Caution urged in wake of RSA security breach

The relatively scant information released by EMC’s RSA security group on Thursday in connection with the theft of SecurID authentication technology code is fueling considerable speculation about the nature of the breach and its impact on enterprises.

Several security analysts today urged companies that are using SecurID to review their authentication measures and to shore them up if necessary. Until RSA releases further details on the breach it is best to assume that SecurID is vulnerable, they added.

“Don’t panic,” said Rich Mogull, an analyst with Securosis. “Until we know the attacker, what was lost, the vector of a potential attack,” and the extent to which SecurID may have been compromised, it’s hard to make a risk assessment, Mogull said.

Read more…

Share
Tags: rsa, rsa security, security | Leave a Comment

12-year-old identifies Firefox security flaw, gets $3,000 reward

Share

A 12-year-old professional bug hunter recently received a whopping $3,000 from Mozilla for identifying a critical Firefox security flaw.

According to the San Jose Mercury News, Alex Miller – who is in seventh grade – stepped up his efforts to find the bug after the company increased its bounty payments from $500 to 3K. 

“A couple of months ago we [raised] the amount of payment to a much more substantial $3,000, basically to reflect the change in the economy, and the marketplace, since the time the program was initiated,” Mozilla spokesperson Brandon Sterne told the Mercury News.

“The space of people that are contributing in this area is pretty small.

Read more…

Share
Tags: $3,000, firefox security, security | Leave a Comment

Revisions to credit card security standard on the way

It’s going to be called the Payment Card Industry Data Security Standard 2.0, and the full-blown text of this upcoming standard that governs how businesses must guard sensitive cardholder information on their networks will be out at the beginning of September, according to the organization in charge of it.

Would PCI compliance help or hurt cloud computing security?

There won’t be major changes from the current DSS 1.2, according to Bob Russo, general manager of the PCI Security Standards Council. But DSS v. 2.0 will seek to clarify what the PCI requirements mean in terms of enterprise security.

Read more…

Share
Tags: security, security standard, standard | Leave a Comment

Cisco IPTV Broadcast: Annual Security Report Spotlights Cybercriminal’s New Playground – Social Media

December 3, 2009

What:
On Tuesday, December. 8, security executives and researchers from Cisco will discuss findings from the Cisco 2009 Annual Security Report, reviewing security trends over the past year and implications for the future. The live broadcast will highlight the following:

  • Social Networking: Cisco experts explain how individuals’ trust in social networks leaves networks and personal computers open to security threats.

Read more…

Share
Tags: annual security, annual security report, report, security, security report | Leave a Comment

Cisco Announces Intent to Acquire ScanSafe, Leading SaaS Web Security Provider

Will Broaden Existing On-Premise Web Security Offering and Expand Cloud-Based Service Opportunities

SAN JOSE, Calif. – Oct.

Read more…

Share
Tags: security, web, web security | Leave a Comment
Page 1 of 212