computersecuritynews

To answer why Cybersecurity? we must discuss how software is being developed. There are traditional software methods (also called waterfall) from  the following site: http://www.umsl.edu/~hugheyd/is6840/waterfall.html I always like to break down waterfall in the following: Pseudocode Design Develop Test Customer has it – needs any bug fixes must be fixed. Did you notice a lack of … Read more

Office Personnel Managment hack now suspected also of stealing fingerprint data. http://www.nationaljournal.com/tech/2015/07/14/How-Much-Damage-Can-OPM-Hackers-Do-With-Million-Fingerprints   What can be done with a stolen fingerprint?  Is it really only a foreign government coup?  Can the Chinese government splinter groups use this information for other nefarious reasons? { Part of the worry, cy­ber­se­cur­ity ex­perts say, is that fin­ger­prints are part of … Read more

Brian Krebs does a great job reviewing the details at his latest post http://krebsonsecurity.com/2015/09/inside-target-corp-days-after-2013-breach/#more-32276 The analysis of Target’s breach is obvious in the level of insecurity in Target 2012. Default passwords used Passwords of insufficient complexity No segmentation of network. Insufficient patching No pentesting Every point in the PCI (Payment Card Industry) was a failure. … Read more

The latest story from Arstechnica: http://arstechnica.com/tech-policy/2015/08/ftc-can-sue-companies-with-poor-information-security-appeals-court-says/ Builds on the previous post: http://oversitesentry.com/courts-uphold-ftc-regulation-punishment-to-negligent-company/ Higher regulation –> higher lawsuit fees –>  More costs to a breach. Wyndham had ineffective Cybersecurity and FTC ruled was negligent in its IT practices.  But Wyndham thought it could sue the FTC since Wyndham thought FTC was pushing it’s boundaries as far as … Read more