Stories by Jaikumar Vijayan

The NSA blame game: Singling out RSA diverts attention from others

RSA may have earned much of the criticism being heaped upon it for allegedly enabling a backdoor in one of its encryption technologies under a contract with the National Security Agency. But singling out the company for reproach deflects attention from the role that other technology vendors may have had in enabling the NSA's data collection activities.

Written by Jaikumar Vijayan09 Jan. 14 12:31

Cloud computing 2014: Moving to a zero-trust security model

The leaking of classified documents detailing the data collection activities of the U.S. National Security Agency earlier this year reignited some long-standing concerns about the vulnerability of enterprise data stored in the cloud.

Written by Jaikumar Vijayan01 Jan. 14 00:58

Breach could prove very costly for Target

Though details of the massive data breach at Target are still emerging, it's already clear that, before the dust settles, the retailer will likely have to pay tens of millions of dollars in remediation and notification costs, fines, legal fees and settlements.

Written by Jaikumar Vijayan19 Dec. 13 19:10

Anti-SOPA, PIPA protests to continue

Wikipedia and others who participated in an <a href="">unprecedented Internet blackout</a> Wednesday have brought their sites back online with the promise to keep their battle going against the contentious Protect IP Act (PIPA) and the Stop Online Piracy Act (SOPA).

Written by Jaikumar Vijayan20 Jan. 12 05:55

FBI: 'Anonymous' arrests tied to PayPal DDoS attacks

The FBI has arrested a total of 14 individuals thought to belong to the Anonymous hacking group for their alleged participation in a series of distributed denial-of-service attacks (DDoS) against PayPal last year.

Written by Jaikumar Vijayan19 July 11 22:00

Caution urged in wake of RSA security breach

The relatively scant information released by EMC's RSA security group on Thursday in connection with the theft of SecurID authentication technology code is fueling considerable speculation about the nature of the breach and its impact on enterprises.

Written by Jaikumar Vijayan19 March 11 23:12

Visa, MasterCard to unveil new security rules

Visa U.S.A. and MasterCard International will release new security rules in the next 30 to 60 days for all organizations that handle credit card data, a Visa official said this week.

Written by Jaikumar Vijayan10 July 06 08:00

Banks urged to look for stronger security

As banks turn their attention to stronger authentication technologies in the wake of recent guidance from the Federal Financial Institutions Examination Council, it's important that they don't overlook transaction-level controls, several security experts said.

Written by Jaikumar Vijayan27 Oct. 05 16:28

Worm wave highlights need for speedier defenses

The speed at which hackers were able to take advantage of newly disclosed software flaws makes its vital for companies to look beyond patching to broader and more holistic measures for controlling vulnerabilities, security experts said.

Written by Jaikumar Vijayan19 Aug. 05 07:40

Cisco flaw raises concerns

The public demonstration of an attack against a Cisco Systems Inc. router at the Black Hat USA conference showed that a core part of corporate networks may be more vulnerable to hackers than many users had assumed.
But, IT managers and security analysts say, companies that follow recommended practices for securing their networks should be reasonably well protected despite the fact that attackers now have information on how to shut down routers by exploiting a previously disclosed software flaw.

Written by Jaikumar Vijayan07 Aug. 05 22:00

Interview: ChoicePoint CISO on data breach

The massive data compromise at ChoicePoint earlier this year has made the Alpharetta, Ga.-based data aggregator something of a target for those calling for tougher data protection laws. In an interview with Computerworld, Rich Baich, ChoicePoint's chief information security officer, talked about the breach, the measures that have been put in place since then and the lessons inherent for other CISOs.
You have in the past said that what happened at ChoicePoint was not really a security breach. Then what was it? It all comes down to how you define a breach and how you define an incident. This was fraud. Someone fraudulently provided authentication to the system. It's no different than credit card theft and credit card fraud. Those are never referenced as IT-related issues though they happen millions of times every year. In fraud terms, it's called an account takeover. And that's what occurred. All I was trying to do was educate the press more than anything else that this was not what everyone would call a traditional hack.

Written by Jaikumar Vijayan26 June 05 22:00

Gartner: Increased port 'sniffing' could herald attack

An increase in "sniffing" activity on a port associated with a recently patched Microsoft Corp. vulnerability may be the signal of an impending attack attempting to exploit the flaw, according to an alert from analyst firm Gartner Inc.

Written by Jaikumar Vijayan22 June 05 23:06

Study: Insider revenge often behind cyberattacks

Companies hoping to mitigate their exposure to insider attacks need to ensure they have good password, account and configuration management practices, as well as the right processes in place for disabling network access when employees are terminated.

Written by Jaikumar Vijayan23 May 05 08:22

Legal threat stops flaw info release

A threat by Sybase Inc. to sue a U.K.-based security research firm if it publicly discloses the details of eight holes it found in Sybase's database software last year is evoking sharp criticism from some IT managers but sympathetic comments from others.

Written by Jaikumar Vijayan25 March 05 18:07

Companies go on the offense with security

Eric Litt, chief information security officer at General Motors Corp., calls it &quot;management by inclusion.&quot; Simply put, it's an information security strategy that reduces operational risk by denying network access and services to all people and processes not previously vetted by the company. &quot;If I don't know you're good, I don't talk to you,&quot; Litt says.
Litt is one of a growing number of security managers who say traditional reactive defenses -- focused on blocking known threats at the edge of the network perimeter -- are no longer enough. What's needed are more-proactive security capabilities that emphasize quicker identification and resolution of both internal and external threats.

Written by Jaikumar Vijayan20 March 05 23:00