Securing data needs to evolve beyond building moats around castles

Posted by Ramesh Rajagopal

Oct 16, 2014

img_2014-10-15_Graham-Cluley

SECURITY

This article written by Ramesh originally appeared on www.GrahamCluley.com. Target, Home Depot, JPMorgan Chase, Salesforce – every week brings a new report of a security breach. Despite increasing investments in security software, it seems our data has never been less secure. As the way we work has shifted, the risks to our data have been spread far and wide making it even more challenging to protect.

Topics: Security

Silo closing the hole on Poodle exposure

Posted by Ramesh Rajagopal

Oct 15, 2014

img_2014-10-15_Ars-Technica

SECURITY

Another major vulnerability in the SSL protocol has been just been discovered, codenamed POODLE. Like the Heartbleed bug earlier this year -- this vulnerability undermines the secure HTTPS communication protocol that sits beneath all our most sensitive online transactions. With this vulnerability hackers have the ability to re-assemble the session cookie between websites and browsers that rely on the older SSLv3 version of the protocol. With the session cookie in hand, it is possible for the attacker to gain access to the victim's web account.

Topics: Security

Trusting third parties can lead to second-rate security

Posted by Drew Paik

Oct 14, 2014

img_2014-10-13_GuardianIDENTITY

Over the weekend, news broke that hundreds of thousands of individual users of SnapChat (many under the age of 18) fell victim to compromise through a third-party service called SnapSaved, reportedly perpetrated by the same group responsible for leaking the celebrity photos. And Dairy Queen revealed that they were the latest in a growing list of retailers that have had customer credit card information stolen as a result of malware installed by hackers using stolen passwords from third-party contractors.

Topics: Identity

Does changing your password really make a difference?

Posted by Drew Paik

Oct 7, 2014

img_2014-10-07_Gizmodo

IDENTITY

One of the most common pieces of advice in the wake of a major security breach is to change your password. Often. Let’s take a look at a competing argument: Don’t change your password because frequent changes won’t really keep you safe. The basic gist is this: regularly changing your password gains you nothing because if you’re not already compromised, you’re just swapping out a secure password for another secure password.

Topics: Identity

Who has your data?

Posted by Scott Petry

Oct 2, 2014

img_2014-09-18_Who-has-your-dataSECURITY

We’ve talked quite a bit about how vulnerable the browser is, especially if you connect to the Internet through free WiFi, and how easy it can be for bad guys to steal credentials and other sensitive information. If we widen our focus beyond the browser itself, we see that we give over this data, and much more, to third parties every day. It’s not necessarily a bad thing, but definitely something to be aware of.

Topics: Security

Monthly news roundup - September 2014 (TL;DR)

Posted by Drew Paik

Sep 30, 2014

img_2014-09-30_Ars-Technica

NEWS

More and more compromises are hitting the news. Although some vulnerabilities, such as Heartbleed and the newly uncovered Shellshock, are buried in the infrastructure of the internet, most breaches have their root not in a technological or security flaw, but in human error or misplaced trust. Whom are we trusting with our data and what are we assuming about them? Here’s the TL;DR on a few stories that we found interesting:

Topics: News

Is Shellshock the biggest vulnerability ever? Maybe so, but not for long. Be prepared for more.

Posted by Les Dunston

Sep 25, 2014

img_2014-09-25_Ars-Technica

NEWS

The techno-sphere is on fire again, this time with news of a newly discovered vulnerability present in a ubiquitous component of the internet infrastructure. Just a few months ago, Heartbleed gave us all a lesson on how OpenSSL works and how to secure network communications. It also demonstrated that the infrastructure we rely on has gaping security holes. At the time, experts called Heartbleed the “worst security flaw ever.” But the industry responded and the furor died down. Now, a vulnerability in Bash dubbed Shellshock has taken Heartbleed’s place as the worst ever.

Topics: News

Trust, but verify -- better yet: Trust, but contain!

Posted by Scott Petry

Sep 24, 2014

img_2014-09-23_Ars-Technica

NEWS

Hackers recently compromised Home Depot’s data, exposing as many as 52 million credit card transactions. Commentators quickly jumped on the story, reporting that the company had suffered from lax cybersecurity standards for years and ignored repeated warnings of potential vulnerabilities. Now, ArsTechnica reports that their Home Depot’s Senior Architect for IT Security, Ricky Joe Mitchell, had been convicted of sabotaging the network of a former employer.

Topics: News

Data security in healthcare – the perfect storm

Posted by Dr. Jasper zu Putlitz

Sep 23, 2014

img_2014-09-23_JasperPutlitz

SECURITY

There is a data security crisis looming in healthcare. The recent theft of 4.5 million patient records from Community Health Systems is a case in point. Nobody expects attacks like this will stop anytime soon, and the next one could happen today or tomorrow. It is like a perfect storm. First, healthcare is going through the honeymoon period of IT adoption, trailing many industries who accomplished this decades ago. Second, they are continuously generating exquisitely sensitive, HIPAA-protected data. And third, we live in a time where attack sophistication reaches new heights every day!

Topics: Security

How much is your customer database worth?

Posted by Scott Petry

Sep 15, 2014

img_2014-09-08_SC-Magazine

NEWS

Last week, SC Magazine reported that Salesforce customers are being specifically targeted by Dyre, a  malicious exploit first uncovered in June that has previously been used to target customers of large financial institutions. Although no specific compromises have yet been reported, the bad guys have put substantial time and effort to creating a way to steal the credentials of Salesforce users. The full article can be found here.

Topics: News

The official blog of Authentic8

Blog Home
Sign up for Silo
Contact Us

Subscribe to Email Updates