It's not just the lowlifes and thieves making money from stolen data; you might be able to make a few bucks selling your own personal data, too.Now, I'm not suggesting you place an ad for your Personally Identifiable Information (PII) on Craigslist, but there are actually outlets that will let you, or plan to let you, sell some of your data. It's used for marketing.Personal data marketplace
One such company is the U.S.-based Datacoup, which says it lets you connect your apps and services via APIs in order to sell data. Datacoup pitches itself as the world's first personal data marketplace.To read this article in full or to leave a comment, please click here
Computer users don't spend enough time looking for phishing indicators, says a new study based on tracking eye movement and brain activity.Users fail "at detecting phishing attacks even when they are mentally engaged in the task and subconsciously processing real sites differently from fake sites," Nitesh Saxena, one of the University of Alabama at Birmingham scientists involved in the study, said in an article on the university's website. The scientists want to find a way to track subconscious detection of phishing and get users to recognize attacks consciously.To read this article in full or to leave a comment, please click here
A recent study examined how one financial institution's employees behaved on the corporate network over a six-month period."Some of that behavior included occasions when employees were able to access information that should have been off-limits," a National Science Foundation press release says of the study.The researchers found that the workers snooped where they shouldn't have.Insider threats
The insider threat is "one of the most serious risks in the cybersecurity world," the researchers think."Most countermeasures were developed for external attacks," says Jingguo Wang, an information systems and operations management professor at the University of Texas at Arlington, who was involved in the study.To read this article in full or to leave a comment, please click here
Chipped cards have been hacked in the past, despite the security rhetoric from banks and merchants.Until recently, it was done through a Man-in-the-Middle attack.'Man-in-the-Middle' is where an attacker changes the communication between parties who think they're talking with each other directly.Security measures are now in place to stop this kind of chip scam, but it was not until scientists studied the forensics that the police could even figure it out.Second chip
It turns out that the fraud worked through a second chip embedded in the card, installed there by the crook.The glued-on dummy chip answered affirmatively when polled. It let a transaction go through when the terminal asked the card's original chip if the entered PIN was correct, Catalin Cimpanu explained in a Softpedia article.To read this article in full or to leave a comment, please click here
This month, radio electronics publication IEEE Spectrum is commemorating the 10th anniversary of its ground-breaking 2005 article, "Why software fails."
The now-archived article studied some troubled, large-scale IT projects. IEEE said they were preventable failures and explained why.
Along with the celebration, the publication has just brought out an updated database of IT debacles. This bunch covers the last 10 years. It makes for fascinating reading.
Financial waste, endless delays correcting things, and the vast numbers of people affected contribute to the horrific, gory screw-ups.To read this article in full or to leave a comment, please click here
Examples of the different kinds of personal data available online, as well as its value on the black market, is available in a new report (PDF) from Intel Security's McAfee Labs. The report looks at pricing for credit cards, bank account login details, and other stolen personal information.$5 credit card numbers
U.S. credit card account numbers complete with date of birth typically run $15, the report says. Basic card numbers without the extra data costs as little as $5."A digital equivalent of physical card would let a criminal buy things until the victim contacts the card issuer and challenge the charges," Raj Samani, CTO for Intel Security in Europe, the Middle East, and Africa, said in a McAfee blog post about the report.To read this article in full or to leave a comment, please click here
Robots will have to be flawed if they are to create successful working relationships with humans, new research has found."Judgmental mistakes, wrong assumptions, expressing tiredness or boredom, or getting overexcited," will help humans "understand, relate to and interact" with robots more easily, Mriganka Biswas of the University of Lincoln in Britain says in an article on the university's website.Biswas has been conducting a study for a PhD on how humans interact with robots. Supporting caregivers
Robots are increasingly being used to support caregivers, the article says.To read this article in full or to leave a comment, please click here
Complex passwords don’t “frustrate hackers,” all they do is make life “harder for users,” Claran Martin, the Director General of Cyber Security at the United Kingdom’s spy agency GCHQ says in a new guidance document published online (PDF).
The advice contradicts previous GCHQ guidance that says that system owners should “adopt the approach that complex passwords are ‘stronger.’”
GCHQ, or he Government Communications Headquarters, is the British equivalent of the National Security Agency (NSA).
Amusingly, both agencies have been exposed recently as conducting widespread surveillance on their respective citizens. The more cynical might think there was secondary motive for this advice.To read this article in full or to leave a comment, please click here
For anyone questioning the feasibility of super-high speed 5G networks—faster than wired is today—due to come on stream in 2020, be assured, tests have been completed that apparently indicate that the tech can actually work.
China-based equipment maker Huawei has announced that it has, along with Japan’s largest Mobile Network Operator NTT DOCOMO, concluded a large-scale, non-lab field trial of 5G.Peak speeds
Peak speeds reached 3.6Gbps Huawei says in a press release on its website. For comparison Verizon’s 4G LTE broadband in the U.S. has “peak download speeds approaching 50Mbps,” according to Verizon on its website.To read this article in full or to leave a comment, please click here
Many nuclear power facilities aren't air-gapped from the Internet, and many "critical infrastructure components" can be identified via search engines. These are just two of the graphic warnings made in a recent report on the nuclear power industry by think tank Chatham House.The international policy institute has just released a report (PDF) on cybersecurity at civil nuclear facilities worldwide, including those in the U.S. The report is scathing.To read this article in full or to leave a comment, please click here
Prices are dropping for Personally Identifiable Information (PII) on the Dark Web. One likely reason is a surplus of the data; cybercriminals have been too successful gathering the stuff.
Criminals can now purchase PII for $1 a line — that's down from $4 just a year ago, Trend Micro reported in its new research paper.
Each line contains a name, a full address, a date of birth, a Social Security number, and other information. Criminals only need a few lines to clone an identity.Studying stolen data
Trend Micro analyzed a decade's worth of data breach information in its new report, "Follow the Data, Dissecting Data Breaches and Debunking the Myths' (PDF).To read this article in full or to leave a comment, please click here
The username and password mix that we've been using for authentication is on its way out, some people think.As we all know, problems include outright theft, the loss of password, phishing, and bots.Alternatives that have proven a bit more successful have included adding an extra element of authentication — such as an object that has to be in the possession of the user. A bank card at an ATM is an example of this. That's called two-factor authentication.But a new biometric typing keystroke algorithm that knows how you type could be a better authentication method, some scientists say.Biometrics
Biometrics promise the most security, experts say. A fingerprint, or a voice print, is unique — it's theoretically inseparable, unlike the easily copied magnetic card.To read this article in full or to leave a comment, please click here
If you've ever wondered just where the fiber conduits that carry our Internet traffic run, wonder no more. Researchers have created a map.Four years in the making, the map, sourced in part from public records, shows the long-haul fiber that carries Internet data around the country. Additionally, locations where multiple cables connect are shown.This kind of map has never existed before.Internet infrastructure
Not much is known about "today's physical Internet infrastructure," the researchers say.So they delved in and, through a collection of Tier-1 ISP and cable company maps combined with public records, started to construct a map of the long-haul fiber network (PDF).To read this article in full or to leave a comment, please click here
If you've ever wondered just where the fiber conduits that carry our Internet traffic run, wonder no more. Researchers have created a map.Four years in the making, the map, sourced in part from public records, shows the long-haul fiber that carries Internet data around the country. Additionally, locations where multiple cables connect are shown.This kind of map has never existed before.Internet infrastructure
Not much is known about "today's physical Internet infrastructure," the researchers say.So they delved in and, through a collection of Tier-1 ISP and cable company maps combined with public records, started to construct a map of the long-haul fiber network (PDF).To read this article in full or to leave a comment, please click here
While half of consumers polled in a recent survey think that they are "adequately" protected from online threats on their computers, tablets, and smartphones, only 37% think the same protection is in place for their connected-home devices, such as IoT, gaming consoles, smart TVs, and thermostats.DNS service provider Nominium commissioned the report from market researcher YouGov in July. Polling consisted of 1,106 consumers in the United States.Less secure
"Consumers find their digital world expanding at an astounding pace with more and more Internet-connected 'things,'" Nominium says of the report.To read this article in full or to leave a comment, please click here
A fifth of all businesses will have deployed IoT-related security by the end of 2017, analyst Gartner thinks.Dedicated digital security services that are committed to "protecting business initiatives using devices and services in the Internet of Things" will be in place by then, the research and advisory company says.Gartner made the statement in a press release on its website in relation to a security and risk management summit earlier this month in Mumbai.'Reshape IT'
"The IoT redefines security," Ganesh Ramamoorthy, research vice president at Gartner, said in the press release.To read this article in full or to leave a comment, please click here
Interference has been a major issue when hospitals have tried to replace the cluttered, bulky wiring used to monitor patients’ conditions—those are the wires protruding from a body, along with the associated beeps, as seen in the hospital TV drama procedurals we know and love.Hard-wiring, though, has never been an ideal solution for biomedical signals—it prevents patients from moving around, for one thing. That ties up expensive hospital beds.Interference
RF interference can not only interfere with other signals, but it can apparently damage hospital equipment, say some researchers in South Korea.Those researchers, from Pukyong National University in Busan, reckon that they have a better solution. They want to use light instead.To read this article in full or to leave a comment, please click here
Interference has been a major issue when hospitals have tried to replace the cluttered, bulky wiring used to monitor patients’ conditions—those are the wires protruding from a body, along with the associated beeps, as seen in the hospital TV drama procedurals we know and love.Hard-wiring, though, has never been an ideal solution for biomedical signals—it prevents patients from moving around, for one thing. That ties up expensive hospital beds.Interference
RF interference can not only interfere with other signals, but it can apparently damage hospital equipment, say some researchers in South Korea.Those researchers, from Pukyong National University in Busan, reckon that they have a better solution. They want to use light instead.To read this article in full or to leave a comment, please click here
Magnetic signals can be used to communicate within the human body, a team of scientists recently said.The newly developed technique sends magnetic fields through biological tissue and could be used for a human-hosted wireless sensor network. Full-body health monitoring might be an application.The proof-of-concept idea, demonstrated recently by electrical engineers from the University of California, San Diego, could one day replace power-hungry Bluetooth for wearable networking, the researchers say.It would also be more secure than existing communications between wearables, they reckon.Signals move easier
Magnetic field-generating coils, wrapped around three parts of the body—head, arm, and leg—allowed signals to move easily from one side of the body to the other in the scientists' experiments.To read this article in full or to leave a comment, please click here
With Internet of Things penetration set for a trillion devices by 2025, according to recent McKinsey numbers, our thoughts are, or should be, turning to security.One question that could be posed is: Just how could a future IoT attack play out? What route could it take?A security company reckons it has an answer.'Terror in the kitchen'
One World Labs, a security outfit that specializes in penetration testing, forensics, and security code review, presented a session at San Francisco's RSA Conference in April, where it attempted to address the question.To read this article in full or to leave a comment, please click here
Patrick Nelson