Archive

Category Archives for "Network World Security"

Germany will make telcos share customer data with the police

Even as the European Union attempts to tighten privacy laws, law-enforcement interests have won a battle in Germany: a new law forces communications service providers there to once again make data about their customers' communications available to police.On Friday morning, the German parliament approved a law requiring ISPs and mobile and fixed telecommunications operators to retain communications metadata for up to ten weeks.The country has had an on-again, off-again affair with telecommunications data retention, first introducing a law requiring it in 2008 to comply with a European Union directive.MORE ON NETWORK WORLD: 6 simple tricks for protecting your passwords The German Federal Constitutional Court overturned that law in March 2010 after finding it conflicted with Germany's privacy laws, prompting the European Commission to take the country to court in May 2012 to enforce the directive.To read this article in full or to leave a comment, please click here

Six key challenges loom over car communication technology

As car-makers build more tech-savvy autos, their ability to communicate and interact with smart infrastructure to prevent accidents or warn of impending road hazards faces number of challenges that may hinder its deployment.+More on Network World: Car crash prevention technologies face huge challenges+Watchdogs at the Government Accountability Office this week said while the Department of Transportation will over the next five years spend $100 million via its Connected Vehicle pilot program that deploys Vehicle-to-infrastructure (V2I) technologies in real-world settings – many challenges with the technologies remain.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Make passwords easier, spy agency says

Complex passwords don’t “frustrate hackers,” all they do is make life “harder for users,” Claran Martin, the Director General of Cyber Security at the United Kingdom’s spy agency GCHQ says in a new guidance document published online (PDF). The advice contradicts previous GCHQ guidance that says that system owners should “adopt the approach that complex passwords are ‘stronger.’” GCHQ, or he Government Communications Headquarters, is the British equivalent of the National Security Agency (NSA). Amusingly, both agencies have been exposed recently as conducting widespread surveillance on their respective citizens. The more cynical might think there was secondary motive for this advice.To read this article in full or to leave a comment, please click here

US proposal aims to regulate car privacy, make hacks illegal

A subcommittee of the U.S. House of Representatives has proposed requiring vehicle manufacturers to state their privacy policies, besides providing for civil penalties of up to US$100,000 for the hacking of vehicles.The lawmakers have also proposed that the National Highway Traffic Safety Administration set up an Automotive Cybersecurity Advisory Council to develop cybersecurity best-practices for manufacturers of cars sold in the U.S.The move comes in the wake of the increasing automation of cars, which has raised privacy concerns, and the high-profile hack of a Jeep Cherokee.The House Energy and Commerce Subcommittee on Commerce, Manufacturing, and Trade has released the staff draft ahead of a hearing next week on “Examining Ways to Improve Vehicle and Roadway Safety."To read this article in full or to leave a comment, please click here

Google, Facebook and peers criticize CISA bill ahead of Senate consideration

A trade group representing Facebook, Google, Yahoo and other tech and communications companies has come down heavily against the Cybersecurity Information Sharing Act of 2015, a controversial bill in the U.S. that is intended to encourage businesses to share information about cyberthreats with the government.The Computer & Communications Industry Association claims that the mechanism CISA prescribes for the sharing of cyberthreat information does not adequately protect users’ privacy or put an appropriate limit on the permissible uses of information shared with the government.The bill, in addition, "authorizes entities to employ network defense measures that might cause collateral harm to the systems of innocent third parties," the CCIA said in a blog post Thursday.To read this article in full or to leave a comment, please click here

What’s inside your containers? Why visibility and control are critical for container security

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.As organizations turn to containers to improve application delivery and agility, the security ramifications of the containers and their contents are coming under increased scrutiny.Container providers Docker, Red Hat and others are moving aggressively to reassure the marketplace about container security. In August Docker delivered Docker Content Trust as part of the Docker 1.8 release. It uses encryption to secure the code and software versions running in Docker users’ software infrastructures. The idea is to protect Docker users from malicious backdoors included in shared application images and other potential security threats.To read this article in full or to leave a comment, please click here

FireEye Myth and Reality

Some tech companies are always associated with their first acts. Dell just acquired my first employer, EMC Corporation, in order to expand its enterprise portfolio yet the company will always be linked with personal computers and its founder’s dorm room.  F5 has become a nexus that brings together networks and applications but will always retain the moniker of a load balancing company.  Bit9 has established itself as a major next-generation endpoint player yet some people can only think of its original focus on white listing.In my opinion, FireEye shares a similar limited reputation as many security professionals equate the company with a single cybersecurity technology, network “sandboxing,” in spite of its acquisitions, progress, and diversification. This perception seems especially true on Wall Street where financial analysts continue to judge FireEye based upon the number of competitive vendors who offer network sandboxes of their own. To read this article in full or to leave a comment, please click here

Can myriad wireless networks connect as one fast, secure system?

Getting the innumerable wireless networks the military and some commercial enterprises to communicate just doesn’t work in many cases, creating serious communications and security problems for warfighters and others interacting with those networks.+More on Network World Gartner: IT should simplify security to fight inescapable hackers+Researchers at the Defense Advanced Research Projects Agency are looking for ways to change that problem with a new program called Dynamic Network Adaptation for Mission Optimization (DyNAMO).To read this article in full or to leave a comment, please click here

Microsoft details takedown requests in expanded transparency report

In response to growing government demands for data, tech companies have been detailing those requests in transparency reports that elaborate on what gets done when government agencies come calling for users' data.Microsoft just released the latest incarnation of its data on Wednesday, including a new report on requests to get information taken down from the company's services.  Those requests, unsurprisingly, are focused on Bing, since it's the Microsoft service most responsible for displaying data to the public. That said, takedown requests came for includes other services, too, such as MSN and OneDrive.To read this article in full or to leave a comment, please click here

Is Apple’s security honeymoon on OS X ending?

Apple scored unforgettable hits against Microsoft with its Mac vs. PC ads, which anthropomorphized Windows as a sneezing, miserable office worker.   Security experts always knew that the campaign was a clever bit of marketing fluff, one that allowed Apple to capitalize on Microsoft's painful, years-long security revamp. The landscape is changing, however. Apple's market share of desktop computers is nearing 17 percent. OS X, Apple's operating system, is popular with consumers and enterprises now, making it a more interesting target for hackers. A report to be released on Thursday by the security company Bit9 + Carbon Black shows that more malware has been found this year for OS X than in the last five years combined.To read this article in full or to leave a comment, please click here

Think Apple OS X is below the malware radar? Think again

Instances of Apple OS X malware are soaring this year, already totaling more than five times the number tallied over the previous five years combined, according to an in-house Bit9 + Carbon Black tally.Instances totaled 180 from 2010 through 2014, but have already reached 948, according to “2015: The most Prolific Year in History for OS X Malware”, the results of a 10-week study of malware crafted for the operating system.The Bit9+Carbon Black research team analyzed data it gathered from its own research efforts, culling open source data such as Contagio malware dump, experience from incident response-engagements involving OS X that were made by Bit9 + Carbon Black’s partners, and suspicious code uploaded to Bit9 + Carbon Black from its customers. They came up with 1,400 unique OS X malware samples.To read this article in full or to leave a comment, please click here

Bracket Computing advancements boost enterprise cloud security control

Bracket Computing is expanding its cloud-storage data protection offerings and has received an additional $46.4 million in venture funding to further develop its products and roll them out worldwide.Now in addition to Bracket’s Computing Cell service, customers can license an in-house version of the technology and control all aspects of the encryption/policy enforcement/data integrity platform.+ More on Network World: Gartner: Risk, relentless data center demand, open source and other tech trends IT needs to know +To read this article in full or to leave a comment, please click here

Technology scares the hell out of people, university survey finds

Technology-related concerns account for 3 of the top 5 biggest fears among Americans surveyed recently by Chapman University of Orange, Calif. -- and a couple of the other concerns on the top 10 list could be considered tech-related worries as well.Number 1 on the list, according to the online survey of more than 1,500 adults, is Corruption of Government Officials, while technology-related concerns ranked #2 (Cyber-terrorism), #3 (Corporate tracking  of personal information) and #5 (Government tracking of personal information). Numbers 7 (Identity theft) and #10 (Credit card fraud) could also be classified as tech-related worries.To read this article in full or to leave a comment, please click here

Hackers exploit new zero-day in fully patched Adobe Flash

If you haven’t kicked Adobe Flash to the curb, and you should, then don’t feel secure even if you are running a fully patched version of Flash Player.Although Adobe released a mega-sized patch yesterday, including security fixes for 69 critical vulnerabilities in Flash, Reader and Acrobat, attackers are armed with a zero-day exploit that leaves fully patched versions of Flash Player vulnerable.To read this article in full or to leave a comment, please click here

Magento database tool Magmi has a zero-day vulnerability

An open-source tool for importing content into the Magento e-commerce platform, called Magmi, has a zero-day vulnerability, according to security vendor Trustwave. The directory traversal flaw is in some versions of Magmi, which is used to move large amounts of data into Magento's SQL database. Such a flaw can allow access to other files or directories in a file system. "Successful exploitation results in access to Magento site credentials and the encryption key for the database," wrote Assi Barak, lead security researcher with Trustwave's SpiderLabs.To read this article in full or to leave a comment, please click here

US, UK disrupt Dridex botnet, which targeted online banking

A cybercriminal network that caused at least US$10 million in losses has been disrupted by U.S. and U.K. law enforcement, with the U.S. seeking a Moldovan man's extradition, the Department of Justice said Tuesday.Andrey Ghinkul, 30, is accused of being the administrator of the Dridex botnet, also known as Cridex and Bugat.A nine-count indictment was unsealed on Tuesday in the U.S. District Court for the Western District of Pennsylvania,  DOJ said. Ghinkul was arrested on Aug. 28 in Cyprus.Dridex has been a real headache for a number of years. It collects online banking credentials from infected computers, which prosecutors said were then used to initiate large wire transfers.To read this article in full or to leave a comment, please click here

Phishing websites look more legit with SSL certs from major companies

The Web is full of deception, and it's sometimes still hard for people to figure out if the website they're viewing really is what it says it is.This type of cyberattack, known as phishing, is designed to elicit sensitive details from victims by creating websites that look nearly identical to services like PayPal or Bank of America.Despite improvements in quickly detecting and taking such sites offline, it's still a huge problem.A U.K.-based network monitoring company, Netcraft, says fraudsters are exploiting weaknesses in technology companies in order to make more convincing looking phishing sites.Many websites use SSL/TLS (Secure Sockets Layer/Transport Layer Security) certificates to verify their domain name and encrypt communications with users.To read this article in full or to leave a comment, please click here

FBI, DoJ take out $10 Million “Bugat” banking botnet

The FBI and US Department of Justice today said they disrupted the activities and arrested the administrator of the botnet known as “Bugat,”  “Cridex” or “Dridex,” which authorities said pilfered over $10 million.More on Network World: Gartner: Risk, relentless data center demand, open source and other tech trends IT needs to knowThe FBI called Bugat a sophisticated malware package designed to steal banking and other credentials from infected computers and is generally distributed through phishing. The software typically can upload files from an infected computer and download executable files to the victim’s system. Collected information id sent to the criminal’s system. Bugat is specifically designed to defeat antivirus and other protective measures employed by victims.To read this article in full or to leave a comment, please click here