IT Security


For some hacks, everything old is new again

A cybersecurity report from Hewlett-Packard highlights the prevalence and persistence of coding errors, vulnerabilities and exploits that should have been corrected long ago.

Former FBI cyber cop: Hunt the hacker, not the hack

Shawn Henry, former head of FBI's cyber crime team, says private-sector networks lack adequate defenses and require the same level of intelligence available to government networks.

Continuous monitoring: It's a process, not a goal

The new approach to FISMA makes the three-year snapshot a thing of the past, but monitoring for security is just getting started.

Air Force wants unhackable comm, like in 'Mass Effect 3'

Researchers funded by the Air Force are exploring using "quantum memories" to secure long-range communications. Where have we seen that before?

'Elite' hacker done in by everyday iPhone function

A hacker who posted racy photos gloating about his hack of police officers' home addresses didn't realize the pictures were GPS-tagged and time-stamped.

Energy lab releases open-source tool for tracking cyberattacks

Hone, a tool being developed at the Pacific Northwest National Lab, links network traffic with an application, making it easier to find the source of an IT compromise.

Should US adopt the Godfather cyber defense doctrine?

Vito Corleone had an elegant solution to identifying the source of clandestine attacks.

The path to outsmarting advanced cyberattacks

Analytics tools are available to detect attack patterns, but agencies need to take a few steps before gaining the confidence to act on the intelligence they provide.

New malware targeting Mac OS X a 'wake-up call' for Apple users

The recently discovered SabPub and LuckyCat exploit Word vulnerabilities and are a sign Mac users need to get wise about patching, security experts say.

Mike Daconta

Hackers own today's free-love PC architecture, and it's time to move on

With the coming post-PC architecture, sensor, device and cloud components will form a new multi-machine OS with built-in solutions for security and ID management.

Anti-CISPA 'Stop Cyber Spying Week' protest gets under way

Internet advocacy groups oppose the information-sharing bill, which does have the support of some heavy industry hitters.

Mobile tech, employee error blamed for rise in medical data breaches

More than a quarter of U.S. health care providers in a recent survey experienced a breach of patient data in the past year, continuing an upward trend.

New phishing scam targets military users, DFAS warns

E-mail campaign tries to fool service members receiving disability payments into giving up their personal information, including tax returns.

NIST: Crypto is the key to protecting large data stores

A second draft of guidelines for creating a crypto key management system addresses one of the greatest challenges in securing sensitive information.

Finally, an alternative to the tyranny of passwords?

DARPA's "active authentication" would be a welcome alternative to passwords and other cumbersome credentials.