Why you shouldn't change your passwords regularly

	Cyberespionage group starts using new Mac OS X backdoor program | Netflix looking to hire a 'Chaos Engineer'
	Network World Security
	Why you shouldn't change your passwords regularly Here's some surprising advice: Stop changing your passwords. But just how wacky is that idea? Read More WHITE PAPER: OpenMarket How CIOs Can Guide the Enterprise to Mobile Success In this paper we look at the new, front-line role of IT and security, specifically within enterprises using mobile messaging technologies, and suggest ways to mitigate risk and avoid costly mistakes and pitfalls. View Now>> In this Issue Cyberespionage group starts using new Mac OS X backdoor program Netflix looking to hire a 'Chaos Engineer' Note to Executives, Legislators, and Consumers: Time For a More Serious Dialogue About Cybersecurity Encrypted data in the cloud? Be sure to control your own keys Configuration errors lead to HealthCare.gov breach RESOURCE COMPLIMENTS OF: Alien Vault It's Here: Gartner Magic Quadrant for SIEM 2014 AlienVault is on a mission to change how organizations detect & mitigate threats - affordably & simply. Our USM solution delivers complete security visibility in a fraction of the time of traditional SIEM. So, you can go from installation to insight in days, not months. Download the 2014 Gartner MQ for SIEM now to see what makes AlienVault a SIEM Visionary. Cyberespionage group starts using new Mac OS X backdoor program A group of hackers known for past cyberespionage attacks against the U.S. Defense Industrial Base, as well as companies from the electronics and engineering sectors, has recently started using a backdoor program to target Mac OS X systems.“The backdoor code was ported to OS X from a Windows backdoor that has been used extensively in targeted attacks over the past several years, having been updated many times in the process,” security researchers from FireEye said Thursday in a blog post.The malicious program is dubbed XSLCmd and is capable of opening a reverse shell, listing and transferring files and installing additional malware on an infected computer. The OS X variant can also log keystrokes and capture screen shots, the FireEye researchers said.To read this article in full or to leave a comment, please click here Read More WHITE PAPER: Fortinet Security Concerns in the C-Suite Next-generation firewall technology (NGFW) addresses the most prevalent security issues. Fortinet's FortiGate NGFW integrates five crucial security protections, including strong authentication, antimalware and APT detection. View Now>> Netflix looking to hire a 'Chaos Engineer' Here’s a job offering you don’t see every day (asterisks mine): “Netflix is hiring a ‘Chaos Engineer’ … Basically, somebody to go in and f**k s**t up to prove we can recover. Ping me for details!”The “recruiter” in this case is Dan Woods, a senior software engineer at Netflix, and the “listing” was in the form of a tweet, which elicited a string of wisecracks – and a few expressions of interest -- from the Twitter crowd: Netflix is no stranger to chaos. In 2012 the company released the source code for Chaos Monkey, the first of its Simian Army collection of cloud testing tools.To read this article in full or to leave a comment, please click here Read More WHITE PAPER: HP Top 5 Truths About Big Data Hype and Security Intelligence Big Data Security Analytics (BDSA) is the subject of exuberant predictions. However, a Gartner analyst points out that no available BDSA solutions come close to these forecasts. Nevertheless, the principles of Big Data are the key to advanced security intelligence. This white paper discusses the key tenets of Big Data. Learn more >> Note to Executives, Legislators, and Consumers: Time For a More Serious Dialogue About Cybersecurity Like everyone else in the cybersecurity domain, I've been pretty busy the past week or so.  First there was the UPS store breach, which was small change compared to the nefarious cybersecurity situation at JP Morgan Chase.  The condition became a bit more whimsical when photos of naked celebrities floated around the web but quickly became serious again with the breach at Home Depot, which may trump the Target breach when all is said and done. Here is a terse synopsis of what’s going on:  We’ve gotten really good at rapidly developing and implementing new applications on new technologies.  We can even do so at scale (with the exception of healthcare.gov, but that’s another story).  Yup, we want immediate gratification from our technology toys but we really don’t have the right people, skills, processes, or oversight to actually protect them.To read this article in full or to leave a comment, please click here Read More Encrypted data in the cloud? Be sure to control your own keys This column is available in a weekly newsletter called IT Best Practices.  Click here to subscribe.  With cloud computing there's no longer a question about whether you should encrypt data. That's a given. The question today is, who should manage and control the encryption keys?Whether talking to an infrastructure provider like Amazon or Microsoft, or a SaaS provider, it's imperative to have the discussion about key control. The topic is more relevant than ever as more companies move regulated data into the cloud and as concerns about data privacy grow.To read this article in full or to leave a comment, please click here Read More Configuration errors lead to HealthCare.gov breach The Health and Human Services Department (HHS) said that HealthCare.gov, the nation's health insurance enrollment website, was breached in July and that the attackers uploaded malware to the server.The breach, which is the first successful intrusion into the website, was discovered on August 25 by a CMS security team after an anomaly was detected in the security logs of one of the servers on the compromised system.MORE ON NETWORK WORLD: Free security tools you should try Officials say that while the attacker did gain access to the server, no personal information was compromised.To read this article in full or to leave a comment, please click here Read More
	SLIDESHOWS The new Microsoft under Satya Nadella The Microsoft CEO has set new goals, taken some decisive actions, moved ahead with works already in progress and made Wall Street happy. JOIN THE NETWORK WORLD COMMUNITIES As network pros you understand that the value of connections increase as the number of connections increase, the so called network effect, and no where is this more evident than in professional relationships. Join Network World's LinkedIn and Facebook communities to share ideas, post questions, see what your peers are working on and scout out job applicants (or maybe find your next opportunity). Network World on Facebook Network World on LinkedIn MOST-READ STORIES of 2014 1. UCLA, Cisco & more join forces to replace TCP/IP 2. Internet of Overwhelming Things 3. Reddit, Mozilla, Imgur and others in slowdown protest over net neutrality rules 4. Cisco retools UCS server line 5. Data shows Home Depot breach could be largest ever 6. What an Apple mobile payments system on iPhone 6 might look like 7. Bypassing hardware firewalls in 20 seconds 8. Munich reverses course, may ditch Linux for Microsoft 9. Google's plan for Chrome worries certificate authority vendors 10. Patch Tuesday: Internet Explorer needs critical patches, again
	Do You Tweet? Follow everything from NetworkWorld.com on Twitter @NetworkWorld. You are currently subscribed to networkworld_security_alert as security.world@gmail.com. Unsubscribe from this newsletter | Manage your subscriptions | Subscribe | Privacy Policy When accessing content promoted in this email, you are providing consent for your information to be shared with the sponsors of the content. Please see our Privacy Policy for more information. If you are interested in advertising in this newsletter, please contact: bglynn@cxo.com To contact Network World, please send an e-mail to customer_service@nww.com. Copyright (C) 2014 Network World, 492 Old Connecticut Path, Framingham MA 01701 ** Please do not reply to this message. If you want to contact someone directly, send an e-mail to customer_service@nww.com. **