Category Archives: Security News
SSL certificate flaw allows hackers to crash devices running iOS 8
A flaw in iOS 8 would allow attackers to render devices running the mobile OS useless if they’re within range of a fake wireless hotspot, according to researchers from security firm Skycure.
The vulnerability exploits an issue in how iOS 8 handles SSL certificates. By manipulating the certificates, researchers found they were able to get apps running on iPads, iPhone and iPods as well as the OS to crash. In other instances, the researchers placed the devices in a constant reboot cycle.
Senate introduces bill to extend Patriot Act surveillance
The majority leader of the U.S. Senate has introduced a bill that would extend the surveillance provisions of the Patriot Act until 2020, instead of expiring on June 1.
The bill, introduced by Senator Mitch McConnell Tuesday night, would extend section 215 of the Patriot Act, the controversial part of the law that the U.S. National Security Agency has used to collect U.S. telephone records in bulk. Many digital and civil rights groups have protested the NSA phone records collection program, saying it violates the Fourth Amendment of the U.S. Constitution protecting the country’s residents against unreasonable searches and seizures.
How CISOs can communicate risk to businesses
CISOs have been hearing for some time now that they need to learn how to “speak the language of business” better. It is one way to gain respect and avoid being viewed mainly as a scapegoat.
For those wondering how the heck to do that, Chris Wysopal, cofounder and CTO of Veracode, is glad you asked.
That was the focus of Wysopal’s presentation titled, “A CISO’s Perspective on Talking to the Board about Cybersecurity,” Tuesday morning at RSA 2015 in San Francisco.
Lightning strike more likely than mobile malware
The threat of mobile malware infection is substantially overblown, according to a new report, with a typical user more likely to be hit by lightning than be infected.
According to mobile security vendor Damballa, which monitors about half of all mobile data traffic in the U.S., just 9,688 phones — out of a total of 151 million — showed signs of active infection.
That’s a rate of 0.0064 percent.
EMC Syncplicity lets enterprises manage their own encryption keys
Some enterprises that are happy to put their data in a public cloud prefer to keep the keys to that data under their own control. That’s the message online file sync and sharing services are sending lately.
On Wednesday, EMC’s Syncplicity division announced Customer Managed Keys, a feature that lets enterprises store the encryption keys for their Syncplicity shared data on a rights management server on their own premises. It’s a new option in addition to having the keys stored in Syncplicity’s cloud.
