Pretty remarkable stuff here. The National Archive blog takes a look at the background of the nation’s premier defense unit’s tracking of Santa as he travels around the globe delivering his Christmas goodies.+More on Network World: The weirdest, wackiest and coolest sci/tech stories of 2015+ Some of the facts I thought were pretty cool:
This Christmas Eve will be the 60th year the North American Aerospace Defense Command (NORAD) will have tracked Santa Claus’s journey.
Colonel Harry Shoup began the tradition in 1955, after receiving a phone call from a child expecting to reach Santa Claus. The misdirected call was the result of the child reversing two numbers of a Santa Line phone number printed in a Sears advertisement, according to the National Archives.
This year, 1,250 volunteers will staff the NORAD phone lines answering questions about the trip. The volunteers are a mix of Canadian and American military personnel and Department of Defense civilians.
The Santa Tracker hotline can be reached at 1(877)446-6723 starting at 3AM MST on December 24th and continuing through 3AM MST on December 25th.
Official NORAD Tracks Santa apps are available in the Windows, Apple and Google Play stores. Tracking opportunities are also Continue reading
If you work in finance or accounting and receive an email from your boss asking you to transfer some funds to an external account, you might want to think twice.
That's because so-called "whaling" attacks -- a refined kind of phishing in which hackers use spoofed or similar-sounding domain names to make it look like the emails they send are from your CFO or CEO -- are on the rise, according to security firm Mimecast.
In fact, 55 percent of the 442 IT professionals Mimecast surveyed this month said their organizations have seen an increase in the volume of whaling attacks over the last three months, the firm reported on Wednesday.
Those organizations spanned the U.S., U.K., South Africa and Australia.To read this article in full or to leave a comment, please click here
Founded in 2007, CrunchBase is a website offering massive amounts of data about startup activity. Want to know who founded a startup, who invested in it, or who they're competing with? CrunchBase has the answers. And in a marketplace that is somewhat frothy, CrunchBase is an increasingly heavily trafficked web property. The site contains over 650,000 profiles of individuals and companies and is a massive repository of data. As such, CrunchBase has a massive opportunity to monetize that data, and is accordingly concerned about people who seek to use that data for their own commercial aims.I spent time talking with Kurt Freytag, head of product at CrunchBase, to have a look at the engineering work that goes into the site. As the site grew in size and traffic, Freytag noticed oddly shaped traffic and random spikes that were putting significant strain on its infrastructure. Of course, it could have simply thrown more horsepower at the site, but Freytag was keen to identify real root causes for the issues. He quickly concluded that bot traffic was hitting the site hard and crawling through its data. While this is a primary concern in terms of performance, it also introduces real commercial Continue reading
This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.The dramatically increased persistence and creativity of attackers call for an equally radical change in how businesses protect themselves. Promising new cloud-based endpoint security solutions can meaningfully change how we protect against cyber intrusions. Here's how you can leverage the cloud to regain control over endpoints:1. The cloud can enable enterprises to keep tabs on and learn from attackers as they test attack strategies. Today’s adversaries often have the resources to buy traditional security software, network appliances and virtually any other on-premise solution to figure out how they tick. By re-creating mock networks and endpoint protection systems of victims they target, they can find ways to bypass defenses. Given that on-premise defenses are by design downloaded and available locally, they are naturally exposed to attacker scrutiny-- and without tipping off the vendor or the intended victim.To read this article in full or to leave a comment, please click here
Some payment terminals can be hijacked to commit mass fraud against customers and merchants, researchers have found.The terminals, used predominantly in Germany but also elsewhere in Europe, were designed without following best security principles, leaving them vulnerable to a number of attacks.Researchers from Berlin-based Security Research Labs (SRLabs) investigated the security of payment terminals in Germany and were able to use them to steal payment card details and PIN numbers, hijack transactions and compromise merchant accounts. They plan to present their findings at the 32nd Chaos Communication Congress (32C3) later this month.To read this article in full or to leave a comment, please click here
According to the song Santa Claus is Coming to Town: Santa “sees you when you're sleeping;” and he “knows when you're awake;” Saint Nick “knows if you've been bad or good…” But what if any he or she with an Internet connection could see you when you’re sleeping, know when you’re awake, or if you’ve been bad or good? The idea is creepy as can be, but it’s still a fact for people who have installed a security camera without setting a secure password.I’m all for domain privacy, even though the U.S. wants to kill it off via the TPP, but the admin of Insecam is wise enough to use a privacy protection service. There is a bit of irony in that perhaps.To read this article in full or to leave a comment, please click here
A few weeks ago, Kristen Faughnan got something that surprised her: a "low balance" text message from her bank. That didn't make sense. She'd just paid for a haircut, but she knew how much was in her account. Even after paying her stylist, it was much more than the level at which the bank would tell her she was almost out of funds. "I logged onto my bank account to find two recent charges from Groupon," she says. They were from a cologne store in Texas. Faughnan lives in Pennsylvania. Faughnan was most likely victim of a costly form of cybercrime: a fake user taking over her account. Fake users spam real users that are part of a site, steal confidential information or, as in the case with Faughnan, take over an account (the fraudulent purchases were made through a credit card she had stored in the site -- a credit card that had expired, which added another piece to the puzzle). To read this article in full or to leave a comment, please click here
On the face of it, Wyndham Hotels and Resorts dodged a major bullet from the Federal Trade Commission (FTC).After three major data breaches in 2008 and 2009 that compromised the credit card information of more than 619,000 customers and led to more than $10.6 million in fraudulent charges, the company earlier this month settled a lawsuit brought by the FTC that doesn’t require it to pay a penny in fines or even admit that it did anything wrong.To read this article in full or to leave a comment, please click here
Figuring out mysteriesImage by FlickrCyber technology couldn’t get by without algorithms to encrypt, analyze metadata and find traffic anomalies, but they are used more and more widely in other fields. Here are 10 algorithms that perform functions as varied as scanning for disease genes, catching classroom cheats and figuring out murder mysteries as well as Agatha Christie’s heroine Miss Marple.To read this article in full or to leave a comment, please click here
We all like to talk about security, but sometimes words can't tell the whole the story. That's especially true in the case of cyber-threats, identify theft and fraud. It's a numbers game. And as you'll see, users weren't the winners in 2015.
To paint a picture of 2015, we asked CIO.com contributor Jen A. Miller to comb through the headlines and industry reports to uncover on how hackers, scammers and thieves got the best of us.
Rather than ramble on, we decided to let the numbers do the talking Check out our infographic below (and you can also download the PDF).
Click for a larger image or download the PDF using the link below. To read this article in full or to leave a comment, please click here(Insider Story)
Security researchers and crypto experts have spent the last few days trying to figure out the details of a recently announced backdoor in Juniper NetScreen firewalls that could allow attackers to decrypt VPN (Virtual Private Network) traffic. They believe that they found the answer: a combination of likely malicious third-party modifications and Juniper's own crypto failures.
According to experts, Juniper was using a known flawed random number generator called Dual_EC_DRBG as the foundation for cryptographic operations in NetScreen's ScreenOS, but believed it was doing so securely because of additional precautions it had taken. It turns out those safeguards were ineffective.To read this article in full or to leave a comment, please click here
As for why the U.S. has the most cameras connected to the Internet that have no unique passwords to protect them, could it be that all those cameras are not actually located in the U.S.? For example, there was a camper with icicles that appeared to be about a foot long hanging off of it as a deep snow covered the ground, but it was tagged as being located in Ocala, Florida. A quick search revealed the temperature to be 80 degrees and that didn’t come close to matching the real-time image.To read this article in full or to leave a comment, please click here
As for why the U.S. has the most cameras connected to the Internet that have no unique passwords to protect them, could it be that all those cameras are not actually located in the U.S.? For example, there was a camper with icicles that appeared to be about a foot long hanging off of it as a deep snow covered the ground, but it was tagged as being located in Ocala, Florida. A quick search revealed the temperature to be 80 degrees, and that didn’t come close to matching the real-time image.To read this article in full or to leave a comment, please click here
Oracle promises to give customers tools that easily uninstall insecure older versions of Java SE that may still lurk as vulnerabilities within Web browsers.That promise comes in a consent decree with the Federal Trade Commission that is currently up for public review before taking effect in January.+More on Network World: After Juniper security mess, Cisco searches own gear for backdoors+To read this article in full or to leave a comment, please click here
At a web conference meeting with IT security professionals in early December, IT advisory services firm Wisegate polled the small group about how comfortable they were with sharing cyberthreat information with industry peers and with government agencies.When “sharing” included giving information to the government, about half of the group thought it was a bad idea. But when 'government' was taken out of the sharing equation, some 80 percent of respondents were at least 'somewhat comfortable' with sharing their knowledge.[ ALSO ON CSO: Silicon Valley wary of U.S. push for cyber security info sharing ]To read this article in full or to leave a comment, please click here
While it says it has no reason to think there are backdoors in any of its products, Cisco has started an additional code review looking for “malicious modifications” after Juniper’s announcement that its ScreenOS operating system has been vulnerable for years.
Anthony Greico
“Our additional review includes penetration testing and code reviews by engineers with deep networking and cryptography experience,” according to the Cisco Security blog written by Anthony Grieco, senior director of the company’s Security and Trust Organization. The company says it will release its findings in accordance with its security vulnerability policy.To read this article in full or to leave a comment, please click here
An experiment by a cybersecurity research center shows attackers are trying to find Juniper firewalls that haven't been patched to remove unauthorized spying code.The SANS Internet Storm Center set up a honeypot -- a term for a computer designed to lure attackers in order to study their techniques -- that mimicked a vulnerable Juniper firewall.The honeypot was configured so that it appeared to run ScreenOS, the operating system of the affected Juniper firewalls, wrote Johannes Ullrich, CTO of the Internet Storm Center, on Monday in a blog post.To read this article in full or to leave a comment, please click here
Cisco Systems has launched an internal code review following Juniper's disclosure last week of unauthorized spying code found in its enterprise firewall products.So far, "we have no indication of unauthorized code in our products," wrote Anthony Grieco, senior director of Cisco's Security and Trust Organization, in a blog post Monday.The code review was initiated by Cisco and not the result of contact by law enforcement, Grieco wrote.Juniper said on Thursday an internal audit uncovered code that could allow secret remote access and also compromise encrypted VPN connections. The code was found in some versions of an operating system called ScreenOS that powers firewall devices.To read this article in full or to leave a comment, please click here
In November 2014, access to the video streams of 73,011 unsecured security cameras were available on a site that provided a Peeping Tom paradise for voyeurs and creepers. At that time, there were 11,046 unsecured security cameras in the U.S. Now there is roughly half that amount, but the U.S. is still number one by having more insecure security cameras than any other nation in the world.On December 17, there were 4,104 unsecured security cameras located in the United States that were listed as part of the Insecam project, which claims to have “the world’s biggest directory of online surveillance security cameras.” With six cameras per page, that was equal to 684 pages which I viewed while counting the brand of network video cameras available online, because each of those U.S. cameras did not have a unique password to protect it. That took between five and six hours, including the time to grab some screenshots as well; during that time, the number of unsecured cameras in the U.S. fluctuated wildly and dropped to barely 4,000 before going back up to cover 684 pages again. The most common unsecured cameras in the U.S. Continue reading
The Internet Storm Center has upgraded its warning about the corruption of Juniper ScreenOS firewalls to yellow, which means it’s imperative to patch them today, literally, given that details on how to exploit the flaws has been published and that it’s a holiday week when applying firewall patches can be easily overlooked.
According to the ISC warning, the upgraded yellow warning was made because Juniper’s NetScreen firewalls are popular and that the “'backdoor’ password is now known, and exploitation is trivial at this point,” and for most businesses, this “being a short week for many of us, addressing this issue today is critical.”To read this article in full or to leave a comment, please click here