If deployed correctly, encryption does not need to be a headache. Instead, encryption can be an enabler to achieve the flexibility, compliance and data privacy that is required in today's business environments.
Last October a large company revealed that an employee mistakenly sent an email to an unauthorized recipient containing the names and Social Security numbers of former employees. Six months earlier, a larage Texas university accidentally exposed personal information about as many as 4,000 alumni in an electronic file accidentally attached to an email sent to one person who had requested a transcript. That's just the tip of the iceberg in insider-triggered security breaches.
New sophisticated attacks designed to take advantage of security-challenged end users are evolving so rapidly that technology solutions, security policies and procedures alone cannot protect critical company assets and data. Recent research from Deloitte revealed that 70% of the companies surveyed indicated that employee mistakes were a major threat, with lack of security awareness being cited as a major vulnerability.
Although vendor-written, this contributed piece does not advocate a position that is particular to the author's employer and has been edited and approved by Network World editors.
Besides the fraudulent security certificates Dutch authority DigiNotar issued for Google.com, more were made for Yahoo.com, Mozilla.org, torproject.org, wordpress.org and an Iranian blogging platform, Baladin, according to a Dutch report.
Fresh from their latest hack, Computerworld Australia brings you a timeline of LulzSec's major scalps
Fresh from attacking the CIA's CIO.gov website with a denial of service (DOS) attack, hacker group LulzSec has struck again with a leaked list of 62,000 email addresses and passwords, including some harvested from Australian organisations.
Vodafone will open its doors to the Australian Privacy Commissioner, Timothy Pilgrim, in the wake of allegations the telecommunications giant made the personal information of four million customers available on its website.
This hasn't been AT&T's month. First, security researchers found a loophole in the company's Web site that could be used to reveal e-mail addresses for tens of thousands of Apple iPad customers. Now, some users are reporting that when they log in to their AT&T accounts to pre-order the iPhone 4 they are apparently given access to the account information of other people.
Public Wi-Fi networks such as those in coffee shops and airports present a bigger security threat than ever to computer users because attackers can intercede over wireless to "poison" users' browser caches in order to present fake Web pages or even steal data at a later time. That's according to security researcher Mike Kershaw, developer of the Kismet wireless network detector and intrusion-detection system, who spoke at the Black Hat conference.
The TOR Project is advising users to upgrade to a new version of the software following a hack that compromised three of its servers.
Cybercrime is taking its toll on Australian businesses, costing them more than $600 million according to the latest report from the Australian Institute of Criminology (AIC).
Visa's top risk management executive Thursday dismissed what she described as "recent rumblings" about the possible demise of the PCI data security rules as "premature" and "dangerous" to long-term efforts to ensure that credit and debit card data is secure.
The New York Police Department (NYPD) is telling thousands of police officers that their personal information may be compromised due to a suspected data theft done by an insider in the police pension fund, according to reports in New York's daily newspapers Thursday.
Days after Visa seemingly confirmed that a data breach had taken place at a third payment processor, following on the recent breach disclosures by Heartland Payment Systems and RBS WorldPay, the credit card company is now saying that there was no new security incident after all.