Archive

Category Archives for "Network World Security"

China passes controversial cybersecurity law

China has passed a new cybersecurity law that gives it greater control over the internet, including by requiring local storage of certain data.Human rights groups and trade associations in the U.S. and other countries have warned of the implications of the law both for internet businesses and human rights in the country.The National People's Congress Standing Committee passed the new cybersecurity law Monday, according to reports.“Despite widespread international concern from corporations and rights advocates for more than a year, Chinese authorities pressed ahead with this restrictive law without making meaningful changes,” said Sophie Richardson, China director of Human Rights Watch in a statement over the weekend.To read this article in full or to leave a comment, please click here

FBI sticks to earlier view not to charge Clinton over email server

FBI Director James Comey said new emails that had been found had not changed the agency's July decision not to recommend charges against Democratic presidential candidate Hillary Clinton over her use of a private email server.In a letter Sunday to lawmakers, Comey wrote that based on the FBI's review of the emails, the agency had not changed the conclusion it had expressed in July with regard to Clinton's use of a personal email server when she was secretary of state from 2009 to 2013.The letter from Comey comes ahead of U.S. presidential elections on Tuesday and will likely blunt criticism that Clinton used the email server for confidential government communications.To read this article in full or to leave a comment, please click here

Microsoft to protect World Chess Champion Magnus Carlsen from Russian hackers

If you were the World Chess Champion and you were about to defend your title in a 12-round match against a Russian grandmaster, should you be worried about being hacked? Apparently so, since current World Chess Champion Magus Carlsen has asked Microsoft to protect him from attacks by Russian hackers.It’s not like Carlsen, who became a grandmaster at age 13, practices by playing against a computer. In fact, grandmaster and author Andrew Soltis told NPR that “Carlsen won't even play his computer. He uses it to train, to recommend moves for future competition. But he won't play it, because he just loses all the time and there's nothing more depressing than losing without even being in the game.”To read this article in full or to leave a comment, please click here

Update your Belkin WeMo devices before they become botnet zombies

Owners of WeMo home automation devices should upgrade them to the latest firmware version, which was released this week to fix a critical vulnerability that could allow hackers to fully compromise them.The vulnerability was discovered by researchers from security firm Invincea in the Belkin WeMo Switch, a smart plug that allows users to remotely turn their electronics on or off by using their smartphones. They confirmed the same flaw in a WeMo-enabled smart slow cooker from Crock-Pot, and they think it's probably present in other WeMo products, too.WeMo devices like the WeMo Switch can be controlled via a smartphone app that communicates with them over a local Wi-Fi network or over the Internet through a cloud service run by Belkin, the creator of the WeMo home automation platform.To read this article in full or to leave a comment, please click here

Cybersecurity: A Priority for Next POTUS

When the two major presidential candidates haven’t been focused on each other’s personal behavior or legal imbroglios, they’ve tended to discuss a few major issues such as health care, immigration reform, or battling terrorism. Yes, these are critical topics but what about cybersecurity?  After all, this very campaign has featured nation state hacking, email theft, and embarrassing email disclosures from egomaniac Julian Assange and WikiLeaks. Alas, each candidate has been relatively silent about cybersecurity threats, national vulnerabilities, or what they plan to do to bridge this gap.  Secretary Clinton’s policies look a lot like President Obama’s Cybersecurity National Action Plan (CNAP) but add a national security component due to her personal experience with state sponsored hacks of the DNC and John Podesta.  Donald Trump seemed completely ignorant about cybersecurity issues (remember “the cyber” comments and his rant about his 10-year-old son’s computer skills?), but has since come up with some pedestrian cybersecurity policy objectives. To read this article in full or to leave a comment, please click here

DNC hacker calls on brethren to monitor US election

The hacker who claims to have breached the Democratic National Committee isn't done trying to influence this year's election. On Friday, Guccifer 2.0 warned that Democrats might try to rig the vote next Tuesday.Guccifer 2.0 wrote the statement in a new blog post as U.S. federal agencies are reportedly bracing for cyber attacks on election day.The U.S. has already blamed Russia for allegedly meddling with the upcoming election by hacking into political targets, including the DNC, and then leaking the sensitive documents to the public.To read this article in full or to leave a comment, please click here

What about the personal data on those millions of recalled Note7s?

The users of millions of faulty Samsung Galaxy Note7s, already turned in, face a bigger potential dilemma than whether the devices might blow up: The fate of their personal data on the devices.Many of the users of some 3 million Note7 devices sold were told by Samsung and government officials to immediately stop using the devices. They most likely didn't have time to thoroughly wipe sensitive personal data like credit card numbers or medical information.Samsung hasn't divulged what it plans to do with the Note7s that were turned in, and didn't respond this week to a query about how it plans to ensure customer data is kept confidential.The company said earlier this week that it is reviewing options for environmentally disposing of the Note7 phones after Greenpeace demanded Samsung find ways to reuse rare materials in the phones, such as gold and tungsten.To read this article in full or to leave a comment, please click here

Phishing scheme crimps El Paso for $3.2 million

If you ever wonder why phishing scammers continue to try myriad ways of ripping people off you need look no further than this.The El Paso Times this week reported that the city had been scammed out of $3.2 million through a phishing scheme that targeted municipality’s street car development program.+More on Network World: FBI snags group that allegedly pinched 23,000 or $6.7 million worth of iPhonesTo read this article in full or to leave a comment, please click here

Intel launches 500 drones for nighttime light show

Could hundreds or thousands of drones in the sky ever replicate the thrill we get from watching a fireworks display?Intel is hoping to reproduce a little of that magic with its Shooting Star drones. They're equipped with lights to provide a show in the night sky, and Intel is offering a whole fleet of them as a service to theme parks, entertainment companies, and cities.Last year, the company managed to get 100 of them flying in formation to produce patterns and, of course, the Intel logo. Now it's managed to synchronize 500 of the devices to display more ambitious and complex patterns (and yes, a better Intel logo).+ ALSO ON NETWORK WORLD Infographic: Commercial drones by the numbers +To read this article in full or to leave a comment, please click here

Democracy has died of dysentery: The Voter Suppression Trail

Despite a number of potential digital threats, voter fraud remains a mostly imaginary problem in this country, a specter raised by politicians seeking to justify ever-more stringent rules designed to suppress voter turnout in areas unfavorable to them.But in a largely post-truth political discourse, simply pointing out that this is a fact doesn’t seem to be enough. What is needed – and what the New York Times Op-Docs project has collaborated with the satirists at GOP Arcade to produce – is a video game.+ CAN THE ELECTIONS BE HACKED? Find out with Network World's package of stories +To read this article in full or to leave a comment, please click here

25% to 30% of users struggle with identifying phishing threats, study says

This column is available in a weekly newsletter called IT Best Practices.  Click here to subscribe.   Humans are often the weak link in any cybersecurity defense. People behave unpredictably because we are sometimes driven by emotion and by an innate desire to trust and please other people. Also, we tend to take the path of least resistance, even if that path inadvertently creates a cybersecurity risk. Attackers understand these human traits, which is why they are frequently successful in exploiting people to get around more predictable machine-based defenses. As an example, consider phishing. It’s estimated that globally, 8 million phishing email messages are opened every day, and of those, 800,000 recipients of the malicious messages click on the embedded links. Ten percent of the people who click on a link actually give their information, such as login credentials for personal applications or their employer’s applications.To read this article in full or to leave a comment, please click here

How to approach your first day as CSO

The situation often dictates how to approach a new job. Did the company just have a humiliating experience with a data breach? Did they not have a CSO previously and that is why they are looking for security help to lock down their network?If during the job interview, there was a blunt plea for help then most new hires would come in guns a blazin’ to get things under control quickly. But in most scenarios, CSOs interviewed said there is a general time period to examine the culture of the company to help in getting a grasp of what needs to be done.To read this article in full or to leave a comment, please click here

DDoS attack from Mirai malware ‘killing business’ in Liberia

The malware behind last month's massive internet disruption in the U.S. is targeting Liberia with financially devastating results.This week, a botnet powered by the Mirai malware has been launching distributed denial-of-service (DDoS) attacks on IP addresses in the African country, according to security researchers.  These attacks are the same kind that briefly disrupted internet access across the U.S. almost two weeks ago. They work by flooding internet connections with too much traffic, effectively forcing the services offline.To read this article in full or to leave a comment, please click here

Mobile subscriber identity numbers can be exposed over Wi-Fi

For a long time, law enforcement agencies and hackers have been able to track the identity and location of mobile users by setting up fake cellular network towers and tricking their devices to connect to them. Researchers have now found that the same thing can be done much more cheaply with a simple Wi-Fi hotspot.The devices that pose as cell towers are known in the industry as IMSI catchers, with the IMSI (international mobile subscriber identity) being a unique number tied to a mobile subscriber and stored on a SIM card. IMSI catchers can be used for tracking and in some cases, for intercepting calls, but commercial solutions, such as the Stingray used by the FBI, are expensive.To read this article in full or to leave a comment, please click here

Flaw in Wix website builder risked computer worm

Wix, the provider of a widely used cloud-based web development platform, appears to have had a significant bug on its hands that could have paved the way for a computer worm to do serious damage to websites around world.The problem was related to an XSS (cross-site scripting) vulnerability that was found in websites built with Wix, according to Matt Austin, a researcher with Contrast Security.Though Wix says it has fixed the issue, it illustrates how a few lines of bad code can  potentially do widespread damage.XSS vulnerabilities are common, and result from flaws in websites' coding.  Hackers can take advantage of them to trick users' browsers into running malicious scripts that, for example, could download a computer virus or expose the internet cookies that are on their machines. Austin found the same kind of problem in websites from Wix, which builds websites and has 87 million users in Europe, Latin America, Asia.To read this article in full or to leave a comment, please click here

Ixia’s Flex Tap Secure+ protects against injection breaches

We’ve probably all used the phrase “too much of anything is a bad thing.” Too much ice cream makes you fat, too many cats and you get called crazy, and too much NFL football on Sunday gets you banned to the doghouse by your wife. + Also on Network World: Network World annual State of the Network survey results + In IT, too much network traffic is certainly a bad thing. We need networks and rely on them to access cloud applications, call people on via videoconferencing and do a whole bunch of other tasks. However, too much traffic and the network becomes unusable and a source of frustration for workers. To read this article in full or to leave a comment, please click here

10 AWS security blunders and how to avoid them

The cloud has made it dead simple to quickly spin up a new server without waiting for IT. But the ease of deploying new servers -- and the democratic nature of cloud management -- can be a security nightmare, as a simple configuration error or administrative mistake can compromise the security of your organization's entire cloud environment.With sensitive data increasingly heading to the cloud, how your organization secures its instances and overall cloud infrastructure is of paramount importance. Cloud providers, like Amazon, secure the server hardware your instances run on, but the security of the cloud infrastructure your organization sets up on that infrastructure is all on you. A broad array of built-in security services and third-party tools are available to secure practically any workload, but you have to know how to use them. And it all starts with proper configuration.To read this article in full or to leave a comment, please click here

Ex-Facebook, Dropbox engineers offer debugging as a service

A group of former Facebook and Dropbox engineers is developing a service for debugging complex systems and answering ad hoc questions in real time.Honeycomb, currently in an open beta cycle, is a SaaS platform that reduces MTTR (mean time to repair) for outages and degraded services, identifies bugs and performance regressions, isolates contributing factors to failures, and reproduces user bug reports.[ Find out how to get ahead with our career development guide for developers. | The art of programming is changing rapidly. We help you navigate what's hot in programming and what's going cold. | Keep up with hot topics in programming with InfoWorld's Application Development newsletter. ] The collective debugging skills of teams would be captured and preserved, according to the project website. Rather than relying on a dashboard, Honeycomb is for interactive debugging.To read this article in full or to leave a comment, please click here

How secure are home robots?

They have blinking lights and tend to chirp constantly. One of them can vacuum your living room carpet on a schedule. Another can play games with the kids using artificial intelligence.Yet, for homeowners (and security professionals) there’s a question about whether home robots could become an attack vector for hackers. Tapping into a live webcam feed and recording it? Stealing Wi-Fi information from an unprotected signal so you can transmit illegal wares? What makes a home robot such an ingenious ploy is that few of us think a vacuum could possibly become anything remotely viable for criminal use. Yet, that’s exactly the danger.“Homeowners never change the default passwords or use simple passwords which can be broken thus allowing hackers to leverage their way onto a home network and use the robot as a pivot point for further exfiltration of sensitive data or plant malware,” says Kevin Curran, a senior lecturer in computer science at the University of Ulster and IEEE member.To read this article in full or to leave a comment, please click here(Insider Story)

Flood of threat intelligence overwhelming for many firms

Three years after Target missed alerts warning them about a massive data breach, the amount of threat information coming in from security systems is still overwhelming for many companies, according to new reports, due to a lack of expertise and integration issues.Seventy percent of security pros said that their companies have problems taking actions based on threat intelligence because there is too much of it, or it is too complex, according to a report by Ponemon Research released on Monday. In particular, 69 percent said that their companies lacked staff expertise. As a result, only 46 percent said that incident responders used threat data when deciding how to respond to threats, and only 27 percent said that they were effective in using the data.To read this article in full or to leave a comment, please click here