ComWise Internetwork Sdn Bhd

Apple iPhone encryption causing police backlog

Wednesday, May 15th, 2013 | Author: admin

Apple’s iPhone has proven a hit with the general public, but the company’s strong security protections are making the device less than popular with law enforcement agencies.

It seems that the encryption on the handset is proving to be so hard for authorities to crack that they have to petition Apple to manually unlock the handset by manually overriding the security controls and decrypting data needed for criminal prosecution.

Unfortunately, there are so many police asking for iPhone decryption that Apple has found itself with a backlog of requests. According to Cnet, law enforcement officials are being told that they must wait as long as two months to gain access to iPhone units that are connected to criminal investigations.

Category: IT Security | Leave a Comment

Bloomberg chief apologizes for data snooping

Wednesday, May 15th, 2013 | Author: admin

The editor-in-chief of Bloomberg News said Monday that reporters working for the company’s news division should never have been allowed to access otherwise restricted client data.

Allegations surfaced last week that Bloomberg reporters have long enjoyed access to some client data via the company’s ubiquitous financial data terminals. The practice was largely unknown outside Bloomberg, and presumably gave the company’s reporters an advantage over competitors.

Category: DataBase Security | Leave a Comment

Special Report: U.S. cyberwar strategy stokes fear of blowback

Wednesday, May 15th, 2013 | Author: admin

(Reuters) – Even as the U.S. government confronts rival powers over widespread Internet espionage, it has become the biggest buyer in a burgeoning gray market where hackers and security firms sell tools for breaking into computers.

The strategy is spurring concern in the technology industry and intelligence community that Washington is in effect encouraging hacking and failing to disclose to software companies and customers the vulnerabilities exploited by the purchased hacks.

Category: IT Security | Leave a Comment

Hackers hit domain registrar, access credit card data and passwords

Sunday, May 12th, 2013 | Author: admin

A Denver-based domain name provider has suffered a breach where customers’ personal data, including encrypted passwords and credit card information, was compromised.

On Wednesday, Name.com notified customers by email about the incident. The company said the breach appeared to be an attempt by an intruder to “gain information on a single, large commercial account at Name.com,” though an undisclosed number of customers were impacted in the process.

A Name.com customer posted the email on a community forum called MyBB on Wednesday.

“Name.com recently discovered a security breach where customer account information including usernames, email addresses, and encrypted passwords and encrypted credit card account information may have been accessed by unauthorized individuals,” the email said. The company added that it stores customer credit card data using a “strong encryption” method and that the private keys required to access the information are stored “physically in a separate remote location that was not compromised.”

Category: DataBase Security | Leave a Comment

U.S. warns industry of heightened risk of cyberattack

Sunday, May 12th, 2013 | Author: admin

The U.S. government on Thursday warned of a heightened risk of a cyberattack that could disrupt the control systems of U.S. companies providing critical services such as electricity and water.

Officials are highly concerned about “increasing hostility” against “U.S. critical infrastructure organizations,” according to the warning, which was released by theDepartment of Homeland Security on a computer network accessible only to authorized industry and government users. “Adversary intent extends beyond intellectual property theft to include the use of cyber to disrupt . . . control processes.”

Category: IT Security | Leave a Comment

Feds Charge 8 Alleged Mules in $45 Million Global Cyber Bank Heist

Sunday, May 12th, 2013 | Author: admin

Eight suspects have been charged in New York for their alleged roles in a global cybercrime ring that authorities say involved the theft of more than $45 million from financial institutions in two cyber heists.

The international gang hacked into the computers of bank card processors to steal prepaid debit card data, erase withdrawal limits on the cards and then pass the information to cashers or mules to siphon the money from ATMs around the world.

The gang first struck December 22 when hackers targeted a credit card processor that handled transactions for prepaid MasterCard debit cards issued to customers of the National Bank of Ras Al-Khaimah PSC, or RAKBANK, in the United Arab Emirates. They handed off the stolen card data to cashers in 20 countries who withdrew $5 million in cash in more than 4,500 ATM withdrawals.

Category: DataBase Security | Leave a Comment

Database Security: It’s More Than Meets the Eye

Sunday, May 12th, 2013 | Author: admin

Having a safe doesn’t do much good if it is left open. Yet the safe where organizations house their data is sometimes left just as unsecure.

Last year for example, it was revealed that a university system upgrade at the University of North Carolina-Charlotte exposed data on the university’s H: drive on the Internet between Nov. 9, 2011, and Jan. 31, 2012. The news got worse for the university when it was discovered that misconfigured access settings also exposed sensitive data from the school’s College of Engineering from 1997 to February 2012.

“DBAs [database administrators] don’t have time for security – they spend less than five percent of their time on it,” said Forrester Research analyst Noel Yuhanna. “Most enterprises are dealing with data explosion that’s creating performance issues and availability concerns, which is where most of their time an effort goes. In a survey we did last year, performance was the top concern.”

Category: DataBase Security | Leave a Comment

Database Security: It’s More Than Meets the Eye

Friday, May 10th, 2013 | Author: admin

Category: DataBase Security | Leave a Comment

Aberdeen Group Publishes IT Security, Financial Management and GRC Research

Friday, May 10th, 2013 | Author: admin

BOSTON, MA, May 09, 2013 (Marketwired via COMTEX) — Aberdeen Group, a Harte-Hanks Company HHS +0.36% , today announced the publication of new research reports from its IT Security, and Financial Management and GRC research practices.

Recently, a leading government agency published analysis that suggests that just four specific endpoint security controls would have successfully protected against at least 85% of cyber intrusions they actually experienced. The first of three research reports authored by Vice President and Research Fellow Derek Brink, leader of the Aberdeen Group IT Security research practice, “Virtual Patching and Database Security: An Effective Compensating Control,” confirms that patching promptly is part of highly effective approaches to managing vulnerabilities — but notes that patching is not always practical or even possible, which is why many companies look to virtual patching as an effective compensating control. One prime example: virtual patching in the context of database security. To access a complimentary copy of this report, please visit http://aberdeen.com/Aberdeen-Library/8463/AI-patch-endpoint-security.aspx.

Category: IT Security | Leave a Comment

10 Reasons SQL Injection Still Works

Thursday, May 09th, 2013 | Author: admin

seeking to break into corporate databases.

“SQL injection is still out there for one simple reason: It works!” says Tim Erlin, director of IT security and risk strategy for Tripwire. “As long as there are so many vulnerable Web applications with databases full of monetizable information behind them, SQL injection attacks will continue.”

Even though some recent data out from WhiteHatshowed that SQL injection attacks bumped down from the top 10 most prevalent Web attacks in 2012, other data from Veracode saw SQLi attacks holding steady last year. And consensus from development, security, and IT consulting experts is that these attacks continue to expose enterprise databases on a daily basis.

Category: DataBase Security | Leave a Comment

Latest News

Guardium

ObserveIT

Categories

The editor-in-chief of Bloomberg News said Monday that reporters working for the company’s news division should never have been allowed to access otherwise restricted client data.