Annual loss of up to $500B due to cybercrime

A new report compiled by CSI and McAfee shows that cybercrime generates annual losses of up to $500B on a global level. The report also states that many jobs in the U.S. are lost due to cybercrime.

Download the report here:

http://www.mcafee.com/sg/resources/reports/rp-economic-impact-cybercrime.pdf?cid=BHP016

Leaked documents expose massive UK spying operation involving 200 fiber optic cables

Once considered a secure alternative to traditional cupper lines the use of fiber has not stopped the GCHQ (the U.K. version of the NSA in the U.S.) to eavesdrop on communications that traveled across these major data pipelines. This is just another uncovering of a major privacy violation in the "free world" which has been pointing to other countries for their rather open practice of eavesdropping on Internet communication.

Read More:
Washington Post about Guardian article

1SSA - Security Consulting, Training and Products

Tridium vulnerability throws building controls wide open to hackers

Only recently, over the last 3-4 years, the ties between physical and IT security have been understood and yet most organizations keep them separate, resulting in disconnects and potential attacks slipping through the cracks. Since more and more physical security systems use IT for communication they are becoming now targets for hackers. Latest victim being Honeywell’s Tridium Niagara Framework which is built around TCP/IP and meant to provide web-based management for building assets.

Read more:
Tridium vulnerability throws building controls wide open to hackers

1SSA - Security Consulting, Training and Products

FDA Safety Communication: Cybersecurity for Medical Devices and Hospital Networks

The FDA issued a safety recommendation to the medical community, advising about cyber security issues with medical devices. Medical devices are more and more becoming Internet/Network enabled, allowing for traditional cyber security threats to execute on those rather immature (from a security perspective) devices.

FDA Safety Communication

1SSA - Security Consulting, Training and Products

SAML - Vulnerable

German university publishes white paper that shows significant vulnerabilities in the SAML usage of large Internet businesses. SAML is used to authenticate users across security domains e.g. Using your Facebook credential to authenticate to another website.

Read more: https://www.usenix.org/conference/usenixsecurity12/breaking-saml-be-whoever-you-want-be

No stop to the "Ueber Breaches"

Latest member in the club of breached high profile companies: Symantec or to be fair, Verisign which now belongs to the Symantec empire. According to press releases Verising had a serious security breach back in 2010. According to Verisign no unauthorized access to critical servers has taken place. The question comes up how can Verisign, RSA and all those other companies be so sure about that no access to critical servers has taken place?!

Looking at the amount of data that those breaches potentially have exposed we might soon see the ultimate hack, using all that information gathered so far.

Read more: Verisign data breach 2010

1SSA - Security Consulting, Training and Products

Where are the clouds moving to...

...to every one's IT environment and not the outsourcing companies or at least not in the public cloud. The still sceptical industry is more and more leaning to the private cloud. The outsourcing industry that mainly benefited from the public cloud movement is still predicted to get a big slice of the market. However outages (Some hosting providers do not count outages less than 5 minutes), the still unresolved questions around privacy, the sometimes "interesting" SLAs that basically leave customers in the rain when things go wrong, do not necessary increase the trust in the public cloud and the outsourcing organizations offering public cloud services. The cloud technology will have its place in the IT universe without question, however it won't be the quantum jump that some cloud fanatics predicted. On the other hand probably up to the last second of cloud computing existence, assuming there is something else coming after it, vendors, hosting providers and software companies will fight over what cloud really is.

1SSA - Security Consulting, Training and Products