Security Experts:

Privacy & Compliance
long dotted

NEWS & INDUSTRY UPDATES

Researchers analyzed 283 Android VPN applications from Google Play and found that many of them introduce security and privacy risks [Read More]
The popular darknet marketplace AlphaBay was until recently affected by a vulnerability that exposed its users’ private messages [Read More]
A federal appeals court on Tuesday reaffirmed Microsoft's legal right to refuse a US government order to hand over data stored overseas in a case with important privacy implications. [Read More]
Lavabit is recommencing operations on a new secure end-to-end communications platform, Lavabit owner Ladar Levison announced. [Read More]
In a new study, researchers show that de-identified web browsing histories can be linked to social media profiles using only publicly available data. [Read More]
Researcher who took part in Hack the Army program gained access to an internal DoD network from a public-facing Army careers website [Read More]
Symantec revokes over 100 misissued certificates, including for domains such as example.com and test.com [Read More]
Western Union admits failing to maintain anti-money laundering program and facilitating wire fraud, and agrees to pay $586 million to settle charges [Read More]
Oracle gives Java developers more time to ensure that their JAR files are not signed with MD5 [Read More]
The DHS has improved its information security program, but an OIG evaluation still uncovered problems at the agency and its components [Read More]

FEATURES, INSIGHTS // Privacy & Compliance

rss icon

Marcus Ranum's picture
To communicate about our metrics, we need ways that we can ground our experience in terms of “normal” for us; Otherwise, we really can't communicate our metrics effectively with anyone who isn't in a similar environment.
Adam Firestone's picture
The misconception that Internet privacy equals anonymity must be dispelled if cyberspace is to be a secure and safe place. At the same time, mechanisms must be incorporated to ensure that communications remain confidential and resistant to unauthorized alteration by third parties.
Mark Hatton's picture
The oversight for the protection of healthcare information is only getting tighter, and it is incumbent upon the security teams to ensure healthcare professionals have all the tools necessary to improve patient outcomes, while we worry about keeping the bad guys away.
Tal Be'ery's picture
The Google-backed "Certificate Transparency" initiative has gained much momentum and may have a real chance to amend the battered Public-Key Infrastructure (PKI).
Nimmy Reichenberg's picture
With the release of PCI-DSS 3.0, organizations have a framework for payment security as part of their business-as-usual activities by introducing more flexibility, and an increased focus on education, awareness and security as a shared responsibility.
Mark Hatton's picture
Complacency is never a good thing, but in security it can have devastating effects. While it’s good to acknowledge progress, that should never stand in the way of staying ahead of the next potential threat.
Chris Coleman's picture
The events that occurred in 2013 will forever be reflected in the Internet DNA of the future, and how the cyber security market evolves to accommodate that future.
Chris Hinkley's picture
For security professionals, PCI DSS 3.0 means that PCI compliance will become more of an everyday business practice, rather than an annual checklist obligation.
Gant Redmon's picture
Proper use of Google Glass respecting law and privacy will be all about context. Context is different depending where you are. Are you in a public place, a private place, or a restricted place like a government installation?
Ram Mohan's picture
There is a lot we can do to keep our data private and, like many aspects of managing security, it’s a process that is best grounded in common sense. What can organizations do to shield themselves from the kind of scrutiny that has caught the world’s attention recently?