Looking into the crystal ballImage by ThinkstockIt is once again, as the song doesn’t quite say, “the most predictive time of the year.” Not that anybody knows for sure what will be happening even a month from now, never mind six months to a year.But that does not, and should not, stop organizations from trying. The way to get ahead and stay ahead, especially in online security, is to look ahead.To read this article in full or to leave a comment, please click here
Intel’s plan to spin out its security business under the McAfee name could run into rough weather with security expert John McAfee asking a court in New York to order an injunction on the deal until a dispute over the use of his personal name for another company is resolved.In a court filing on Tuesday, John McAfee and MGT Capital Investments claimed that there is a high likelihood that Intel intends to sell the rights to the use of his full name to the new venture. “Should the sale go forward any judgment awarded to Plaintiffs will be ineffectual,” it added.John McAfee and MGT informed the court that they will be seeking a preliminary injunction that would prevent Intel from “selling, trading, assigning, leasing or otherwise transferring any alleged rights, in whole or in part, relating to any marks, names, trade names, or entities containing the word ‘McAfee’” until the resolution of the dispute.To read this article in full or to leave a comment, please click here
Google is providing for the first time a look into the world of national security letters -- demands from the Federal Bureau of Investigation to hand over details about account holders and keep quiet about it.The letters are a part of business for Google and other major internet companies, but traditionally they have been barred from acknowledging the letters' existence. That changed in 2013 when, in light of revelations about Internet surveillance by U.S. intelligence agencies, Google and others started fighting to disclose more about the demands.That led to the creation of Google's "transparency report," which revealed the company receives thousands of requests for user data each month from law enforcement agencies around the globe. The national security letters remained secret, but on Tuesday, Google published a handful that are no longer covered by nondisclosure rules.To read this article in full or to leave a comment, please click here
Be wary around random, but legitimate-looking emails popping up in your inbox. A foreign government may be using them to try to hack you.That may sound far-fetched, but Russian cyberspies allegedly stole sensitive files from Democratic groups and figures using this very tactic. In some cases, the spoofed emails pretended to be from Google and managed to trick victims into giving up their login details, paving the way for a series of high-profile hacks that rocked this year’s presidential election.But even as the presidential race is over, cybersecurity experts warn that state-sponsored hackers remain a dangerous threat. Political organizations, businesses, and universities all should be on guard -- you’re probably already in their crosshairs.To read this article in full or to leave a comment, please click here
Android is headed to the internet of things in the form of Android Things, an operating system that grew out of Project Brillo and will be able to get updates directly from Google.
With the home IoT industry still emerging from the hobbyist realm to mass market, Android’s traction in the smartphone realm could make it a popular platform for devices like lights, locks, thermostats, and household appliances that consumers want to manage through their phones.
On Tuesday, Google announced a developer preview of Android Things, which will be able to run on the Raspberry Pi 3, Intel Edison, and NXP Pico hardware platforms. It will be easy for developers to scale their prototypes up to large production runs using custom versions of those boards, Google says.To read this article in full or to leave a comment, please click here
Just over a year ago I reviewed the Ring ($199), a security camera that replaces your conventional doorbell and lets you not only see who’s ringing your doorbell but also talk with them. The Ring doorbell provides movement detection with optional cloud video recording for a monthly fee ($3 per month).While I liked the product conceptually, the startup lag (the time between detecting movement and when recording begins, usually a delay of a few seconds) is long enough that fast moving people like the Fedex guy can come and go before the device starts recording and the so-so video quality led me to give it a Gearhead rating of 3.5 out of 5.To read this article in full or to leave a comment, please click here
For the last Patch Tuesday of 2016, Microsoft issued 12 security bulletins, half of which are rated critical due to remote code execution vulnerabilities. Get ready for restarts. Please do not delay deploying patches since three do address vulnerabilities which had been publicly disclosed.Rated criticalMS16-144 pertains to patching a plethora of bugs in Internet Explorer: two scripting engine memory corruption vulnerabilities, two memory corruption vulnerabilities, a security feature bypass bug, and two information disclosure flaws and one Windows hyperlink object library information disclosure vulnerability.To read this article in full or to leave a comment, please click here
Facebook has launched a tool that allows domain name owners to discover TLS/SSL certificates that were issued without their knowledge.The tool uses data collected from the many Certificate Transparency logs that are publicly accessible. Certificate Transparency (CT) is a new open standard requiring certificate authorities to disclose the certificate that they issue.Until a few years ago, there was no way of tracking the certificates issued by every certificate authority (CA). At best, researchers could scan the entire web and collect those certificates being used on public servers. This made it very hard to discover cases where CAs issued certificates for domain names without the approval of those domains' owners.To read this article in full or to leave a comment, please click here
Looking to put a high-tech solution to a deadly problem the U.S. Department of Transportation has issued a proposed rule to standardize the development and implementation of vehicle communications technologies in cars and trucks. The idea is to enable a multitude of new crash-avoidance applications that could save lives by preventing “hundreds of thousands of crashes every year by helping vehicles “talk” to each other,” the DOT stated.+More on Network World: Six key challenges loom over car communication technology+To read this article in full or to leave a comment, please click here
I’m a Zen heretic, and so also is my sense of systems security.A very cogent citation describes the folly of it all. The people who install toolbars, click on random stuff and feel like they won something when they downloaded the free app are too plentiful, and security is too tough to understand—even PGP. Bringing up the bottom is as important as extending the top. We don’t ritualize security because that would be too tough, to impolite to do. Your mother did not teach you to use complex passwords and to change them as frequently as your underwear. Given some people I know, it’s a wonder they passed the “p@55w0rd” rubric they were trained to use.To read this article in full or to leave a comment, please click here
Networking device manufacturer Netgear released firmware updates for several router models in order to patch a critical vulnerability that's publicly known and could be exploited by hackers.The vulnerability was disclosed by a researcher Friday and affects multiple Netgear router models, many from the company's Nighthawk series. The company initially confirmed the flaw in three models -- R6400, R7000, R8000 -- but it has since expanded the list to include five more.The models confirmed to be affected so far are: R6250, R6400, R6700, R7000, R7100LG, R7300, R7900 and R8000. This list might not be complete as Netgear continues to analyze the flaw's impact to its entire router portfolio.To read this article in full or to leave a comment, please click here
Drones will start getting digital identification certificates under a new service being launched on Tuesday that hopes to bring trust and verification to the skies.The Drone IDs will be SSL/TLS certificates from DigiCert issued through AirMap, a provider of drone flight information data, and will first be available to users of Intel's Aero drone platform.Under the system, drone owners receive the digital ID in the form of an SSL/TLS certificate when they register for AirMap services. The ID is different from the identification number issued to drone owners by the U.S. Federal Aviation Administration and isn't part of any government scheme.To read this article in full or to leave a comment, please click here
Cybersecurity is a growing concern across the globe and businesses are eager to build secure products and keep corporate data safe. The only problem is that cybersecurity is a relatively new skill, and there just aren't enough qualified candidates to go around.When Intel and the Center for Strategic and International Studies (CSIS) surveyed 775 IT decision makers, 82 percent expressed a concern for the cybersecurity skills shortage. It's reached a point where the government has created the National Initiative for Cybersecurity and Studies (NICS) to help address the growing need for cybersecurity professionals, starting by getting kids introduced to cybersecurity as early as middle school.To read this article in full or to leave a comment, please click here
The incidents of ransomware -- especially crypto-ransomware, in which cybercriminals hack vulnerable systems, encrypt the data and hold it for ransom -- saw a huge spike in 2016, and the practice shows no signs of slowing down.According to Symantec's 2016 Internet Security Threat Report (ISTR), there were more than 4,000 ransomware attacks per day since Jan 1, 2016, a 300-percent increase over 2015, which saw an average 1,000 attacks per day, according to the ISTR.While organizations can't ever be completely protected, there are a number of steps you can take to minimize the risk and potential fallout from a ransomware attack, says Scott Millis, CTO at mobile security and secure device management platform Cyber adAPT.To read this article in full or to leave a comment, please click here
Shadow ITImage by ThinkstockEvery employee is on a mission to find the next SaaS application that will make their job easier. With nothing more than a credit card and an expense report, anyone within the organization can sign-up for a new application in minutes.The problem is that employees are signing-up for SaaS apps without the knowledge or permission of their IT administrator. According to Gartner and Cisco, IT pros only know about 7% of the apps in use. Meaning, within any given organization, there are hundreds of unsecured SaaS apps, each a potential entry point for hackers to access your corporate data.To read this article in full or to leave a comment, please click here
According to a new study of the top one million domains, 46 percent are running vulnerable software, are known phishing sites, or have had a security breach in the past twelve months.The big problem is that even when a website is managed by a careful company, it will often load content from other sites, said Kowsik Guruswamy, CTO at Menlo Park, Calif.-based Menlo Security, which sponsored the report, which was released this morning.For example, news sites -- 50 percent of which were risky -- typically run ads from third-party advertising networks.To read this article in full or to leave a comment, please click here
Ransomware is always nasty business, but the latest variant discovered by the MalwareHunterTeam takes the nastiness to a whole ‘nother level.Turning victims into criminals
Apparently, the latest Popcorn Time ransomware adds a new twist to the standard M.O. of demanding payment from their victims or permanently lose access to their files. In what seems like a brilliant if seriously messed up maneuver, if victims don’t want to pay the Bitcoin ransom “the fast and easy way,” the program gives victims the option of paying up “the nasty way”—by sending the ransomware link on to others. To read this article in full or to leave a comment, please click here
President-elect Donald Trump added 131 votes to his winning margin in a recount in Wisconsin of ballots cast in the state for the recent U.S. presidential elections, but a significant part of the recount was not by hand.The recount was asked for by Green Party candidate Jill Stein after doubts were raised that the voting systems can be hacked. Wisconsin uses both the optical scan and direct-recording electronic types of voting machines, which are both susceptible to compromise, Stein said in a petition to the Wisconsin Elections Commission.To read this article in full or to leave a comment, please click here
Law enforcement agencies arrested 34 suspects in 13 countries, including the U.K and the U.S., as part of a crackdown last week on DDoS (distributed denial-of-service) attacks.The arrests targeted buyers of DDoS-for-hire services, which get paid to flood websites or internet-connected systems with traffic, forcing them to go offline.In addition to the 34 arrests, law enforcement agencies interviewed and warned another 101 individuals. Many of the suspects were under the age of 20, the European Union police agency Europol said in a Monday statement.To read this article in full or to leave a comment, please click here
As some of the tech sector’s heaviest hitters prep for a meeting this week with president-elect Donald Trump, they need to make sure they get answers to critical questions about issues that could affect not only their businesses but the U.S. economy in general.While the meeting has been called by Trump, the Silicon Valley executives should be prepared to set some of it themselves so they aren’t blindsided by policy shifts that can affect their success. Items of interest range from encryption to China policy.Here are some of the issues important to Trump and that are important to the interests of technology vendors and service providers.Where does Trump stand on encryption?To read this article in full or to leave a comment, please click here