Mobile advertiser tracked users’ locations, without their consent, FTC alleges

The privacy settings on your phone don’t mean much if tech companies choose to ignore them. One major mobile advertiser allegedly did just that.The company InMobi was secretly tracking user locations, regardless of consent, the U.S. Federal Trade Commission alleged on Wednesday. The motive: to serve location-based ads over mobile apps.InMobi is headquartered in India and partners with thousands of apps to offer advertising. This gives the company access to 1.5 billion devices.Collecting user information to serve tailored ads is all too common, but InMobi did so through deception, the FTC alleged. The company stated it would only collect the location-based data if given permission, however, InMobi secretly collected it anyway, the agency said.To read this article in full or to leave a comment, please click here

10 steps the IRS needs to take now to secure tax returns, fight fraud, identity theft

The digital, online world has left the Internal Revenue Service struggling to move forward.  The key IRS advisory group, The Electronic Tax Administration Advisory Committee issued its annual state of the agency report this week that concluded: The erosion of the IRS tax system’s integrity from the proliferation of tax identity theft and inadequate levels of taxpayer service at the IRS caused by an antiquated customer service model that does not adequately apply digital service tools.ETAAC’s wide-ranging report looked at all aspects of the IRS but for our purposes we’ll focus on what the group is recommending the revenue agency do to combat its worst threat – fraud and identity theft.To read this article in full or to leave a comment, please click here

10 steps the IRS needs to take now to secure tax returns, fight fraud, identity theft

The digital, online world has left the Internal Revenue Service struggling to move forward.  The key IRS advisory group, The Electronic Tax Administration Advisory Committee issued its annual state of the agency report this week that concluded: The erosion of the IRS tax system’s integrity from the proliferation of tax identity theft and inadequate levels of taxpayer service at the IRS caused by an antiquated customer service model that does not adequately apply digital service tools.ETAAC’s wide-ranging report looked at all aspects of the IRS but for our purposes we’ll focus on what the group is recommending the revenue agency do to combat its worst threat – fraud and identity theft.To read this article in full or to leave a comment, please click here

10 steps the IRS needs to take now to secure tax returns, fight fraud, identity theft

The digital, online world has left the Internal Revenue Service struggling to move forward.  The key IRS advisory group, The Electronic Tax Administration Advisory Committee issued its annual state of the agency report this week that concluded: The erosion of the IRS tax system’s integrity from the proliferation of tax identity theft and inadequate levels of taxpayer service at the IRS caused by an antiquated customer service model that does not adequately apply digital service tools.ETAAC’s wide-ranging report looked at all aspects of the IRS but for our purposes we’ll focus on what the group is recommending the revenue agency do to combat its worst threat – fraud and identity theft.To read this article in full or to leave a comment, please click here

Microsoft Talks Up Its Containers At DockerCon

Here’s how Dropbox is changing its free tier with a major update

Dropbox made some major changes to its free tier on Wednesday, including support for read-only folders, as the company released a crush of new features aimed at enhancing its users' productivity. The biggest change users will notice: In order to automatically upload photos from their smartphones, they must install the Dropbox app on at least one Mac or PC. People who don't mind manually uploading their photos to Dropbox won't need to change anything.Dropbox won't say how many people it expects the auto-upload change to impact. The change is aimed at helping people improve the way that they manage photos, but the company wouldn't give additional information. It seems like the change is an attempt to get a group of users who are using Dropbox only for smartphone photo backup to either dive deeper into the storage service or ditch it entirely. To read this article in full or to leave a comment, please click here

CenturyLink Offers SD-WAN with Versa Networks Technology

It doesn’t think it will cannibalize its MPLS revenues.

Say hello to BadUSB 2.0: USB man-in-the-middle attack proof-of-concept

Oh peachy, say hello to BadUSB 2.0, a tool “capable of compromising USB fixed-line communications through an active man-in-the-middle attack. It is able to achieve the same results as hardware keyloggers, keyboard emulation, and BadUSB hardware implants. Furthermore, BadUSB2 introduces new techniques to defeat keyboard-based one-time-password systems, automatically replay user credentials, as well as acquiring an interactive command shell over USB.”The full research paper, BadUSB 2.0: USB man-in-the-middle attacks” (pdf), by security researcher David Kierznowski, is available on Royal Holloway. The paper describes BadUSB2 as an “in-line hardware solution” which is “capable of performing passive or active man-in-the-middle attacks against low-speed, USB-HID devices, such as keyboards and mice.” Yes, BadUSB2 can “intercept messages going to the host, as well as messages destined for the peripheral.” Its attack capabilities are impressive.To read this article in full or to leave a comment, please click here

Say hello to BadUSB 2.0: A USB man-in-the-middle attack proof of concept

Oh, peachy. Say hello to BadUSB 2.0, a tool “capable of compromising USB fixed-line communications through an active man-in-the-middle attack. It is able to achieve the same results as hardware keyloggers, keyboard emulation and BadUSB hardware implants. Furthermore, BadUSB2 introduces new techniques to defeat keyboard-based one-time-password systems, automatically replay user credentials, as well as acquiring an interactive command shell over USB.”The full research paper, BadUSB 2.0: USB man-in-the-middle attacks (pdf), by security researcher David Kierznowski is available on Royal Holloway. The paper describes BadUSB 2.0 as an “in-line hardware solution” that is “capable of performing passive or active man-in-the-middle attacks against low-speed, USB-HID devices, such as keyboards and mice.” Yes, BadUSB 2.0 can “intercept messages going to the host, as well as messages destined for the peripheral.” Its attack capabilities are impressive.To read this article in full or to leave a comment, please click here

Say hello to BadUSB 2.0: USB man-in-the-middle attack proof-of-concept

Oh peachy, say hello to BadUSB 2.0, a tool “capable of compromising USB fixed-line communications through an active man-in-the-middle attack. It is able to achieve the same results as hardware keyloggers, keyboard emulation, and BadUSB hardware implants. Furthermore, BadUSB2 introduces new techniques to defeat keyboard-based one-time-password systems, automatically replay user credentials, as well as acquiring an interactive command shell over USB.”The full research paper, BadUSB 2.0: USB man-in-the-middle attacks” (pdf), by security researcher David Kierznowski, is available on Royal Holloway. The paper describes BadUSB2 as an “in-line hardware solution” which is “capable of performing passive or active man-in-the-middle attacks against low-speed, USB-HID devices, such as keyboards and mice.” Yes, BadUSB2 can “intercept messages going to the host, as well as messages destined for the peripheral.” Its attack capabilities are impressive.To read this article in full or to leave a comment, please click here

Say hello to BadUSB 2.0: A USB man-in-the-middle attack proof of concept

Oh, peachy. Say hello to BadUSB 2.0, a tool “capable of compromising USB fixed-line communications through an active man-in-the-middle attack. It is able to achieve the same results as hardware keyloggers, keyboard emulation and BadUSB hardware implants. Furthermore, BadUSB2 introduces new techniques to defeat keyboard-based one-time-password systems, automatically replay user credentials, as well as acquiring an interactive command shell over USB.”The full research paper, BadUSB 2.0: USB man-in-the-middle attacks (pdf), by security researcher David Kierznowski is available on Royal Holloway. The paper describes BadUSB 2.0 as an “in-line hardware solution” that is “capable of performing passive or active man-in-the-middle attacks against low-speed, USB-HID devices, such as keyboards and mice.” Yes, BadUSB 2.0 can “intercept messages going to the host, as well as messages destined for the peripheral.” Its attack capabilities are impressive.To read this article in full or to leave a comment, please click here

GigaSpaces Previews its Cloudify Telecom Edition

It's telecom-friendly MANO software.

On differential privacy

Over the past several weeks, there’s been a lot of talk about something called “differential privacy.” What does this mean, how does it work, and… Is it really going to be effective? The basic concept is this: the reason people can identify you, personally, from data collected off your phone, searches, web browser configuration, computer configuration, etc., is you do things just different enough from other people to create a pattern through cyber space (or rather data exhaust). Someone looking hard enough can figure out who “you” are by figuring out patterns you don’t even think about—you always install the same sorts of software/plugins, you always take the same path to work, you always make the same typing mistake, etc.

The idea behind differential security, considered here by Bruce Schneier, here, and here, is that you can inject noise into the data collection process that doesn’t impact the quality of the data for the intended use, while it does prevent any particular individual from being identified. If this nut can be cracked, it would be a major boon for online privacy—and this is a nut that deserves some serious cracking.

But I doubt it can actually be cracked Continue reading

Nokia Teams with Intel on OPNFV Testing

Lab will serve as a testbed for NFV developers.

Cloud or on-prem? This big-data service now swings both ways

There are countless "as-a-Service" offerings on the market today, and typically they live in the cloud. Back in 2014, startup BlueData blazed a different trail by launching its EPIC Enterprise big-data-as-a-service offering on-premises instead.On Wednesday, BlueData announced that the software can now run on Amazon Web Services (AWS) and other public clouds, making it the first BDaaS platform to work both ways, the company says."The future of Big Data analytics will be neither 100 percent on-premises nor 100 percent in the cloud," said Kumar Sreekanti, CEO of BlueData. "We’re seeing more multicloud and hybrid deployments, with data both on-prem and in the cloud. BlueData provides the only solution that can meet the realities of these mixed environments in the enterprise.”To read this article in full or to leave a comment, please click here

Cloud or on-prem? This big-data service now swings both ways

There are countless "as-a-Service" offerings on the market today, and typically they live in the cloud. Back in 2014, startup BlueData blazed a different trail by launching its EPIC Enterprise big-data-as-a-service offering on-premises instead.On Wednesday, BlueData announced that the software can now run on Amazon Web Services (AWS) and other public clouds, making it the first BDaaS platform to work both ways, the company says."The future of Big Data analytics will be neither 100 percent on-premises nor 100 percent in the cloud," said Kumar Sreekanti, CEO of BlueData. "We’re seeing more multicloud and hybrid deployments, with data both on-prem and in the cloud. BlueData provides the only solution that can meet the realities of these mixed environments in the enterprise.”To read this article in full or to leave a comment, please click here

Dropbox enhances its productivity tools across the board

Dropbox just dumped a ton of new productivity features on users of its file storage and collaboration service that are all aimed at making it easier for people to get work done within its applications. Updates to the Dropbox app for iOS allow users to scan documents directly into the cloud storage service, and get started with creating Microsoft Office files from that app as well. The company also increased the ease and security of sharing files through Dropbox, and made it easier to preview and comment on files shared through the service.These launches mean that Dropbox will be more valuable to people as a productivity service, and not just a folder to hold files. It's especially important as the company tries to capture the interest of business users, who have a wide variety of competing storage services they could subscribe to instead. To read this article in full or to leave a comment, please click here

Datanauts 039: The Silo Series – Resource Allocation for Virtualized Workloads

The Datanauts Silo Series explores how to determine how many resources to apply to a virtualized workload. We discuss how to properly size and configure tricky tier 1 applications and monster VMs. The post Datanauts 039: The Silo Series – Resource Allocation for Virtualized Workloads appeared first on Packet Pushers.

IDG Contributor Network: New life for residential Wi-Fi

The recent launch of two residential Wi-Fi products—from eero and Luma—is very welcome. They highlight just how stale the traditional offerings had become. But their central technical improvement should be unnecessary.The new devices apply the Nest treatment to Wi-Fi routers rather than thermostats. As with most brilliant ideas, one’s first reaction is why didn’t someone do this before, it’s so obvious?+ Also on Network World: Riding the new Wi-Fi wave (part 1) +To read this article in full or to leave a comment, please click here

Think tanks mull Geneva Convention for cybercrime

A Geneva Convention on cyberwar: That's how a panel of experts proposes to deal with the growing threat to critical infrastructure posed by the possibility of cyberattack.With control systems in dams, hospitals, power grids and industrial systems increasingly exposed online, it's possible that nation states could seek to damage or disable them electronically.But building electronic defenses to prevent such attacks is expensive -- and often ineffectual, given the myriad ways in which they can fail or be breached.That's why the Global Commission on Internet Governance recommends that in any future cyberwar, governments should pledge to restrict the list of legitimate targets for cyberattacks, to not target critical infrastructure predominantly used by civilians, and to not to use cyberweapons against core Internet infrastructure.To read this article in full or to leave a comment, please click here