Twitter has implemented DMARC, a standard for preventing email spoofing, in order to make it harder for attackers to send phishing emails that appear to come from twitter.com addresses.
Twitter users are constantly targeted in phishing attacks that try to pass rogue emails as official communications from the company. These phishing emails direct users to fake Twitter websites in order to steal their login credentials.
"Earlier this month, we began using a new technology called DMARC that makes it extremely unlikely that most of our users will see any email pretending to be from a Twitter.com address. DMARC is a relatively new security protocol created by a group of organizations to help reduce the potential for email-based abuse," said Josh Aberant, Twitter's postmaster, Thursday in a blog post.
Dell can trump Cisco in the information-technology security market, say Dell's executives in describing how the company with its multifaceted approach will hold an edge against some powerful rivals that also include HP and IBM.
Bill Evans, director of product marketing at Dell Quest, said Dell's direction is to advance the "concept of embedded security" to virtually any type of device, wireless or fixed, so that the enterprise can easily establish the policies and controls they want for access and identity management. Quest's audit and activity monitoring capabilities mean that "we have user-activity monitoring" that can be used by enterprises or cloud services, said Evans. "Cisco doesn't have an identity business."
Jumio, the Andreessen Horowitz-backed mobile payments and ID-scanning startup, is today releasing a new version of its Netverify product designed specifically for mobile devices, both smartphones and tablets. Netverify Mobile, as it's called, will...
Before Jonathan Trull took over as Chief Information Security Office for the state of Colorado in 2012, he had already been working in the Colorado Office of the State Auditor for a decade. As the Deputy State Auditor, he was responsible for overseeing annual audits of the state's systems.
It was during that time that Trull said he became concerned with what he observed as repeated mistakes and violations that were not addressed, and even took part in a penetration test on state systems with results he says were "horrifying."
Trull recently spoke with CSO about his new role, and how he hopes to create effective change in Colorado's security infrastructure—even on a miniscule budget.
The administrators of 7,000 university websites are being required to change their .edu domain account passwords after a security breach ... one that was reported to them by EDUCAUSE, the non-profit higher-education IT group that administers .edu, via an email that some complained bore the markings of a phishing attempt.
Extracting value from the computers or networks of unsuspecting companies and government agencies has become a big business. No company or agency can ignore network security; it is the source of systemic risk that threatens long-term health and profitability. Companies must secure their networks if they are to exercise fiduciary responsibility and due diligence. Cybersecurity is part of the larger corporate strategy for managing risk and compliance. Cybersecurity risk management is becoming a board-level responsibility. This paper identifies how those responsibilities can be met.
In the past few years, a new approach to cybersecurity has emerged, based on the analysis of data on successful attacks. In this approach, continuous diagnostics and mitigation replace the reactive network security methods used in the past. The approach combines continuous monitoring of network health with relatively straightforward mitigation strategies. The strategies used in this approach reduce the opportunities for attack and force attackers to develop more sophisticated (and expensive) techniques or to give up on the target. In combination, continuous monitoring and mitigation strategies provide the basis for better cybersecurity.
Publisher: CSIS (Center for Strategic & International Studies)
President Barack Obama's cybersecurity executive order, signed on Tuesday, could significantly expand the list of companies categorized as part of U.S. critical infrastructure sector, security experts said Wednesday.
The executive order requires federal agencies and critical infrastructure owners and operators to work cooperatively to minimize cyber risks and strengthen resilience to attacks. It also calls for the creation of new consensus security standards and best practices that critical infrastructure companies will be urged, but not mandated, to follow.
Embargoed until the delivery the State of the Union address, US President Obama signed the expected and highly anticipated cybersecurity executive order. With potentially serious implications for US and foreign citizens' privacy, here's what you need to know.
Recording of the January 29, 2013 call with Greg Nojeim, Senior Counsel at the Center for Democracy & Technology on the Electronic Communications Privacy Act (ECPA) reform and its implications for higher education. Includes audio recording (MP3) and chat transcript.
Education on the proper use of certificates is needed in the industry, analyst says
At a time when certificate authorities are under attack by cybercriminals, a group of companies has formed an alliance to try to improve the security of the CA infrastructure.
Members of the Certificate Authority Security Council, announced Thursday, include Comodo, Trend Micro, Symantec, GMO GlobalSign, Entrust, DigiCert and Go Daddy. Some of the companies have recently suffered compromises of their CA systems.
Until now, the CAs has participated in other industry groups, such as the Certification Authority/Browser Forum. The council will be the first group in which the companies can speak with a "unified CA voice," councilmember Robin Alden, chief technology officer of Comodo, said in a blog post.
Over the past decade, the privacy framework has become preoccupied with organizational data management processes grouped under the title “accountability.” While improving corporate governance and mitigating data security risks (no doubt admirable goals), accountability measures generate little benefit to individuals. Indeed, by treating organizations as trusted stewards of personal information, accountability cuts individuals out of the decisionmaking process. You want privacy? Walmart or Pfizer will take care of it for you.
In a new article, Big Data for All: Privacy and User Control in the Age of Analytics, which will be published in the Northwestern Journal of Technology and Intellectual Property, Jules Polonetsky, CIPP/US, and Omer Tene try to refocus the privacy framework on individual empowerment. They argue that going forward, organizations should provide individuals with practical, easy-to-use access to their information, so they can become productive participants in the data economy. In addition, organizations should be transparent about the decisional criteria underlying their data processing activities, allowing individuals to challenge, or at the very least understand, how decisions about them are made.
Compared to five years ago, more scams, illegal, fraudulent or spammy messages today come from someone you know. Although spam filters have become very powerful—in Gmail, less than 1 percent of spam emails make it into an inbox—these unwanted messages are much more likely to make it through if they come from someone you’ve been in contact with before. As a result, in 2010 spammers started changing their tactics—and we saw a large increase in fraudulent mail sent from Google Accounts. In turn, our security team has developed new ways to keep you safe, and dramatically reduced the amount of these messages.
IBM is announcing a major mobile initiative involving software, services and partnerships with other large vendors. I.B.M. plans to deploy consultants to give companies mobile shopping strategies, write mobile apps, crunch mobile data and manage a company’s own mobile assets securely..
Personal privacy: It’s a tenant of American citizenship, but also the source of a long-held debate over the balance between an individual liberty and national security. Where should governments draw the line, and what do consumers need to know about balancing their own privacy with security?
Take, for example, Silent Text, one of a few new encryption apps built to allow anyone to “send files securely from a smartphone or tablet at the touch of a button.” For context, encryption is a key part of what most security company does for its users. It’s the process of scrambling information, like your email messages, in such a way that eavesdroppers or hackers cannot read it.
The username-password approach to online security is more problem than cure, according to Fast Identity Online, a new industry alliance that plans to streamline and enhance online authentication with an open, standards-based protocol.
Our ever-deepening transition into digital is transforming businesses in ways we have not seen since the onset of the industrial revolution.
It is opening doors to a world of opportunity — and tremendous risk to privacy. As we enter a new era in privacy protection, three categories play increasingly larger roles:
In the past 15 years, privacy regulations have had to evolve quickly to address operational and lifestyle changes that technology has brought forth. Privacy regulators are doing everything they can to keep up, but as technology’s evolution accelerates, regulators continue to fall behind.
Phil Zimmermann, the creator of the widely used Pretty Good Privacy e-mail encryption software, recently unveiled Silent Circle, which adds security features to phone, video and text messages sent by smartphones.
Sharing your scoops to your social media accounts is a must to distribute your curated content. Not only will it drive traffic and leads through your content, but it will help show your expertise with your followers.
How to integrate my topics' content to my website?
Integrating your curated content to your website or blog will allow you to increase your website visitors’ engagement, boost SEO and acquire new visitors. By redirecting your social media traffic to your website, Scoop.it will also help you generate more qualified traffic and leads from your curation work.
Distributing your curated content through a newsletter is a great way to nurture and engage your email subscribers will developing your traffic and visibility.
Creating engaging newsletters with your curated content is really easy.