Key Findings
■ Many high-profile, externally facing and internally facing system outages are traced to
unplanned X.509 certificate expiry.
■ While several offerings exist to discover X.509 certificates, most organizations rely on
spreadsheet-based tracking methods and manual processes to keep track of certificates,
resulting in many undocumented installations and increased exposure to risks.
■ Organizations with roughly 200 or more X.509 certificates in use that are using manual
processes typically need one full-time equivalent (FTE) per year to discover and manage
certificates within their organizations.1
■ Service outages due to unplanned certificate expiration impact service availability, SLAs, brand
confidence and trust by customers, partners and other relying

Recommendations
■ Organizations with roughly 200 or more documented X.509 certificates in use are high-risk
candidates for unplanned expiry and having certificates that have been purchased but not
deployed. They must begin a formalized discovery process immediately.
■ Automated certificate discovery and renewal/management works to minimize the risk of
unplanned expiry. Manual or automatic certificate management should be leveraged to attribute
accountability and ownership of X.509 certificates within organizations.
■ Organizations need to create an inventory of X.509 certificates and certificate issuers to
minimize the impact and downtime in the event of a certificate issuer compromise, suspected
compromise or attack as seen over the past 18 months involving several certificate authorities.
Furthermore, organizations need to plan for and practice what they will do in the event of a
certificate authority compromise in the context of a security incident.

x509_certificate_management__226426

Follow the link above to read the full report.

The previously unreported breaches occurred in 2010 at the Reston, Virginia-based company, which is ultimately responsible for the integrity of Web addresses ending in .com, .net and .gov.

VeriSign said its executives “do not believe these attacks breached the servers that support our Domain Name System network,” which ensures people land at the right numeric Internet Protocol address when they type in a name such as Google.com, but it did not rule anything out.

VeriSign’s domain-name system processes as many as 50 billion queries daily. Pilfered information from it could let hackers direct people to faked sites and intercept email from federal employees or corporate executives, though classified government data moves through more secure channels

Read the rest of the article here

The Proofpoint Mobile Archive app lets users of Proofpoint Enterprise Archive (our cloud-based email archiving solution) access their archived email from anywhere, at any time. The app lets you search your entire email archive from your iPhone or Android device, allowing you to quickly find messages, view message details, and retrieve messages to your inbox.

The new Android version of this app is part of the latest release of the Proofpoint Enterprise platform (announced today in our press release here).

Mobility is a big theme of this new release and, in addition to the Android version of the Mobile Archive app, the release includes enhancements to Proofpoint’s support for mobile email encryption and decryption (which were already very strong). The enhanced mobile decryption user interface takes advantage of the latest smartphone and tablet technologies to display a web interface that looks and feels like a native application, making it even easier for Proofpoint Encryption users (and any recipient of a Proofpoint-encrypted email message) to decrypt, read, and respond from mobile devices.

The original article can be found here

In total 1,136 emails were sent out on Monday, the Metropolitan Police said.

No other personal details were revealed and police are contacting everyone affected to explain what happened and to apologise, Scotland Yard confirmed.

The Met said the vast majority of the people who had been affected were victims of “lower end crime”.

The maximum fine that can be imposed following a breach is £500,000.

Scotland Yard said it had notified the Information Commissioner’s Office.

A Metropolitan Police spokesman said: “We are also reviewing our processes in relation to surveys of this kind to minimise the risk of similar mistakes being made.”

The original article can be found here

Email providers such as Google and Microsoft will work with companies like Paypal and the Bank of America to improve authentication.

Phishing attacks typically involve scammers posing as familiar companies in an attempt to trick users into sharing personal information.

This co-ordinated effort aims to make this more difficult.

The Domain-based Message Authentication, Reporting and Conformance (DMarc) – as the coalition is known – has released plans to produce a “feedback loop” between email receivers and senders.

The initiative is the first significant attempt to bring together both email and service providers along with key security organisations.

DMarc said this industry-wide involvement – which covers the receivers, senders and intermediaries of email use – will mean email providers will for the first time be able to reliably filter out unwanted emails, rather than use “complex and imperfect measurements” to determine threats.

It will mean an agreed standard for authenticating legitimate emails arriving at the inboxes of AOL, Gmail, Hotmail and Yahoo customers.

It will verify messages from Facebook, Paypal, American Greetings, Bank of America, Fidelity and LinkedIn.

To read the rest of this article, follow the link provided here

The commissioner said that the five breaches, which took place between January and June 2011, were all serious.

One of them happened when papers about the status of a foster carer were sent to seven healthcare professionals, none of whom had any reason to see the information.

It took place in January 2011 and did not come to light until March, when the council began an investigation. This did not prevent further similar incidents taking place in May and June, however.

In another case, minutes of a child protection conference were sent in error to the former address of the mother’s partner, where they were opened and read by an unauthorised person. The papers also contained personal data about the mother, who made a complaint to her social worker about the incident.

Investigations by the ICO found that all five breaches could have been prevented if the council had put adequate data protection policies, training and checks in place.

Midlothian is the first organisation in Scotland to be fined by the ICO.

To read the rest of this article click here

Email providers such as Google and Microsoft will work with companies like Paypal and the Bank of America to improve authentication.

Phishing attacks typically involve scammers posing as familiar companies in an attempt to trick users into sharing personal information.

This co-ordinated effort aims to make this more difficult.

Read the full story….

http://www.bbc.co.uk/news/technology-16787503

Proofpoint, a pioneering security-as-a-service provider, is extending its information archiving and governance capabilities with the introduction of Proofpoint Enterprise Governance, an enterprise information governance solution that allows organizations to easily track, classify, apply policies and monitor unstructured information across the enterprise.

Proofpoint Enterprise Governance uses patented, Digital Thread® technology to fingerprint documents and track their versions and destinations across disparate systems. This technology is available via the cloud and is expected to be an integrated component of Proofpoint’s cloud-based platform and application suite.

Proofpoint Enterprise Governance is based on technology obtained through the acquisition of NextPage, Inc., an innovative provider of in-place information governance solutions to global enterprise customers.  NextPage was one of five vendors named by Gartner, Inc. as a 2011 “Cool Vendor” in Content Management*. Customers of NextPage’s information governance solution can benefit from the added capabilities—such as integrated legal hold and archiving features— that Proofpoint can bring to their existing NextPage deployments.

*Gartner “Cool Vendors in Content Management, 2011″ by Toby Bell, Gavin Tay, Sheila Childs, Kenneth Chin, Karen M. Shegda, Mark R. Gilbert and Debra Logan, published 19 April 2011.

About Gradian Systems Ltd

Gradian is a leading supplier of IT security services to the UK, providing world-class security solutions which come tailored with excellent service and support. We enable organisations to secure the information that’s of vital importance to themselves, and their customers. Learn more at www.gradian.co.uk

About Proofpoint, Inc.
Proofpoint is a pioneering security-as-a-service provider that focuses on cloud-based solutions for threat protection, compliance, archiving & governance and secure communications. Organizations around the world depend on Proofpoint’s expertise, patented technologies and on-demand delivery system to protect against phishing, malware and spam, safeguard privacy, encrypt sensitive information, and archive and govern messages and critical enterprise information. More information is available at www.proofpoint.com.

Flights and trading on the stock exchange have not been affected.

There has been a series of hacking attacks affecting Israeli businesses in the past two weeks.

The most serious saw details of tens of thousands of Israeli credit cards posted online.

A message was posted on the home page for the Tel Aviv stock exchange saying that the site has been taken down for “maintenance”. It also came up as “too busy”.

It appears to have been overloaded with requests in what is known as a denial of service attack.

“The website is working as normal. What the hacker did is he put a lot of traffic on the entrance to the website,” says stock exchange spokeswoman, Orna Goren.

“There are too many users so it’s hard to get into the site but our trading system is working as usual.”

To read the rest of the article click here.

Up to 24 million customers of the Amazon subsidiary may have been affected by the breach, which exposed names, email addresses, addresses, phone numbers, and password hashes. Zappos stressed that credit card data was not exposed. Hackers may have been able to lift the last four digits of credit card numbers but nothing beyond this, according to the e-tailer.

Accounts or passwords maintained with parent firm Amazon.com are not affected by the problem.

At the time of writing on Monday morning, Zappos is blocking international traffic to its blog, so customers outside the US are unable to see chief exec Tony Hsieh’s explanation on how the breach happened, which was posted late on Sunday night.

Hsieh said hackers “gained access to parts of our internal network and systems” through one of the firm’s servers in Kentucky, The New York Times reports. Zappos has reset passwords and is in the process of notifying customers about the breach. In the aftermath of the data spillage, Zappos has suspended its telephone support operation, asking customers to contact it only via email.

Read the rest of the article here