blog trackingRealtime Web Statistics Pros Archives - Gregory D. Evans | Worlds No. 1 Security Consultant

Posts Tagged ‘Pros’

Must Read for Infosec Pros: Rich Mogull on Apple Security Strategy

You may have missed this jewel of an infosec post by Rich Mogull amid the hashtag avalanche of NSA, PRISM, or FISA articles last week. Rich’s post, Apple Security Strategy: Make It Inivisible, impressed me as shedding light on singularly important design objectives that all information security efforts ought to consider. The post is both [...]

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

View full post on National Cyber Security

IT pros lack confidence about business security

Would you bet money on the security of your company’s systems? If your answer is no, you’re far from alone. Most IT professionals lack so much confidence in the security of their organisations’ networks that they wouldn’t bet on it, according to the results of a recent survey.

The survey data speaks to both the inadequacies of corporate security measures and to the persistence of ever-growing security threats.

When asked to bet money that their networks would not be compromised in the next 12 months, 57 percent of IT professionals polled on behalf of PhoneFactor, a provider of multi-factor authentication solutions, would not take the bet. Granted, the potential wagers PhoneFactor presented were high: The company asked respondents to bet one of five amounts on the security of their networks: $0, $1,000, $5,000, $50,000 or $1 million.

Even if PhoneFactor had offered a few wagers under $1,000, respondents probably would have remained unlikely to take the bet, judging by their answers to other survey questions. For example, 84 percent of respondents think an expert hacker could infiltrate their corporate network. Of that 84 percent, nearly a quarter (23 percent) say an expert hacker could definitely gain access to their network.

If their networks were to get breached, only 25 percent of respondents are very confident that they would know they had been penetrated.

The prevalence of malware (including root kits, zero day exploits and man-in-the-browser attacks) is the number one reason respondents believe their networks are vulnerable, according to 55 percent of those surveyed.

Not quite half (45 percent) of respondents believe employees using personal devices to access corporate systems makes their networks more prone to attacks. The sheer volume of attacks ranked third, at 35 percent, followed by the widespread use of remote network access (32 percent).

More than 300 IT professionals responded to the survey, which was conducted online in February 2012.

Article source: http://rss.feedsportal.com/c/270/f/3551/s/1da5f517/l/0Lfeatures0Btechworld0N0Csecurity0C33459720Cit0Epros0Elack0Econfidence0Eabout0Ebusiness0Esecurity0C0Dolo0Frss/story01.htm

View full post on National Cyber Security » Computer Hacking

Security pros need to get in front of cloud computing trend, RSA panel says

Security teams need to innovate and adapt to cloud, according to CISO panel


View full post on SearchCloudSecurity: RSS Feed

View full post on National Cyber Security

P2P encryption; Pros and cons of point-to-point encryption

P2P encryption is an emerging technology; one that may be helpful for many companies, especially merchants. Mike Chapple dissects the pros and cons.

Add to digg
Add to StumbleUpon
Add to del.icio.us
Add to Google


<img alt="P2P encryption; Pros and cons of point-to-point encryption, Blog, encryption, Pros, pointtopoint, Cons"height="0" width="0" border="0" style="display:none" src="http://segment-pixel.invitemedia.com/pixel?code=TechBiz
&partnerID=167&key=segment”/>

View full post on SearchSecurity: Network Security Tactics

View full post on National Cyber Security

HTML5 to create new challenges for security pros in 2012: Sophos

The move to HTML5 will enable a whole host of new web applications, but could also create new challenges for enterprise security professionals, according to UK security firm Sophos.

In its security predictions for 2012, Sophos identifies new web and networking technologies – such as HTML5 – as one of the major security risks for the year ahead. While these technologies introduce some impressive new capabilities that are exciting for rich web application development, they also introduce new attack vectors, the company explained.

HTML4 has driven content on the web for many years, but it is a very basic programming language, so developers have supplemented it with add-ons such as JavaScript, Flash and Google Gears. These add-ons are often littered with vulnerabilities, making the whole system very insecure. Sopos said.

HTML5 removes the need for most of the add-ons, because it is a more sophisticated language and comes with a full database that enables users to store gigabytes of information. So, for example, you can do full frame animation, 3D virtual reality or store applications inside the browser.

According to James Lyne, senior technologist at Sophos, this gets much closer to the in-client vision originally associated with cloud computing. However, by storing data within the browser, the browser becomes a target for cyber criminals.

“Traditionally the browser has been a gateway for cyber criminals to get access to your PC, now they’re going to be trying to attack the browser itself to steal its data,” said Lyne.

New sandboxing in HTML5 also makes “clickjacking” (tricking web users into revealing confidential information or taking control of their computer while clicking on a seemingly innocuous link) more of a risk, as web pages are no longer able to identify where commands are coming from.

“All that code that developers wrote to prevent applications from being automated and clickjacked by illicit parties now doesn’t work,” said Lyne. “They’ve implemented a security feature and inadvertently broken a more important one.”

Furthermore, HTML raises new issues around cookies, which could make the ICO’s new guidance about removing cookies after a certain period redundant.

“HTML5 could have new super-uber-cookies,” said Lyne. “If people don’t code their sites properly the bad guys could code a huge database of the URLs that you’ve been to and track all of your field input. They could potentially capture masses of information.”

Despite these potential problems, Lyne said that there are a lot of security benefits to using HTML5. As well as reducing the need for potentially risky add-ons, there’s now client-side input validation, as well as libraries that can help deal with SQL injection issues.

“Over time, HTML5 will fix many of the problems that we have, but as with any new technology you tend to get a regression in the first place,” he said. “Broadly speaking, we should charge full ahead in this direction, because Flash has been a pain and the new web apps are really cool, but we also need to make sure that we’re not casually adopting a nightmare.”

Article source: http://rss.feedsportal.com/c/270/f/3551/s/1a9c11ac/l/0Lnews0Btechworld0N0Csecurity0C332260A30Chtml50Ecreate0Enew0Echallenges0Efor0Esecurity0Epros0Ein0E20A120Esophos0C0Dolo0Frss/story01.htm

View full post on National Cyber Security » Computer Hacking

Should security pros be thankful in 2011?

Do security pros have something to be thankful for in 2011? James Lyne of Sophos discusses some of the lessons learned this year and whether security defenses are keeping pace with attack techniques.

Add to digg
Add to StumbleUpon
Add to del.icio.us
Add to Google


<img alt="Should security pros be thankful in 2011?, Blog, Security, 2011, Should, Pros, thankful"height="0" width="0" border="0" style="display:none" src="http://segment-pixel.invitemedia.com/pixel?code=TechBiz
&partnerID=167&key=segment”/>

View full post on Security Wire Weekly

View full post on National Cyber Security

Pros And Cons Of Credit Monitoring Services

Identity theft is a complex problem. Learn if credit monitoring services are the solution.

View full post on credit report fraud – Yahoo! News Search Results

View full post on National Cyber Security

How to Jailbreak iPod Touch/iPhone 3.1.2 + Pros & Cons


For 3.1.3 users, go to this link: iphwn.org Follow these steps to quickly and easily jailbreak your iPod Touch or iPhone running 3.1.2 firmware: 1. Plug your device into your computer. (Close iTunes if it opens). 2. Follow this link and download the blackra1n software: blackra1n.com 3. Open blackra1n and click “make it rain”. 4. You will see a picture of some random dude. 5. Your device will reboot. 6. Now you will have an app called blackra1n. From here you can download Cydia, Rock, and/or Icy. (I highly recommend Cydia). If this video helped you out please subscribe!

View full post on National Cyber Security

Gregory Evans | LinkedIn

Interview With Gregory Evans

Gregory Evans Security Expert

Gregory Evans on Cyber Crime

DHS Seeks to Share Top-Secret Info with Banking and Finance Cybersecurity Pros

The Department of Homeland Security works with financial institutions to thwart cyber attacks and plans to do so more and more in the future, according to DHS testimony to Congress, including sharing top secret cyber intelligence.

View full post on homeland cyber – Yahoo! News Search Results

View full post on National Cyber Security

Get The New Book By Gregory Evans

Everyone Is Talking About!

Are You Hacker Proof?
$15.95

Find Out More, Click Here!