Stories by Ellen Messmer

Ernst & Young accused by Canadian used computer dealer of data breach

A used computer dealer in Canada claims he discovered a trove of Ernst & Young customer business data on Dell servers bought back in 2006 -- and he wants the global consultancy to pay him to return the data. But is the breach for real or just a hoax?

Written by Ellen Messmer10 Sept. 14 22:40

HP showcases security software that look to detect infected and compromised computers

At its HP Protect Conference in Washington, D.C. this week, HP is taking the wraps off new security products that aim to detect infected and compromised machines as well as server-based software that makes use of so-called "run-time" self-protection to keep from getting infected in the first place.

Written by Ellen Messmer09 Sept. 14 23:40

Google's plan for Chrome worries certificate authority vendors

Google intends to make changes in its Chrome browser later this year that would have Chrome display a warning on websites using certificates based on the secure hash algorithm, SHA-1. Google wants to do this to get websites migrating to the stronger SHA-2 algorithm for certificates, which is not as easy to break through raw computing power.

Written by Ellen Messmer05 Sept. 14 05:18

NIST issues Best Practices on how to best use Secure Shell software

The Secure Shell (SSH) protocol and software suite is used by millions of system administrators to log into application and service accounts on remote servers using authentication methods that include passwords, tokens, digital certificates and public keys. But when improperly managed, SSH keys can be used by attackers to penetrate the organization's IT infrastructure.

Written by Ellen Messmer03 Sept. 14 02:23

Can SDN usher in better IT security?

That software-defined networking (SDN) is a coming reality is starting to gain traction in IT security circles, with some vendors arguing it could lead to a level of interoperability in security largely missing at present.

Written by Ellen Messmer30 Aug. 14 01:02

Los Alamos National Lab's R&D fueling new quantum-crypto firm

Technology development firm Allied Minds says it has set up a new company, Whitewood Encryption Systems, to develop quantum-crypto technology under an R&D licensing arrangement with Los Alamos National Laboratory.

Written by Ellen Messmer29 Aug. 14 00:27

Security council blames breaches on poor PCI standard support

The growing number of data breaches resulting in massive numbers of payment cards being stolen from retail stores and other businesses is occurring because they're failing to keep up with the Payment Card Industry's data security standard, according to the PCI Security Standards Council.

Written by Ellen Messmer28 Aug. 14 22:54

Cleveland Indians turn to SIEM in malware, botnet battle

For the Cleveland Indians' IT department, dealing with malware on behalf of hundreds of Windows-using employees at the baseball team's Progressive Field data center operations can be a little bit like a pitcher facing a stacked batting line-up: a constant battle.

Written by Ellen Messmer27 Aug. 14 04:55

HyTrust, Intel team to lock down VMware virtual machines

HyTrust, in a partnership with Intel, today said its cloud security software used with VMware-based virtual machines can now ensure those VMs will only run in designated trusted locations based on what's called new "boundary controls."

Written by Ellen Messmer26 Aug. 14 22:49

Most websites are "One Day Wonders" -- and that's worrisome

The Internet's seething Web of content resembles endless bubbles popping to the surface for only a day, then vanishing, a security study from Blue Coat Systems released today indicates. That means there are a huge number of new, unknown and transient sites daily, posing challenges to determine whether they are benign, or should be blocked as dangerous.

Written by Ellen Messmer26 Aug. 14 22:48

Start-up fights ambush attacks on SDN, virtual machine networks

Start-up GuardiCore is working on a security product that works through a 'honeypot' approach to detect and block stealthy attacks on software-defined networks (SDN) and multi-vendor virtual-machine infrastructures for enterprise customers as well as cloud-service providers.

Written by Ellen Messmer19 Aug. 14 03:28

Certificate Authority Security Council backs SSL server rules taking effect Nov. 1

As a safety precaution to prevent SSL server certificates being exploited for network man-in-the-middle attacks on organizations, vendors that issue SSL server certificates will begin adhering to new issuance guidelines as of Nov. 1. These new rules, as described by members of the industry group Certificate Authority/Browser Forum, mean certificate authorities (CAs) will not issue certificates that contain "internal names" and expire after Nov. 1, 2015.

Written by Ellen Messmer16 Aug. 14 01:56
[]