Archive

Category Archives for "Network World Security"

New products of the week 2.1.2016

New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.Appcito Application Delivery System (ADS) Key features: New self-service provider-tenant portal for Enterprise Infrastructure and Application teams delivering application performance, security, visibility and analytics. Service adapters for F5 Big-IP LTM and HAProxy devices – per-application visibility and analytics. More info.To read this article in full or to leave a comment, please click here

10 of today’s really cool network & IT research projects

New enterprise and consumer network technologies are coming fast and furious these days via well-heeled startups, and yes, even more established tech players. But further back in the pipeline, in the research labs of universities and colleges around the world, that's where the really cool stuff is happening. Take a peek at some of the more intriguing projects in areas ranging from wireless to security to open source to robotics and cloud computing.UNDERWATER WIRELESS University at Buffalo and Northeastern University researchers are developing hardware and software to enable underwater telecommunications to catch up with over-the-air networks. This advancement could be a boon for search-and-rescue operations, tsunami detection, environmental monitoring and more.To read this article in full or to leave a comment, please click here

Harvard study refutes ‘going dark’ argument against encryption

A study from Harvard released Monday largely refutes claims that wider use of encryption in software products will hamper investigations into terrorism and crime.It predicts that the continued expansion of Internet-connected devices -- such as smart TVs and vehicles, IP video cameras and more -- will offer fresh opportunities for tracking targets. "Law enforcement or intelligence agencies may start to seek orders compelling Samsung, Google, Mattel, Nest or vendors of other networked devices to push an update or flip a digital switch to intercept the ambient communications of a target," it said. "These are real products now."To read this article in full or to leave a comment, please click here

Harvard study refutes ‘going dark’ argument against encryption

A study from Harvard released Monday largely refutes claims that wider use of encryption in software products will hamper investigations into terrorism and crime.It predicts that the continued expansion of Internet-connected devices -- such as smart TVs and vehicles, IP video cameras and more -- will offer fresh opportunities for tracking targets. "Law enforcement or intelligence agencies may start to seek orders compelling Samsung, Google, Mattel, Nest or vendors of other networked devices to push an update or flip a digital switch to intercept the ambient communications of a target," it said. "These are real products now."To read this article in full or to leave a comment, please click here

An interactive graphical history of large data breaches

If you're trying to convince your management to beef up the organization's security to protect against data breaches, an interactive infographic from Information Is Beautiful might help.Built with IIB's forthcoming VIZsweet data visualization tools, the World's Biggest Data Breaches visualization combines data from DataBreaches.net, IdTheftCentre, and press reports to create a timeline of breaches that involved the loss of 30,000 or more records (click the image below to go to the interactive version). What's particularly interesting is that while breaches were caused by accidental publishing, configuration errors, inside job, lost or stolen computer, lost or stolen media, or just good old poor security, the majority of events and the largest, were due to hacking.To read this article in full or to leave a comment, please click here

Encryption bills pose challenges for Congress

Breaking encryption technology used by terrorists and criminals poses a frustrating dilemma for intelligence agencies and, most recently, congressional lawmakers.Bipartisan legislation to create a commission to study U.S. encryption policies and practices is still weeks away from being introduced as discussions continue, congressional aides familiar with the plan told Computerworld.The commission approach, backed by Sen. Mark Warner (D-Va.) and House Homeland Security Committee Chairman Michael McCaul, (R-Texas) is intended to bring experts together to dive into the differing points of view, where tech companies want to protect privacy with encryption, while the FBI and other law enforcement agencies want to prevent acts of terrorism and crime by monitoring encrypted communications.To read this article in full or to leave a comment, please click here

Presidential hopeful John Kasich: Work out encryption backdoors in backroom deals

Presidential candidate Gov. John Kasich thinks granting encryption backdoors is something that ought to be worked out in private by the president.During the Republican presidential debate last night the Ohio governor responded to a question about whether cryptographic experts were wrong when they say opening up secret messages to third-party decryption would cause more problems than it would solve.INSIDER: Techies back Democrats in Presidential race “Well, look the Joint Terrorism Task Force needs resources and tools,” he said, “and those are made up of the FBI, state and local law enforcement. And … it's best not to talk anymore about back doors and encryption, it will get solved, but it needs to be solved in the situation room of the White House with the technology folks.”To read this article in full or to leave a comment, please click here

Communication breakdown: US Secret Service needs a radio-system updgrade

The US Secret Service needs to upgrade its radio communications system before it creates difficulties in protecting the White House, the Vice President’s residence and foreign diplomatic embassies.That was the general conclusion of a report issued this week by The Department of Homeland Security Inspector General who stated: In the case of radio communications, a single missed transmission or delay could result in a national incident. Secret Service must ensure that its communications programs work effectively.+More on Network World: 26 of the craziest and scariest things the TSA has found on travelers+To read this article in full or to leave a comment, please click here

Communication breakdown: US Secret Service needs a radio-system upgrade

The US Secret Service needs to upgrade its radio communications system before it creates difficulties in protecting the White House, the Vice President’s residence and foreign diplomatic embassies. That was the general conclusion of a report issued this week by The Department of Homeland Security Inspector General who stated: In the case of radio communications, a single missed transmission or delay could result in a national incident. Secret Service must ensure that its communications programs work effectively. +More on Network World: 26 of the craziest and scariest things the TSA has found on travelers+To read this article in full or to leave a comment, please click here

No agreement as deadline to replace Safe Harbor nears

Two days from their deadline, U.S. and European Union negotiators still have no replacement for the transatlantic data-transfer agreement overturned last year by the EU's top court.The original Safe Harbor agreement enabled companies to store and process EU citizens' personal information in the U.S. in compliance with strict European data protection laws, and its invalidation by the Court of Justice of the European Union last October in a case relating to Facebook's activities has called into question the operations of companies large and small.To read this article in full or to leave a comment, please click here

Identity theft victim? This site helps you reclaim your life

The Federal Trade Commission yesterday unveiled a revamped online hub where victims of identity theft can file complaints and receive a personalized recovery plan to regain control of their personal and financial information and accounts.[ Related: Identity theft hit 7% of U.S. population last year ]At IdentityTheft.gov, consumers can navigate through a series of questions about how their information was compromised (e.g. data breach, lost wallet, etc.) that will then produce a list of steps to take to mitigate the damage from the identity theft.To read this article in full or to leave a comment, please click here

Cisco patches authentication, denial-of-service, NTP flaws in many products

Cisco Systems has released a new batch of security patches this week for flaws affecting a wide range of products, including for a critical vulnerability in its RV220W wireless network security firewalls.The RV220W vulnerability stems from insufficient input validation of HTTP requests sent to the firewall's Web-based management interface. This could allow remote unauthenticated attackers to send HTTP requests with SQL code in their headers that would bypass the authentication on the targeted devices and give attackers administrative privileges.Cisco has patched this vulnerability in the 1.0.7.2 firmware version for RV220W devices. Manual workarounds include disabling the remote management functionality or restricting it to specific IP addresses.To read this article in full or to leave a comment, please click here

Attack disrupts HSBC online banking services in the UK on tax deadline

HSBC customers in the U.K. who waited until the last day to pay their taxes might have had trouble doing so because the institution's online banking system was unavailable Friday.In an emailed statement, the bank said that it was the target of a denial-of-service attack which affected its U.K. personal banking website."HSBC has successfully defended against the attack, and customer transactions were not affected," the company said. "We are working hard to restore normal service."In addition to today being the last day when private individuals can pay the tax owed for the year that ended on Apr. 5, 2015, it is also a pay day.The company has been answering a large number of complaints from frustrated customers via its Twitter account.To read this article in full or to leave a comment, please click here

OpenSSL patches a severe but not widespread problem

The OpenSSL project has patched a problem in the cryptographic library but one that likely does not affect many popular applications.OpenSSL enables SSL (Secure Sockets Layer) or TLS (Transport Layer Security) encryption. Most websites use it, which is indicated in Web browsers with a padlock symbol.It's an open-source library that is widely used in applications for secure data transfers. After serious vulnerabilities were found in OpenSSL over the last couple of years, the application has been under much scrutiny by security researchers.MORE ON NETWORK WORLD: 6 simple tricks for protecting your passwords The latest vulnerability affects versions 1.0.1 and 1.0.2. The updated versions are 1.0.2f and 1.0.1r.To read this article in full or to leave a comment, please click here

LG patches data theft bug affecting millions of Android phones

LG has patched a security flaw in an application preinstalled on millions of its Android G3 smartphones that researchers found could be used to steal a variety of data.The application, called Smart Notice, is a kind of multifunctional widget, managing contacts, notifications, and weather and traffic alerts.Researchers from BugSec and Cynet, two computer security companies, found that they could attack a person's phone by sending them a contact with malicious JavaScript contained in the name field, according to a video.To read this article in full or to leave a comment, please click here

Feds primary network security weapon needs more bang

In the face of relenting network attacks and it seems that the government’s chief weapon for combatting the assault lacks some teeth.That weapon – the Department of Homeland Security's (DHS) National Cybersecurity Protection System (NCPS)—also known as Einstein has is intended to provide DHS with capabilities to detect malicious traffic traversing federal agencies’ computer networks, prevent intrusions, and support data analytics and information sharing. A tall tale no doubt but one that is imperative to protecting the gargantuan amount of government intelligence and personally identifiable information the feds watch over.+More on Network World: 26 of the craziest and scariest things the TSA has found on travelers+To read this article in full or to leave a comment, please click here

Feds’ primary network security weapon needs more bang

In the face of relenting network attacks and it seems that the government’s chief weapon for combatting the assault lacks some teeth. That weapon – the Department of Homeland Security's (DHS) National Cybersecurity Protection System (NCPS)—also known as Einstein has is intended to provide DHS with capabilities to detect malicious traffic traversing federal agencies’ computer networks, prevent intrusions, and support data analytics and information sharing. A tall tale no doubt but one that is imperative to protecting the gargantuan amount of government intelligence and personally identifiable information the feds watch over. +More on Network World: 26 of the craziest and scariest things the TSA has found on travelers+To read this article in full or to leave a comment, please click here

Data destruction 101: There’s more to it than wiping your drive [Infographic]

In 2009, a team of journalists who were investigating the electronic waste, purchased a computer in a Ghana market that was found to contain "sensitive documents belonging to U.S. government contractor Northrop Grumman," wrote Robert McMillan in a story at the time. "Northrop Grumman is not sure how the drive ended up in a Ghana market, but apparently the company had hired an outside vendor to dispose of the PC."That's a nightmare scenario, to be sure.And in the years since, businesses have continued to store vast quantities of data on servers, hard drives, and media storage devices — sensitive data that should be protected or destroyed. But the options for data destruction can be overwhelming.To read this article in full or to leave a comment, please click here(Insider Story)

Increasingly popular update technique for iOS apps puts users at risk

An increasing number of iOS application developers use a technique that allows them to remotely modify the code in their apps without going through Apple's normal review process, potentially opening the door to abuse and security risks for users.The technique is a variation of hot patching, which is a way of dynamically updating a system or application without restarting it. In this case, an iOS application is updated without the developer having to submit a new version to the official iOS app store and then wait for Apple's review of the changes, which can be a lengthy process.An implementation of this hot patching method comes from an open-source project called JSPatch, which provides an engine that app developers can integrate into their apps and which bridges JavaScript code to Objective-C, the programming language used by iOS apps.To read this article in full or to leave a comment, please click here

US lab develops gigantic turbine blades to capture vast wind energy

US researchers at Sandia National Laboratories say they are working on a design for gigantic wind turbine blades that are longer than two football fields which could support 50-megawatt-- more than six times the power output of the largest current turbines --offshore wind farms in the future.+More on network World: Energy Dept. wants big wind energy technology in all 50 states+Sandia researchers said most US wind turbines produce power in the 1- to 2-MW range, with blades about 165 feet (50 meters) long, while the largest commercially available turbine is rated at 8 MW with blades 262 feet (80 meters) long. A 50-MW turbine requires a rotor blade more than 650 feet (200 meters) long, two and a half times longer than any existing wind blade, the researchers stated.To read this article in full or to leave a comment, please click here