Archive

Category Archives for "Network World Security"

Review: 8 password managers for Windows, Mac OS X, iOS, and Android

I hate passwords. I hate coming up with them. I hate remembering them. I hate mistyping them four times in a row. And I hate getting locked out of whatever I'm trying to log into in the process.That said, I hate being hacked only slightly more, so I've done my part to use passwords that aren't "password123" or something equally foolish. The hard part is keeping them straight, which I could do by writing them down -- but isn't that a security hole all over again? Heck, I've known that since I was a kid. I saw "WarGames."[ Roger Grimes' free and almost foolproof way to check for malware. | Discover how to secure your systems with InfoWorld's Security newsletter. ] Password vaults, aka password safes or password managers, help solve this problem. They give you a central spot to store all your passwords, encrypted and protected by a passphrase or token you provide. This way, you have to memorize a single password: the one for your password vault. All the other passwords you use can be as long and complex as possible, even randomly generated, and you don't have to worry about remembering them.To read Continue reading

7 heavily-hyped information security products, vendors that hit the scrap heap

Hitting the heapImage by SmoobsInformation security vendors release new products with all the hope of parents sending their child out into the world or a mother bird forcing her babies out of the nest. Unfortunately, as everywhere else in nature, some security technologies fall to the ground and go splat! Here are seven security-related offerings whose trajectories fell off sharply just before the bitter end.To read this article in full or to leave a comment, please click here(Insider Story)

Attackers can turn Microsoft’s exploit defense tool EMET against itself

Hackers can easily disable the Microsoft Enhanced Mitigation Experience Toolkit (EMET), a free tool used by companies to strengthen their Windows computers and applications against publicly known and unknown software exploits.Researchers from security vendor FireEye have found a method through which exploits can unload EMET-enforced protections by leveraging a legitimate function in the tool itself.Microsoft patched the issue in EMET 5.5, which was released on Feb. 2. However, it's likely that many users haven't upgraded yet, because the new version mainly adds compatibility with Windows 10 and doesn't bring any new significant mitigations.To read this article in full or to leave a comment, please click here

IDG Contributor Network: All the buzzwords: Behavioral biometric adaptive authentication with SecureAuth

SecureAuth is a vendor in the authentication and access space. It covers a range of related functions including authentication, single sign on, and user self-service. At its core, SecureAuth is juggling the conflicting aims of ensuring easy access to applications by legitimate users and high security for sensitive data.One of the ways in which companies reconcile these seemingly irreconcilable aims is through using deep analytics to automate some of the access functions. A case in point comes from SecureAuth's latest version, which includes behavioral analytics, risk analysis, and biometric tracking.What all that means is that SecureAuth is offering to analyze a user's keystrokes and mouse movements to build a profile of an individual user's behavior. Thereafter, this profile is compared to subsequent login attempts and, if they don't match, SecureAuth applies a higher level of access control.To read this article in full or to leave a comment, please click here

Tor users increasingly treated like second-class Web citizens

The Internet is becoming harder to browse for users of Tor, the anonymity network that provides greater privacy, according to a new study. The blame can be placed largely on those who use Tor, short for The Onion Router, for spamming or cyberattacks. But the fallout means that those who want to benefit from the system's privacy protections are sometimes locked out. Researchers scanned the entire IPv4 address space and found that 1.3 million websites will not allow a connection coming from a known Tor exit node. Also, some 3.67 percent of Alexa's top 1000 websites will block Tor users at the application level.To read this article in full or to leave a comment, please click here

Baidu web browsers leaked sensitive information, researchers say

Two web browsers developed by Chinese search giant Baidu have been insecurely transmitting sensitive data across the Internet, putting users' privacy at risk, according to a new study. Baidu responded by releasing software fixes, but researchers say not all the issues have been resolved. The study was published Tuesday by Citizen Lab, a research group that's part of the University of Toronto.  It focused on the Windows and Android versions of Baidu's browser, which are free products. It also found that sensitive data was leaked by thousands of apps that use a Baidu SDK (software development kit).To read this article in full or to leave a comment, please click here

IT manager gets 30 months in jail for code-bombing firm’s intellectual property

He could have gotten 10 years behind bars but this week a former IT manager at software maker Smart Online only got 30 months for sending malicious code that destroyed the company’s computers and data.+More on Network World: The weirdest, wackiest and coolest sci/tech stories of 2015+The Department of Justice said that according to the plea agreement, from 2007 to 2012, Nikhil Shah, 33 was an information technology manager at Smart Online Inc., of Durham, North Carolina, that develops mobile applications.To read this article in full or to leave a comment, please click here

Japan’s infrastructure probed by cybergroup, security firm says

A group of cyberattackers that emerged in 2010 and then went quiet has resurfaced and is targeting Japan's critical infrastructure, a security vendor said this week.The attacks have targeted utilities and energy companies in Japan, as well as other companies in finance, transportation and construction, said Greg Fitzgerald, chief marketing officer at Cylance, which specializes in end-point protection.The group appears to be based in Asia, and its methods and procedures suggest it may be linked to a nation state, Fitzgerald said.Symantec detected signs of the group, which Cylance calls Operation Dust Storm, in 2010, Fitzgerald said. The group went quiet in March 2013, shortly after Mandiant -- the forenics investigative unit of FireEye -- published a lengthy report on APT 1, which the company believes to be an elite cyber unit of the Chinese army.To read this article in full or to leave a comment, please click here

Apple v. FBI – Who’s for, against opening up the terrorist’s iPhone

Everyone has an opinionApple and the Department of Justice are locked in a court fight over whether the company should disable the anti-brute force mechanism on the iPhone used by the San Bernardino terrorists. Public opinion is split on which side is right, and everyone from tech experts to presidential candidates is weighing in on whether the order actually threatens privacy or whether it’s just a way to find out what’s on that particular phone. Here’s a sampling of comments about the issue from the likes of Bill Gates, Mark Zuckerberg and Donald Trump.To read this article in full or to leave a comment, please click here

Here’s what tech leaders have said about the Apple-FBI dispute so far

In the week since Apple said it would do battle with the FBI over the agency's request for access to a smartphone belonging to one of the San Bernardino terrorists, tech industry leaders have been weighing in with their views.Most have come down in support of Apple, though others, including Bill Gates and Simon Segars, CEO of UK chip company ARM, have leaned more towards the FBI's position.Here's a roundup of what tech leaders have said so far, starting with some of the most recent views expressed.To read this article in full or to leave a comment, please click here

Asus settles charges over insecure routers and cloud services

Critical security flaws in routers and cloud computing services offered by Asus put hundreds of thousands of customers at risk, the U.S. Federal Trade Commission has charged.Taiwan-based Asus has agreed to settle an FTC complaint that it failed to take reasonable steps to secure the software on its routers, the agency said Tuesday. In addition to well-documented vulnerabilities in the routers, its cloud services led to thousands of customers' storage devices being compromised and exposed their personal information, the agency said.To read this article in full or to leave a comment, please click here

Apple is reportedly fighting 12 more iPhone data extraction orders

Apple’s refusal to help the FBI get into the San Bernardino shooter’s iPhone 5c is the most public, but the company is resisting similar court orders in 12 more cases.The Wall Street Journal reported that the Justice Department is trying to compel Apple to help crack iPhones in a dozen cases that are all based on the centuries-old All Writs Act, the same law being used in the San Bernardino case. The details of the cases aren’t clear because they haven’t been made public, but the WSJ’s sources say they have nothing to do with terrorism.To read this article in full or to leave a comment, please click here

uKnowKids child monitoring firm takes aim at security researcher after database breach

If you are “a leader in the Internet safety and security field for over 15 years” and run a company that has monitored and maintained the digital activity records of “260,000 kids in more than 50 countries around the world,” when you fail to password-protect the database for your child activity tracker firm and the database is exposed, would the reasonable response be akin to killing the messenger?MORE ON NETWORK WORLD: 6 simple tricks for protecting your passwords The company, uKnowKids, sells parents a service to track their kid’s online activity such as social media accounts, chats, posted pictures, etc. as well as text messages via smartphone. While that may seem a bit creepy with a control-freakish vibe, Steve Woda, CEO of uKnowKids, said the company was “created after one of our family children was victimized by an online predator.” Right now it seems like Woda is steaming mad at security researcher Chris Vickery, considering a good portion of the post alerting parents to a uKnowKids breach is devoted to blistering Vickery.To read this article in full or to leave a comment, please click here

Report: IBM looking to buy incident-response platform maker Resilient Systems

IBM is considering buying Resilient Systems, whose software platform defines workflows to follow when corporate networks are hit with security incidents, according to a report.The price tag for the company is more than $100 million, according to a story by Xconomy that attributes its information to two unnamed sources. IBM and Resilient haven’t answered requests yet for more information.MORE: 2015 enterprise tech M&A trackerTo read this article in full or to leave a comment, please click here

SD-WAN startup Versa software defines security

NFV and SD-WAN start-up Versa Networks unveiled new FlexVNF virtualized network functions (VNFs) for branch office security, and enhanced the performance of its other security VNFs.The new FlexVNFs include software for DNS security and a secure Web gateway, both designed for secure direct Internet access from the branch. The enhanced FlexVNFs include a 40G per rack unit stateful firewall, a 20G per RU next-gen firewall, and 10G Unified Threat Management (UTM) per RU, all designed to exceed – even double – the performance of hardware-based products.To read this article in full or to leave a comment, please click here

Latest attack against Russian bank employees highlights the threat to financial institutions

The employees of at least six Russian banks were recently the target of a well-crafted email attack where hackers masqueraded as the Russian Central Bank to trick them into installing malware.The incident is the latest in a string of malware attacks against financial institutions over the past year. Together they signal a shift in focus for many cybercriminal groups, from stealing money from bank customers to stealing money directly from banks themselves.According to researchers from Symantec, employees from different Russian banks received emails in December offering them employment at the Central Bank of Russia. The messages were sent from a domain that closely resembled that of the Russian Central Bank and contained a link to an archive file with a Trojan named Ratopak inside.To read this article in full or to leave a comment, please click here

Mark Zuckerberg on Apple vs. FBI: ‘We’re sympathetic with Apple’

Mark Zuckerberg is the latest tech leader to voice his support of Apple against the FBI.“We’re sympathetic with Apple,” the Facebook CEO told the audience at Mobile World Congress in Barcelona on Monday. “We believe encryption is a good thing that people will want.”Even though Zuckerberg was clearly in support of Apple’s case for user privacy, the Facebook CEO acknowledged both sides. + BACKGROUND ON APPLE: Tim Cook refuses order to help unlock terrorist's iPhone 5c +“At the same time, we feel we have a pretty big responsibility to help prevent terrorism,” Zuckerberg said, adding that Facebook cooperates with authorities to remove terrorist posts, profiles, or pages. “We have very strong policies that if there’s content [on Facebook] promoting terrorism, we’ll kick them off.”To read this article in full or to leave a comment, please click here

Countless computers vulnerable to MouseJack attack through wireless mice and keyboards

Countless wireless mice and keyboards can be hacked from 100 yards away leaving their host machines and the networks they are attached to open to malware, Bastille has discovered.The problem, which is being called MouseJack, affects Amazon, Dell, Gigabyte, HP, Lenovo, Logitech and Microsoft products, the company says, and likely more vendors’ gear that they haven’t tested. Logitech alone shipped its billionth mouse in 2008, so the problem is widespread.+More on Network World: Startup Trusona is launching what it claims to be a 100% accurate authentication scheme aimed at corporate executives+To read this article in full or to leave a comment, please click here

FAQ: Everything we know so far about Apple’s battle with the FBI

At this writing, Apple’s battle with the FBI over how much it can and should help in the investigation of the San Bernardino shootings is less than a week old. But already it’s explosive to say the least. The government has accused Apple of being more concerned with marketing than the fight against terrorism, and Apple has drawn a line in the sand, saying that complying with the FBI’s request “would undermine the very freedoms and liberty our government is meant to protect.”This fight isn’t going to be over anytime soon, so we’ll keep this FAQ updated as events unfold. If you have more questions—or want to respectfully debate the implications this case will have on privacy and security—please chime away in the comments and we’ll do our best to make everything about this confusing case as clear as possible.To read this article in full or to leave a comment, please click here

Bill Gates backs the U.S. government in Apple’s iPhone privacy standoff

Microsoft founder Bill Gates says he supports the U.S. government in its efforts to unearth the contents of a terrorist’s iPhone, countering a trend by other tech leaders to back Apple’s refusal to code a backdoor into its iOS operating system.Gates appears to have made the case, however, that he is in favor of the government’s request because he feels it is narrowly worded. “This is a specific case where the government is asking for access to information,” Gates told the Financial Times in a story published Monday night Pacific time. “They are not asking for some general thing; they are asking for a particular case.”To read this article in full or to leave a comment, please click here