Stories by Tim Greene

SAFECode: How to ensure you’re buying safe software

The Software Assurance Forum for Excellence in Code (SAFECode) has issued guidelines to make it easier, especially for businesses trying to decide which products to buy.

Dell admits installing security hole on laptops, apologizes, offers fix

Dell acknowledges the root certificate it installed on its laptops was a bad idea and has issued instructions on how to remove it.

Dell computers shipping with potentially dangerous root certificate authority

At least some Dell laptops are shipping with a trusted root certificate authority pre-installed, something that those who discovered the CA are comparing to the Superfish adware installed on Lenovo machines that left them open to man-in the-middle attacks.

LightCyber game lets IT pros become the attacker

A better appreciation of how adversaries think can lead to better security

CISA won’t do much to turn threat intelligence into action

With the Cybersecurity Information Sharing Act (CISA) the feds are trying to make it more attractive to share threat intelligence, but it won’t do much to help businesses deal with the high cost of sorting through what can be an overwhelming flow of possible security incidents.

Good news for hackers: People still plug found USB sticks into their computers

Of 200 USB sticks distributed at public places in Chicago, Cleveland, San Francisco and Washington, D.C., earlier this year, 17% wound up plugged into computers – some of them by IT pros - where they could have done all sorts of damage had they been loaded with malware.

InteliSecure building a high-end security-services boutique

Data-loss-prevention provider InteliSecure is taking in new money, new employees and an entire U.K. security company in an effort to establish itself as a high-end security boutique.

CISA legislation would lift liability for businesses sharing cyber threat information

A bill that encourages businesses to share threat intelligence with each other and the government is closer to becoming a law than it has been for years now that it offers businesses near immunity from liability if the data they share is stolen and causes harm, but such sharing is still fraught with problems.

DARPA: Monitoring heat, electromagnetic and sound outputs could assess safety of IoT devices

DARPA is looking for a platform that can tell whether Internet of Things devices have been hijacked based on fluctuations in the heat, electromagnetic waves and sound they put out as well as the power they use.

Crypto researchers: Time to use something better than 1024-bit encryption

It’s possible for entities with vast computing resources – such as the NSA and major national governments - to compromise commonly used Diffie-Hellman keys, and over time more groups will be able to afford cracking them as computing costs go down.

China reportedly tries to hack U.S. businesses the day after agreeing not to

Security firm CrowdStrike says attackers try to breach tech, pharma companies.

Think Apple OS X is below the malware radar? Think again

Instances of Apple OS X malware are soaring this year, already totaling more than five times the number tallied over the previous five years combined, according to an in-house Bit9 + Carbon Black tally.

Bracket Computing advancements boost enterprise cloud security control

Bracket Computing is expanding its cloud-storage data protection offerings and has received an additional $46.4 million in venture funding to further develop its products and roll them out worldwide.

Cisco dedicates security project to 'pissing off the bad guys'

Following its disruption of a major distributor of Angler ransomware, Cisco is offering up free security consulting called Project Aspis for hosting providers that’s aimed at wiping out persistent attacks that abuse providers’ services and represent a threat to the rest of the Internet.

SANS: 20 critical security controls you need to add

Prioritizing security measures is the first step toward accomplishing them, and the SANS Institute has created a list of the top 20 critical security controls businesses should implement.