Tag: Policy

Fraud Analytics: You’re Doing It Wrong!

One of the most vexing problems in computer security today is distinguishing malicious from legitimate behavior on victim networks. Sophisticated cyber criminals and nation-backed hacking groups make a point of moving low and slow on compromised end points and networks, while victim organizations are (rightly) wary of disrupting legitimate business activity for the sake of spotting a breach. In this Security Ledger Podcast, Paul interviews Jason Sloderbeck, Director of Product Management at RSA, EMC’s security division.  Jason talks about RSA’s Silvertail fraud analytics technology, and the organizational and technology issues that keep victims from spotting attacks. One of the big mistakes organizations make when they investigate attacks, Sloderbeck said, is focusing too narrowly on a point in time during a web session that is felt to be a good indicator of compromise – like when a user authenticates to a service or “checks out” on an e-commerce web site. “There’s a whole […]

Continue Reading

FDA: Medical Device Makers, Hospitals Need To Boost Cyber Security

The U.S. Food and Drug Administration (FDA) has issued guidance to medical device makers and hospitals that use their products to pay more attention to cyber security and the potential for cyber attacks on vulnerable medical instruments.   The FDA released its “Safety Communication for Cybersecurity for Medical Devices and Hospital Networks” on Thursday – the same day that the Department of Homeland Security’s ICS (Industrial Control System) CERT issued a warning about the discovery of hard coded “back door” passwords in some 300 medical devices from 40 separate vendors, including drug infusion pumps, ventilators and patient monitoring systems. The FDA said it expects device makers to “review their cybersecurity practices and policies to assure that appropriate safeguards are in place to prevent unauthorized access or modification to their medical devices or compromise of the security of the hospital network that may be connected to the device. Hospitals were instructed to harden […]

Continue Reading

Privacy Bombshell: NSA Given Access To Facebook, Apple, Microsoft, Others

If you haven’t had a chance to check out the Washington Post story on The National Security Agency’s (NSA’s) and FBI’s widespread program of wire tapping, which leads directly into the servers of nine leading U.S. Internet companies, including Facebook, Microsoft, Google and Apple. The classified program, dubbed PRISM, dates to 2007 and the administration of George W. Bush and authorizes the nation’s top spy agency to peer deep into the servers of  popular social networking sites, compiling audio, video, photographs, e-mails, documents and connection logs. Together the information could enable intelligence operators to track an individual’s communications, movements relationships over time. The classified program came to light following the leak of a classified presentation for NSA staff, dated April 2013, that describes the program as critical and a leading contributor of intelligence to President Obama’s daily briefing. While a small cadre of members of Congress were briefed on the program […]

Continue Reading

Mobile Phone Use Patterns: The New Fingerprint

Mobile phone use may be a more accurate identifier of individuals than even their own fingerprints, according to research published on the web site of the scientific journal Nature. Scientists at MIT and the Université catholique de Louvain in Belgium analyzed 15 months of mobility data for 1.5 million individuals who the same mobile carrier. Their analysis, “Unique in the Crowd: the privacy bounds of human mobility” showed that data from just four, randomly chosen “spatio-temporal points” (for example, mobile device pings to carrier antennas) was enough to uniquely identify 95% of the individuals, based on their pattern of movement. Even with just two randomly chosen points, the researchers say they could uniquely characterize around half of the 1.5 million mobile phone users. The research has profound implications for privacy, suggesting that the use of mobile devices makes it impossible to remain anonymous – even without the use of tracking […]

Continue Reading

FTC Forum Will Tackle Mobile Device Threats

The U.S. Federal Trade Commission is continuing to focus its energies on protecting the growing number of consumers using smart phones and other mobile devices. Next up: a public forum to discuss threats to mobile devices. The FTC announced the one-day public forum on Friday and said it hopes to use the event to address problems like “malware, viruses and similar threats facing users of smartphones and other mobile technologies.” The event will take place on June 4th at the FTC’s offices on New Jersey Avenue NW in Washington, D.C. The public forum is just the latest effort by the nation’s leading watchdog to reign in a free-wheeling mobile application marketplace, and put stronger consumer and privacy protections in place. Earlier this month, the agency released a Staff Report that called on mobile OS, mobile device and mobile application firms to provide clearer guidelines to consumers about how their information […]

Continue Reading
1 63 64 65 66