Stories by Ellen Messmer

Researchers crack satellite encryption

Researchers at a university in Bochum, Germany claim to have cracked encryption algorithms of the European Telecommunications Standards Institute (ETSI) that are used to secure certain civilian satellite phone communications.

Why one insurance company ditched its own hardware- for a cloud -based SAN

Why do some enterprise managers decide to brave their way into the new and unknown of cloud-based services? Sometimes it's simply because the old technology just isn't working out that well anymore.

Symantec verifies stolen source code posted by Anonymous is "legitimate"

Symantec is in an ongoing fight against hackers in the group Anonymous that last January attempted to extort a payment of around $50,000 from Symantec in exchange for not publicly posting stolen Symantec source code they had stolen for various older Symantec security products dating to 2006.

Mobile device management: Apple's extra little tricky requirement

Anyone wanting to buy mobile-device management (MDM) software to manage Apple iOS devices will find they need a special digital certificate from Apple to activate it, a requirement that doesn't apply to the same MDM software that would be used to manage Google Android devices, for instance.

Google, Microsoft, Facebook, Bank of America team to wipe out phishing

Can industry heavyweights Google, PayPal, Microsoft and AOL -- along with 11 others in high-tech such as Facebook and LinkedIn, as well as the financial world's Bank of America and Fidelity Investments -- succeed in stopping phishing attacks right in their tracks? In uniting behind an effort called DMARC.org unveiled today, the group says it can through policy-based steps filter out spoofed email that attackers use for phishing.

Security roundup: The triumph of hactivists, the sorrow of Symantec

It was another busy week for hactivists attacking the online targets of their ire. This time, hackers under the banner AntiSec appeared to have hacked the website of OnGuardOnline.gov, the U.S. government's online security website, in protest against the much-railed-against legislation Stop Online Piracy Act (SOPA) as well as other bills regarding intellectual protection. Similarly, the group Anonymous is believed to be behind the distributed denial-of-service attack on Thursday that brought down the European Parliament's website in what is thought to be retaliation for European support for the shutdown of the Megaupload file-sharing site the week before. Anonymous also opposes a treaty being ratified in Europe now called the Anti-Counterfeiting Trade Agreement. That deals with infringement of intellectual property rights.

Hacking stunt: Stealing smartphone crypto keys using plain old radio

Encryption keys on smartphones can be stolen via a technique using radio waves, says one of the world's foremost crypto experts, Paul Kocher, whose firm Cryptography Research will demonstrate the hacking stunt with several types of smartphones at the upcoming RSA Conference in San Francisco next month.

Can Cloud-based collaborative data-sharing be secure enough for defense systems?

Though wariness about the perceived lack of security in cloud-based services is often voiced, there are some situations where the opposite is the case. Some businesses mindful of security say the cloud services that are important to them have done a lot of work to meet their expectations about security.

Sourcefire debuts anti-malware software FireAMP for enterprise

Sourcefire today announced anti-malware software for Windows-based devices that combines signature- and behavior-based detection methods to identify malicious code trying to invade the enterprise network, tracking it down through cloud-based analysis.

Security roundup: Anonymous attacks DOJ, RIAA sites; Israeli-Palestinian cyberconflict escalates

Angered by the move by federal authorities to shut down the popular website Megaupload on charges it illegally shared movies, TV shows and e-books, hackers said to be working on behalf of the hactivist group Anonymous late yesterday launched denial-of-service attacks against a number of websites, including that of the Department of Justice (DOJ) and the Recording Industry Association of America (RIAA).

Analysis: Can employee-owned devices save companies money?

The bring your own device (BYOD) phenomenon is sweeping through the enterprise, and some businesses have embraced it with gusto, offering stipends to employees to use their own mobile devices for work.

New Facebook attack targets e-cash users

Security firm Trusteer Wednesday said it's identified a new browser-based malware attack against Facebook users that's aimed at stealing money through e-cash payment system Ukash.

Zappos data breach response a good idea or just panic mode?

In acknowledging a data breach in which information related to as many as 24 million customers was stolen, online shoe and clothing retailer Zappos has taken assertive steps, including compelling customers to change passwords, plus temporarily foregoing 800-number phone service in an effort to redeploy customer-service representatives to respond to customer email.

Survey: Security deployments, training reduce cyberattack wipeouts, downtime

A survey of 1,425 information technology managers in 32 countries about the type of security they deployed on their network endpoints, as well as security training for employees, indicates that these technology investments paid off in mitigating cyberattacks and downtime.

Security roundup: The fury of Anonymous, the humiliation of Stratfor

The hactivist group Anonymous, or at least someone with the handle "FuryOfAnon" who claims to be part of the collective, last week published a list of Internet-facing Israeli SCADA (supervisory control and data acquisition) systems and purported log-in details. "Who wanna have some fun with Israeli scada systems?" the message said.