Five million Gmail addresses and passwords dumped online

	Blackphone SSL security flaw was patched within days, says CEO | DDoS attack victims need to involve police, says Verisign CSO
	Network World Security
	Five million Gmail addresses and passwords dumped online An archive containing nearly 5 million Gmail addresses and plain text passwords was posted Tuesday on an online forum, but the data is old and likely sourced from multiple data breaches according to one security firm.A user with the online alias "tvskit" posted the archive file on a Bitcoin security forum called btcsec.com and claimed that over 60 percent of credentials found inside are valid."We can't confirm that it is indeed as much as 60 percent, but a great amount of the leaked data is legitimate," said Peter Kruse, the chief technology officer of CSIS Security Group, a Danish security company that provides cybercrime intelligence to financial institutions and law enforcement.To read this article in full or to leave a comment, please click here Read More   WHITE PAPER: Fortinet Security Concerns in the C-Suite Next-generation firewall technology (NGFW) addresses the most prevalent security issues. Fortinet's FortiGate NGFW integrates five crucial security protections, including strong authentication, antimalware and APT detection. View Now>> In this Issue Blackphone SSL security flaw was patched within days, says CEO DDoS attack victims need to involve police, says Verisign CSO Security questions you should ask about Apple Pay VMware patches third-party components in vSphere platform Is there a viable alternative to ubiquitous GPS? Study concludes 'Heartbleed' flaw was unknown before disclosure These 5 antivirus suites keep potentially unwanted programs (PUPs) from biting WHITE PAPER: BMC Software   The Perfect Combo: ITIL, ITSM and Social Media BMC explores how best-in-class organizations are leveraging these to drive user satisfaction and organizational success. Learn More Blackphone SSL security flaw was patched within days, says CEO Researchers checking out the $629 (£390) Blackphone ultra-secure Android smartphone recently found a potentially significant vulnerability that could have allowed an attacker to carry out a man-in-the-middle (MitM) to sniff the login credentials for the device's Silent Circle apps.The now-patched flaw discovered by Bluebox Security was a relatively straightforward if surprising one to do with the way the Blackphone was found to be implementing SSL security for its cornerstone apps, Silent Phone, Silent Text, Silent Contacts, Secure Wireless and SpiderOak.To read this article in full or to leave a comment, please click here Read More   DDoS attack victims need to involve police, says Verisign CSO With DDoS reflection attacks growing into mammoth events with unforeseen consequences, mitigation firm Verisign believes a radical new approach is needed to head off a pile of trouble - go after the "guys behind the keyboards."In any other part of the security industry, Verisign's recommendation that victims on the receiving end of major DDoS incidents make the effort to work out who attacked them would now be seen as best practice but this is an industry built on mitigation - blocking - rather than investing in deterrence.To read this article in full or to leave a comment, please click here Read More   : McAfee Needle in a Datastack Report The volume of security-related data today can make identifying a threat like looking for a needle in a haystack. Yet collecting more data also plays a transformational role in information security. Organizations need to learn how to harness and sift through this wealth of information to protect themselves from the threats they face every day. Learn more >> Security questions you should ask about Apple Pay Security pros reacted positively to Apple Pay, but withheld their full endorsement until the mobile payment system could be tested outside of the company's laboratories. Apple rolled out the service Tuesday in unveiling two new iPhones, both with larger screens than the previous models. Apple Pay will be available in the U.S. in October on all phones running the latest operating system, iOS 8. [Apple now emailing users when iCloud accessed via Web]To read this article in full or to leave a comment, please click here Read More   VMware patches third-party components in vSphere platform VCenter Server and ESXi patches update the bundled versions of Apache Struts, Apache Tomcat, glibc and JRE Read More   WHITE PAPER: HP Top 5 Truths About Big Data Hype and Security Intelligence Big Data Security Analytics (BDSA) is the subject of exuberant predictions. However, a Gartner analyst points out that no available BDSA solutions come close to these forecasts. Nevertheless, the principles of Big Data are the key to advanced security intelligence. This white paper discusses the key tenets of Big Data. Learn more >> Is there a viable alternative to ubiquitous GPS? What's the state-of-the-art in non-GPS based navigation and homing technology? That's the main question behind a Defense Advanced Research Projects Agency (DARPA) request to the industry this week as the group ponders where or not to go forward with a program that would seek an alternative to or a technology capable of augmenting GPS."As revolutionary as GPS has been, however, it has its limitations. GPS signals cannot be received underground or underwater and can be significantly degraded or unavailable during solar storms. More worrisome is that adversaries can jam signals. GPS continues to be vital, but its limitations in some environments could make it an Achilles' heel..." DARPA stated earlier this year.To read this article in full or to leave a comment, please click here Read More   Study concludes 'Heartbleed' flaw was unknown before disclosure Network traffic records show no signs attackers were looking for vulnerable servers before Heartbleed's disclosure Read More   These 5 antivirus suites keep potentially unwanted programs (PUPs) from biting Adware and potentially unwanted programs (PUPs) might not seem like viruses to some people, but they can wreak havoc and cause major annoyances. It's like comparing terriers to guard dogs: A misbehaved terrier (PUP) may not be as dangerous as a bad-tempered junkyard dog (virus), but the little ankle-biters can sure get on your nerves, and they tend to nip more often.PUPs can change your web browser's homepage and search settings, and even redirect websites you try to visit. They can litter your browser with toolbars and install questionable PC cleaners and optimizers. They can also bombard you with ads that are often illegitimate and lead to further infestation of malware or viruses.To read this article in full or to leave a comment, please click here Read More
	SLIDESHOWS 7 sexy smartphone technologies coming your way A slew of new technological features are (or could be) coming to future smartphones. Here are seven that have been in the news over the last few years. JOIN THE NETWORK WORLD COMMUNITIES As network pros you understand that the value of connections increase as the number of connections increase, the so called network effect, and no where is this more evident than in professional relationships. Join Network World's LinkedIn and Facebook communities to share ideas, post questions, see what your peers are working on and scout out job applicants (or maybe find your next opportunity). Network World on Facebook Network World on LinkedIn MOST-READ STORIES of 2014 1. iPhone 6, Apple Watch features: Android's been there, done that 2. First Look: The Apple Watch 3. First Look: iPhone 6 and iPhone 6 Plus 4. Last-minute iPhone 6 rumors: Release date, water proof, shatter proof and more 5. Internet of Overwhelming Things 6. Big alternatives to the iPhone 6 and 6 Plus 7. 17 coolest iPhone 6, Apple Watch announcements 8. iPhone 6 is an apple, the Lumia 830 Windows Phone is an orange. 9. SDN and Network Virtualization: A Reality Check 10. Microsoft Patch Tuesday thwarts nosey malware
	Do You Tweet? Follow everything from NetworkWorld.com on Twitter @NetworkWorld. You are currently subscribed to networkworld_security_alert as security.world@gmail.com. Unsubscribe from this newsletter | Manage your subscriptions | Subscribe | Privacy Policy When accessing content promoted in this email, you are providing consent for your information to be shared with the sponsors of the content. Please see our Privacy Policy for more information. If you are interested in advertising in this newsletter, please contact: bglynn@cxo.com To contact Network World, please send an e-mail to customer_service@nww.com. Copyright (C) 2014 Network World, 492 Old Connecticut Path, Framingham MA 01701 ** Please do not reply to this message. If you want to contact someone directly, send an e-mail to customer_service@nww.com. **