Monday, May 6, 2024
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

Data Security

ComputerWorld Independent 

Would killing Bitcoin end ransomware?

admin , ,

Credit to Author: Ryan Francis| Date: Fri, 03 Mar 2017 12:51:00 -0800

Ransomware is running rampant. The SonicWall GRID Threat Network detected an increase from 3.8 million ransomware attacks in 2015 to 638 million in 2016. According to a Radware report, 49 percent of businesses were hit by a ransomware attack in 2016. Quite often the attacker asks for some amount of cybercurrency – usually Bitcoin – in exchange for providing a decryption key.

To read this article in full or to leave a comment, please click here

(Insider Story)

Read more
ComputerWorld Independent 

Cloudflare bug exposed passwords, other sensitive website data

admin ,

Credit to Author: Lucian Constantin| Date: Fri, 24 Feb 2017 08:47:00 -0800

For months, a bug in Cloudflare’s content optimization systems exposed sensitive information sent by users to websites that use the company’s content delivery network. The data included passwords, session cookies, authentication tokens and even private messages.

Cloudflare acts as a reverse proxy for millions of websites, including those of major internet services and Fortune 500 companies, for which it provides security and content optimization services behind the scenes. As part of that process, the company’s systems modify HTML pages as they pass through its servers in order to rewrite HTTP links to HTTPS, hide certain content from bots, obfuscate email addresses, enable Accelerated Mobile Pages (AMP) and more.

To read this article in full or to leave a comment, please click here

Read more
ComputerWorld Independent 

The SHA1 hash function is now completely unsafe

admin , ,

Credit to Author: Lucian Constantin| Date: Thu, 23 Feb 2017 14:35:00 -0800

Security researchers have achieved the first real-world collision attack against the SHA-1 hash function, producing two different PDF files with the same SHA-1 signature. This shows that the algorithm’s use for security-sensitive functions should be discontinued as soon as possible.

SHA-1 (Secure Hash Algorithm 1) dates back to 1995 and has been known to be vulnerable to theoretical attacks since 2005. The U.S. National Institute of Standards and Technology has banned the use of SHA-1 by U.S. federal agencies since 2010, and digital certificate authorities have not been allowed to issue SHA-1-signed certificates since Jan. 1, 2016, although some exemptions have been made.

To read this article in full or to leave a comment, please click here

Read more

(Insider Story)

Read more
ComputerWorld Independent 

How to eliminate insider threats

admin , ,
Insider threats are a major security problem
eliminate insider threats 1

Image by Thinkstock

For years, the primary security objective has been to protect the perimeter—the focus on keeping outsiders from gaining access and doing harm. But statistics prove that more risk exists within an organization. Indeed, many compliance regulations require monitoring of systems to identify and eliminate insider threat. According to Forrester, 58 percent of breaches are caused from internal incidents or with a business partner’s organization. And 55 percent of attacks are originated by an insider as cited in the 2015 IBM Cyber Security Intelligence Index.

To read this article in full or to leave a comment, please click here

Read more
ComputerWorld Independent 

Study: 62% of security pros don’t know where their sensitive data is

admin , , ,

Ask organizations today about the value of data and you’re likely to hear it measured in terms of competitive advantage, customer experience and revenue generation. As Dante Disparte and Daniel Wagner put it in a December 2016 HBR article, data is “becoming a centerpiece of corporate value creation.”

To read this article in full or to leave a comment, please click here

(Insider Story)

Read more
ComputerWorld Independent 

The essential guide to anti-malware tools

admin , , ,

It’s a sad fact of life in IT nowadays that some form of preparation for dealing with malware is part and parcel of what systems and network administrators must do. This goes above and beyond normal due diligence in warding off malware. It includes a proper appreciation of the work and risks involved in handling malware infections, and acquiring a toolkit of repair and cleanup tools to complement protective measures involved in exercising due diligence. It should also include at least two forms of insurance – one literal, the other metaphorical – that can help avert or cover an organization against costs and liabilities that malware could otherwise force the organization to incur.

To read this article in full or to leave a comment, please click here

(Insider Story)

Read more
ComputerWorld Independent 

Researchers propose a way to use your heartbeat as a password

admin , , , ,

Researchers at Binghamton State University in New York think your heart could be the key to your personal data. By measuring the electrical activity of the heart, researchers say they can encrypt patients’ health records.  

The fundamental idea is this: In the future, all patients will be outfitted with a wearable device, which will continuously collect physiological data and transmit it to the patients’ doctors. Because electrocardiogram (ECG) signals are already collected for clinical diagnosis, the system would simply reuse the data during transmission, thus reducing the cost and computational power needed to create an encryption key from scratch.

To read this article in full or to leave a comment, please click here

Read more