Archive

Category Archives for "Network World Security"

Gartner: Top 10 strategic predictions that could shake up IT

ORLANDO-- The robots decidedly have it. They will help run businesses, make decisions for you and maybe even be your boss. Those were just some of the predictions put forth by Gartner vice president Daryl Plummer at the consultancy’s always interesting prediction of future IT technology directions. +More on Network World: Gartner: IT should simplify security to fight inescapable hackers+ “Robots are beginning to rise – don’t think Terminator robots – but smart robots that will have the ability to learn things better, faster,” PlummerTo read this article in full or to leave a comment, please click here

When it comes to security, trust but verify

ORLANDO -- It's time to rethink a bunch of security truisms, Gartner analysts said at the company's annual Symposium/IT Expo here this week.The security rules companies have relied on for decades are ready for retirement. These include: Prevention is better than cure, humans are the weakest link, and access should be limited to just an employee needs to do his or her job. These old saws have been "exploded" by today's tech trends, said Tom Scholtz, Gartner research vice president.[ Get the latest tech news with Computerworld's daily newsletters ] For one thing, employees are now mobile, digitally literate, embrace new tools without fear and expect access to whatever they need from wherever they're working.To read this article in full or to leave a comment, please click here

Snowden talks about secret smartphone spying Smurfs, coming home to go to prison

During the BBC’s Panorama series “Edward Snowden: Spies and the Law,” which is not viewable per say from the US, Snowden discussed how intelligence agencies “want to own your phone instead of you.” The topic of hacking smartphones for surveillance starts about nine minutes into the interview as Snowden revealed the GCHQ’s “Smurf Suite.”“Dreamy Smurf is the power management tool,” explained Snowden, “which means turning your phone on or off without you knowing.” Yes, it can control the power even if your phone is off.“Nosey Smurf is the hot-miccing tool. So, for example, if it’s in your pocket they can turn the microphone on and listen to everything that’s going on around you.” Yes, “even if your phone is switched off because they’ve got the other tools for turning it on.”To read this article in full or to leave a comment, please click here

U.S. Critical Infrastructure Continue to Make Risky IT Bets

When the term “critical infrastructure” is mentioned in conversation, thoughts immediately turn to things like electrical power plants, oil and gas pipelines, food, water, etc. You know, the foundational services of modern life that we all take for granted. These are the same industries that former Defense Secretary, Leon Panetta, was referring to when he warned of the possibility of a “cyber-Pearl Harbor” back in 2012.  Panetta stated:’An aggressor nation or extremist group could use these kinds of cyber tools to gain control of critical (railroad) switches…they could derail passenger trains or even more dangerous, derail passenger trains loaded with lethal chemicals. They could contaminate the water supply in major cities or shut down the power grid across large parts of the country.”  To read this article in full or to leave a comment, please click here

IDG Contributor Network: Counter cybersecurity threats with a human-machine dual strategy

Earlier this year, the 3.5-hour outage at the New York Stock Exchange (NYSE) raised a lot of eyebrows in the IT community. Opinions about the cause of this outage, including my own, came out of the woodwork despite official statements claiming "technical issues" following a software update. I have to ask: Would the NYSE really perform a software update on a production system first thing Wednesday morning?While I can't rule out a hack on the NYSE, the situation sparks another discussion: Was human error to blame?To read this article in full or to leave a comment, please click here

How to chat up Department of Homeland Security about DDoS attacks

The Department of Homeland Security's Science & Technology Directorate later this month will hold an hour-long Twitter chat to discuss the United States' plan to protect its networks against distributed denial-of-service attacks.The US, along with China, are the top targets for those who would disrupt networked machines and networks by bombarding them with traffic, according to security vendor Kaspersky Lab.You're invited to join @dhsscitech on Wednesday, Oct. 21 from noon to 1 p.m. EST for the conversation. Submit questions and comments about DDoS before, during or after the chat and use the #STTechTalk hashtag to engage in the discussion.To read this article in full or to leave a comment, please click here

5 tips for better enterprise security

The recent spate of data breaches at major U.S. organizations has raised questions about how effective current security tools and approaches are when it comes to dealing with emerging threats. Private and public enterprises have spent tens of billions of dollars to bolster security over the past decade, yet malicious attackers consistently succeed in evading whatever roadblocks are thrown their way. The trend has led many organizations to embrace a back-to-basics approach focused equally on people, processes and technology. Rather than viewing the security function as a bothersome cost of doing business, a growing number of organizations see it as a strategic enabler of new initiatives.To read this article in full or to leave a comment, please click here(Insider Story)

Doom or delight? Court ruling on Safe Harbor brings uncertainty to privacy dealings

Privacy activists are overjoyed, but for businesses it's what one lobbyist described, only half jokingly, as "the doomsday scenario:" The transatlantic transfer of European Union citizens' personal data was thrown into a legal void Tuesday when the Court of Justice of the EU declared invalid the 15-year-old Safe Harbor agreement with the U.S. because it provided inadequate privacy protection.The ruling exposes businesses reliant on Safe Harbor to the threat of legal action. The fact that European Commission and U.S. officials are in the middle of negotiating stronger privacy protections offers little comfort, as the ruling also opens that to challenges in national courts. Only a complete rewrite of the EU's data protection regime, already in progress, might help -- but it won't take effect for up to two years after the final text is agreed, and that is still many months off.To read this article in full or to leave a comment, please click here

IP camera makers pressure researcher to cancel security talk

An upcoming talk covering security problems in Internet-connected cameras has been canceled after opposition from some manufacturers.Gianni Gnesa was scheduled to give a presentation titled "Abusing Network Surveillance Cameras" on Oct. 14 at the Hack in the Box GSEC conference in Singapore.Internet-connected video camera, or IP cameras, are widely used for security systems, offering the advantage that footage can be streamed anywhere remotely. But anything connected to the Internet poses risks if not properly secured. IP cameras, like this one made by Shenzhen Shixin Digital, are widely used in the security industry.To read this article in full or to leave a comment, please click here

Google patches second round of Stagefright flaws in Android

Google has issued patches for two new Stagefright-related vulnerabilities, one of which affects Android versions going back to 2008 and puts millions of users at risk.The flaws were found by security company Zimperium, which also unearthed the original Stagefright flaws in April.In an advisory Monday, Google said it didn't appear that attackers have started exploiting the vulnerabilities yet.The latest flaws are only slightly less dangerous than their predecessors, which allowed a device to be compromised merely by sending a specially crafted multimedia message (MMS). An attacker needed only to know the victim's phone number.To read this article in full or to leave a comment, please click here

Gartner: IT should simplify security to fight inescapable hackers

ORLANDO -- On some level it may seem incongruous to many IT organizations but as security challenges mount, enterprises should take a look at their protection systems and look to simplify them -- not make the more complicated -- to battle hackers.+More on Network World: Gartner: Get onboard the algorithm train!+The Risk and Security officer in many enterprises today is mostly concerned with old technology risks. They’ve become obsessed with external hacks, chasing the impossible goal of perfect protection. However, 65% of CEOs say their risk management approach is falling behind, said Peter Sondergaard senior vice president of research withGartner at the consultancy’s Symposium/IT Expo this week.To read this article in full or to leave a comment, please click here

1 More Reason To Be Wary of Sky High Drones (See Video)

Even wireless LANs located many stories from the ground in skyscraper offices might not be safe from hackers -- if the hackers are armed with drones. So say researchers in Singapore, a country where skyscrapers are plentiful.In this video, researchers from iTrust, a Center for Research in Cyber Security at the Singapore University of Technology And Design, show how attackers could infiltrate a wireless printer using a personal drone and an Android phone outfitted with a special app.MORE: New super-precise drones could win over wireless carriersTo read this article in full or to leave a comment, please click here

IDG Contributor Network: More data breaches caused by lost devices than malware or hacking, Trend Micro says

Prices are dropping for Personally Identifiable Information (PII) on the Dark Web. One likely reason is a surplus of the data; cybercriminals have been too successful gathering the stuff. Criminals can now purchase PII for $1 a line — that's down from $4 just a year ago, Trend Micro reported in its new research paper. Each line contains a name, a full address, a date of birth, a Social Security number, and other information. Criminals only need a few lines to clone an identity.Studying stolen data Trend Micro analyzed a decade's worth of data breach information in its new report, "Follow the Data, Dissecting Data Breaches and Debunking the Myths' (PDF).To read this article in full or to leave a comment, please click here

Gartner: Get onboard the algorithm train!

ORLANDO -- Algorithms are hot and will be a major driver in the future of IT and business. That was the driving thought from the opening keynote session at this week’s Gartner Symposium/IT Expo.In five years 1 million new devices will come online every hour and these devices will create billions of new relationships. These relationships are not driven solely by data but algorithms, said Peter Sondergaard senior vice president of research withGartner.+More on Network World: Gartner: Top 10 Technology Trends for 2015 IT can’t ignore+To read this article in full or to leave a comment, please click here

Beginning of the end for Peeple app?

Rage on, Internet, and the Peeple app may die before it can even be launched.The Washington Post reported: When the app does launch, probably in late November, you will be able to assign reviews and one- to five-star ratings to everyone you know: your exes, your co-workers, the old guy who lives next door. You can’t opt out — once someone puts your name in the Peeple system, it’s there unless you violate the site’s terms of service. And you can’t delete bad or biased reviews — that would defeat the whole purpose.To read this article in full or to leave a comment, please click here

Beginning of the end for the Peeple app?

Rage on, Internet, and the Peeple app may die before it can even be launched.The Washington Post reported: When the app does launch, probably in late November, you will be able to assign reviews and one- to five-star ratings to everyone you know: your exes, your co-workers, the old guy who lives next door. You can't opt out — once someone puts your name in the Peeple system, it's there unless you violate the site's terms of service. And you can't delete bad or biased reviews — that would defeat the whole purpose.To read this article in full or to leave a comment, please click here

Scottrade had no idea about data breach until the feds showed up

When an organization gets hacked, ideally they'll realize it promptly and warn their users right away. Take crowdfunding site Patreon, which was hacked on Monday and has already informed the world about the problem. Scottrade, an investment brokerage company, is different, and not in a good way.The company announced Friday that it suffered a security breach over a period of several months from late 2013 to early 2014, affecting approximately 4.6 million customers. But in a statement, Scottrade said it had no idea that the breach had occurred until law enforcement officials told them about it.To read this article in full or to leave a comment, please click here

IDG Contributor Network: How keystroking style could replace passwords for authentication

The username and password mix that we've been using for authentication is on its way out, some people think.As we all know, problems include outright theft, the loss of password, phishing, and bots.Alternatives that have proven a bit more successful have included adding an extra element of authentication — such as an object that has to be in the possession of the user. A bank card at an ATM is an example of this. That's called two-factor authentication.But a new biometric typing keystroke algorithm that knows how you type could be a better authentication method, some scientists say.Biometrics Biometrics promise the most security, experts say. A fingerprint, or a voice print, is unique — it's theoretically inseparable, unlike the easily copied magnetic card.To read this article in full or to leave a comment, please click here

This vigilante virus protects you against malware attacks, quotes Richard Stallman

Forget about traditional PC malware: Infecting routers and other Internet-connected devices is the new hotness among malicious actors, given its effectiveness and relative ease. But there’s a new sort of malware swirling across the web—vigilante code that infiltrates your router and Internet of Things devices and then actually hardens them against traditional attacks, leaving helpful messages and homages to free software activist Richard Stallman in its wake.To read this article in full or to leave a comment, please click here

9 ways to be tech-ready for the next hurricane

Hurricane preparednessImage by NASA Goddard Space Flight CenterWith Hurricane Joaquin stirring up high winds and rain off the East Coast, FEMA has released a set of guidelines that might help you if the storm system hits. This slideshow provides you with tech guidelines during the storm.To read this article in full or to leave a comment, please click here