An Iranian man who revealed a vulnerability in a widely used point of sale (POS) system in Iran had his blog confiscated by Google, which cited violations of its Terms of Service.
Browsing Category: Compliance
A new bill introduced to the U.S. House of Representatives would make it illegal for employers and other institutions to require Social Media passwords from their employees.
This post is the third in a 4-part series on Application Security, or “AppSec”. The series will define the components of a sound AppSec program, delineate the growing threats to software, weigh the costs of a data breach, and outline the CISO’s responsibility in managing software security risk. Taken together, they are a primer on AppSec best practices that will help organizations build the business case for further investment in this critical IT security discipline.By Fergal GlynnThis series began with a general definition of Application Security (“AppSec”) as a fundamental infosec practice that addresses the reduction of both immediate and systemic software risk. When undertaken correctly, AppSec takes a systematic, programmatic approach to hardening business-critical software, from the inside. That’s not to say that organizations must over-invest in an advanced program from the start to be effective – in fact, quite the opposite.
UPDATE: Security researchers are warning about the risk posed by an embarrassing security hole in industrial control software by the firm RuggedCom. A hidden administrative account could give remote attackers easy access to critical equipment that is used to manage a wide range of critical infrastructure, including rail lines, traffic control systems and electrical substations.
Data from the Massachusetts Office of Consumer Affairs & Business Regulation (OCABR) shows that 3.2 million residents – almost half the population of the state- have been the victim of a data breach in the last four years.
A long list of security, networking and computer science experts have signed a letter sent to lawmakers on Monday, asking them to drop support for CISPA and other proposed cybersecurity bills because they consider the measures overly broad and say they would infringe on users’ privacy and civil liberties. The group, which includes Bruce Schneier, Peter Neumann and others, said the bills’ focus on allowing the sharing of users’ traffic with government agencies would “unnecessarily trade our civil liberties for the promise of improved network security.”
Search giant Google said it is quintupling the top bounty it will pay for information on security holes in its products to $20,000.
Editor’s Note: This post is the second in a multi-part series on Application Security, or “AppSec” prepared by our friends over at application testing firm Veracode. The series will define the components of a sound AppSec program, delineate the growing threats to software, weigh the costs of a data breach, and outline the CISO’s responsibility in managing software security risk. Taken together, they are a primer on AppSec best practices that will help organizations build the business case for further investment in this critical IT security discipline.By Fergal Glynn, Veracode Inc.
A South Carolina man was arrested yesterday on charges stemming from a data breach that may have leaked personal information on more than 200,000 Medicaid beneficiaries in the state, including their names, phone numbers, addresses, birth dates and Medicare ID numbers according to a report in the newspaper The State.
Estimates of the extent of cyber crime are hopelessly overblown, two computer security researchers argue in an editorial from Sunday’s New York Times.