Near Field Communication (NFC) – the “mobile wallet” technology – hasn’t exactly gone mainstream yet. And experts don’t expect it will anytime soon, even with some high-profile promo at the upcoming Olympic and Paralympic Games in Rio.While it has been available to consumers for a couple of years from mega-vendors like Google, Samsung and Apple, it is a long way from displacing the legacy credit card. Google even dropped support for its Google Wallet Card last month (Android Pay is still available).But, perhaps hearing about, or seeing, Olympic athletes using an NFC device will get the masses more interested.To read this article in full or to leave a comment, please click here
Near Field Communication (NFC) – the “mobile wallet” technology – hasn’t exactly gone mainstream yet. And experts don’t expect it will anytime soon, even with some high-profile promo at the upcoming Olympic and Paralympic Games in Rio.While it has been available to consumers for a couple of years from mega-vendors like Google, Samsung and Apple, it is a long way from displacing the legacy credit card. Google even dropped support for its Google Wallet Card last month (Android Pay is still available).But, perhaps hearing about, or seeing, Olympic athletes using an NFC device will get the masses more interested.To read this article in full or to leave a comment, please click here
With the presidential nominating conventions looming, the candidates are getting ready to add to the hundreds of millions they’ve already spent to tell you about themselves – but only what they want you to know about themselves.Meanwhile, they have also been spending millions of dollars collecting information about you – and you have no say in what is collected.Which means that, in the era of Big Data, if you’re a potential voter, they know a lot more about you than you know about them.[ ALSO ON CSO: When tech trips up presidential candidates ]To read this article in full or to leave a comment, please click here
With the presidential nominating conventions looming, the candidates are getting ready to add to the hundreds of millions they’ve already spent to tell you about themselves – but only what they want you to know about themselves.Meanwhile, they have also been spending millions of dollars collecting information about you – and you have no say in what is collected.Which means that, in the era of Big Data, if you’re a potential voter, they know a lot more about you than you know about them.[ ALSO ON CSO: When tech trips up presidential candidates ]To read this article in full or to leave a comment, please click here
The FIDO (formerly Fast Identity Online) Alliance is out to kill the password.It wouldn’t seem to be a tough sales job. There is little debate among security experts that passwords are a lousy, obsolete form of authentication.The evidence is overwhelming. Most people in spite of exhortations to use long, complicated passwords, to change them at least monthly and to avoid using the same one for multiple sites, don’t.The latest Verizon Data Breach Incident Report (DBIR) found that 63 percent of all data breaches involved the use of stolen, weak or default passwords.To read this article in full or to leave a comment, please click here
In a world of ubiquitous security cameras, most people know by now that some form of Big Brother – government or private – is watching them. But they are less likely to know that in some areas, he is also listening.While it is not yet widespread, audio surveillance is increasingly being used on parts of urban mass transit systems.That is the bad news, in the view of privacy advocates. But the good news is that public awareness can, at least in some cases, curtail it.This past week, following revelations that New Jersey Transit didn’t have policies governing storage and who had access to data from audio surveillance on some of its light-rail trains, the agency ended the program.To read this article in full or to leave a comment, please click here
Ask what department is responsible for data security in an organization and the most likely answer is, “IT.” But some experts are saying it shouldn’t be IT alone – that better security requires a closer collaboration with Human Resources (HR).One example, they say, is a breach this past Feb. 26 at the Federal Deposit Insurance Corporation (FDIC), when a departing employee inadvertently downloaded 44,000 customer records, including personally identifiable information (PII), to a USB thumb drive.To read this article in full or to leave a comment, please click here
Ask what department is responsible for data security in an organization and the most likely answer is, “IT.” But some experts are saying it shouldn’t be IT alone – that better security requires a closer collaboration with Human Resources (HR).One example, they say, is a breach this past Feb. 26 at the Federal Deposit Insurance Corporation (FDIC), when a departing employee inadvertently downloaded 44,000 customer records, including personally identifiable information (PII), to a USB thumb drive.To read this article in full or to leave a comment, please click here
In the world of cybercrime, everybody from individuals to nation states is a target – some more attractive than others, of course. Health care organizations have gotten the most headlines recently, and the Internet of Things (IoT) offers an almost unlimited attack surface.But law firms are attractive too. They hold sensitive, confidential data ranging from the personal (divorce, personal injury) to the professional (contract negotiations, trade secrets, mergers and acquisitions, financial data and more) that, if compromised, could cause catastrophic damage both to the firm and its clients.To read this article in full or to leave a comment, please click here
In the world of cybercrime, everybody from individuals to nation states is a target – some more attractive than others, of course. Health care organizations have gotten the most headlines recently, and the Internet of Things (IoT) offers an almost unlimited attack surface.But law firms are attractive too. They hold sensitive, confidential data ranging from the personal (divorce, personal injury) to the professional (contract negotiations, trade secrets, mergers and acquisitions, financial data and more) that, if compromised, could cause catastrophic damage both to the firm and its clients.To read this article in full or to leave a comment, please click here
The recent standoff between Apple and the FBI over the agency’s demand that the company provide a way to unlock the iPhone of a dead terrorist, was "resolved" when the FBI “bought a tool,” according to Director James Comey.But that, of course, didn’t resolve the fundamental, ongoing conflict between the government's need for digital surveillance capabilities to assist with law enforcement and national security on one side, and the American commitment to personal privacy on the other.To read this article in full or to leave a comment, please click here
Warnings about U.S. critical infrastructure’s vulnerabilities to a catastrophic cyber attack – a cyber “Pearl Harbor” or “9/11” – began more than 25 years ago. But they have become more insistent and frequent over the past decade.Former Defense Secretary Leon Panetta warned in a 2012 speech of both a “cyber Pearl Harbor” and a “pre-9/11 moment.”They have also expanded from within the security industry to the mass media. It was almost a decade ago, in 2007, that the Idaho National Laboratory demonstrated that a cyber attack could destroy an enormous diesel power generator – an event featured in a 2009 segment on the CBS news magazine “60 Minutes.”To read this article in full or to leave a comment, please click here
Warnings about U.S. critical infrastructure’s vulnerabilities to a catastrophic cyber attack – a cyber “Pearl Harbor” or “9/11” – began more than 25 years ago. But they have become more insistent and frequent over the past decade.Former Defense Secretary Leon Panetta warned in a 2012 speech of both a “cyber Pearl Harbor” and a “pre-9/11 moment.”They have also expanded from within the security industry to the mass media. It was almost a decade ago, in 2007, that the Idaho National Laboratory demonstrated that a cyber attack could destroy an enormous diesel power generator – an event featured in a 2009 segment on the CBS news magazine “60 Minutes.”To read this article in full or to leave a comment, please click here
Most people say they care about their online security and privacy. Poll after poll confirm what one would expect: They don’t want their identities stolen, phones hacked, credit cards compromised or bank accounts drained. They don’t welcome government or anyone else conducting surveillance on them, especially in their private lives.But those polls also show that an alarmingly small percentage of those same people don’t seem to be willing to make much effort to do what they say they want – protect their privacy and security.To read this article in full or to leave a comment, please click here
The online theft of U.S. intellectual property (IP) by other nation states continues to be a big problem, a panel of experts agreed this week at the RSA conference in a session titled, “Responses to state-sponsored economic espionage.”
That much is obvious – awareness of economic cyber espionage has reached the mainstream, with CBS-TV’s newsmagazine “60 Minutes” even doing a segment on it last month, labeling it, “the great brain robbery of America.”
What to do about it is also a big problem. The panel agreed that the most tempting and instinctive response of “active defense” – more commonly known as “hacking back” – is not a good one.To read this article in full or to leave a comment, please click here
The Internet of Things (IoT) is disrupting just about every industry. But it may get disrupted itself as the nation’s legal and regulatory system slowly catches up with the massive security and privacy risks it creates.
Not anytime soon, however. “Work in progress” was the operative phrase at a panel session at this week’s RSA conference titled, “Flaming toasters to crashing cars – the Internet of Things and mass liability.”
Most of the problem with establishing legal liability surrounding the IoT is that while its growth is regularly called “explosive,” there is a lot more, and bigger, exploding yet to come.
The number of connected things is expected to expand so exponentially that one of the panelists, Jay Brudz, an attorney at Drinker Biddle & Reath, declared that “Internet of Things” is already a “dumb phrase. In years to come, it’s going to be everything but computers with a human interface, so it’s just going to be the Internet,” he said.To read this article in full or to leave a comment, please click here
A regular refrain within the online security community is that privacy is dead.
David Adler’s talk at RSA Tuesday, titled “Where you are is who you are: Legal trends in geolocation privacy and security,” was about one of the major reasons it is so, so dead.
To paraphrase Adler, founder of the Adler Law Group, it is not so much that in today’s connected world there is a single, malevolent Big Brother watching you. It’s that there are dozens, perhaps hundreds, of “little brothers” eagerly watching you so they can sell you stuff more effectively. Collectively, they add up to an increasingly omniscient big brother.
“Everything is gathering location data – apps, mobile devices and platforms that you use,” he said. “Often it is being done without your knowledge or consent.To read this article in full or to leave a comment, please click here
Ransomware is a familiar plague in the online world – it has existed for more than 25 years and become increasingly common during the past decade.But, until recently, it has been aimed more at organizations or individual computers than devices. And that is changing. With the explosive growth of the Internet of Things (IoT) – estimates of how many connected devices will be in use by 2020 range all the way up to 200 billion – experts say it is about to get much more common at the consumer level. An attack surface that broad and that vulnerable is irresistible to cybercriminals.[ ALSO: Many ransomware victims plead with attackers ]To read this article in full or to leave a comment, please click here
It is not a public problem yet. But according to multiple experts, it will be.“It” is the cybersecurity whistleblower – an employee who sees a flaw, or flaws, in his or her company’s network security, brings the problem to management but gets ignored or punished – marginalized, harassed, demoted or even fired.And then the worker either goes public or files a complaint with a federal regulatory agency like the Securities and Exchange Commission (SEC).Such a scenario is unlikely to end well – almost certainly for the company (if the complaint is credible) and perhaps even for the whistleblower, notwithstanding laws meant to protect them.To read this article in full or to leave a comment, please click here
There is universal agreement that modern warfare or crime fighting is not just about bullets, bombs and missiles in physical space. It’s also about hacking in cyber space.But over the past decade there has been much less agreement over how much of a threat hackers are.On one side are those – some of them top government officials – who have warned that a cyber attack on the nation’s critical infrastructure could be catastrophic, amounting to a “cyber Pearl Harbor.”Those warnings prompted the recent book by retired ABC TV “Nightline” anchor Ted Koppel titled, “Lights Out: A Cyberattack, A Nation Unprepared, Surviving the Aftermath.”To read this article in full or to leave a comment, please click here
Taylor Armerding