China will soon launch the world’s first quantum communication satellite in space, when the rocket takes off in July. The satellite is specifically developed to help securely send and receive data by achieving quantum communication between space and earth. Dwayne Melancon, CTO and VP, Research & Development at Tripwire discusses whether this is a good idea: This is an interesting concept, but I think it is more of a novelty than a practical solution to the eavesdropping problem. There is a high likelihood that this satellite link will ultimately be connected to a terrestrial network, in which case the game…
Author: Information Security Buzz Editorial Staff
In light of the revelation that the US military uses 8-inch floppy disks to coordinate nuclear force operations, Cris Thomas, Strategist at Tenable Network Security commented below. Cris Thomas, Strategist at Tenable Network Security: The IBM Series-1 that they are using is most likely completely airgaped as I don’t think they ever developed networking for that machine. The machines are notoriously reliable actually. And I am not surprised that they have had one in service for 40 years. As long as they can make regular copies of the software on the 8 inch floppy’s so that they don’t degrade, and they have a ready supply…
Banks could block customers from claiming money back if they are a victim of fraud and it is found they had substandard online security. Following this news, IT security experts from Lieberman Software, ESET, Imperva and AlienVault discuss whether this is a good idea. Jonathan Sander, VP of Product Strategy at Lieberman Software: Banks, just like other organisations trying to deliver online services, find themselves between a security rock and a competitive hard place. On one hand, there is a duty on the part of the bank to ensure security. That means forcing stronger passwords on users, having them use codes…
Running behind trendy APTs we tend to forget about common-sense approach and holistic risk assessment. Almost 3 terabytes of data stolen in the Panama Gate scandal will shortly become searchable online. Mossack Fonseca, the breached legal firm behind one of the largest data leaks in the history, had numerous high-risk vulnerabilities in its front-end web applications, including its Client Information Portal. Actually, few hacking groups would spend money on expensive zero-days and complicated APTs, when the information can be easily stolen via insecure web applications. Moreover, even if your corporate website doesn’t contain a single byte of sensitive data, it’s still a perfect foothold to…
University of Exeter experts will collect large amounts of propaganda put on the internet by Islamic State terrorists in real time to understand how it radicalises people. The group is well-known for its use of social media to elicit fear and communicate and promote its ideology. Academics will harvest and analyse this content, and use this huge amount of information to understand more about the themes, issues and claims made by ISIS. It is hoped the findings will strengthen the capabilities of UK intelligence services to combat propaganda initiatives of violent organisations. Researchers involved in the study will conduct a…
Security Breaches, Poor Password Habits and Frustrating Customer Experiences Drive Businesses to Prepare for the Death of the Password Gigya, the leader in Customer Identity Management, today validates why “Businesses Should Begin Preparing for the Death of the Password” based on results of its survey of 4,000 consumers in the U.S. and the U.K. From baby boomers to millennials, 52 percent of consumers would choose anything but a traditional username and password account registration when given the option. Businesses that want to thrive are rapidly adopting secure, modern password alternatives, such as the following: social-network authentication that enables consumers to…
NHS bosses have been told to overhaul their computer technology, staff training and corporate governance before two reports on data security are published. The NHS has a poor record on data security. Earlier this month two trusts were fined £365,000 for leaking information about thousands of NHS staff and hundreds of patients with HIV. IT Security Experts from ESET and MIRACL comment on the news: Mark James, Security Specialist at ESET: With the sheer amount of very private information held by the NHS, it’s going to be a honeypot for cybercriminals. Keeping this data safe across the many platforms is a logistical…
The FBI has warned private industry partners of highly stealthy keystroke loggers that find passwords and other input typed into wireless keyboards. Lane Thames, Software Development Engineer and Security Researcher at Tripwire commented on this news. Lane Thames, Software Development Engineer and Security Researcher at Tripwire: “The Internet of Things (IoT) is exploding with many types of devices. Unfortunately, we don’t always know what a particular device is capable of doing. In this regard, physical security will need to evolve. Organizations who work with sensitive information will need to consider implementing a physical security policy. This policy will need to consider how to both…
The Guardian is reporting: Members of an international crime syndicate are suspected of stealing more than 1.4bn yen (US$12.7m) from cash machines in Japan in the space of less than three hours, in an audacious heist that involved thousands of coordinated withdrawals. Police believe that as many as 100 people, none of whom have been apprehended, worked together using forged credit cards containing account details illegally obtained from a bank in South Africa. John Gunn, VP of Communications, VASCO Data Security commented on this news below. John Gunn, VP of Communications, VASCO Data Security: ATM fraud remains a leading cause of losses for banks,…
Following reports that Instagram holes have left accounts open to hijack, Tod Beardsley, Security Research Manager at Rapid7 commented below. Tod Beardsley, Security Research Manager at Rapid7: “The authentication issues found and reported by Arne Swinnen highlight the success of Facebook’s bug bounty program for its Instagram property. Given the combination of easy user enumeration — guessing valid user IDs — and evadable password guessing rate limiting — means that attackers could have hijacked thousands of Instagram accounts for the purpose of spamming and phishing attacks, undetected. Because Facebook and Swinnen worked together to identify and fix the rate limiting issues, Facebook gets to tell a…
