OPM, Experian/T-Mobile, Ashley Madison and even Hello Kitty all admitting to data leaks.
While you might expect attackers to be using sophisticated methods to get at user data, a new survey from software solutions firm BMC and Forbes Insights reveals that in many cases, it’s known but unpatched vulnerabilities that are being exploited.
Apps are far less secure than you imagine
Protection solutions specialist Arxan Technologies has just released its fifth annual State of Application Security report which takes an in-depth look into the security of some of the most popular mobile apps available.
The company found a huge discrepancy between consumers’ beliefs regarding the level of security built into the apps, and the degree to which developers of these apps actually address known application vulnerabilities. Worryingly, 90 percent of the applications tested were vulnerable to at least two of the OWASP (Open Web Application Security Project) Mobile Top 10 Risks. These are the most critical risks facing apps.
Warning! Windows 8 will no longer receive security updates from today
The pros and cons of implementing a bug bounty program
A recent incident with the Facebook Bug Bounty program has led to many different reactions supporting both Facebook and the security researcher. Regardless of who is right in that whole story, the one fact is clear: the researcher went far beyond what the social media site had initially expected, and got access to the sensitive data the company didn’t really want to share with anybody, including the researchers’ community.
These days bug bounties have become very popular, raising more and more questions about their efficiency and effectiveness. We will try to understand how and if bug bounties can be used to test your corporate web applications. I intentionally omit bug bounties for stand-alone software (e.g. Chrome or various IoT applications) as it’s a different topic.
Security time bomb: Businesses are not ready for the end of Internet Explorer 8, 9 and 10 support
The end of support for older versions of Internet Explorer has been known about for some time now. Despite the fact that there has been plenty of time to prepare for a move away from Internet Explorer 8, 9 and 10, many businesses are simply not ready and security experts warn that this could lead to a spate of attacks from hackers.
Microsoft has been encouraging people to move to Internet Explorer 11, or Edge in Windows 10 for a while, and the countdown comes to an end tomorrow -- 12 January. From this point forward, there will be no more patches or security fixes issued. Security analysts fear that with Internet Explorer 9 and 10 accounting for 36 percent of IE and Edge use, and with more than 160 vulnerabilities discovered in Internet Explorer in the last three years, there are risky times ahead.
Windows XP Embedded Service Pack 3 dies tomorrow
Products, no matter how much we may like them, don't last forever. You don't want to be the person keeping a batch of Palms in the freezer for future use -- and there are people who do that. Product cycles run their course and technology moves forward.
Microsoft customers, in some cases, move forward very grudgingly. That's especially true of business, particularly ones who had to be dragged off of IE 6 -- they now need to be dragged even further from that comfort zone.
Security trends to watch in 2016
2015 was a year for the record books in information and cyber security. Dozens of new vulnerabilities were uncovered, and government organizations, businesses and individuals continued to find themselves victims of high-profile data breaches.
As we settle into the new year, we don’t expect this trend to slow down. We foresee more security issues on the horizon that must be addressed in order to ensure privacy for companies and consumers in the year ahead. Here are our predictions on what’s coming in 2016:
Brits acquiesce to internet surveillance but distrust data storage
UK web users are coming round to the idea of online surveillance by the government, but harbor concerns about how personal data will be stored. These are the findings of a survey by Broadband Genie that suggests terror attacks have led to a swing in public opinion of the Snooper's Charter.
But while people may be coming round to the idea of internet surveillance, they remain concerned about how private data -- such as browsing history -- will be stored. 27 percent of those surveyed said their opinion had been swayed by recent terrorist attacks by the likes of ISIS.
And this, boys and girls, is why online vigilantism is a terrible idea
I've written recently about the dangers of online vigilantes infringing on the free speech of others. Anonymous is one of the biggest offenders in this department, but there are numerous hacking groups that -- under the banner of fighting one evil or another -- take the law of the web into their own hands without a thought for the consequences.
Online vigilantes stir up populist support by throwing around the keywords associated with the enemy of the moment -- terrorists, ISIS, racists, fascists, communists, socialists, pedophiles. All very emotive issues, but vigilantism can all too easily get out of hand. This has just been demonstrated perfectly by YouTube star Keemstar who took it upon himself to expose a 62-year-old pedophile online through his DramaAlert podcast. The only problem is that he and his team got the wrong man.
Adobe preparing fixes for the Windows and OS X versions of Acrobat and Reader
If you're an advanced user utilizing Adobe products then you likely know the inherent perils of some of the company's platforms. Adobe has gone as far as to instigate its own version of Patch Tuesday, and that will be rolling around in just a few days.
It's aimed at fixing critical flaws in Acrobat and Reader across both the Windows and Apple platforms. These aren't new offenders, as Adobe software has been plagued by problems for sometime now. However, like Windows, it's partially because it's a major target -- the majority of people use Reader for opening PDFs, despite there being very good alternatives available.
Intel Security and AirWatch team up to boost mobile protection
Intel Security has expanded its partnership with VMWare’s enterprise mobility subsidiary AirWatch, placing a greater emphasis on mobile security initiatives.
The two companies aim to help organizations cope with the numerous security issues posed by mobile devices, as well as integrating enterprise protection across PCs, operating systems, networks and the cloud.
Finding the right balance between business security and employee productivity
Don’t you wish you could give your users all the access they need, without worrying about them becoming frustrated with the increased security measures put on the business and then taking actions into their own hands to avoid those security measures in order to remain productive? Simply providing users with IDs and passwords for each application or data set will not keep your business secure…or productive... anymore. A truly successful security strategy must look at information in context, exploring the "who, what, when, where, and why" of access activities. Your strategy must understand where gaps exist, while supporting secure and convenient access to both legacy and emerging applications for users -- who expect to stay productive -- and the IT staff responsible for keeping the business secure.
The theory behind security is noble: IT should ensure that only approved users can access systems and data, that they access them only for the right reasons, and that they’re doing the right things once they’ve gained access. In practice, though, security has been a static process of IT administrators saying "no", denying access and placing barriers (multiple passwords and access protocols) between users and the resources they need to do their jobs.
New malware attack targets WhatsApp users
A new malware campaign is aiming specifically at businesses and consumers using the WhatsApp mobile messaging service.
Uncovered by researchers at Comodo Labs the campaign uses emails masquerading as WhatsApp content. These have an attached zip file containing a malware executable.
Oscobo is a privacy-focused search engine that won't sell your data
Using the web can mean selling your soul to the devil. Or Google. (Which you may well regard as the same thing.) With the increased interest in privacy there is a new market for tools and services that help to protect users. Catering to web users who are concerned about how Google might use search data, Oscobo is a new search engine that promises not to track users.
Founded on the belief that "personal data should remain just that -- personal", Oscobo is a UK-based company that says it won't store any data about its users, let alone share it with anyone else. With the controversy surrounding the snooper's charter, it makes sense that the privacy-focused search engine should start life in the UK, but there are plans to expand further afield to provide tailored results for people around the world.
© 1998-2026 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.
