Less than a week after it was revealed by UK-based Akamai security researcher Stephane Chazelas, the threat posed by the newly discovered Shellshock vulnerability – said by some to be bigger than Heartbleed” – is still being reassessed as security experts around the world zero in on the recently discovered Bash shell flaw and the extent of the world's exposure to the bug becomes clear.
David Braue | 01 Oct | Read more
The increasingly cloud-centric design of Apple's iPhone 6 and 6 Plus – and their owners' increasing use of the devices to store all kinds of personal information – will increasingly make them targets for cyberthieves seeking to exploit security loopholes, security firm ThreatMetrix has warned.
David Braue | 24 Sep | Read more
As with most of technology, security goes through periodic changes, cycles and generations. Hardware, software, applications and methodologies all mature, become commoditised and standardised to the point of being invisible, and then are reinvented in a new evolved form. New platforms and new devices create new opportunities but are also subject to new evolved threats – something that remains true of security.
Gordon Makryllos | 24 Sep | Read more
With even Australia recently copping a 12Gbps distributed denial of service (DDoS) attack, network operators need to hold Internet service provider (ISP) customers to higher security standards to ensure they don't compromise the integrity of increasingly-important cloud services, a senior security analyst has warned.
David Braue | 24 Sep | Read more
New statistics suggested that Australian and New Zealand businesses suffer 29 data-loss events every day, while Google reported a 19 percent jump in US government data requests in the first half of this year over the previous half.
David Braue | 24 Sep | Read more
Microsoft researchers think technology could do a better job of preventing people becoming Glassholes than legislation and education.
CSO & Enex Testlab join forces to deliver a first class IT Security event in Sydney's Four Seasons Hotel.
Abigail Swabey | 24 Sep | Read more
Increasing use of big-data techniques is contributing to a stronger overall response to the expanding threat profile modern organisations face, the new regional head of security vendor WatchGuard Technologies has observed.
David Braue | 15 Sep | Read more
In a quick response to a leaked list of millions of Gmail credentials, Google has clarified it wasn’t breached and that only two percent of username and password combinations might have worked.
LinkedIn has added new security features that play catch up with other social networks but also might have helped celebrities who were victims of this week’s iCloud account photo leak.
Despite a spate of high-profile security attacks, the number of new security vulnerabilities is expected to decline this year for the first time since 2011, according to the latest figures from IBM's X-Force managed security team.
David Braue | 03 Sep | Read more
Developers behind the popular open source content management system, Drupal, want hackers to break its two-factor authentication system for drupal.org before it goes live.
<p> A few days ago, Matthew Green, the widely respected cryptographer and research professor at Johns Hopkins University launched a broadside against PGP. In summary, Green said, &ldquo;The problem with this is that, for all the good PGP has done in the past, its a model of email encryption thats fundamentally brokenrdquo; Further Green said PGP keys suck, PGP key management sucks and that that there is no forward secrecy. <a href="http://blog.cryptographyengineering.com/2014/08/whats-matter-with-pgp.html" target="_blank">His blog post adds more criticisms</a> and also attempts to find some solutions.</p>
David Heath | 27 Aug | Read more
Michael Rothery, First Assistance Secretary for National Security Resilience Policy at Department of the Attorney General says that in order to deliver effective security and risk management the key question is "Who owns the risk?".
Anthony Caruana | 27 Aug | Read more
Australia has a strong base of skilled security professionals to tap into, but a “dearth of security talent” will drive helped strengthen the case to invest heavily in the expansion of a Sydney facility that will form an increasingly important part of Symantec's global managed-security and security research capability.
David Braue | 27 Aug | Read more
Spies and hackers will find it harder to unseal encrypted communications if they’ve already captured packets sent across Amazon’s content distribution network, CloudFront.
Vendors would have been holding their collective breaths as the Black Hat conference rolled into town and researchers lined up to share their newest vulnerabilities. Some researchers were ready to name the most hackable cars, while others were talking about how to bypass PayPal's two-factor authentication and others were sharing information on how to steal security codes from home alarm systems.
David Braue | 13 Aug | Read more
Data loss happens, and most of it is deliberate though not malicious, Clearswift’s head of marketing strategy Kevin Bailey told a round-table session at Technology in Government 2014.
Stephen Withers | 13 Aug | Read more
If there's one thing the Snowden leaks have shown us, it's that security and privacy are largely an illusion. Yet, it's still possible to make it harder not just for criminals and hackers but also questionable government agencies with the right tools. Unfortunately, one of the key programs we all use to interface with the net is also the one of the primary vectors of attack -- the humble web browser.
Ashton Mills | 21 Jul | Read more
A canned Verizon deal in Germany is the first concrete evidence that US cloud and telecoms providers’ fears are on the mark: the exposure of US surveillance will harm their international business.