Phishy HTML pages e-mailed as attachments get past spam filters because the messages themselves contain no overt URLs to scan and catch, says online security expert Neil Schwartzman. "It's almost unsophisticated, but it's clever."
SANS Institute's Alan Paller estimates that fewer than 2 percent of government IT security personnel fall into a category he labels hunters and toolmakers: those with deep knowledge to identify vulnerabilities.
As part of its outreach to customers in the wake of the SecurID breach, security solutions vendor RSA has issued a Customer FAQ. Here is an excerpt of that document, as shared with Information Security Media Group by RSA customers.
Marcus Ranum isn't just a well-regarded information security expert. He's also a customer of the RSA SecurID product, and he's got some strong feelings about the RSA breach and how the industry has responded to it.
Fraud, risk management emerging technologies -- these issues know no boundaries. That's why we're launching a series of new international BankInfoSecurity sites to draw proper attention to local issues that impact the global banking industry.
A former security guard at a Dallas medical office has been sentenced to more than nine years in prison in a hacking case that drew national attention because the hacker posted video of the crimes on YouTube.
DHS Deputy Undersecretary Philip Reitinger often appears as the administration's cybersecurity point man. Is not having a top White House official tout its infosec agenda behind a perception that the administration isn't leading on cybersecurity?
Emerging technologies, application vulnerabilities and regulatory compliance force organizations to bridge the development and security silos and find avenues for interdisciplinary cooperation to produce secure software.
The Department of Homeland Security is working with RSA in investigating what the IT security vendor characterized as an extremely sophisticated attacked aimed at its SecurID two-factor authentication products.