Security Management

6d117b57d55f63febe392e40a478011f

NIST Abandons Cryptography Algorithm in Wake of NSA Backdoor Concerns

April 22, 2014 Added by:Anthony M. Freed

NIST has officially announced the decision to remove the cryptographic algorithm from its revised guidance on random number generators

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

Let’s Get Proactive with End User Security

April 22, 2014 Added by:Brent Huston

Powerful malicious software apps are all over the Net, like website land mines, just waiting to explode into your computer if you touch them.

Comments  (0)

E595c1d49bf4a26f8e14ce59812af80e

Stop the Bleeding: How Enterprises Can Address the Heartbleed Bug

April 21, 2014 Added by:Patrick Oliver Graf

If your provider is not hurrying to patch the hole in their OpenSSL implementation and/or taking steps to better implement a defense in depth framework, you may be justified in hitting the panic button.

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

An Open Letter to Executives

April 17, 2014 Added by:PCI Guru

I should have published this letter a long time ago as this is not a new issue.

Comments  (0)

A7290c5bd7bc2aaa7ea2b6c957ef639b

FAQs Concerning the Legal Implications of the Heartbleed Vulnerability

April 16, 2014 Added by:David Navetta

Overall, in most cases, the Heartbleed vulnerability and associated security and legal risk is manageable as long as organizations take swift action to remediate their risk.

Comments  (0)

Bd07d58f0d31d48d3764821d109bf165

Security Pros Need Better Security Awareness Training Options

April 16, 2014 Added by:Tripwire Inc

One of the basic security measures that every company should be taking is giving security awareness training to its employees.

Comments  (0)

65be44ae7088566069cc3bef454174a7

Would a Proprietary OpenSSL Have Been More Secure than Open Source?

April 16, 2014 Added by:Rebecca Herold

The OpenSSL Heartbleed vulnerability has resurrected the age-old debate of whether or not open source code is more or less secure than proprietary code.

Comments  (0)

Bd07d58f0d31d48d3764821d109bf165

Is User Experience Part of Your Security Plan?

April 15, 2014 Added by:Tripwire Inc

One common theme across the information organizations that I work with is that everyone wants to do the right thing. Unfortunately, that often means onerous and complicated security policies that translate into awkward steps that users must take.

Comments  (1)

Ebb72d4bfba370aecb29bc7519c9dac2

SIEM Webinar Questions – Answered

April 15, 2014 Added by:Anton Chuvakin

Last year, I did this great SIEM webinar on “SIEM Architecture and Operational Processes”...and received a lot of excellent questions. This is the forgotten post with said questions.

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

OpenSSL “Heartbleed” – Whose Vulnerable and How to Check

April 10, 2014 Added by:Dan Dieterle

The Internet is plastered with news about the OpenSSL heartbeat “Heartbleed” (CVE-2014-0160) vulnerability that some say affects up to 2/3 of the Internet.

Comments  (1)

E313765e3bec84b2852c1c758f7244b6

OpenSSL Problem is HUGE – PAY ATTENTION

April 10, 2014 Added by:Brent Huston

The attack allows an attacker to remotely tamper with OpenSSL implementations to dump PLAIN TEXT secrets, passwords, encryption keys, certificates, etc. They can then use this information against you.

Comments  (0)

23712318a400454a2c049f165106d985

Windows XP End of Life: What Your Organization Can Expect

April 09, 2014 Added by:Scott Montgomery

Whether you want to acknowledge it or not, the Windows XP and 2003 applications and servers in your estate are going to be at significant risk in a few weeks.

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Hackers Impersonating Feds buy $1.5 Million worth of PC Supplies

April 07, 2014 Added by:Dan Dieterle

“Spear phishing fraud” has been used by hackers impersonating federal entities to create fraudulent orders for large amounts of PC supplies including toners, ink cartridges and even laptops.

Comments  (0)

7ddc1f3000a13e4dfec28074e9e7b658

Yahoo Protects Users with Lots More Encryption

April 03, 2014 Added by:Electronic Frontier Foundation

We were thrilled to hear today that Yahoo is carrying through a concerted effort to protect users across its sites and services by rolling out routine encryption in several parts of its infrastructure

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

On Complexity & Bureaucracy vs Security…

April 02, 2014 Added by:Brent Huston

“Things have always been done this way.” —> Doesn’t mean they will be done that way in the future, or even that this is a good way.

Comments  (0)

Fafdf1720f4df1d41c6eacbd2429a06b

Remote Desktop’s Restricted Admin: Is the Cure Worse Than the Disease?

April 01, 2014 Added by:Tal Be'ery

One of the new security features in the latest Windows release (Windows 8.1) is the “Restricted Admin mode for Remote Desktop Connection”. This measure is meant to enhance Windows credential protection against attacks such as Pass-the-Hash and Pass-the-Ticket. However, it appears that cure might be worse than the disease as the new “Restricted Admin mode” opens a new attack surface for the...

Comments  (0)

Page « < 3 - 4 - 5 - 6 - 7 > »