Tech Insight: Quick Wins For Strengthening SMB Security
A posting from Dark reading in there SMB Security section.
Big or small, companies are being hacked every day no matter their size. Small businesses ask, “Why me? I don’t have anything worth stealing.” Yet they don’t realize how useful their high-speed Internet connections are as new launch points for brute-force SSH scans and DDoS attacks. The simple truth is that no one is safe from attack, and small organizations often feel the impact more than large enterprises because of their limited budgets and IT staff.
Since January, I’ve been speaking with IT staff from local city and county governments throughout Florida at conferences and in private meetings. The common issue among nearly every one of their organizations is that they have practically no budget for security and no dedicated security staff. In many cases, there is only one or two IT people, and they handle everything from desktop and server support to IT training and security. My goal with the talks has been to help these small groups realize quick and no-cost (or low-cost) ways to strengthen their security posture.
To read more click here:
EU’s Cybersecurity Strategy gets harsh criticism from data protection advocate
A posting from Naked Security on Cybersecurty Strategy :
A top EU data privacy advocate has criticised the European Union’s plans to combat cybercrime, saying they don’t provide enough protection for personal data.
In the same statement, the European Data Protection Supervisor (EDPS) Peter Hustinx suggested that too little attention has been paid to existing regulations and agencies, and that it would be useful to have tighter definitions of what exactly the European Commission means by “cybercrime” and related terms.
The statement comes as an official “opinion” document [PDF] responding to the EU’s Cybersecurity Strategy [PDF] plan.
The strategy was issued in February alongside proposals for a set of unified network and information security rules, referred to as the “NIS Directive [PDF]“.
The strategy document got a lukewarm reception at the time, with general approval that the EC was heading in the right direction but worries that the proposals were too vague and open-ended. The opinions from the EDPS seem to echo this, welcoming the existence of the strategy but pointing out some potential problems.
To read more click here:
Texas becomes first US state to ban warrantless email snooping
A posting from Naked Security:
Texas has become the first US state to ban email snooping without a warrant.
Governor Rick Perry signed the new privacy bill – HB 2268 – into law on Friday. It went into effect immediately.
The bill enacts a law that sets Texas residents apart from the other 49 states by protecting them from state and local law enforcement surveillance carried out without a warrant.
The portion of the bill that pertains to privacy was written by 29-year-old freshman Republican legislator Jonathan Stickland, who represents an area between Dallas and Fort Worth.
Stickland told the Star-Telegram that he’s fighting for ideals that all US citizens can get behind – a sentiment the newspaper applauded:
To read more click here:
Beware Of HTML5 Development Risks
A posting from Dark Reading in there Application Security section:
As HTML5 continues to experience a groundswell of acceptance within the developer community, organizations must think seriously about how key changes in this latest standard will require them to shift their application security paradigms for Web and mobile apps. Designed to help developers more closely mimic native application through browser-based apps, HTML5 includes a number of useful features that pose as double-edged swords from a security perspective.
“It provides a slew of new programming methods to websites that could present new security challenges and privacy risks to end users and site operators alike,” says Aaron Rhodes, senior security consultant for Neohapsis, a mobile and cloud security services firm.
To read more click here:
Blackberry releases first security fixes for new Z10 smartphone
A posting from Naked Security:
Blackberry released two security bulletins yesterday, fixing flaws in its software for the Blackberry Playbook and Blackberry Z10 smartphone.
BSRT-2013-005 affects both the Z10 and the Playbook and fixes vulnerabilities in the bundled Adobe Flash Player.
This raises an important question in my mind, though. Why on earth has Blackberry launched a new mobile operating system with Flash support, knowing full well the number of vulnerabilities and in the wild attacks against it?
Apple was first to shun Flash while some Android handset makers bragged about Flash support. For about a month. Then Adobe pulled the plug on its own Android package.
This seemed to have resolved the issue and HTML5 was the winner for mobile interactive content. “Winner by default,” or so I thought.
Now you might think it is a “nice to have” so long as Blackberry keeps it up-to-date and makes it easy to apply to your device.Adobe released Flash fixes yesterday too, right?
While that is true, the Flash fixes released by Blackberry yesterday were from back in January. Yes, they fixed the vulnerabilities described inAPSB13-01.
To read more click here:
BlackBerry Z10 incurs ‘critical’ security warning
A posting in CNET New in there Security & Privacy Section:
BlackBerry has issued a security advisory notice to those who have bought its flagship Z10 touchscreen smartphone — the first BlackBerry 10 device to launch following the company’s bid for revival, back in February.
The advisory, which was issued last week, notes a bug that relates to BlackBerry Protect, its security and backup utility, rather than the phone’s operating system itself.
According to the advisory, an escalation of privilege vulnerability exists in the software of some Z10 phones that could allow a malicious app to “take advantage” of weak permissions in the in-built security software. This could allow a hacker to gain access to the device’s password, and intercept and prevent the device from being wiped.
The “critical” factor is that the security flaw could dupe the device’s user into installing an app which resets the device password through BlackBerry Protect. Though the device may be in the user’s hands, its data is under the control of the hacker.
To read more click here:
