ComWise Internetwork Sdn Bhd

De-FUD-ing Privileged User Management

admin — Sat, 25 May 2013 00:24:31 +0000

I am proud to write this column for Dark Reading. The biggest reason is I get to share two decades of stuff I’ve seen with databases and security with you, and it starts really good conversations every time I attend security conferences and meet readers face-to-face. I can share perspective, help clarify issues around database threats, and explain the pros and cons of database security products.

On occasion, I even get to call BS on things I believe only confuse DBAs and security practitioners about database security. This is one of those occasions. The recent blog post “Privileged user management a must for DBAs” attempts to touch on the tricky subject of monitoring DBA activity, but falls down trying. The topic is really important, but the advice provided is so far off that I feel it warrants a discussion. In fact, I think the contrast between the two perspectives will be really helpful for all.

ObserveIT and XenDesktop 7 Let You Watch What Your Mobile Users Do in Your Business Apps from Anywhere at Anytime

admin — Sat, 25 May 2013 00:23:55 +0000

These days, we see more and more organizations moving their business applications to the cloud and allowing business users to access them from their mobile devices. That means that unlike the old days when business applications were accessed only from the office and when organizations had control over who had physical access to the office premises, now anyone who has application credentials can access business data anytime, anywhere. While these move to the cloud does increase productivity, mobile access also significantly increases the risks related to stolen credentials or even malicious employees sharing sensitive business data to anyone though their mobile device.

Apple iPhone encryption causing police backlog

admin — Wed, 15 May 2013 01:33:57 +0000

Apple’s iPhone has proven a hit with the general public, but the company’s strong security protections are making the device less than popular with law enforcement agencies.

It seems that the encryption on the handset is proving to be so hard for authorities to crack that they have to petition Apple to manually unlock the handset by manually overriding the security controls and decrypting data needed for criminal prosecution.

Unfortunately, there are so many police asking for iPhone decryption that Apple has found itself with a backlog of requests. According to Cnet, law enforcement officials are being told that they must wait as long as two months to gain access to iPhone units that are connected to criminal investigations.

Bloomberg chief apologizes for data snooping

admin — Wed, 15 May 2013 01:33:12 +0000

The editor-in-chief of Bloomberg News said Monday that reporters working for the company’s news division should never have been allowed to access otherwise restricted client data.

Allegations surfaced last week that Bloomberg reporters have long enjoyed access to some client data via the company’s ubiquitous financial data terminals. The practice was largely unknown outside Bloomberg, and presumably gave the company’s reporters an advantage over competitors.

Special Report: U.S. cyberwar strategy stokes fear of blowback

admin — Wed, 15 May 2013 01:32:38 +0000

(Reuters) – Even as the U.S. government confronts rival powers over widespread Internet espionage, it has become the biggest buyer in a burgeoning gray market where hackers and security firms sell tools for breaking into computers.

The strategy is spurring concern in the technology industry and intelligence community that Washington is in effect encouraging hacking and failing to disclose to software companies and customers the vulnerabilities exploited by the purchased hacks.

Hackers hit domain registrar, access credit card data and passwords

admin — Sun, 12 May 2013 03:24:28 +0000

A Denver-based domain name provider has suffered a breach where customers’ personal data, including encrypted passwords and credit card information, was compromised.

On Wednesday, Name.com notified customers by email about the incident. The company said the breach appeared to be an attempt by an intruder to “gain information on a single, large commercial account at Name.com,” though an undisclosed number of customers were impacted in the process.

A Name.com customer posted the email on a community forum called MyBB on Wednesday.

“Name.com recently discovered a security breach where customer account information including usernames, email addresses, and encrypted passwords and encrypted credit card account information may have been accessed by unauthorized individuals,” the email said. The company added that it stores customer credit card data using a “strong encryption” method and that the private keys required to access the information are stored “physically in a separate remote location that was not compromised.”

U.S. warns industry of heightened risk of cyberattack

admin — Sun, 12 May 2013 03:23:52 +0000

The U.S. government on Thursday warned of a heightened risk of a cyberattack that could disrupt the control systems of U.S. companies providing critical services such as electricity and water.

Officials are highly concerned about “increasing hostility” against “U.S. critical infrastructure organizations,” according to the warning, which was released by theDepartment of Homeland Security on a computer network accessible only to authorized industry and government users. “Adversary intent extends beyond intellectual property theft to include the use of cyber to disrupt . . . control processes.”

Feds Charge 8 Alleged Mules in $45 Million Global Cyber Bank Heist

admin — Sun, 12 May 2013 03:23:16 +0000

Eight suspects have been charged in New York for their alleged roles in a global cybercrime ring that authorities say involved the theft of more than $45 million from financial institutions in two cyber heists.

The international gang hacked into the computers of bank card processors to steal prepaid debit card data, erase withdrawal limits on the cards and then pass the information to cashers or mules to siphon the money from ATMs around the world.

The gang first struck December 22 when hackers targeted a credit card processor that handled transactions for prepaid MasterCard debit cards issued to customers of the National Bank of Ras Al-Khaimah PSC, or RAKBANK, in the United Arab Emirates. They handed off the stolen card data to cashers in 20 countries who withdrew $5 million in cash in more than 4,500 ATM withdrawals.

Database Security: It’s More Than Meets the Eye

admin — Sun, 12 May 2013 03:22:21 +0000

Having a safe doesn’t do much good if it is left open. Yet the safe where organizations house their data is sometimes left just as unsecure.

Last year for example, it was revealed that a university system upgrade at the University of North Carolina-Charlotte exposed data on the university’s H: drive on the Internet between Nov. 9, 2011, and Jan. 31, 2012. The news got worse for the university when it was discovered that misconfigured access settings also exposed sensitive data from the school’s College of Engineering from 1997 to February 2012.

“DBAs [database administrators] don’t have time for security – they spend less than five percent of their time on it,” said Forrester Research analyst Noel Yuhanna. “Most enterprises are dealing with data explosion that’s creating performance issues and availability concerns, which is where most of their time an effort goes. In a survey we did last year, performance was the top concern.”

Database Security: It’s More Than Meets the Eye

admin — Fri, 10 May 2013 01:18:20 +0000