Electronic monitoring technologies are not the panacea for tracking criminals many believe they are.The main issue – and it’s a big one – is that such the packages also known as offender tracking systems (OTS) operate and perform with no underlying industry standards for communications or software causing a myriad of problems for law enforcement agencies.+More on Network World: Gartner: Get onboard the algorithm train!An OTS typically consists of hardware, such as an ankle bracelet, used for collecting Global Positioning System (GPS) signals to determine an individual's location, and software for analyzing data collected from the hardware device.To read this article in full or to leave a comment, please click here
A federal judge lifted an 11-year gag order the FBI had imposed on Nicholas Merrill and removed redactions of a National Security Letter (NSL) so Americans can see the overly broad "types of electronic communications transaction records" that the FBI has sought and continues to seek through NSLs.The FBI served the NSL back in 2004 when Nicholas Merrill owned and operated Calyx Internet Access, a small ISP with about 200 customers. After the judge found in favor of Merrill and not the government, Merrill said, "For more than a decade, the FBI has fought tooth and nail in order to prevent me from speaking freely about the NSL I received. Judge Marrero’s decision vindicates the public’s right to know how the FBI uses warrantless surveillance to peer into our digital lives. I hope today’s victory will finally allow Americans to engage in an informed debate about proper the scope [sic] of the government’s warrantless surveillance powers."To read this article in full or to leave a comment, please click here
A deal announced two months ago between China and the U.S. was pitched as bringing an end to economic espionage.But if any business leader thinks that means their organizations are no longer a target, they haven’t been paying attention.That is the unanimous conclusion of a number of experts who have been tracking cyber attacks from China in the two months since Chinese President Xi Jinping and U.S. President Barack Obama announced that, “neither country’s government will conduct or knowingly support cyber-enabled theft of intellectual property (IP), including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors.”To read this article in full or to leave a comment, please click here
Of all the burning questions that keep tech execs awake at night, perhaps none is more urgent than, "Are we keeping up?" The breakneck pace of change in IT and in business at large means that CIOs and other senior technologists can't afford to lose focus as they head into 2016.Where should you center your efforts as you build your to-do list for the year ahead? Computerworld's Forecast 2016 survey of IT professionals points to five key areas -- cloud computing, security, the Internet of Things, analytics, and the emergence of IT as a change agent -- as well as one area where you don't need to devote resources (or not yet, anyway).To read this article in full or to leave a comment, please click here(Insider Story)
Huawei isn't planning on patching several flaws in seven models of WiMax routers that are not being supported anymore by the company, according to a security researcher.Pierre Kim published a list of the affected models, which are still used in countries including Ivory Coast, Iran, Iraq, Libya, the Philippines, Bahrain and Ukraine.Kim notified Huawei of the problem on Oct. 28. He wrote that Huawei said the routers are no longer serviced by the company and would not be patched.The routers include the EchoLife BM626 WiMax CPE and associated models running the same firmware including the BM626e, BM635, BM632, BM631a, BM632w and the BM652.To read this article in full or to leave a comment, please click here
The data breach of Hong Kong toy manufacturer VTech appears to have also included photos of children and parents, adding to what could be one of the most surprising leaks of the year.VTech, which makes cordless phones and what it terms electronic learning devices for kids, apologized on Twitter on Monday. The company said it has suspended the affected service, called Learning Lodge, and is notifying customers.Vice's Motherboard tech news site, which first reported the breach, said on Monday the breach also contained thousands of photos of parents and kids and chat logs.To read this article in full or to leave a comment, please click here
OK so it’s not Amazon, Target or Wal-Mart Cyber Monday sales but the US Marshals are offering up what it calls “Cyber Monday” auctions for ill-gotten-booty.“Cyber Monday is generally thought to be the start of the online holiday shopping season. We would like to encourage shoppers who are already online in search of bargains to consider stopping by our auction website to bid on forfeited assets,” said Jason Wojdylo, Chief Inspector of the U.S. Marshals Service Asset Forfeiture Division in a statement. These online auctions are designed to generate proceeds from ill-gotten gains to give back to victims, he stated.To read this article in full or to leave a comment, please click here
Amazon showed off its new prototype drone to be used in its future Prime Air service, which will deliver packages up to five pounds in the time it takes to get a pizza delivered, “in 30 minutes or less.”Former Top Gear host Jeremy Clarkson said in the Amazon Prime Air video that eventually there will be a “whole family of Amazon drones, different designs for different environments.”That won’t happen until Amazon has FAA approval, as the company explained in several of its FAQs.To read this article in full or to leave a comment, please click here
BlackBerry has decided not operate in Pakistan after Nov. 30, rather than let the local government intercept communications on its enterprise services, the company said Monday.The Pakistani government wanted the ability to monitor all BlackBerry Enterprise Service traffic in the country, including every BES e-mail and BES BBM (BlackBerry Messenger) message, BlackBerry's Chief Operating Officer Marty Beard wrote in a blog post on Monday. BlackBerry has been under pressure in many countries including neighboring India to provide access to data on its enterprise services to law enforcement.To read this article in full or to leave a comment, please click here
It’s not unusual for companies to monitor social media in order to ‘protect’ their brands; Microsoft, for example, makes dossiers on journalists who write about the company. Yet Walmart allegedly “is always watching” and went the extra distance to spy on employees by hiring defense contractor Lockheed Martin and allegedly even received help from the FBI.Walmart was most interested in gathering surveillance of employees involved with the group OUR Walmart which planned Black Friday protests in 2012. OUR Walmart was advocating for higher wages, predictable schedules, better healthcare coverage, and the right to unionize. Walmart’s surveillance efforts were described in over 1,000 pages of “emails, reports, playbooks, charts, and graphs as well as testimony,” according to Bloomberg Businessweek which reviewed the documents. The testimony, which was given earlier this year to the National Labor Relations Board, claims Walmart hired Lockheed Martin and received help from the FBI Joint Terrorism Task Force.To read this article in full or to leave a comment, please click here
It’s time to throw adware, browser hijackers and other potentially unwanted applications (PUAs) off corporate networks, Microsoft has decided. The company has started offering PUA protection in its anti-malware products for enterprise customers.The new feature is available in Microsoft's System Center Endpoint Protection (SCEP) and Forefront Endpoint Protection (FEP) as an option that can be turned on by system administrators.PUA signatures are included in the anti-malware definition updates and cloud protection, so no additional configuration is needed.Potentially unwanted applications are those programs that, once installed, also deploy other programs without users' knowledge, inject advertisements into Web traffic locally, hijack browser search settings, or solicit payment for various services based on false claims.To read this article in full or to leave a comment, please click here
Microsoft has updated several of its security tools to remove two digital certificates installed on some Dell computers that could compromise data.
The updates apply to Windows Defender for Windows 10 and 8.1; Microsoft Security Essentials for Windows 7 and Vista; and its Safety Scanner and Malicious Software Removal tool, according to postings here and here.To read this article in full or to leave a comment, please click here
A bug affecting some VPN services can be used to figure out a computer's real IP addresses, including those of BitTorrent users, which could pose a huge privacy and possibly a legal risk.The vulnerability affects those services that allow port forwarding, according to VPN provider Perfect Privacy, which wrote about the issue on Thursday.A successful attack requires a couple of conditions to be met: the attacker must be on the same VPN network as the victim, who also has to be lured into connecting to a resource controlled by the attacker.To read this article in full or to leave a comment, please click here
Users of Dell Windows-based laptops, desktops, tablets and other devices that were bought before August should check if their systems have the self-signed eDellRoot certificate that can compromise their private communications.The certificate was installed by Dell Foundation Services (DFS), an application that Dell preloads on many of its devices in order to ease customer service and technical support functions.After the certificate's existence came to light earlier this week, Dell said that it started deploying the certificate through a Dell Foundation Services version released in August. This led many people to believe that only Dell devices bought since August were affected.To read this article in full or to leave a comment, please click here
Thousands of routers, modems, IP cameras, VoIP phones and other embedded devices share the same hard-coded SSH (Secure Shell) host keys or HTTPS (HTTP Secure) server certificates, a study found.By extracting those keys, hackers can potentially launch man-in-the-middle attacks to intercept and decrypt traffic between users and millions of devices.Researchers from security firm SEC Consult analyzed firmware images for over 4,000 models of embedded devices from more than 70 manufacturers. In them they found over 580 unique private keys for SSH and HTTPS, many of them shared between multiple devices from the same vendor or even from different ones.To read this article in full or to leave a comment, please click here
Microsoft is adding a new opt-in defense for enterprises to block adware, which is often sneakily wrapped into free downloads.Adware is often classified as a potentially unwanted application, or PUA, an industry term for applications that aren't necessarily malware but could be a security or performance risk."These applications can increase the risk of your network being infected with malware, cause malware infections to be harder to identify among the noise, and can waste helpdesk, IT, and user time cleaning up the applications," according to a Microsoft blog post.To read this article in full or to leave a comment, please click here
The Dridex botnet, which targets financial credentials, appears to be gaining steam again, striking computers in the U.S., U.K. and France.Trend Micro is the latest security vendor to say it is seeing Dridex activity after the U.S. Department of Justice said last month it had significantly disrupted it in a joint action with the U.K. Sometimes referred to as Cridex or Bugat, Dridex is advanced malware that collects financial login details and other personal information that can be used to drain bank accounts.Trend has seen multiple spam campaigns sending out malicious attachments, such as Excel or Word documents, that could install Dridex, wrote Ryan Flores, a threat research manager.To read this article in full or to leave a comment, please click here
For the third time in less than six months security issues have forced Lenovo to update one of the tools preloaded on its PCs.Last week, the company released version 5.07.0019 of Lenovo System Update, a tool that helps users keep their computers' drivers and BIOS up to date and which was previously called ThinkVantage System Update. The new version fixes two local privilege escalation vulnerabilities discovered by researchers from security firm IOActive.One of the vulnerabilities is located in the tool's help system and allows users with limited Windows accounts to start an instance of Internet Explorer with administrator privileges by clicking on URLs in help pages. That's because Lenovo System Update itself runs under a temporary administrator account that the application creates when installed, so any process it spawns will run under the same account.To read this article in full or to leave a comment, please click here
It’s hard to figure out how secure software is but the Software Assurance Forum for Excellence in Code (SAFECode) has issued guidelines to make it easier, especially for businesses trying to decide which products to buy.The industry group published a white paper, “Principles for Software Assurance Assessment”, that recommends questions corporate software buyers should ask their suppliers beforehand so they wind up with products less likely to be riddled with security flaws.One of the big problems these buyers may face is that they don’t know the relevant questions to ask, says Eric Baize, SAFECode chairman and Senior Director, Product Security and Trusted Engineering for EMC.To read this article in full or to leave a comment, please click here
Companies that host or operate websites should be held criminally liable if they fail to remove content that incites terrorism, members of the European Parliament voted Wednesday. But they also want these companies to voluntarily cooperate with governments to promote "anti-radicalization messages."MEPs voted on a report written by former French Minister of Justice Rachida Dati for Parliament's Civil Liberies, Justice and Home Affairs Committee (LIBE), which included a chapter on preventing online terrorist radicalization.While it might look like a knee-jerk reaction to the terrorist attacks in and around Paris on Nov. 13, the report is actually -- as Dati herself explained -- a response to the attack on the office of satirical magazine Charlie Hebdo in January.To read this article in full or to leave a comment, please click here