Hacks & Hackers

A flaw in the WPA-2 wireless protocol leaves millions of device vulnerable to hacking and other malicious acts.

Update: Flaw in widely used Wi-Fi Standard could allow snooping

Hundreds of millions of wireless devices may be affected by a flaw in WPA-2, a widely used standard for securing wireless Internet connections.  (Updated to add commentary by Bob Rudis of Rapid 7.)

Kaspersky Lab disputed a report in the Wall Street Journal that its software played a role in the theft of NSA hacing tools from a government contractor.

Kaspersky Lab CEO says company may be hacking victim

CEO Eugene Kaspersky likened a Wall Street Journal report on his company’s software being used to hack an NSA contractor to “the script of a C movie” and said his company was in the middle of a geopolitical dispute. 

What can you tell about a company's security just by looking at it from the outside? A lot.

Hacker Eye on the Consultant Guy: Deloitte and the Art of spotting Vulnerable Firms from the Outside

In the latest Security Ledger podcast, we analyze the breach of Deloitte by talking to two people who spend a lot of time judging the security of firms by how they look to the outside world. Dan Tentler of the firm Phobos Group tells us what he found out about Deloitte doing some fast and dirty open source research. Also: we talk to Stephen Boyer of the firm BitSight about a new study that firm did of the gap between the security readiness of financial services firms and the third-party software supply chain they rely on. 

A breakdown of breaches by country. (Image courtesy of Gemalto.)

Report: 1.9b Records Lost in First Half of 2017, topping 2016

A survey of public data breaches has found a large increase in the number of records that have been stolen, lost or compromised in the first six months of 2017. The firm Gemalto said that the number of records caught up in breaches jumped 164% from the second half of 2016 and the first half 2017 to almost 2 billion lost records. That is more than the total number of records lost in all of 2016.  Gemalto said its latest data from the company’s Breach Level Index, a global database of public data breaches, indicates 918 data breaches led to 1.9 billion data records being compromised worldwide in the first half of 2017. Most of the leaked records came from just 22 large data breaches, each involving more than one million compromised records, the company said. How many records? Nobody knows. Even more worrying: of the 918 data breaches, the […]

After Equifax: What Makes a Good CSO? Also: App Sec is a Mess. We Talk about Why.

After Equifax: What Makes a Good CSO? Also: App Sec is a Mess. We Talk about Why.

What makes a good CSO? In the wake of the Equifax breach, we talk about the controversy over that company’s CSO’s music degree. Also: we talk with Signal Sciences about why companies keep getting hacked via application vulnerabilities like the Apache Struts hole that felled Equifax.