[ISN] Poorly trained IT workers are ‘gateway for hackers’

http://www.telegraph.co.uk/technology/internet-security/11011249/Poorly-trained-IT-workers-are-gateway-for-hackers.html By Matthew Sparkes Deputy Head of Technology The Telegraph 06 Aug 2014 UK universities are failing to teach enough computer security skills and are churning out IT graduates who present a “risk to their own organisation”, according to a senior NHS IT manager. Derrick Bates, senior information security officer at North Cumbria University Hospitals NHS Trust, said: “Some of today’s graduates may have an abstract knowledge of info security, but how many of them could spot a dodgy attachment, run a penetration test or crack a code? “What is the point in universities turning out great software developers and web designers if they have no idea how to design them securely? It is like building a house without locks.” He warned that “under-skilled” IT staff can be a “gateway for hackers to get into the rest of the organisation”. […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Russian Gang Amasses Over a Billion Internet Passwords

http://www.nytimes.com/2014/08/06/technology/russian-gang-said-to-amass-more-than-a-billion-stolen-internet-credentials.html By NICOLE PERLROTH and DAVID GELLES The New York Times AUG. 5, 2014 A Russian crime ring has amassed the largest known collection of stolen Internet credentials, including 1.2 billion user name and password combinations and more than 500 million email addresses, security researchers say. The records, discovered by Hold Security, a firm in Milwaukee, include confidential material gathered from 420,000 websites, including household names, and small Internet sites. Hold Security has a history of uncovering significant hacks, including the theft last year of tens of millions of records from Adobe Systems. Hold Security would not name the victims, citing nondisclosure agreements and a reluctance to name companies whose sites remained vulnerable. At the request of The New York Times, a security expert not affiliated with Hold Security analyzed the database of stolen credentials and confirmed it was authentic. Another computer crime expert who had reviewed the data, but was not allowed to discuss it publicly, said some big companies were aware that their records were among the stolen information. “Hackers did not just target U.S. companies, they targeted any website they could get, ranging from Fortune 500 companies to very small websites,” said Alex Holden, the founder and chief information security officer of Hold Security. “And most of these sites are still vulnerable.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Black Hat, BSides Las Vegas and Def Con 2014 Coverage

http://www.infosecnews.org/black-hat-bsides-las-vegas-and-def-con-2014-coverage/ By William Knowles @c4i Senior Editor InfoSec News August 6, 2014 For those of you not in Las Vegas for Black Hat, BSides or Defcon, the InfoSec News mailing list still works, I’ll be doing my best to cover Black Hat, BSides, and Defcon, posting infrequently and maybe taking a little break from things at least til’ next Tuesday. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail