Stuxnet Shows That Inside Knowledge Is Deadly
This week there was speculation in the press that the infamous Stuxnet worm is actually purpose-built malware designed to cripple a single targeted institution: Iran’s Bushehr Nuclear facility.
Despite Recent Updates, PCI DSS Security Flaws Remain
For the most part, PCI-DSS is a good idea that improved the overall security of credit card payment handlers. However, PCI security flaws exist.
Secure Privileged Accounts: The Shoemaker’s Children Go Barefoot
A recent New York Times article, “A Strong Password Isn’t the Strongest Security,” offers a great assessment of the complacency of many IT security professionals. The assertion that password strength is not as important as protecting passwords against interception has some real validity. However, user logins are just one aspect…
Smart Cards Are Key to Outsmarting Hospitality Hackers
Now that we’ve reached the last real month of summer the US vacation season will slowly wind down. However if the 2010 Global Security Report from Trustwave is any indication, the hospitality industry won’t feel relief from hackers anytime soon. According to the multi-industry report, hackers infiltrated hospitality services more…
Time to Re-Think Conventional Password Security
Paul Roberts posted an interesting story on Threatpost about the limitations of conventional password security.
Insider Threats, Misused Privileges are Leading Causes of Security Breaches
Not surprisingly, the research also identified the misuse of privileges as the top threat vector for the year. Even less of a surprise is the fact that database servers were the top target in terms of both the number of breaches (25%) and volume of records (92%).
Data Breaches at Colleges and Universities
IT staff at educational institutions are faced with high user turnover, the constant reconfiguration of machines, and clever students with the skills to gain unauthorized access to unsecured IT assets. At the same time, IT personnel must efficiently cope with all of these issues, under tight budgetary constraints, while complying with regulatory mandates like the Family Educational Rights and Privacy Act (FERPA).
Don’t Overlook Database Security
After organizations suffer repeat IT security audit failures their management (primarily CSOs and CISOs) often ask us how to remediate the findings. The good news is that technology exists that can quickly bring real accountability to DBA accounts…
Why Privileged Identity Management Implementations Fail
The truth is that privileged identity management (or privileged account password management) software is not a commodity and should not be purchased based on checkboxes and up-front fees alone.
Compelling IT Survey, Weak Solution
Use of a password vault might keep the privileged identity problem out of sight from auditors, but it disguises the fact that the spreadsheets often contain never-changing passwords known to too many individuals inside and outside of IT.