Hot on the heels of Elon Musk and his SpaceX company’s grand plan to inhabit Mars, President Obama and NASA reminded the scientific world it too has a designs to inhabit the red planet – though at perhaps a far more deliberate pace than Musk wants.“We have set a clear goal vital to the next chapter of America's story in space: sending humans to Mars by the 2030s and returning them safely to Earth, with the ultimate ambition to one day remain there for an extended time. Getting to Mars will require continued cooperation between government and private innovators, and we're already well on our way. Within the next two years, private companies will for the first time send astronauts to the International Space Station,” Obama wrote in an editorial for CNN this week. “The next step is to reach beyond the bounds of Earth's orbit. I'm excited to announce that we are working with our commercial partners to build new habitats that can sustain and transport astronauts on long-duration missions in deep space. These missions will teach us how humans can live far from Earth -- something we'll need for the long journey to Mars.”To read Continue reading
Netgear is updating its Arlo wireless and wire-free home security camera systems with a professional version that takes the ‘wire-free’ and flexibility angle even further. Coming to retail shelves on October 23, the Arlo Pro system (small cameras that connect via a low-power, proprietary Wi-Fi to a router-connected base station) will now include two-way audio, a 100+ decibel siren, rechargeable batteries that can last up to six months, and improved motion detection software functionality. The new system will work with older cameras in the Arlo line, and newer cameras can work with older base station (if so desired).In addition, NETGEAR is announcing a set of accessories to make the cameras more flexible for placement and charging. For example, users who don’t want to utilize the rechargeable batteries can recharge the unit through a micro-USB charger. The Arlo Pro Charging Station ($59.99) will let you charge up to two batteries simultaneously so you can swap out one quickly if the initial battery (extra batteries sold at $49.99 each) goes low.To read this article in full or to leave a comment, please click here
Last month's news about the massive data breach at Yahoo, which affected at least 500 million user records, making it the largest data breach on record, might finally be what it takes to get the average internet user to take online security into their own hands — if only they knew how.In his new book "The Hackers Are Coming," online security expert Ronald Nutter shares tips on how to boost security for every online account you have, starting with choosing the best password management and two-factor authentication tools for you.To read this article in full or to leave a comment, please click here(Insider Story)
Microsoft has elaborated on the new patching policy for Windows 7 and Windows 8.1 that takes effect Tuesday.In a post to a company blog accompanied by graphics that resembled a periodic table, Michael Niehaus, a product marketing director for Windows 10, fleshed out the massive change in how Windows 7, the standard in business and the most popular OS on the planet, will be serviced starting with this month's Patch Tuesday.Microsoft announced the new plan two months ago, saying then that as of Oct. 11 it would offer only cumulative security updates for Windows 7 and 8.1, ending the decades-old practice of letting customers choose which patches they apply.To read this article in full or to leave a comment, please click here
In what can only be called awfully suspicious timing, Yahoo has turned off automatic email forwarding—a crucial feature when changing email accounts—for Yahoo Mail users. Anyone who has already enabled the feature is not affected, but others cannot activate it.On its help pages, Yahoo says mail forwarding is currently under development. “While we work to improve it, we’ve temporarily disabled the ability to turn on Mail Forwarding for new forwarding addresses,” the help page says.To read this article in full or to leave a comment, please click here
Rich Santalesa, a programmer turned writer and lawyer, brought an interesting turn of events to my attention last week. We need to pay heed: A litigant can have standing in a U.S. Federal breach case where no personal fraud or identity theft has yet occurred.Usually, a litigant has to have suffered injury—a breech caused them identity theft or other fraudulent activity based upon information released in a security breach. This means if you’re cracked, you can be liable if personally identifiable information is released, exfiltrated, absconded, whatever. It also means that should you believe the axiom that currently most of us are hacked, we’re in for a litigious treat. To read this article in full or to leave a comment, please click here
U.S. accusations that WikiLeaks is helping Russian hackers influence the upcoming election hasn't stopped the controversial website from dumping emails allegedly stolen from a Hillary Clinton aide.On Monday, WikiLeaks released an additional batch of 2,000 emails stolen from Clinton's campaign chairman, John Podesta, which could fuel negative press coverage of her candidacy.This came after the site dumped the first batch of emails last Friday, the same day U.S. intelligence agencies publicly blamed the Russian government for hacking the emails of U.S. officials and political groups earlier this year.To read this article in full or to leave a comment, please click here
It may sound paranoid, but the next time you enter a highly confidential meeting, leave your smart watch behind. It's possible the device could be spying on you.That's what ministers in the U.K. are reportedly being told. They've recently been banned from wearing Apple Watches during cabinet meetings on fears that the devices could be hacked by Russian cyberspies, according to The Telegraph.Mobile phones have already been prohibited from cabinet meetings, but the U.K. government has reportedly taken the extra step of also banning smart watches.To read this article in full or to leave a comment, please click here
The top management of StartCom and WoSign will be replaced and the two certificate authorities will undergo audits after browser vendors discovered that they mis-issued many digital certificates, violating industry rules.
The investigation launched by Mozilla led to the discovery of 13 instances where China-based WoSign and its subsidiary StartCom issued certificates with various types of problems. Evidence was also found that both CAs issued certificates signed with the SHA-1 algorithm after Jan. 1 in violation of industry rules and intentionally backdated them to avoid being caught.
As a result, Mozilla said that it has lost faith in the ability of WoSign and StartCom to correctly carry out the functions of a CA and announced that it will stop trusting new certificates from the two companies. Apple followed suit and announced its own ban for future WoSign and StartCom certificates last week.To read this article in full or to leave a comment, please click here
To observe Hate Crime Awareness Week, the UK’s Crown Prosecution Service (CPS) is cracking down on internet bullies and trolls. Actions like posting humiliating photoshopped images of people on social media platforms, creating derogatory hashtags and doxing can get cyber bullies prosecuted.CPS published new social media guidelines to help prosecutors determine which online actions are illegal. The guidelines take aim at doxing, inciting virtual mobbing – encouraging others to participate in online harassment – and fake social media profiles used for online abuse to name but a few.Retweeting something the CPS considers “grossly offensive, indecent, obscene or false” can also land a person in legal hot water. Yet Alison Saunders, CPS director of public prosecutions, stressed to the BCC that prosecutors can’t use the guidelines to “stifle free speech.” People in the UK better check out what actions are now illegal since saying you didn’t know it was illegal just won’t cut it.To read this article in full or to leave a comment, please click here
Network monitoring systems typically look for slow, overloaded, failing or crashed servers, routers, switches and network connections – and alert network administrators to the problem. According to the IT Central Station user community, the most important criteria to consider when choosing network monitoring software are scalability, flexibility and multi-tenancy.Eight of the top-ranked network monitoring software products are CA Unified Infrastructure Management, SevOne, Microsoft SCOM, FortiSIEM (AccelOps), ScienceLogic, NetScout TruView, Opsview Enterprise and Nagios, according to online reviews by enterprise users in the IT Central Station community.To read this article in full or to leave a comment, please click here(Insider Story)
New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.NetScaler VPX 100G Key features: NetScaler VPX 100G is the industry’s first fully-featured, virtualized ADC that delivers 100 Gigabits per second performance on commodity hardware. More info.To read this article in full or to leave a comment, please click here
Replacement Galaxy Note 7 phones may not be any safer than the Note 7 devices which caught fire and caused a recall, based on three replacement Note 7 devices catching fire in the past week.Samsung is reportedly investigating the fire fiascos, claiming that the company takes every Galaxy Note 7 fire report “seriously.” Yet after a company official goofed and mistakenly sent a text message meant for a colleague to one of the melted phone owners, the company’s concern for customers hardly seems sincere.Replacement Galaxy Note 7 catches fire, fills bedroom with smokeMichael Klering of Kentucky had his replacement Galaxy Note 7 for a little more than a week. On Tuesday, October 4, he was “scared to death” when he and his wife awoke to a bedroom full of smoke.To read this article in full or to leave a comment, please click here
The U.S. response to election-related hacks that the Obama administration now blames on the Russian government could include sanctions against that country.
The administration has said that it has a range of options, including economic sanctions, to respond to Russian cyber attacks. On Friday, a Republican lawmaker said he would propose legislation to move those sanctions forward.
Senator Cory Gardner, who represents Colorado, said his planned legislation would mandate that the U.S. government investigate Russian cyber criminals and sanction them when appropriate.To read this article in full or to leave a comment, please click here
U.S. officials are publicly blaming the Russian government for several high-profile hacks against political groups that they claim were meant to interfere with the upcoming election.U.S. intelligence agencies are confident Russia was responsible, the Department of Homeland Security and the Office of the Director of National Intelligence said in a statement on Friday.They allege that the Russian government compromised the emails of U.S. officials and institutions and then publicly leaked them online through sites such as WikiLeaks, DCLeaks, and the anonymous hacker Guccifer 2.0, who took credit for breaching the Democratic National Committee earlier this year.To read this article in full or to leave a comment, please click here
Following Cognizant’s announcement late last week that it had launched an internal investigation into possible anti-corruption violations, there have been more questions than answers about what may have occurred at the Teaneck, N.J.-headquartered provider of offshore IT services. Particularly perplexing to some was the attendant news that the company’s long-time president Gordon Coburn was stepping down.Cognizant gave no reason for the departure of Coburn, who has been replaced by head of IT services Rajeev Mehta. However, the company did say in a regulatory filing that it was looking into whether it had violated the U.S. Foreign Corrupt Practices Act (FCPA) within a small number of company-owned facilities. Cognizant owns 12 of the 45 delivery centers it operates in India, where 75 percent of its employees work.To read this article in full or to leave a comment, please click here
In the movie The Manchurian Candidate, two soldiers are kidnapped and brainwashed into sleeper agents. Later the soldiers become unwitting assassins when activated by a handler. Sound familiar? It should.Hackers use a similar model for Distributed Denial of Service (DDoS) attacks using IoT devices. This process has four phases.
Capture: Identify and take over control of IoT devices
Subvert: Reprogram the device to conduct malicious acts
Activate: Instruct the hacked device to launch attack
Attack: Launch the DDoS attack
Why are such attacks increasing? How can IoT device security be hardened? What DDoS protections are available? What advisory resources are available? Let’s take a look.To read this article in full or to leave a comment, please click here
Corporate chaosImage by peteThe supply chain upon which modern multinational commerce depends was thrown into chaos earlier this year when South Korea's Hanjin Shipping filed for bankruptcy. Dozens of container ships with hundreds of crew and thousands of pounds of cargo onboard were essentially stranded at sea, as ports barred the ships' entry for fear that they wouldn't be able to pay for docking services.To read this article in full or to leave a comment, please click here
Shodan is a search engine that looks for internet-connected devices. Hackers use it to find unsecured ports and companies use it to make sure that their infrastructure is locked down. This summer, it was also used by security researchers and law enforcement to shut down a ransomware botnet.The Encryptor RaaS botnet offered ransomware as a service, allowing would-be criminals to get up and going quickly with their ransomware campaigns, without having to write code themselves, according to report released last week.The ransomware first appeared in the summer of 2015. It didn't make a big impact -- in March, Cylance reported that it had just 1,818 victims, only eight of whom had paid the ransom.To read this article in full or to leave a comment, please click here
More than a year ago, an eye-opening RAND study on cybersecurity comprehensively explored just how vulnerable the Internet of Things (IoT) is and was going to be.
Afterthought-style patch-on-patch security, as well as significant vulnerability risks involved with slapping internet connectivity on previously non-connected objects, were among the startling findings and predictions in that report.
Since then, questions have arisen as to just how one should approach the security needs of the soon-to-be billions of networked, smart, cheap sensors expanding around the globe like popcorn.To read this article in full or to leave a comment, please click here