It’s always a good idea to point the car in the right direction before pressing the gas pedal, right? Why is it, then, that so many people lose sight of that simple concept?

I’m thinking about information security, of course, but here’s another example that’s probably familiar to most of you: People who, upon hearing that you work with computers, ask a directionless question like, “What’s the best operating system?”“What kind of computer should I buy?”“What’s the best backup?”“The best smartphone?”

Of course, the answer to these questions, more often than not, is “It depends,” though that seems to frustrate the questioners. “Just what does it depend on?” they’ll ask. “What do you want to do with it?” I’ll usually respond. All too often the response to that is a blank stare or a very unhelpful “Oh, all sorts of stuff.”Great, you want to step on the gas before pointing the car, I’ll say.

To read this article in full or to leave a comment, please click here

WordPress patched a second critical vulnerability in its Web publishing platform on Monday, less than a week after fixing a similar problem.

Administrators are advised to upgrade to WordPress version 4.2.1. Some WordPress sites that are compatible with and use a plugin called Background Update Tester will update automatically.

WordPress is one of the most-used Web publishing platforms. By the company’s own estimation, it runs 23 percent of the sites on the Internet, including major publishers such as Time and CNN.

To read this article in full or to leave a comment, please click here

Your company has been breached and your executives are in denial.

That is the phrase that came to mind the other day during breakfast at RSA with Intel’s security organization where I overheard the following story. My ears perked up when I heard the word “spearfishing,” which was key to a personal story being told by one of the Intel executives. Spearfishing is when an attack specifically targets someone in the firm in order to steal their credentials and/or compromise their hardware.  

Apparently, the Intel exec received an email with a PDF document from an alleged Chinese graduate student. The email contained personal information on the graduate program the executive had been in and enough personal information about the school that it looked legitimate. It requested he review the attached dissertation in PDF form. The PDF itself didn’t trigger any alarms and looked harmless but instead of opening it he sent it down to the McAfee lab to see if it was hostile.  

To read this article in full or to leave a comment, please click here