Cisco Systems CEO Chuck Robbins gave up a chance to strongly support enterprise mobility partner Apple in its fight with the FBI over iPhone encryption.Asked about the controversy during a press briefing at Mobile World Congress, Robbins said he doesn't think vendors should put back doors in products. But when it comes to personal privacy versus national security, "There needs to be a balance," he said. Ultimately, the two sides will need to compromise, Robbins said.+ ALSO ON NETWORK WORLD Tim Cook refuses order to help unlock terrorist's iPhone 5c +To read this article in full or to leave a comment, please click here
Although Apple does not exhibit at Mobile World Congress, the giant trade show in Barcelona, the company casts a long shadow over it.The iPhone maker's influence there extends to app developers, accessory vendors and, now, the debate about securing digital identity.In a keynote session on security at the show, moderator Michael O'Hara asked presenters whether they sided with Apple or the U.S. government in the legal dispute over whether Apple should help the Federal Bureau of Investigation unlock an iPhone belonging to the employer of one of the San Bernardino attack suspects.For Simon Segars, CEO of ARM, the company that designs the microprocessors found in most smartphones, "It's a complex situation, there are rights and wrongs."To read this article in full or to leave a comment, please click here
CloudFlare has launched a domain name registration service with enhanced security controls designed to prevent domain hijacking, a serious attack that can have far-reaching consequences for companies.Its Registrar keeps a close eye on domain name registrations and changes to registrations with the intention of preventing attackers from gaining control of a domain name, said Ryan Lackey, who works with CloudFlare's security product strategy.The idea came after CloudFlare began looking for a domain name registrar with better security, Lackey said. CloudFlare is a constant target for attackers. They couldn't find anything suitable, so CloudFlare decided to develop its own.To read this article in full or to leave a comment, please click here
Most Americans think that Apple should help the FBI unlock a smartphone used by one of the terrorists in the San Bernardino mass shooting, according to a study released Monday by the Pew Research Center.
Fifty-one percent of those asked said they think Apple should unlock the iPhone to help the FBI with its investigation, while 38 percent said it should not unlock the phone to protect the security of its other users. Eleven percent of respondents had no opinion either way. Pew
Pew found that a majority of Americans think Apple should help the FBI unlock the iPhoneTo read this article in full or to leave a comment, please click here
Can the development of artificial intelligence technology be kicked up a notch? Scientists at Intelligence Advanced Research Projects Activity (IARPA) certainly hope so and recently issued a Request For Information about how AI advances could be made more quickly and consistently.“Artificial intelligence, defined here as computer simulation of cognitive processes such as perception, recognition, reasoning, and control, have captured the public’s imagination for over 60 years. However, artificial intelligence research has proceeded in fits and starts over much of that time, as the field repeats a boom/bust cycle characterized by promising bursts of progress followed by inflated expectations and finally disillusionment, leading to what has become known as an “AI winter” – a long period of diminished research and funding activity,” IARPA wrote. IARPA is the high-risk, high-reward research arm of the Office of the Director of National Intelligence.To read this article in full or to leave a comment, please click here
We discussed building malware defenses the last time out, but today we’re going to focus on Critical Security Controls 10, 11, and 12 covering data recovery, secure network configuration, and boundary defense.It’s unrealistic to think that you can completely avoid cyberattacks and data breaches, so it’s vital to have a proper data recovery plan in place. You can also tighten your defenses significantly by ensuring all of your network devices are properly configured, and by putting some thought into all of your potential network borders.To read this article in full or to leave a comment, please click here
Startup Trusona is launching what it claims to be a 100% accurate authentication scheme aimed at corporate executives, premiere banking customers and IT admins who have unfettered authorization to access the most valued corporate assets.The system uses four-factor authentication to assure that the person logging in is the person they say they are. It requires a dongle that is tied to a set of specific devices (phones, tablets, laptops), certain cards with magnetic stripes that the user already owns, and a biometric ID based on how the card is swiped through the card reader on the dongle.The TruToken dongle is the miniaturization of anti-ATM-card cloning technology made by MagTek that reads not the digital data recorded on cards’ magnetic strips but rather the arrangement of the pattern of the barium ferrite particles that make the strips magnetic. The particles are so numerous and so randomly placed that no two strips have identical patterns, says Ori Eisen, Trusona’s CEO. That also makes the strips unclonable, he says.To read this article in full or to leave a comment, please click here
Here are a couple of news tidbit from Mobile World Congress that caught my eye.Wi-Fi hack experiment highlighted “reckless” actions by MWC attendeesIt’s likely that many people flooding into the Barcelona Airport over the weekend were headed for Mobile World Congress – a destination which should be filled with people who are smart and knowledgeable regarding mobile devices, but Avast Software called some attendees’ behavior “reckless.”To read this article in full or to leave a comment, please click here
Just a week to go before the biggest cybersecurity event of the year, the RSA Security Conference in San Francisco. Building upon industry momentum and the dangerous threat landscape, I expect a record-breaking crowd from the Moscone Center to Union Square.What will be the focus on this year’s event? Well it should be the global cybersecurity skills shortage which continues to get worse each year. According to ESG research, 46% of organizations claim that they have a “problematic shortage” of cybersecurity skills, up for 28% last year (note: I am an ESG employee). In my humble opinion, the cybersecurity skills shortage has become a national security issue demanding a more comprehensive strategy. Here’s an article I recently wrote with more details on this topic. To read this article in full or to leave a comment, please click here
A Chinese iOS application recently found on Apple's official store contained hidden features that allow users to install pirated apps on non-jailbroken devices. Its creators took advantage of a relatively new feature that lets iOS developers obtain free code-signing certificates for limited app deployment and testing.The number of malware programs for iOS has been very low until now primarily because of Apple's strict control of its ecosystem. Devices that have not been jailbroken -- having their security restrictions removed -- only allow apps obtained from the official App Store, after they've been reviewed and approved by Apple.To read this article in full or to leave a comment, please click here
Four of the top identity management products on the market are Oracle Identity Manager, CA Identity Manager, IBM Tivoli Identity Manager, and SailPoint IdentityIQ, according to online reviews by enterprise users in the IT Central Station community.But what do enterprise users really think about these tools? Here, users give a shout out for some of their favorite features, but also give the vendors a little tough love.Oracle Identity Manager
Valuable Features:
"The most valuable features are the attestation of identities and the robust set of identity analytics." - Mike R., Lead Solutions Architect at a media company with 1000+ employees
"I feel the Provisioning and Reconciliation Engine as well as the Adapter Factory are the most valuable, apart from the standard features which most identity management solutions provide." – Gaurav D., Senior Infrastructure Engineer at a tech services company with 1000+ employees
"Automated User Creation and provisioning of connected resources in the case of Identity Manager, Access control to protected web resources with regards to Oracle Access Manager." - Mwaba C., Identity and Access Management at a manufacturing company with 1000+ employees
Room for Improvement:
"With Oracle, it's always about the learning Continue reading
Apple CEO Tim Cook has asked the U.S. government to withdraw its court action demanding tools that will allow the FBI to hack the passcode of an iPhone, and instead set up a commission of tech, intelligence and civil liberties experts to discuss "the implications for law enforcement, national security, privacy and personal freedoms.""We have done everything that’s both within our power and within the law to help in this case. As we’ve said, we have no sympathy for terrorists," Cook said in an email Monday to Apple employees. Apple said it would gladly participate in the commission.The FBI has sought help from Apple for a workaround to the auto-erase function in an iPhone 5c, running iOS 9, which was used by Syed Rizwan Farook, one of the terrorists involved in the San Bernardino, California, attack on Dec. 2. The FBI is concerned that without this workaround from Apple it could accidentally erase data, while trying to break the passcode by "brute force" techniques.To read this article in full or to leave a comment, please click here
New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.Skytap Provider for VagrantKey features: The Skytap Vagrant plugin provides a common interface for all Vagrant resources, and offers software engineering teams the ability to instantly synchronize a local development stack with on-demand cloud-based environments. More info.To read this article in full or to leave a comment, please click here
FBI Director James Comey claims the agency doesn't want to break anyone’s encryption or set loose a master key to devices like the iPhone.The comment Sunday by Comey on Lawfare Blog comes as both Apple and the government last week appeared to have pulled out all the stops to defend their stands on an FBI demand in a court that Apple provide the technology to help the agency crack the passcode of a locked iPhone 5c used by Syed Rizwan Farook, one of the terrorists involved in the attack in San Bernardino, California, on Dec. 2.The FBI is concerned that without the workaround from Apple, it could accidentally erase data, while trying to break the passcode, because of the possible activation on the phone after 10 failed tries of an auto-erase feature. “We simply want the chance, with a search warrant, to try to guess the terrorist's passcode without the phone essentially self-destructing and without it taking a decade to guess correctly,” Comey wrote.To read this article in full or to leave a comment, please click here
The source code for a powerful Android malware program that steals online banking credentials has been leaked, according to researchers with IBM.The malware family is known by several names, including GM Bot, Slempo, Bankosy, Acecard, Slempo and MazarBot. GM Bot has been sold on underground hacking forums for around US$500. But it appears someone who bought the code then leaked it on a forum in December, perhaps to increase his standing, wrote Limor Kessem, a cybersecurity analyst with IBM Trusteer.The person included an encrypted archive file containing the source code of GM Bot, according to Kessem.To read this article in full or to leave a comment, please click here
“I’m sorry I have to come with bad news,” wrote Clement Lefebvre, head of the Linux Mint project, before announcing Linux Mint suffered an intrusion; on February 20, “hackers made a modified Linux Mint ISO, with a backdoor in it, and managed to hack our website to point to it.”It’s not all Linux Mint, ranked by DistroWatch as the most popular Linux distribution for the last year, that were affected, but only the ISO for Linux Mint 17.3 Cinnamon edition downloaded from the site on Saturday. Lefebvre noted that other ISO releases downloaded from the site on Feb. 20 as well as the Cinnamon edition ISOs downloaded via torrents or a direct HTTP link should not be affected.To read this article in full or to leave a comment, please click here
Last August Offensive Security released Kali Linux 2.0, the Linux distro that’s pretty much everybody’s favorite penetration-testing toolkit (if it’s not your favorite, let me know what you prefer). This release was, to borrow a word from the kool kids, epic. Kali Linux 2.0 is based on Debian 8 (“Jessie”) which means that it’s now using the Linux 4.0 kernel which has a sizable list of changes. The biggest change in version 2.0 is arguably the addition of rolling releases which means that all of the latest versions of the included packages will be available as normal updates thus future point releases will really be snapshots rather than completely new builds. To read this article in full or to leave a comment, please click here
It is not a public problem yet. But according to multiple experts, it will be.“It” is the cybersecurity whistleblower – an employee who sees a flaw, or flaws, in his or her company’s network security, brings the problem to management but gets ignored or punished – marginalized, harassed, demoted or even fired.And then the worker either goes public or files a complaint with a federal regulatory agency like the Securities and Exchange Commission (SEC).Such a scenario is unlikely to end well – almost certainly for the company (if the complaint is credible) and perhaps even for the whistleblower, notwithstanding laws meant to protect them.To read this article in full or to leave a comment, please click here
Apple is challenging a federal court order to help access an iPhone used by one of the shooters in the San Bernardino terrorist attack, claiming that doing so would create a “dangerous precedent.”Now, other tech companies and politicians are publicly debating whether Apple’s dead-set protection of user privacy is justified and whether the FBI has a right to enter people’s iPhones via a “backdoor” to ensure national security. Shortly after Apple CEO Tim Cook posted an open letter detailing Cupertino’s refusal, tech leaders, presidential candidates, and other public figures began taking sides.To read this article in full or to leave a comment, please click here
Despite widespread public condemnation, Hong Kong toy maker VTech is not backing down from a change in its Terms and Conditions ducking its responsibilities in the event of a breach.European customers now have to agree to a Terms of Service that includes the following sentence: “You acknowledge and agree that any information you send or receive during your use of the site may not be secure and may be intercepted or later acquired by unauthorized parties."MORE ON NETWORK WORLD: 26 crazy and scary things the TSA has found on travelers
This was in response to a data breach the previous fall which affected about 5 million parent accounts and more than 6 million children's' accounts. The children profiles included names, genders, birthdates, headshots and chat logs while the parent accounts included email addresses, passwords, secret questions and answers, IP addresses, and mailing addresses.To read this article in full or to leave a comment, please click here