Special focus: IT security
There are myriad security challenges facing IT professionals today: personal computers that get hacked, viruses hijack machines, and keystroke loggers steal passwords which end up on public web sites. Yet the amount of security-critical transactions conducted on such systems is steadily increasing.
There are also mobile devices such as smartphones and tablet PCs, increasingly being used for critical transactions and projected to replace PCs as the web access device of choice. All these computing devices are in use in modern businesses and their effective management poses a growing challenge to the IT professional.
Selected it-security news
Microsoft has disrupted a botnet nearly two million computers strong that costs online advertisers upwards of $2.7m a month.
New arms sale regulations urgently need to be introduced to clamp down on the export of electronic surveillance technology.
Obamacare website puts sensitive data of users at risk, experts have said said, recommending it to be shut down until the problems are addressed.
Yahoo! has pledged to encrypt all user information moving between its data centres by the end of the first quarter of next year.
A fake cyber-attack conducted by a foreign government and a denial-of-service attack disabling users’ networks were among scenarios tested during the Waking Shark II operation.
Credit card details of some 500,000 European users might be at risk as a marketing firm running award schemes for companies across Europe admitted being a victim of a major hacking attack.
Financial companies in the UK’s capital will be put through a war game scenario next week to test how well they can handle an extensive cyber-attack.
The outing of a secretive Chinese military hacking unit has failed to halt cyber attacks from the country.
A new anonymous Internet marketplace for illegal goods has been opened, featuring the same name and design as the Silk Road but offering better tools to protect users’ anonymity.
Microsoft has released an emergency fix after having learned hackers were exploiting a previously unknown security flaw to attack the popular Office software.
Britain is sleepwalking into becoming a surveillance state as the capacity to collect and analyse data grows MPs were told.
The security of the US health insurance website has been put at risk due to a lack of testing before the rushed launch in early October.
A programming code that makes emails shut down when they are at risk of being intercepted will be released to the public to improve communication security.
Hackers can intercept data transmitted between contactless cards and payment terminals using easily available and portable electronic devices, a study of Surrey University researchers has found.
A 28-year-old hacker from Suffolk, UK, has been arrested by US authorities for penetrating thousands of US military computer systems, aiming to steal confidential data.
Germany’s major telecoms provider is negotiating with other telecoms companies to join forces to protect local Internet from foreign influences.
A new fingerprint scanning biometric authentication system that developers say could eradicate cybercrime has been unveiled.
The US National Institute of Standards and Technology (NIST) has put forward a draft of voluntary standards to help critical industries prevent cyber-attacks.
The US National Security Agency collects hundreds of millions of contact lists from personal email and instant messaging accounts.
New security guidance for public sector IT professionals on how to safely deploy the latest mobile devices has been released.
Websites use hidden scripts to extract device fingerprints from users’ browsers without the users’ consent, a Belgian study has found.
In the wake of the recent hacking attack on Adobe Systems, cyber-security experts have highlighted how companies having an incident response plan in place is as important as preparation against such attacks.
The head of the new National Crime Agency has warned criminals using the “deep web” they cannot hide from police.
Adobe Systems says hackers have stolen source code to some of its most popular software and data about millions of its customers.
Britain has been asked by Belgium to respond to claims GCHQ hacked in the IT network of Belgian telecoms provider Belgacom.
UK Defence Secretary Philip Hammond has appealed to Britain's top IT experts to join the newly established Joint Cyber Reserve Unit to help protect the UK's computer networks from cyber-attacks.
Intelligence chiefs say they are open to measures to increase oversight of the US government’s electronic eavesdropping programs.
Microsoft has released an emergency software fix for Internet Explorer after hackers exploited a security flaw in the browser to attack an unknown number of users.
A quarter of UK manufacturing companies are putting their IT systems at risk by allowing employees to use their own personal devices at work but not having a formal bring-your-own-device (BYOD) policy in place, according to research carried out by cloud computing specialist Intrinsic Technology.
The USA’s National Security Agency has secretly developed the ability to crack or circumvent commonplace Internet encryption.
A breakthrough in quantum cryptography could allow large scale communication networks using the technology to be developed.
More than half of senior IT security professionals believe the industry is losing the battle against state-sponsored attacks.
The Syrian Electronic Army (SAE) has broken into systems of an Australian Internet company managing addresses of some of the world’s most prominent news websites.
A German government technology agency has warned that new security technology in computers running Microsoft's Windows 8 operating system may actually make PCs more vulnerable to cyber threats.
Researchers from the Royal Holloway University have developed a prototype app that can help protect users against phishing attacks.
The USA’s National Security Agency broke privacy rules or overstepped its authority thousands of times each year since 2008.
Hackers from the Syrian Electronic Army have simultaneously targeted several news sites by breaching a single supplier.
Germany’s government wants to foster Europe’s technology companies to make them stronger competitors to their US counterparts.
GCHQ has launched two cyber incident response initiatives to help UK businesses who suffer cyber-attacks.
The UK is losing the war against Internet crime, an influential group of MPs has warned.
Talks between China and the US on cyber security have gone well, Chinese state media said today.
China says it is ready to discuss strengthening cyber security at a top-level forum with US officials next week.
The Ministry of Defence has announced a new partnership with its major contractors to bolster the UK’s resistance to cyber warfare.
Computer experts looking to join the military reserve force to help fight cyber terrorism will be allowed to avoid tough fitness testing, Defence Secretary Philip Hammond said today.
The energy sector in the Middle East is extremely prone to cyber-attacks, said DNV KEMA, world’s leading energy consultancy.
China's Huawei Technologies should not have been permitted to become embedded in Britain's critical network infrastructure without the knowledge and scrutiny of ministers, UK’s lawmakers said on Thursday.
China's top Internet security official says he has "mountains of data" pointing to extensive US hacking aimed at China.
Chinese hackers have allegedly stolen designs for dozens of US weapons systems and blueprints for Australia's new spy HQ.
Two new centres of excellence funded by the Government will train the next generation of cyber security experts.
China has dismissed the US’s “groundless accusations” of using cyber-espionage to acquire military technology.
A lack of information security skills among the UK’s IT workforce is hampering the fight against cyber criminals, according to the latest research from the IET.
The number of cyber-attacks hitting businesses has soared in the past year, Government-commissioned research revealed today.
Oracle has released a major security update for the version of Java programming language that runs inside Web browsers.
InfoSec Skills will launch competitions testing IT security skills of business leaders as part of the Cyber Security Challenge.
Companies experience cyber attacks up to once every three minutes, a report says.
Cyber-security experts yesterday demonstrated how the latest zero-day vulnerabilities in Java could be used in a cyber-attack.
Hackers have apparently broken into at least two of North Korea's government-run online sites.
Cyber security experts from industry are to operate alongside the intelligence agencies for the first time.
Faculty members at a top Chinese university have collaborated for years with an army unit accused of hacking Western targets.
This week's cyber-attack on South Korean broadcasters and banks may not have originated in China.
A hacking attack on three South Korean broadcasters and two major banks has been identified by most commentators as North Korea.
Several official BBC Twitter accounts were hacked today by what appeared to be pro-Syrian government hackers.
Computer networks at two major South Korean banks and three top TV broadcasters went into mass shutdown today.
North Korea has blamed South Korea and the United States for cyber attacks that temporarily shut down websites.
Cyber experts said it was important to recruit a broad range of people after a chemist won a cyber security competition.
Cyber-attacks and cyber espionage have supplanted terrorism as the top threats to the United States, says a new report.
Researchers at the Fraunhofer Institute for Secure IT have developed security software to enable the use of Android smartphones for access control.
Security firm Secusmart has developed a crypto plug-in for the Blackberry 10 smartphone which, it claims, turns it into the first widely-available smartphone to meet government-level Classified security levels.
Orange and security firm Morpho have announced a mobile identity management system specifically designed for the healthcare sector.
Vodafone has teamed up with defence firm BAE Systems to develop new technology to protect businesses against cyber-attacks.
The Ministry of Defence is to recruit a new force of "cyber reservists" to bolster the uK's online defences.
IT specialists should consider becoming police volunteers to help stop cyber criminals, the Security Minister is to suggest.
Chinese telecoms equipment manufacturer Huawei is working with one of its toughest critics to reduce its hacking vulnerabilities
William Hague will warn a conference in Budapest that cybercrime is one of the greatest challenges facing the world.
Cyber security experts across Europe are taking part in the EU's biggest cyber security exercise.
GCHQ has unveiled an online security competition to identify future espionage recruits and raise awareness of cyber attacks.
Microsoft has warned a newly discovered bug in its Internet Explorer web browser makes PCs vulnerable to attack by hackers.
Finalists of the Cyber Security Challenge UK competition have visited GCHQ to find out more about cyber security.
The inventor of the World Wide Web has denied there is an 'off' switch that could turn off the Internet across the globe.
A second suspected member of LulzSec was arrested on charges he took part in a computer breach of Sony Pictures Entertainment.
A cyber espionage campaign targeting Iran and other parts of the Middle East has widened, according to security experts.
Intel security experts are working on finding ways to protect automobiles from electronic bugs and computer viruses.
Gaming company Blizzard has confirmed that hackers have stolen some account details of its users.
South Korean police have arrested two computer programmers on suspicion of hacking personal data of 8.7 million KT subscribers.
A cyber espionage campaign targeting Iran and other Middle Eastern countries has been uncovered by security experts.
Up to 300,000 computer users around the world are at risk of losing internet access due to a computer virus.
The Ministry of Defence has extended its cyber security agreement with BT as it defends its networks against increasing threats.
LulzSec hackers have admitted they were behind cyber attacks against the CIA, the NHS and the Serious Organised Crime Agency.
Internet service providers will start warning their customers who illegally download files as Ofcom cracks down on online piracy.
LinkedIn says it is working with the FBI after the theft of around 6.5 million member passwords.
Digital risk management and investigations consultancy Stroz Friedberg has cautioned UK law firms that their failure to tackle online security will leave clients vulnerable to hackers.
Social networking site LinkedIn has warned millions of users to reset their passwords after security information was stolen.
Governments need to work together to stop cyber-attacks and operating systems must be redesigned, Eugene Kaspersky, the founder of Kaspersky Lab says.
The BBC’s boss says the company suffered a ‘sophisticated cyber-attack’ after an attempt by Iran to undermine its Persian Service.
NASA has said that hackers gained access to mission-critical projects in 13 major network breaches last year.
Network security company GFI Software released its VIPRE report showcasing the ten prevalent threat detections encountered by its GFI VIPRE Antivirus users in January 2012. The malware attacks target a range of victims including gamers, small businesses and government organisations.
Anti-virus company Avast has revealed hackers are now targeting children’s gaming websites to spread malware and hack into the home network.
Mozilla’s reported plan to implement ‘silent’ background updates in the upcoming version of Firefox 10 has been questioned by security company Lieberman Software.
IT security firm Sophos has revealed the top twelve countries responsible for spam messages from its Q3 2011 report, the ‘Dirty Dozen'.
The death of Libyan dictator Muammar Gaddafi is driving huge public interest in viewing photos and videos of his last moments - and providing cybercriminals with an opportunity to ensnare the morbidly curious surfers.
Spammers will take advantage of Twitter’s enablement of user targeting by UK brands, warns information security firm Sophos.
Brooklands College will be using IT security firm Sophos for its two-site network in Surrey and Kent against an increase in viruses and malware threats.
Seventeen per cent of UK employees consider accessing social networks from the workplace ‘a major risk’ to enterprise security – and many are calling for clearer guidelines on social media usage on behalf of their employers.
Hackers spied on about 300,000 internet users in Iran last month after stealing security certificates from a Dutch IT firm.
WikiLeaks has been the target of a cyber attack as it released thousands of previously unpublished U.S. diplomatic cables.
Increased pressure to improve the speed and security of file transfers from customers and partners is creating vulnerabilities in enterprise security procedure.
The Cyber Security Challenge UK has launched a competition challenging participants to detect hacker activity on Linux systems.
Hackers at the Defcon convention managed to trick employees at some of the largest U.S. companies to help them steal data.
China's top paper has dismissed as "irresponsible" suggestions that the country is linked to large-scale internet hacking.
Smartphones are overtaking laptops as the mobile device of choice for enterprise workforces, bringing another headache for IT departments to contend with.
Business software company SAP says it will release a patch to customers to fix a security flaw in its software.
More than 30 North Korean hackers were hired by a South Korean crime ring to steal personal data from South Korean gamers.
McAfee has uncovered the biggest series of cyber attacks to date, involving 72 organisations targeted including the UN.
A teenager believed to be a leading member of the Anonymous and LulzSec hacking groups has been released on bail.
Un-patched and often pirated versions of Windows XP are a main target for rootkits infections, according to the AVAST Virus Lab.
It should be much easier for blind and visually impaired mobile users to tell who is calling them if a system being showcased at this month’s Mobile World Congress in Barcelona takes off.
Network security companies must innovate or die
Governance is playing an increasingly important part of information security within enterprises.
The spot market in European Union emissions permits may re-open next week following a cyber attack that resulted in nearly 30 million euros (£26 million) of carbon permits being stolen.
Chief information officers must ‘re-imagine’ IT to support growth and competitive advantage, say findings from the ‘2011 CIO Agenda’ survey.
Half a million required to keep up with projected UK demand over the next five years, says e-Skills survey.
The value of the enterprise network and data security market is set to exceed $10bn by 2016.
Registration for the SANS London 2010 event shows an 11 per cent increase of women students for Security 560, ‘Penetration Testing and Ethical Hacking’ providing further evidence that more women are breaking into the sector, and may now account for 17 per cent of IT security practitioners.
What’s been launched as the UK’s ‘first hunt for future cyber security professionals’ has begun.
Up to 35 per cent of organisations suspect that their most sensitive internal information has been illicitly passed over to competitors – most probably by former employees.
Google is urging its employees to dump Microsoft Windows in favour of Mac OS and Linux citing security concerns, say reports.
Twenty-five per cent of IT administrators have voted ‘Securing remote access’ as the issue that most keeps them a peaceful night’s sleep, while 15 per cent said ‘keeping virus definitions up to date’ was their second biggest nocturnal concern.
The Information Security Forum (ISF) has launched a series of initiatives designed to lead toward a industry standard for managing information security requirements for enterprise third-party relationships.
Kaspersky Lab is considering developing its new PURE home security software to become an operating platform for which approved third parties will be able to develop updates and plug-ins.
Social media and Cloud Computing have increased the vulnerability of UK companies and public sector organisations to new cyber threats, with hacking and denial of service attacks having doubled since 2008.
More than half of information security professionals received salary increases in 2009, according to the surveyed for the (ISC)2 2010 Career Impact Survey, while less than five per cent of participants lost their jobs.
The art of war, and the art of information security, are closely aligned, claims a new book ‘Assessing Information Security: Strategies, Tactics, Logic and Framework’ that applies the principles of Sun Tzu’s classic text to online threat combat.
South Africa’s hosting of the 2010 Soccer World Cup will make it the target of an intense cybercrime wave in the lead-up to the FIFA tournament in June, security experts have warned.
Kaspersky Lab CEO Eugene Kaspersky has called for more global regulation in the fight against online threats. Speaking to E&T at InfoSecurity Europe 2009, Kaspersky said that the era of the unregulated Internet has passed, and that the notion of unregulated public networks was not realistic when economies could be wrecked by cyber-criminals.
The Internet firewall is 'dead', according to IT security start-up Palo Alto Networks. Speaking live on the third of E&T's exclusive video bulletins from Infosecurity Europe 2009, director of corporate marketing Franklyn Jones says that with enterprises increasing their use of online applications, the traditional concept of a protective traffic gateway needs reinvention.
Cyber-criminals are continuing to show increasing interest in targeting the Apple Mac community and users can expect a slew of new Mac-specific malware and Trojans, Sophos senior technology consultant Graham Cluley has warned, speaking exclusively in the fourth of E&T magazine's video bulletins from InfoSecurity Europe.
A network of 1.9m malware-infected computers has been identified by web gateway vendor Finjan’s Malicious Code Research Center (MCRC). Corporate, government, and consumer computers around the world were infected by the malware, the company claims.
Companies are leaving themselves vulnerable to employees’ ‘purposeful flouting’ of the rules when it comes to information security, claims a survey by certification company (ISC)2.
Over 30 per cent of human resources departments and business managers admit to searching for potential and current employees’ social networking profiles for information about their background and behaviour - and 24 per cent of those say that they have been put off by something they have found.
Ninety per cent of IT managers in the educational sector view anonymous proxies to be a problem, compared with 51 per cent in the private sector. Anonymous proxies are the most popular way to bypass an organisation’s Internet filtering: thus connected, users can surf any website unmonitored, even if it should have been blocked by a Web filter.
‘Application security’ tops a global list of most commonly-searched-for IT security terms according to an analysis of current Google search trends and volume statistics by risk management firm ArmstrongAdams. Data loss and PCI DSS ranked highest in terms of UK originated searches in December 2008.
Selected it-security features
The healthcare industry is under attack, with imposters, fraudsters and cyber-criminals pretending to be people they are not to acquire personal patient data. But the ID theft clampdown has begun.
As the world becomes ever more digitised, the uneasy relationship between personal privacy and national security grows increasingly complex.
Just who are you inviting into your home with that latest 'smart' technology purchase?
With more and more people living out large parts of their lives online, cybercriminals are finding endless new ways of stealing identities.
The media has been full of reports of cyber-attacks on critical infrastructure, but the fear is that there is far worse to come.
Why should hackers try to disable computers when they might be able to set their sights higher? Routers can be just as vulnerable as servers, so why not bring down the entire Internet?
While governments state that cyber security is now one of their top national challenges, the overall cost-impact cyber security is incurring – both in terms of necessary investment and damaging outcomes following an attack – is far from clear.
Small businesses need to upgrade their awareness of - and abilities in - cyber security if they are to avoid becoming the 'soft underbelly' of the UK's fights against hackers and cyber threats.
As point-of-sale systems embrace mainstream software, they will have to deal with the security threats that come with it. After all, what cybercriminal wouldn't go after Windows-based devices handling credit and debit cards?
More and more organisations are being targeted in cyber-attacks, and they must get to know their enemy if they are to protect vital networks. Meet the professional, ethical hacker.
We are moving toward a world where every connected system is becoming safety critical - so ICT professionals should step up to the principles of ultra-rigorous system design and build.
'Grey hat' apps are a new phenomenon in software that enable street hackers to delve into your smartphone and access your data, and more besides.
A fake hack attack can be as damaging as a real one and they're becoming increasingly common.
How has Google's Android smartphone operating system managed to become so successful?
Proposed amendments to the EU data privacy laws propose to swap-out carrots for sticks in a redoubled effort to get European organisations to do a better job to protect everyones' data.
Global militant organisations are tapping into the vulnerabilities in mobile technologies for propaganda and recruitment, as well as to filch data for financial gain.
Channelling voice calls over IP networks has brought many advantages to enterprise communications, but it also creates some security risks.
IT is one of the most rigorously regulated parts of an organisation, and legislation affecting information security is spearheading the legal changes.
With users accessing systems from ever more obscure points of entry, how do you keep control of access privileges? We look at the software that may have the answer.
Despite high-profile attacks, there is still a lack of IT security in key public infrastructure. We ask if it will take a major meltdown to prompt governments to take action.
PC operating systems are full of security holes, which is why some are now turning to software first developed for 'hidden' computers to better protect them
Data breaches like the one that affected Sony aren’t the end of the world if companies are honest with customers who have been affected.
Japan's Internet infrastructure withstood quake and tsunami, but was also left working for cyber-criminals to exploit the anguish of survivors desperate for information
Latest-generation CCTV cameras are bringing intelligent observation to some of the world’s most scrutinised cities. E&T zooms in on the innovations.
The future threat that the Stuxnet worm poses is a blueprint for attacks on real-world infrastructure, but what is being done to protect industrial control systems and who cares, asks E&T.
How worried should we be about the likelihood of cyber-terrorist attacks launched through the Internet?
Critics say a controversial bill going through Congress would let the US President 'turn off the Internet' if vital services were threatened.
Cyberwar threats are all too real, E&T investigates.
Posing as an IT consultant, Colin Greenless performed a penetration test on a FTSE-listed financial services firm. One or two tricks of social engineering gave him free access to some very useful - and very valuable - information.
The IT security sector must take a more unified approach to establishing industry-wide standards for all aspects of secure systems build and maintenance, argues E&T.
Cybercrime is a real and growing problem. As the internet grows, so do the numbers of people ready to able and exploit its vulnerabilities.
Ever-escalating spam levels are close to tearing the commercial guts out of any business and organisation that relies on email as a primary method of business communication.
Despite all the warnings, all the headlines, and all the headaches, there are some security basics that we just keep leaving undone: Graham Cluley names them.
IT security specialists want recognition and acclaim from their managers – but gaining the proper qualifications to endorse their status is not clear-cut.
Bloxx Tru-View could be on the list of organisations worried about what their staff are downloading from the web.
Any IT security can be circumvented by hackers who target the human factor - but risk can be minimised
"The Internet of Things used to be a buzz phrase in tech circles, but it's already so last century. Brace yourself for the Internet of Everything"
- New Deal Insulation Programme (instread of failed Green Deal) [11:52 pm 08/12/13]
- .mobi addresses. [10:01 pm 08/12/13]
- new student of IT [09:58 pm 08/12/13]
- Computer speak [09:57 pm 08/12/13]
- Electrical Engineer Career Path [07:50 pm 08/12/13]
Tune into our latest podcast