Archive

Category Archives for "Network World Security"

Why Syncsort introduced the mainframe to Hadoop

When you think of leaders in big data and analytics, you’d be forgiven for not listing Syncsort among them. But this nearly 50-year-old company, which began selling software for the decidedly unglamorous job of optimizing mainframe sorting, has refashioned itself into a critical conduit by which core corporate data flows into Hadoop and other key big data platforms. Syncsort labels itself "a freedom fighter" liberating data and dollars -- sometimes millions of dollars -- from the stranglehold of big iron and traditional data warehouse/analytics systems.In this installment of the IDG CEO Interview Series, Chief Content Officer John Gallant spoke with Josh Rogers, who was named CEO this week, as well as outgoing CEO Lonne Jaffe, who remains as Senior Advisor to Syncsort’s board. Among other topics, the pair talked about why Syncsort was recently acquired by Clearlake Capital Group, and how Syncsort’s close partnership with Splunk is dramatically improving security and application performance management.To read this article in full or to leave a comment, please click here(Insider Story)

Your license plate: Window to your life

Big Brother watching you is bad enough. But Big Brother allowing hackers to watch you as well is worse.And that is increasingly the case, thanks to the indiscriminate, and insecure, collection of vehicle license plate data, according to recent reports from the Electronic Frontier Foundation (EFF) and the alt-weekly DigBoston.The technology at issue is Automated License Plate Readers (ALPR) – cameras mounted on patrol cars or stationary roadside structures like utility poles that record not just the plate number, but metadata including the date, time and location of the vehicle.EFF reported late last year that it had found, “more than a hundred ALPR cameras were exposed online, often with totally open Web pages accessible by anyone with a browser.” Those cameras were in several Louisiana communities; in Hialeah, Florida; and at the University of Southern California.To read this article in full or to leave a comment, please click here

11 tips for spotting insider threats

Security pros are constantly being warned about insider threats. We’re told our companies need next-generation software, integrated threat intelligence, and the ability to correlate massive amounts of event logs and context to arm ourselves against these threats.We’re told that these tools are necessary to block attacks and to recover from attacks, should they be successful. Unfortunately, when companies eventually figure out that they’ve been compromised, they also discover their systems had been compromised for an extended period of time.“Insider threats can include a combination of malicious insiders, compromised insiders, and careless insiders,” says Wade Williamson, director of product marketing at Vectra Networks. “You will need clear visibility for identifying all of these threats, but they will differ in behavior and how security will be able to detect them.”To read this article in full or to leave a comment, please click here(Insider Story)

Best open source email security products

Email securityEmail security is of paramount concern in any organization. A significant percentage of malware is delivered via email, on the premise that an unsuspecting user will open the message, allowing the malware payload onto the user’s machine. From there, malware can worm its way into the network and wreak various kinds of havoc, often undetected, sometimes for months or even years. We decided to review four open source products to see if they could deliver enterprise-grade security. The four products were CipherMail, MailScanner Scrollout F1 and hMailServer. Read the full review.To read this article in full or to leave a comment, please click here

REVIEW: MailScanner and ScrolloutF1 are standouts in open source email security

Email security is of paramount concern in any organization. A significant percentage of malware is delivered via email, on the premise that an unsuspecting user will open the message, allowing the malware payload onto the user’s machine. From there, malware can worm its way into the network and wreak various kinds of havoc, often undetected, sometimes for months or even years.It should then come as no surprise that a significant industry has grown up around the serious business of containing email threats. We decided to review four open source products to see if they could deliver enterprise-grade security. The four products were CipherMail, MailScanner Scrollout F1 and hMailServer.To read this article in full or to leave a comment, please click here(Insider Story)

Malware alone didn’t cause Ukraine power station outage

A new study of a cyberattack last month against Ukrainian power companies suggests malware didn't directly cause the outages that affected at least 80,000 customers.Instead, the malware provided a foothold for key access to networks that allowed the hackers to then open circuit breakers that cut power, according to information published Saturday by the SANS Industrial Control Systems (ICS) team.Experts have warned for years that industrial control systems used by utilities are vulnerable to cyberattacks. The Dec. 23 attacks in Ukraine are the most prominent example yet of those fears coming to fruition.To read this article in full or to leave a comment, please click here

Gamer blames Nvidia GPU driver bug for showing porn viewed via Chrome incognito mode

Imagine launching a game on your PC and the black loading screen instead shows the porn you had been viewing hours ago via Google’s incognito browser mode. That’s exactly what happened to Evan Andersen, according to his blog post detailing how an Nvidia GPU driver bug breaks Chrome incognito.Andersen said the porn he’d viewed hours previously had been “perfectly preserved” and was “splashed on the screen” while Diablo III was loading. He added: So how did this happen? A bug in Nvidia's GPU drivers. GPU memory is not erased before giving it to an application. This allows the contents of one application to leak into another. When the Chrome incognito window was closed, it’s framebuffer was added to the pool of free GPU memory, but it was not erased. When Diablo requested a framebuffer of its own, Nvidia offered up the one previously used by Chrome. Since it wasn't erased, it still contained the previous contents. Since Diablo doesn't clear the buffer itself (as it should), the old incognito window was put on the screen again.To read this article in full or to leave a comment, please click here

Piper nv: An ambitious home monitoring and automation system

Home automation has become a Big Thing and with it the surveillance and monitoring systems market has exploded. My focus today, the Icontrol Networks Piper nv, is ostensibly in the monitoring market but it’s an ambitious product that attempts to do a lot more.The Piper nv is a wireless (802.11 b/g/n), ultra-wide angle (180 degrees!) 3.4 megapixel video camera that can deliver 1080p (1,920-by-1,080 pixel) streaming video in h.264 format. It has “night” vision (at much reduced video quality) with built-in infrared illumination. The device has passive infrared motion detection, a microphone, a speaker, temperature and humidity sensors, a 105 dB siren, and a built-in Series 500 Z-Wave Controller. To read this article in full or to leave a comment, please click here

White House hopes for ‘common ground’ in Silicon Valley meeting

The White House hopes a Friday summit between senior government officials and Silicon Valley tech leaders will find common ground on ways to work together to combat extremism and radicalization. Government officials will seek to convince tech executives that they need to heed President Barack Obama's call to action and step up to help the U.S. in its fight against militants. But some tech executives are still wary of assisting the government after former National Security Agency (NSA) contractor Edward Snowden leaked information about U.S. spying back in 2013.To read this article in full or to leave a comment, please click here

White House hopes for ‘common ground’ in Silicon Valley meeting

The White House hopes a Friday summit between senior government officials and Silicon Valley tech leaders will find common ground on ways to work together to combat extremism and radicalization. Government officials will seek to convince tech executives that they need to heed President Barack Obama's call to action and step up to help the U.S. in its fight against militants. But some tech executives are still wary of assisting the government after former National Security Agency (NSA) contractor Edward Snowden leaked information about U.S. spying back in 2013.To read this article in full or to leave a comment, please click here

Cisco disrupts another exploit kit

Cisco has disrupted another exploit kit that was emanating from Russian service providers. The company’s Talos security operation said it blacklisted several Class C subnets from provider Eurobyte that were serving the RIG exploit kit or scored negatively in web reputation. RIG is an exploit kit that delivers malicious payloads to unsuspecting users. It redirects users to a landing page and the delivers the exploit payload – in this case, spambot variants -- via a GET request, according to this Talos blog post.To read this article in full or to leave a comment, please click here

Sample Internet usage policy

This Internet usage policy from a manufacturing company with fewer than 50 employees establishes the company's ownership of data transmitted over its computer systems, establishes the right to monitor, and ofifers examples of activities that violate the policy.You are free to use or adapt this sample policy, which was contributed by the security community, for use in your own organization (but not for re-publication or for-profit use).Want to provide a policy or checklist? Contributions are welcome, as is expert commentary. Send your thoughts to Amy Bennett ([email protected]). Internet Usage Policy COMPANY may provide you with Internet access to help you do your job. This policy explains our guidelines for using the Internet.To read this article in full or to leave a comment, please click here(Insider Story)

Sample password protection policy

This password policy from a large financial services institution with more than 5,000 employees covers standards for creation of strong passwords, the protection of those passwords, and the frequency of change. You are free to use or adapt this sample policy, which was contributed by the security community, for use in your own organization (but not for re-publication or for-profit use). Want to provide a policy or checklist? Contributions are welcome, as is expert commentary. Send your thoughts to Amy Bennett ([email protected]). Overview Passwords are an integral aspect of our computer security program. Passwords are the front line of protection for user accounts. A poorly chosen password may result in the compromise of critical (organization) resources. As such, all (organization) staff and outside contractors and vendors with access to our systems are responsible for taking the appropriate steps, as outlined below, to select and secure their passwords.To read this article in full or to leave a comment, please click here(Insider Story)

Unlike Mozilla, Google anticipated SHA-1 errors caused by HTTPS traffic inspection systems

Earlier this week, Mozilla was forced to backpedal on banning new SHA-1 digital certificates because the move completely cut off some Firefox users from the encrypted Web. It appears that Google saw the problem coming.Instead of banning all digital certificates signed with SHA-1 and issued after Jan. 1, Google plans to only "untrust" those that originate from public certificate authorities.This decision takes into account that some companies might still use self-generated SHA-1 certificates internally on their networks, or that some antivirus programs and security devices will continue to generate such certificates when inspecting HTTPS traffic.To read this article in full or to leave a comment, please click here

Intelligence agency wants computer scientists to develop brain-like computers

If you are a computer scientist and have any thoughts on developing human brain-like functions into a new wave of computers, the researchers at the Intelligence Advanced Research Projects Activity want to hear from you.IARPA, the radical research arm of the of the Office of the Director of National Intelligence this week said it was looking at two groups to help develop this new generation of computers: computer scientists with experience in designing or building computing systems that rely on the same or similar principles as those employed by the brain and neuroscientists who have credible ideas for how neural computing can offer practical benefits for next-generation computers.To read this article in full or to leave a comment, please click here

DDoS attack on BBC may have been biggest in history

Last week's distributed denial of service attack against the BBC website may have been the largest in history.A group calling itself New World Hacking said that the attack reached 602Gbps. If accurate, that would put it at almost twice the size of the previous record of 334Gbps, recorded by Arbor Networks last year."Some of this information still needs to be confirmed," said Paul Nicholson, director of product marketing at A10 Networks, a security vendor that helps protect companies against DDoS attacks."If it's proven, it would be the largest attack on record. But it depends on whether it's actually confirmed, because it's still a relatively recent attack."To read this article in full or to leave a comment, please click here

Privacy, mobile broadband top tech priorities for FTC, FCC

The nation's top technology regulators provided a glimpse of the year to come this week at the Consumer Electronics Show in Las Vegas, offering a warning about privacy and an ambitious projection for a spectrum auction to boost mobile broadband capacity.Tom Wheeler and Edith Ramirez, the respective chairs of the Federal Communications Commission and Federal Trade Commission, sat for an on-stage interview with Gary Shapiro, head of the Consumer Technology Association, which puts on the annual tech gala.Privacy and consumer protection top FTC’s priority list Privacy and consumer-protection considerations remain at the forefront at the FTC, which has been probing the consumer implications of a variety of emerging technologies, including big data and the Internet of things.To read this article in full or to leave a comment, please click here

Court rules Shutterfly may have violated privacy by scanning face photos

A federal judge has has denied a motion to dismiss a civil case against photo-sharing site Shutterfly that claims the company violated users' privacy by collecting and scanning face geometries from uploaded images without consent.The first of its kind ruling could open the door to future class-action lawsuits against Shutterfly and other social networks that use facial recognition technology without an opt-in policy.The civil lawsuit, brought by the law firm Carey Rodriguez Milian Gonya LLP on behalf of Brian Norberg, alleges that Shutterfly violated the Illinois Biometric Privacy Act (BIPA) by collecting and scanning face geometry in photos uploaded on Shutterfly's website without the consent of those featured in the images.To read this article in full or to leave a comment, please click here

NSF puts $30M behind software bug killing, synthetic biology & computational sustainability

The National Science Foundation this week announced it is divvying up $30 million in funding among three multidisciplinary research projects designed to put advanced computing models to work on nixing software bugs, boosting synthetic biology and creating a more sustainable world.Researchers at Princeton University, Boston University and Cornell University will lead the Expeditions in Computing projects, which each get $10 million over 5 years. The NSF's Expeditions program has funded 19 projects to the tune of $190 million to date, with areas of focus ranging from robotics to the mobile Internet.To read this article in full or to leave a comment, please click here