Because many modern security systems rely on users’ personal information, also known as PII, or personally identifiable information, a data breach can potentially weaken your security posture not just in a single context, but in all contexts. Stefan Frei, Ph.D., research vice president at security research firm NSS Labs , and Bob Walder, NSS Labs’ […]
“Trust no one” is a saying embraced by everyone from punk rockers to “X-Files” fans to privacy advocates. But in the real world, life would come to a grinding halt without any trust at all. Likewise, computer security has always involved some degree of trust. Trusted networks, trusted hosts, and trusted apps are granted privileges […]
If you’ve ever consulted with a computer security expert and they seemed a little paranoid, consider it a good thing – paranoia is an essential component to effective security. Conversely, lack of paranoia is a risk factor, which is a key weakness in security for Mac computers –particularly in the enterprise. Mac OS X has […]
Enterprises continue to be drawn to the cloud, where data and application management is outsourced to a third party in charge of hardware infrastructure. The cloud has matured to where it now comprises several specialized services described by an alphabet soup of acronyms: SaaS (software-as-a-service), PaaS (platform-as-a-service) and perhaps the least pronounceable of all, IaaS […]
In a perfect world, we would all learn about preventing hack attacks before they happen. But sometimes the hack happens first and the lessons come second. This is the tale we are talking about today – based, in true Hollywood tradition, on a true story. The lead in this story is a mid-sized organization – […]
When warning about the risks of website attacks like SQL injection and remote file inclusion, we often talk about how these breaches can reveal “sensitive data.” What kind of sensitive data? Well, lots of kinds, such as personal data about account holders or privileged information like internal business documents. But the kind of sensitive data […]
Preparing a defense against sophisticated, high-profile attacks is obviously a necessity in today’s cybersecurity landscape. But this doesn’t mean you can forget about the low-hanging fruit – the simpler, more elementary attacks that may not make headlines but can still lead to disaster. After all, even the ninja well versed in advanced martial arts can […]
Denial of Service (DoS) attacks, in which attackers make it impossible for network users to access information or services by flooding the network with requests that tie up its resources, are among the most feared threats in today’s cybersecurity landscape. According to the US-CERT, DoS attacks are characterized by unusually slow network performance or […]
Did you know that more than 73 million web sites in the world run on the WordPress publishing platform? This makes WordPress more popular than Microsoft SharePoint, Blogger, or Drupal. It also means that WordPress is a large target for hackers. Half of the WordPress sites out there are self-hosted, which means that the WordPress […]
Somehow technology seems to evolve at a rapid pace, even when the standards bodies that help define it do not. Consider that most of today’s websites are built on HTML4, a standard that was introduced in 1997. In the thirteen years since, the way we use the Web has changed dramatically, even if the underlying […]
Subscribe to Cybersecurity Insider for top news, trends & analysis