We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

Author: Denny

Cyber security pros say mobile payments will boost data breaches

| September 30, 2015

As a rising number of people use their smartphones to make purchases, cyber criminals will up their efforts, too.

According to the results of a recent survey, most cyber security experts (87 percent) now feel that as mobile payments become more popular over the next 12 months, it will also bring about a rise in the number of associated data breaches.

Equally, 42 percent of surveyed cyber security experts had also already used that transaction method this year.

The survey involved the participation of 900 experts in cyber security. It was conducted by ISACA and it suggested that mobile payments are likely to progress without any real barrier from security concerns. Among the respondents to this survey, only 23 percent said that they felt that smartphone payments were actually a safe way to store personal information. Another 47 percent said that they felt that this type of transaction is entirely unsecure. An additional 30 percent of respondents said that they were unsure as to whether or not the transactions were secure.

Regardless of the risk that is associated with security, it looks as though mobile payments are moving ahead.

Cyber Security - Mobile PaymentsNearly 89 percent felt that cash remains the most secure way for payments transactions to be completed, today. That said, only 9 percent of the respondents said that this was their preferred method of payment.

The ISACA survey participants were asked to provide their opinions with regards to the types of vulnerabilities that could be associated with using smartphones to complete payments transactions. Among them, the mobile security concerns that were identified were:

• WiFi – 26 percent
• Loss or theft of the smartphone – 21 percent
• Shmishing (text message phishing)/phishing – 18 percent
• Weak password protection – 13 percent
• User/human error – 7 percent

The report also indicated that mobile payments based on contactless and NFC technology will be continuing their growth. As a whole, the marketplace for these transactions is predicted by Future Market Insights to be worth $2.8 trillion in five years. The cyber security experts felt that the best way to boost the security of the transactions is to use two authentication methods (66 percent) and to require a short-term authentication code (18 percent).

Unauthorized Google certificates issued by Symantec staffers lead to firings

| September 25, 2015

In this way, it has allowed HTTPS-enabled Google domains to be impersonated by the wrong parties.

It has now been revealed that Symantec has fired several of its staff members after it was discovered that they had issued unauthorized Google certificates that allows potential attackers to be able to impersonate legitimate pages that have been protected by HTTPS.

The Symantec digital security company posted the news of the unauthorized certificate issuing in a recent blog post.

According to the company, “We learned on Wednesday that a small number of test certificates were inappropriately issued internally this week for three domains during product testing.” It also explained that all of the test Google certificates and the keys had always remained within the company’s control, and when the issue was identified, they were immediately revoked. “There was no direct impact to any of the domains and never any danger to the Internet.”

That said, they did terminate the employment of the people who misused the Google certificates in question.

Google Certificates - IssuesThe issue, itself, was identified by employees at Google, who had been monitoring an open framework called Certificate Transparency, which is a project that the company operates in order to be able to repair SSL certificate system structural flaws. Clearly, the system proved its worth in a new way in this specific situation, as Google was able to spot the unauthorized activity with regards to the certificates, nearly immediately.

Google then proceeded to communicate the issue to Symantec, and the two companies worked together to make certain that the pre-certificate remained active and valid for only a single day at the start of 2015. The certificate has since been blocked by way of an update to the revocation metadata through Chrome. Moreover, there isn’t any reason to believe that there was any risk to the security and privacy of Symantec’s website or product users at any point, as a result of this error.

Those responsible for the issue with the Google certificate are no longer employed with Symantec. That said, the company has now employed Dan Rogers as its new chief marketing officer. Rogers is the former CMO of Salesforce EMEA.