A team of security researchers has found serious vulnerabilities in over a dozen wireless routers and access points from Netgear and D-Link with the help of an open-source framework that can be used to perform dynamic security analysis on embedded firmware.Called FIRMADYNE, the framework automatically runs Linux-based firmware designed for embedded devices in an emulated environment and then performs a variety of security tests, including checks on known exploits that exist in penetration testing tools.The framework was built by Daming Chen, Maverick Woo and David Brumley from Carnegie Mellon University and Manuel Egele from Boston University. It was released last week as an open source project along with an accompanying research paper.To read this article in full or to leave a comment, please click here
As usual, winter's been bleak. You're ready to go ... anywhere else. Somewhere warmer, brighter, more fun. And someone else is there waiting and ready to steal your information — and your money — in the process. Travel scams are ripe and ripening as the days grow longer, in some high and very low tech ways. + ALSO ON NETWORK WORLD IRS Scam: 5,000 victims cheated out of $26.5 million since 2013 +"The really staggering message that came through in 2015 was that it was the year attackers spent a lot less time and energy on really sophisticated technology intrusions and instead spent the year exploiting us," says Kevin Epstein, vice president of the Threat Operations Center at Proofpoint. To read this article in full or to leave a comment, please click here
New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow. Savvius VigilKey features: Savvius Vigil is the security industry’s first network appliance capable of intelligently selecting, capturing, and storing months of relevant network data to enable rapid investigation of security incidents. More info.To read this article in full or to leave a comment, please click here
Skyport does one thing, and it does it well. Skyport offers SkySecure Server, a remotely deployable platform for Windows and/or Linux virtual machines in a fortress-like environment.
You can rent one for $2,500 per month, or less.
Skyport SkySecure Servers solve a major pain point for IT execs looking for control over their remote servers. Skyport provides a hardened server that can be safely deployed to off-premises locations with little to no pre-configuration headaches.
It comes pre-built and ready to host and secure either their list or your qualified list of popular host operating systems as VMs. Once deployed it’s largely tamper proof, and its subsequent use is done remotely, securely, with full online-monitoring control. Skyport is as security-paranoid as we are; therefore we liked it, finding only a few foibles.To read this article in full or to leave a comment, please click here(Insider Story)
After all the big breaches reported last year, Real Future's Kevin Roose wanted to see how well he would fare in a personal pen-test. Issuing such a “hack me” challenge is rarely wise as New York University Professor and PandoDaily editor Adam Penenberg found out a few years ago after asking TrustWave to hack him if it could. Roose posted a video showing “what happens when you dare expert hackers to hack you” and the resulting pwnage was not pretty.To read this article in full or to leave a comment, please click here
For U.S. taxpayers, the news just keeps getting worse about the cyberattack discovered last year on the IRS's Get Transcript application,At first, it looked like just over 100,000 taxpayers had been affected. Then, last August, the number was updated to more than 300,000.Now, it looks like a further 390,000 people's information could have been breached, bringing the total estimate to over 700,000."The Treasury Inspector General for Tax Administration conducted a nine-month-long investigation looking back to the launch of the application in January 2014 for additional suspicious activity," the Internal Revenue Service announced on Friday. "This expanded review has identified additional suspicious attempts to access taxpayer accounts using sensitive information already in the hands of criminals."To read this article in full or to leave a comment, please click here
Apple has raised some interesting, and potentially winning, legal arguments in its motion to overturn a judge’s order requiring the company to help the FBI unlock the iPhone of a mass shooter.The FBI's request for Apple to write new software to defeat password protections on the phone violates the company’s free speech and due process rights, Apple argued Thursday in its motion to vacate Magistrate Judge Sheri Pym’s Feb.16 order.To read this article in full or to leave a comment, please click here
Apparently IBM’s Watson isn’t all that popular amongst the robot community – at least that’s how it looks in a new IBM commercial "Coping with Humans": A Support Group for Bots.”In the commercial Carrie Fisher (or Princess Leia of Star Wars fame) tries to guide a raft of disgruntled robots in a therapy session that apparently has had problems in the past – saying “maybe this week we might try and listen more – and throw things less.”It’s pretty funny, take a look.
+More on Network World: NASA touts real technologies highlighted in 'The Martian' flick+ To read this article in full or to leave a comment, please click here
The Internet is fragile. Many of its protocols were designed at a time when the goal was rapid network expansion based on trust among operators. Today, the Internet's open nature is what makes it so great for business, education and communication, but the absence of security mechanisms at its core is something that criminals are eager to exploit.In late January, traffic to many IP (Internet Protocol) addresses of the U.S. Marine Corps was temporarily diverted through an ISP in Venezuela. According to Doug Madory, director of Internet analysis at Dyn, such routing leaks occur almost on a daily basis and while many of them are accidents, some are clearly attempts to hijack Internet traffic.To read this article in full or to leave a comment, please click here
David Kaczynski has lived the unimaginable: His brother Ted, the Unabomber, did more than merely kill and maim those who were victims of his attacks, he exacted a terrible toll on his own family, as is always the case with those who commit evil acts.Now David Kaczynski has written a book -- Every Last Tie – that aspires to makes some sense of an otherwise senseless situation. From a review in the New Republic:To read this article in full or to leave a comment, please click here
This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe. It's easier than ever for a malicious actor to launch a DDoS attack against practically any target in the world. Groups like Lizard Squad sell DDoS-as-a-Service for only a few dollars per hour. Some attackers won’t end their attacks until a Bitcoin ransom is paid. Consequently, there are now more attacks on more organizations worldwide than ever before. Akamai recently reported a year-over-year increase of 180% in the number of attacks it saw through its network.Not only are attacks becoming more frequent, they are getting larger, too. Some recent attacks have exceeded 200 million packets per second (Mpps). An event of this size is sufficient to bring down a tier 1 router, the kind often used by Internet Service Providers (ISPs).To read this article in full or to leave a comment, please click here
This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe. It's easier than ever for a malicious actor to launch a DDoS attack against practically any target in the world. Groups like Lizard Squad sell DDoS-as-a-Service for only a few dollars per hour. Some attackers won’t end their attacks until a Bitcoin ransom is paid. Consequently, there are now more attacks on more organizations worldwide than ever before. Akamai recently reported a year-over-year increase of 180% in the number of attacks it saw through its network.Not only are attacks becoming more frequent, they are getting larger, too. Some recent attacks have exceeded 200 million packets per second (Mpps). An event of this size is sufficient to bring down a tier 1 router, the kind often used by Internet Service Providers (ISPs).To read this article in full or to leave a comment, please click here
The FBI’s inability to crack a terrorist’s iPhone 5c shows the strong protection you can get for your private information on a mobile device. That same encryption is also available on your computer, at least in some cases.Given the increasing access to personal and corporate data sought by the U.S. government, as well as by other politicians, unscrupulous businesses, and criminal hackers, people should up their game on what they protect. Fortunately, it's not hard to do. (But be sure to back up your data before you encrypt your devices, in case a power failure occurs during the encryption process and makes your data unavailable.)To read this article in full or to leave a comment, please click here
Frustrated by social networks' efforts to keep them at bay, the terrorist group ISIS has made direct threats against the CEOs of Facebook and Twitter.In a 25-minute video dubbed "Flames of the Supporters" and posted on the Russian-based instant messaging service Telegram, the Sons Caliphate Army displayed photos of Facebook co-founder and CEO Mark Zuckerberg and Twitter CEO Jack Dorsey with digitally added bullet holes. Sons Caliphate Army is a purported hacking division of the Islamic State.To read this article in full or to leave a comment, please click here
On Thursday, Apple filed a motion to vacate the court order compelling the iPhone-maker to create a hackable version of iOS that the FBI can use to break into the iPhone of San Bernardino shooter Syed Farook.In the filing, Apple’s main argument is that its software is protected speech, and that the government asking the company to fabricate software that goes against its beliefs is a violation of its First and Fifth Amendment rights.+ Check out everyone's opinion on what Apple should do +To read this article in full or to leave a comment, please click here
Call it the security conundrum.Business leaders are racing to adopt new IT systems like cloud computing, big data and Internet of things (IoT), and yet at the same time express mounting concerns about the security of sensitive information in those environments.A new survey of more than 1,000 enterprise leaders conducted by 451 Research on behalf of the security vendor Vormetric helps quantify the situation.[ Related: Cybersecurity much more than a compliance exercise ]To read this article in full or to leave a comment, please click here
Apple CEO Tim Cook this week appeared on ABC News where he laid out in precise detail exactly why Apple is refusing to comply with a court order that would have the company help the FBI hack into an iPhone used by one of the San Bernardino shooters.The crux of Apple's position, as relayed by Cook, is that helping the FBI in this particular instance would only open the door to even more government requests. With such a precedent in place, Cook believes that the software tool the FBI wants Apple to develop will inevitably be used for nefarious purposes.“Once created, the technique could be used over and over again, on any number of devices," Cook explained in an open letter published last week.To read this article in full or to leave a comment, please click here
The tech industry is rallying behind Apple in its appeal against a court order asking it to help the FBI unlock an iPhone 5c, with Facebook, Google and Microsoft planning submissions in court in support of the iPhone maker.
“The industry is aligned on this issue and Facebook is participating in a joint submission with other technology companies," a spokeswoman for the company wrote in an email Thursday.
Other companies expected to join in making the submission are Twitter and Amazon.com, but there might be others.
Magistrate Judge Sheri Pym of the U.S. District Court for the Central District of California ordered Apple last week to provide assistance, if necessary by providing signed software that would help the FBI try different passcodes by brute force on the locked iPhone 5c, without triggering an auto-erase feature in the phone. The device was used by one of the terrorists in the San Bernardino, California, attack on Dec. 2.To read this article in full or to leave a comment, please click here
Apple filed court papers on Thursday urging a judge to overturn her order requiring it to unlock an iPhone used by one of the shooters in last December's San Bernardino attacks.
Forcing it to help unlock the phone would set a dangerous precedent that would undermine security for all its customers and open the door to more invasive government requests in future, Apple argued.
"If Apple can be forced to write code in this case to bypass security features and create new accessibility, what is to stop the government from demanding that Apple write code to turn on the microphone in aid of government surveillance, activate the video camera, surreptitiously record conversations, or turn on location services to track the phone’s user? Nothing," the company's lawyers wrote.To read this article in full or to leave a comment, please click here
Containers are revolutionizing enterprise IT in much the way smartphones have transformed the world of consumer technology, but there's still much more to come.That's according to Alex Polvi, CEO of Linux server vendor CoreOS, which has set its sights on improving Internet security.Too many companies today operate their data centers as if on egg shells, because "any little change can break things," Polvi explained. That makes it hard to keep software updated and secure.In general, companies need what Polvi calls "Google infrastructure for everyone else," or GIFEE. Essentially, he's referring to the way hyperscale companies like Google and Facebook operate, with infrastructures designed for maximum robustness, scalability, security and reliability.To read this article in full or to leave a comment, please click here