Information Security News
ISNR Abu Dhabi 2014 Latest Developments Announced
The IS pavilion is supported by the UAE Telecommunications Regulatory Authority (TRA) and InfoSec Europe. Moreover, the CIS pavilion will be sponsored by ISC West exhibition and conference. FEM is the region's platform for experts and public safety ...
Australia's banks quietly swatting trojan
The Canberra Times
Australia's banks work around the clock to swat malware that steals from customers' accounts. Photo: Simon Rankin. Australia's banks have been quietly working with a Russian security and forensics firm to swat a nasty banking trojan crafted in the ...
Developers of the Cryptocat application for encrypting communications of activists and journalists have apologized for a critical programming flaw that made it trivial for third parties to decipher group chats.
The precise amount of time the vulnerability was active is in dispute, with Cryptocat developers putting it at seven months and a security researcher saying it was closer to 19 months. Both sides agree that the effect of the bug was that the keys used to encrypt and decrypt conversations among groups of users were easy for outsiders to calculate. As a result, activists, journalists, or others who relied on Cryptocat to protect their group chats from government or industry snoops got little more protection than is typically available in standard chat programs. Critics said it was hard to excuse such a rudimentary error in an open-source piece of software held out as a way to protect sensitive communications.
"It was simply a matter of what I would call a fairly rookie mistake," independent security researcher Adam Caudill told Ars. "They didn't understand the data they were working with. Key generation code is one of the most critical parts of a crypto system because it doesn't matter what else you get right if you get that wrong."
Reducing threats to availability in the banking sector
Security is best described by using the InfoSec triangle, which illustrates the Three Pillars of Security: confidentiality, integrity and availability. All three are equally important. Defending service availability is not all about deploying services ...
Doing More Than Paying Risk Management Lip Service
"A common issue in many organizations that I have seen is where the infosec team runs a vulnerability or Web application scan and reports the items requiring remediation, but the team responsible for remediation argues that the CVSS score is inaccurate ...