Tag: encryption

Ted Julian - Co3

The Security Week In Review: Same Breach, Different Day

It’s the end of another week and, as has become a pattern, we’re weighing the impact of ¬†another massive data breach: this one at Cupid Media, the owner of a network of dating web sites. According to a report on Krebsonsecurity.com, data on some 40 million Cupid Media customers turned up on the same servers that were found holding data stolen from Adobe Inc., PR Newswire and other victims. To get a handle on the impact of this breach and others like it, I invited Ted Julian, the Chief Marketing Officer of CO3 Systems, to talk about the recent string of embarrassing breaches and how companies go wrong (and sometimes right) in responding to them. Co3 sells a service that helps companies structure their response to data breaches and other adverse incidents. We also took the time to talk about the recent FTC Workshop on security and privacy on The […]

Smart Meters

Verizon: New Cloud Encryption Service Will Secure IoT Devices

Identity is one of the biggest challenges facing companies that are deploying products for the “Internet of Things,” as well as traditional enterprises that find IoT technologies of all types knocking at the door. The question, in short, is “how do I know that this device is legitimate, and ties back to an identity that I trust with access to my network resources and data? Of course, identity management has always been an aching problem in the enterprise space. The problem with the IoT is scale – given the sheer size of the IoT (30 billion connected devices by 2020), you can add a few “zeros” onto the number of devices that could, potentially, be seeking access to your network at any time. [Related read: Identity Management’s Next Frontier: The Interstate] It makes sense that, in a distributed environment like that, the cloud may be the best place to address […]

Snowden Borrowed from APT Playbook In NSA Hack

We know for sure that Edward Snowden made short work of the protections that the National Security Agency used to segregate classified data. Snowden’s revelations about government spying on foreign governments, domestic and foreign firms and…well…just about everyone else first appeared in print in May. Since that time, a looming question is “how?” In other words: how did a single contractor gain access to such a massive trove of classified intelligence while working for the most security conscious organization in the world?   While the exact methods used by Snowden are still not known, there are many theories. Now the security firm Venafi thinks that it has an answer, and is challenging the NSA to prove it wrong. In a blog post on Wednesday, the company laid much of the blame on poor management of digital certificates and user credentials, which allowed Snowden to move laterally within the NSA’s classified […]

APT or fANTasy: The Strange Story of BadBIOS

Yesterday over on Veracode’s blog I wrote about the ongoing saga of “BadBIOS” – a piece of malicious software that might be the most sophisticated virus ever written, or a figment of the imagination of Dragos Ruiu, the esteemed security researcher who says he discovered it on systems he owned. The story of BadBIOS reads like something out of science fiction. Ruiu has described it in interviews and blog posts as BIOS-based malware that can back door systems running a variety of operating systems – OS X, Windows and even OpenBSD. But it’s also described as an ephemeral kind of ‘we-don’t-know-what,’ that can’t be isolated or analyzed. One Twitter follower of Ruiu’s suggested designating it a “heisenbug” which he defined as “a software bug that seems to disappear or alter its behavior when one attempts to study it.” That would be funny if this weren’t deadly serious. For, really, one […]

Report: Adobe Data Breach Ten Times Bigger Than First Reported

The huge security breach at software maker Adobe is even bigger than first reported, with more than 150 million credentials stolen, including records on up to 38 million active customers, according to a report by Brian Krebs at the web site Krebsonsecurity.com. Krebs said in a story posted Tuesday that Adobe’s initial estimates that user names and passwords for around three million customers was well short of the actual number taken by hackers who breached the company’s network. Citing a file posted by the website Anonnews.org, Krebs said the actual number of affected Adobe accounts stolen is much larger:¬†150 million username and hashed password pairs including credentials for 38 million “active” accounts, according to Adobe spokesperson Heather Edell. Edell told Krebs that Adobe has just completed a campaign to contact active users whose user IDs and encrypted passwords were stolen (including this author). Those customers are being encouraged to change […]