Security Now - Security challenges come in many forms


ABTV Application Cloud Endpoint Infrastructure IoT/Embedded Mobile Network Operational Security Management
Sign up for our weekly newsletter! REGISTER NOW

News & Views DoJ Narrows Scope of DreamHost Warrant Curtis Franklin Security Editor, \| 8/23/2017 When most IT managers think about cybersecurity, they're thinking about keeping their company's data safe from criminals and cyber-warfare opponents. Some service providers, most recently DreamHost, have expanded that list of adversaries to include the US Department of Justice. And on August 22, DreamHost scored a small victory in their most recent battle. Post a Comment \| READ () Delaware Requires Data Security in New Law Curtis Franklin Security Editor, \| 8/23/2017 Delaware has become the latest state to enact legislation on computer security, joining at least 13 other states in setting specific requirements for companies doing business within their borders. Delaware's law is notable in two regards, the first involving the nature of Delaware and the second a critical provision within the law itself. Post a Comment \| READ (4 comments) Latest comment: International data protection laws have already been a mess and they're not getting... New SaaS Service Offers Order for Access Curtis Franklin Security Editor, \| 8/22/2017 When it comes to authorized access, you need to know the system that's trying to connect and you need to know and trust the human behind the system. Knowing the human is the first part of what Starling Identity Analytics & Risk Intelligence (IARI), a new SaaS-based service from One Identity, does for the enterprise. Post a Comment \| READ () Voice of Security Radio: Building Secure Applications Curtis Franklin Security Editor, \| 8/22/2017 We move data around systems and networks, but in the final analysis everything comes down to the applications. And in 2017 the news is still filled with stories of companies that left a door open to their data and systems -- an accidental door right in the middle of their enterprise applications. That's why this week's episode of Voice of Security is all ... Post a Comment \| READ (2 comments) Latest comment: @Susan Fourtan� yes I could not agree more as with security thing must... Amazon S3 Errors Hit Home Again Curtis Franklin Security Editor, \| 8/21/2017 What is it about Amazon S3? While thousands of customers are able to securely keep data on the large storage cloud, a disconcerting number of companies seem to lose the ability to correctly configure storage when faced with the Amazon Web Services buckets. The latest misconfiguration victim? Groupize, a meeting management and hotel-booking company based ... Post a Comment \| READ (3 comments) Latest comment: Conversely, automation and "user-friendly" GUIs, I have long held, hinder understanding... 'Good Enough' Probably Isn't Philip Lieberman President and CEO, Lieberman Software Corp., \| 8/21/2017 For several years now, I have advocated that CEOs must begin acting as the Commander-in-Chief of cyber warfare for their companies. This role would involve the chief executive building resiliency into not only the business itself but also into IT, which is now key to the survival of the business. Post a Comment \| READ () Sleepless in Cupertino Larry Loeb Author, \| 8/21/2017 Apple gets peeled Someone named xerub is causing some sleepless nights in Cupertino. What s/he has done is publish the key used for the iPhone's Secure Enclave Processor's (SEP) firmware. Post a Comment \| READ () Finding Tools for DevSecOps Curtis Franklin Security Editor, \| 8/18/2017 When DevSecOps are defined it can begin a process. But ultimately process requires tools to become practice. Where do you go to find tools to use when an organization wants to move beyond theory adding security to DevOps? Post a Comment \| READ () Questions of Colors Curtis Franklin Security Editor, \| 8/18/2017 In the spirit of our parent publication Light Reading, a Friday Security Haiku. Post a Comment \| READ (1 Comment) Latest comment: According to a recent SecurityNow poll (on the right side of the screen and still... Cybercrime Is North Korea's Biggest Threat Andy Patrizio Technology Journalist, \| 8/17/2017 With the media doing its best to scare the daylights out of Americans over the North Korean nuclear threat, it's missing out on the real menace that is causing real damage: Kim Jong-un's brigade of hackers and cyber thieves. Post a Comment \| READ () Digital Identity Will Drive Revenue & Reduce Risk Michael Lynch Chief Strategy Officer, InAuth, \| 8/17/2017 Digital Identity has many definitions. Digital identity is known to be the online representation of a person's civil and personal identity. Some of the newer ways of describing digital identity also describe it as the entire collection of data associated with a person's interactions online. In certain scenarios, the device or application the person is ... Post a Comment \| READ (1 Comment) Latest comment: "The right content at the right moment entices consumers to want to spend more time... Rackspace Strengthens Its Managed Security Story Curtis Franklin Security Editor, \| 8/17/2017 Rackspace has added Privacy and Data Protection (PDP) to the latest version of its managed security offerings. PDP provides enhanced encryption, data access and compliance monitoring for customers. Post a Comment \| READ (1 Comment) Latest comment: "..where PDP fits into the company's overall security strategy, and how customers... Load More Articles + All Articles All Video All Slide Shows All Articles discussion board batye, 8/24/2017 3:32:40 AM Voice of Security Radio: Building Secure Applications Re: Re: Securing applications @Susan Fourtan� yes I could not agree more as with security thing must be done properly and in timely manner no other way around... how I see it... Post Your Reply mhhfive, 8/23/2017 10:18:34 PM Delaware Requires Data Security in New Law Re: Re: Any exodus of corporate registrations from states with new security regulations? International data protection laws have already been a mess and they're not getting any simpler any time soon with the rise of protectionist policies that seem to be trending. It'll be interesting to see how international companies adapt and... Post Your Reply Joe Stanganelli, 8/23/2017 9:22:54 PM Amazon S3 Errors Hit Home Again Re: Re: It requires a human ... Conversely, automation and "user-friendly" GUIs, I have long held, hinder understanding and lead to exactly this type of error. The easier it is to do something right, the easier it is to do something wrong.For this reason, I absolutely agree... Post Your Reply Joe Stanganelli, 8/23/2017 9:19:49 PM Delaware Requires Data Security in New Law Re: Re: Any exodus of corporate registrations from states with new security regulations? @mhh: They do...and with GDPR going into effect next year, things are already highly complex for international organizations. Post Your Reply Joe Stanganelli, 8/23/2017 9:19:03 PM Delaware Requires Data Security in New Law Re: "Breach" "It goes on to define what 'breach' means"As it so happens, of the 46 states that have breach-notification laws on the books, in general, most if not all of them define such basic terms as "breach" in their own unique way -- making the issue... Post Your Reply mhhfive, 8/23/2017 7:33:48 PM Delaware Requires Data Security in New Law Re: Any exodus of corporate registrations from states with new security regulations? I have to wonder if any companies are re-thinking their choice of where to incorporate now. Given how many companies have accidentally leaked PII in recent months, this kind of liability is a real risk that may not have a straightforward solution. I... Post Your Reply Susan Fourtané , 8/23/2017 2:09:27 AM Voice of Security Radio: Building Secure Applications Re: Securing applications This is very important, indeed. As the old good advice goes: For security to be effective you need to security your network, your devices, and your applications. If you don't secure well any one of them, all the efforts put on securing the... Post Your Reply mhhfive, 8/22/2017 7:35:38 PM Amazon S3 Errors Hit Home Again Re: Better defaults... I think platforms like AWS need to analyze their default settings... to make sure users need to change them on purpose to something less secure, even it it means it's not as useful with default settings.... Post Your Reply Susan Fourtané , 8/22/2017 3:12:09 AM Amazon S3 Errors Hit Home Again Re: It requires a human ... How terrible. Vulnerabilities are a real problem. "It requires a human to specifically override that setting to expose data to the world." Once more we need to say here that in order to avoid these things that humans do, sometimes even in a... Post Your Reply batye, 8/21/2017 9:46:00 AM Magical Thinking Drives the Myth of AI Solving Security Re: Re: Fear of the unknown @SUSAN FOURTANÉ could not agree more as with today state of the security you never know what to expect each day... preparation is a must... Post Your Reply Susan Fourtané , 8/21/2017 4:42:24 AM Magical Thinking Drives the Myth of AI Solving Security Re: Re: Fear of the unknown Taimoor - Now I see. Thank you. Yes, it's very important to always be prepared for the unexpected. Post Your Reply batye, 8/20/2017 5:50:25 PM Magical Thinking Drives the Myth of AI Solving Security Re: Re: Fear of the unknown @TAIMOORZUBAIR, human nature is to always have fear of the unknow... as this days you never know what to expect this days as security breaches keep happening more and more every day Post Your Reply Next 5 messages + All messages All messages Chat 8/23/2017 8:46:19 AM Voice of Security Radio: Vulnerabilities Hidden in Applications: Last Thursday's talk was very good. I am looking forward to another! klogan453 Keeper 8/22/2017 10:12:03 AM Voice of Security Radio: Vulnerabilities Hidden in Applications: We'd love to have your voice in the discussion here. To take part, just type your comment into the "Your Post" box and then click on the "Post" button below the box. Feel free to introduce yourself before the show starts -- I think you'll find... Curt Franklin Keeper 8/22/2017 10:11:52 AM Voice of Security Radio: Vulnerabilities Hidden in Applications: Hey, everyone, we're glad you could join us! When the show is scheduled to start, an audio player should appear above the "Your Post" window. If it doesn't appear, you might need to refresh your browser until it does. If it appears but doesn't... Curt Franklin Keeper 8/17/2017 4:05:53 PM Voice of Security Radio: Finding Vulnerabilities on the IoT: thank you! klogan453 Keeper 8/17/2017 4:05:41 PM Voice of Security Radio: Finding Vulnerabilities on the IoT: Excellent discussion all. I'm glad you had so much to say! So many excellent points & secure-type things to consider :) Michelle Keeper 8/17/2017 4:05:30 PM Voice of Security Radio: Finding Vulnerabilities on the IoT: @Curt: If you can get him to return, I look forward to it! Joe Stanganelli Guardian 8/17/2017 4:04:02 PM Voice of Security Radio: Finding Vulnerabilities on the IoT: Thanks guys. Good show. mrobuck Keeper 8/17/2017 4:03:38 PM Voice of Security Radio: Finding Vulnerabilities on the IoT: Thank you, Casey! I really appreciate you taking the time to share your insights today!(...and thanks to Curt and the gang, too!) Joe Stanganelli Guardian 8/17/2017 4:03:19 PM Voice of Security Radio: Finding Vulnerabilities on the IoT: Already took the flash poll, and am looking forward to the results! Joe Stanganelli Guardian 8/17/2017 4:02:52 PM Voice of Security Radio: Finding Vulnerabilities on the IoT: OTOH, I can see both sides of the equation from this particular perspective. Manufacturers' responsibility -- laws and regulations or not -- is even greater in this regard. It is perfectly reasonable to expect and allow for people to be self-interested,... Joe Stanganelli Guardian Next 5 chats +		Flash Poll All polls Radio Shows ARCHIVED \| August 17, 2017, 3pm EDT Voice of Security Radio: Finding Vulnerabilities on the IoT Join us for an interview with Casey Ellis, CEO of Bugcrowd UPCOMING \| August 24, 2017, 3pm EDT Voice of Security Radio: Vulnerabilities Hidden in Applications UPCOMING \| August 31, 2017, 3pm EDT Voice of Security Radio: A Security Partnership with Machine Learning ARCHIVED SHOWS DOWNLOAD TO CALENDAR Information Resources • Redefining the Enterprise Security Perimeter • Next Generation Managed Security Services • Session Border Controllers for Dummies • Securing Real-Time Communications for Dummies • 2017 North American Enterprise Session Border Controller Company of the Year Award • Debunking the Top 4 Myths About DDoS • Is the Future of Enterprise Security in Managed Services • DDoS Protection Strategies: Choosing the Right Model • The Perimeter: An Identity Crisis • Key Considerations In Deploying an SSL Solution All resources Video Facebook has introduced new measures that will enable users to secure access to their accounts using a physical 'key' application. All Videos Twitter Feed Tweets by Security_Now_ like us on facebook