Yesterday was the deadline. Finally, the United States is switching from the old-fashioned swiping method for credit card transactions to the more secure chip-based system scheme dubbed EMV (for Europay, MasterCard, and Visa, which together originated the technology).The chip is harder to counterfeit, and unlike magnetic stripes, it can't be easily read and duplicated, which is what credit-card counterfeiters have long done. In other countries, the chip is coupled with a PIN, so if someone steals the card, they can't use it unless they also know your PIN -- a form of second-factor authentication U.S. debit cards have long used, but not U.S. credit cards. However, U.S. banks are not requiring the use of PINs with chip cards; the old-fashioned, security-irrelevant signature will still be used here.To read this article in full or to leave a comment, please click here
A data breach at credit bureau Experian may have exposed data from T-Mobile USA on about 15 million U.S. consumers.The data includes names, birth dates, addresses and Social Security numbers or other forms of identification like drivers' license numbers, the companies said Thursday. The people affected may not be current T-Mobile subscribers but applied for T-Mobile postpaid services or device financing from Sept. 1, 2013 to Sept. 16, 2015.There's no evidence so far that the data has been used inappropriately, Experian said in a press release. And the company said its consumer credit database was not affected. But the breach is the latest embarrassing security event concerning Experian, a widely used credit-information provider whose services are sometimes offered free after breaches at other companies make consumers nervous about their credit records.To read this article in full or to leave a comment, please click here
A data breach at credit bureau Experian may have exposed data from T-Mobile USA on about 15 million U.S. consumers.The data includes names, birth dates, addresses and Social Security numbers or other forms of identification like drivers' license numbers, the companies said Thursday. The people affected may not be current T-Mobile subscribers but applied for T-Mobile postpaid services or device financing from Sept. 1, 2013 to Sept. 16, 2015.There's no evidence so far that the data has been used inappropriately, Experian said in a press release. And the company said its consumer credit database was not affected. But the breach is the latest embarrassing security event concerning Experian, a widely used credit-information provider whose services are sometimes offered free after breaches at other companies make consumers nervous about their credit records.To read this article in full or to leave a comment, please click here
If you've ever wondered just where the fiber conduits that carry our Internet traffic run, wonder no more. Researchers have created a map.Four years in the making, the map, sourced in part from public records, shows the long-haul fiber that carries Internet data around the country. Additionally, locations where multiple cables connect are shown.This kind of map has never existed before.Internet infrastructure
Not much is known about "today's physical Internet infrastructure," the researchers say.So they delved in and, through a collection of Tier-1 ISP and cable company maps combined with public records, started to construct a map of the long-haul fiber network (PDF).To read this article in full or to leave a comment, please click here
For the longest time, Microsoft's antivirus programs have brought up the rear in tests, usually ranking near or in dead last. But recent tests from two respected antivirus testers show Microsoft has greatly improved its antivirus product and in a very short time.Germany's AV-Test Institute is something like Consumer Reports for antivirus software. It is the gold standard for AV software testing, and a good review from them can make your product a success. And for quite some time, Microsoft Security Essentials has been a laggard. But for the August tests, the scores improved.To read this article in full or to leave a comment, please click here
It is often cited that an enterprise’s employees are its biggest vulnerability. What are company’s doing about it? In a significant number of cases, companies are perhaps doing nothing.According to the SANS Institute and SpectorSoft, 74 percent of the 772 IT security professionals they recently surveyed are “concerned about malicious employees.” The survey pool spans 10 industries including financial, government, and technology and IT services. The survey data also shows that 32 percent of respondents “have no technology or process in place to prevent an insider attack”.To read this article in full or to leave a comment, please click here
NASA this week picked five possible contenders for a relatively low-cost robotic mission to space.The five candidates from a batch of 27 –include Venus, near-Earth object and asteroid operations – will ultimately be whittled down to one or two that will cost approximately $500 million, not including launch vehicle or post-launch operations, NASA stated.+More on Network World: 13 awesome and scary things in near Earth space+Each investigation team will receive $3 million to conduct concept design studies and analyses for NASA’s Discovery Program. After a detailed review and evaluation of each experiment, NASA will make the final selections by September 2016 for continued development leading up to launch possibly by 2020, NASA stated.To read this article in full or to leave a comment, please click here
Verizon consultants probed Target’s network for weaknesses in the immediate aftermath of the company’s 2013 breach and came back with results that point to one overriding – if not dramatic - lesson: be sure to implement basic security best practices.In a recent KrebsOnSecurity post, Brian Krebs details Verizon’s findings as set down in a Target corporate report.The findings demonstrate that it really is important to put in place all the mundane security best practices widely talked about, and that without them even the best new security platforms can’t defend against breaches.To read this article in full or to leave a comment, please click here
The Cisco AnyConnect Secure Mobility Client has been updated to fix vulnerabilities that could allow attackers to gain system or root privileges on Windows, Linux and Mac OS X computers.
The AnyConnect Secure Mobility Client allows employees to work remotely by securely connecting back to their company's network. It provides virtual private networking over SSL and additional features like identity services, network access control and Web security.
The vulnerability in the Linux and Mac OS X version of the client was discovered and reported by researchers from Dutch security firm Securify. It can be exploited to execute arbitrary files with the highest system privileges, also known as root.To read this article in full or to leave a comment, please click here
Jumping from Windows 7 directly to Windows 10 has to be something like a farmer visiting Times Square. Live Tiles flash and move. A nice assistant named Cortana always hovers nearby. Click on the wrong spot and you could be whisked away elsewhere on the Web. And there are always people asking who you are, where you live, what you like...Because the latest version of Windows is always asking for information in the guise of being helpful, it’s easy to think that Microsoft’s the poster child for the collective attack on your digital privacy. But it’s not.MORE ON NETWORK WORLD: 26 crazy and scary things the TSA has found on travelers
In fact, there are plenty of other companies who feel perfectly entitled to require you to hand over your personal info before they open their doors. On a day where Microsoft clarified what it does with your data to try and soothe your fears, a Bloomberg feature profiled Facebook’s “unblockable” ads, while a new Google program revealed that advertisers can now tune ads to who you are just by knowing your email address. To read this article in full or to leave a comment, please click here
Newly discovered vulnerabilities in the way Android processes media files can allow attackers to compromise devices by tricking users into visiting maliciously-crafted Web pages.The vulnerabilities can lead to remote code execution on almost all devices that run Android, starting with version 1.0 of the OS released in 2008 to the latest 5.1.1, researchers from mobile security firm Zimperium said in a report scheduled to be published Thursday.The flaws are in the way Android processes the metadata of MP3 audio files and MP4 video files, and they can be exploited when the Android system or another app that relies on Android's media libraries previews such files.To read this article in full or to leave a comment, please click here
It's easy for someone with potentially malicious intentions to record your voice, as you leave traces of your voice when simply talking somewhere out in public, during mobile phone calls, in videos posted on social networking sites, or even when sending a recorded voice greeting card. Your voice is considered to be unique enough to serve as an authentication of your identity.But after studying the implications of commonplace voice leakage and developing voice impersonation attacks, researchers from the University of Alabama at Birmingham warned that an attacker, in possession of only a very limited number of your voice samples, with "just a few minutes worth of audio of a victim's voice," can clone your voice and could compromise your security, safety, and privacy.To read this article in full or to leave a comment, please click here
After a month of stern accusations, including one from yours truly, the chief of Microsoft's Windows group addressed user concerns over privacy and information gathering in a blog post.Since its launch two months ago, Windows 10 has been dogged by a number of privacy concerns, ranging from machine IDs to keylogging to spying on your Cortana queries. Windows 7 and 8 were also drawn into the controversy, as Microsoft back-ported some of its telemetry gathering functions to the older operating systems, and the company was also found to be downloading the multigigabyte installation files to Windows 7 and Windows 8 machines without user permission.To read this article in full or to leave a comment, please click here
Apple has long benefitted from a perception that its devices and the software that powers them are more safe and secure than the competition, but last year's high-profile iCloud hack and a recent large-scale malware attack bring Apple security into question. Earlier this month, Apple suffered a potentially catastrophic security lapse when malicious code injected into a counterfeit version of Xcode, the company's app development toolset, made its way into hundreds (and perhaps thousands) of apps from Chinese developers. The malware affected hugely popular apps, including WeChat, which was eventually pulled from the App Store. Apple failed to detect and stop the malware from entering its "walled garden" and gaining access to an untold number of customers' iOS devices.To read this article in full or to leave a comment, please click here
DJ Armin van BuurenImage by Jorge Mejía PeraltaElectronic Dance Music (EDM) DJ Armin van Buuren replaces comedian and talk show host Jimmy Kimmel as Intel Security’s most dangerous celebrity to search for online. For the ninth year in a row, Intel Security researched popular culture’s most famous people to reveal which of them generates the most dangerous search results.To read this article in full or to leave a comment, please click here
In the shadow of the recent Office of Personnel Management break-in it likely comes as little surprise to many that the federal government needs to pick up its security game in a big way.This challenge is perhaps reflected best in report this week by watchdogs at the Government Accountability Office that shows despite years of recommendations and billions of dollars spent, most federal agencies remain frighteningly weak when it comes to cybersecurity.To read this article in full or to leave a comment, please click here
When it comes to domain name systems (DNS), there are a lot of choices available. Yesterday, Verisign introduced a free, public Domain Name System (DNS) service that respects users' privacy.I think we're all aware now that much of the information we put into websites is often sold and used for good and bad purposes. We search for certain restaurants and all of sudden we're being pushed coupons for it. We update our LinkedIn profile and now we're being approached about jobs at competing companies. When we purchase an item online with a credit card, the number may be stolen. Even though there are risks, we still do those activities because they make our lives more convenient, and for that we're willing to deal with the consequences.To read this article in full or to leave a comment, please click here
Cyber-criminals using the Dyreza computer trojan appear to be shifting gears from online banking and moving into the industrial supply chain.New versions of Dyreza are configured to steal credentials for order fulfillment, warehousing, inventory management, e-commerce and other IT and supply chain services. This represents a deliberate strategy on the part of attackers to target new industries at all points across the supply chain, researchers from security firm Proofpoint said in a blog post."We suspect a financial motivation," they said. "Once an attacker has obtained login credentials for their targeted systems, the potential to harvest payment information, make fraudulent financial transfers, and even divert physical shipments is immense."To read this article in full or to leave a comment, please click here
Cisco this week said it intends to purchase Portcullis, a privately held cybersecurity consultancy based in the United Kingdom.Terms of the deal were not disclosed.+MORE ON NETWORK WORLD: Cisco security chief: 4 things CISOs need to survive+ Cisco
James Mobley, Cisco vice president of security solutionsTo read this article in full or to leave a comment, please click here
While half of consumers polled in a recent survey think that they are "adequately" protected from online threats on their computers, tablets, and smartphones, only 37% think the same protection is in place for their connected-home devices, such as IoT, gaming consoles, smart TVs, and thermostats.DNS service provider Nominium commissioned the report from market researcher YouGov in July. Polling consisted of 1,106 consumers in the United States.Less secure
"Consumers find their digital world expanding at an astounding pace with more and more Internet-connected 'things,'" Nominium says of the report.To read this article in full or to leave a comment, please click here