At a hearing on the role the Interior Department played in a recent breach at the Office of Personnel Management, the Interior deputy inspector general painted a picture of how a hacker might have breached the agency's computer system.
Although they apparently weren't caused by cyber-attacks, the impacts of computer failures at the New York Stock Exchange, United Airlines and the Wall Street Journal have much in common with the aftermath of breaches.
Inspector General Russell George says hackers would have had a tougher time breaching the IRS "Get Transcript" system if the agency had implemented IG recommendations, but he stops short of saying the safeguards would have prevented the hack.
This year's Infosecurity Europe conference in London is offering a top-notch range of sessions, ranging from how to battle cybercrime and social engineering to building a better security culture and workforce. Here's my list of must-see sessions.
Caffeine junkies are up in arms over reports that criminals have been targeting their Starbucks account balances. But the real story is poor password-picking practices by consumers, and Starbucks' lack of multi-factor authentication.
In the four years that he led the National Strategy for Trusted Identities in Cyberspace, Jeremy Grant says he saw significant progress in the use of new forms of authentication - yet widespread acceptance remains years away.
Witnesses testifying at a House hearing offered divergent views on the language of legislation to nationalize data breach notification, showing the challenges lawmakers face in crafting a bill that can pass Congress and be signed by the president.
Under Jeremy Grant's stewardship, the National Strategy for Trusted Identities in Cyberspace has awarded some $30 million in grants to organizations to develop and test new, secure and easily employed ways for consumers to conduct transactions online.
The increase in sophisticated hacking attacks will lead other sectors to follow the lead of the financial services industry in implementing multifactor authentication, says Ken Hunt, CEO of VASCO Data Security International.
Security experts see the FIDO Alliance's release of two universal authentication specifications as a positive move in the effort to eliminate passwords. But the standards' impact will be minimal unless they're widely adopted.
A recent blog post by Managing Editor Mathew J. Schwartz, "Why Are We So Stupid About Passwords?" raised a number of issues about the ongoing risks involved in using passwords for authentication. Read the strong reaction to the commentary and join the conversation.
The latest entrant into the password "hall of shame" is Sony Pictures Entertainment. As the ongoing dumps of Sony data by Guardians of Peace highlight, Sony apparently stored unencrypted passwords with inadequate access controls.
The development of authentication technologies that could replace the password is "nearing a tipping point," but there's still several years of work to do, says Jeremy Grant, who oversees the National Strategy for Trusted Identities in Cyberspace.