Paranoid Technology All things cybersecurity

20Jan/20Off

Security Predictions (& Resolutions) for 2020

Our predictions from 2018, were still valid for 2019, so we skipped a year 😉 Since the decade has come to a close, sharing predictions for 2020 and beyond seems in order… starting with a strategic view of the trends and emerging business problems affecting CISOs today…

Predictions for 2020
1. Year of the IoT CISO – we did not reach Gartner’s 20 billion connected devices by 2020, but we are almost there… The attack surface is increasing rapidly – from personal wearables to medical devices to connected cars to toasters and more – as the proverb goes “where there’s entropy there is chaos” 😉 At least initially…

16Feb/12Off

Four out of Every 1,000 Public Keys Provide No Security

Another must share - found this on Ars Technica - According to researchers four out of every thousand public keys provide no security, this does not mean everything over SSL is broken, but the findings sure are an eye opener, here is the article:

An astonishing four out of every 1,000 public keys protecting webmail, online banking, and other sensitive online services provide no cryptographic security, a team of mathematicians has found. The research is the latest to reveal limitations in the tech used by more than a million Internet sites to prevent eavesdropping.

15Feb/12Off

Apple says it will protect customer data

Following up our previous post "Want Larry Ellison's Home Phone Number?" - amid lawmaker pressure Apple decided to tweak the app developer policy. In a statement issued to some media outlets Apple responded:

7Feb/12Off

Thoughts on Google’s New Privacy Policy

Last week Google announced their new privacy policy - for the first time in Google's history, Google will be combining information from various services it provides; Gmail, YouTube, Google Calendar, Google+ and Google search. According to the company, it's so it can create "a beautifully simple, intuitive user experience across Google." The goal is to give us a contextually more accurate advertising and search service.

If you think about it,

3Feb/12Off

802.1X password exploit on many HTC Android devices

A new vulnerability discovered shows that it is possible to gain access to a user's wireless username and password. This vulnerability discovered by Bret Jordan and Chris Hessing on February 1, the CERT already issued a vulnerability entry in its database... In his blog Bret said:

3Feb/12Off

More on Symantec’s pcAnywhere

In an earlier post "Symantec admits being hacked in 2006" we have covered the pcAnywhere source code breach. Yesterday Symantec took some solid steps to remediate the potential problems and urged its customers not to uninstall the software. In an updated pcAnywhere security whitepaper Symantec stated:
"To limit risk from external sources, customers should host remote sessions via secure VPN tunnels, instead of using pcAnywhere Access Server.

Symantec"

13Jan/12Off

Spammers up their game…

According to Websense labs now a new trend is emerging - spammers are using Quick Response codes (QR) and URL shortening services to direct people to their spam advertisements. Traditional spam engines use black lists to block spam and inherently cannot contain the QR images. Now this means there is some work to be done to enhance the spam blocking engines.

10Jan/12Off

How Does Encryption on the Cloud Work?

There are two types of encryption on the cloud; server and client side.

Client side encryption is cumbersome (well security is not about convenience anyway...), it adds multiple steps for storing and viewing data, not to mention the time it takes to encrypt. Initially the service providers did not offer server side encryption, so everybody had their data stored in the clear...  In time with the regulatory requirements the companies that under the gun pushed for server-side (at-rest) encryption for their data and the cloud service providers had to react to this demand, the key criteria in

5Jan/12Off

Check Point goes “to the Cloud”!

Check Point Lgo

CheckPoint Software Technologies Ltd. announced today that its security gateways will be available via Amazon Web Services (AWS). At an age, where all the IT departments are moving to the cloud this was inevitable and I expect more and more security companies to virtualize and partner with AWS and/or other major cloud service providers.

This is an interesting development as it allows corporations close the gap between security practices between on-premise and off-premise systems through consistent security policies...