Next time you go for an MRI scan, remember that the doctor might not be the only one who sees your results.Thousands of medical devices, including MRI scanners, x-ray machines and drug infusion pumps, are vulnerable to hacking, creating significant health risks for patients, security researchers said this week.The risks arise partly because medical equipment is increasingly connected to the Internet so that data can be fed into electronic patient records systems, said researcher Scott Erven, who presented his findings with fellow researcher Mark Collao at the DerbyCon security conference.To read this article in full or to leave a comment, please click here
With NASA spotting water flows on Mars this week, excitement abounds as to what might be the next big thing for astrobiologsts and space scientists in general.Interestingly a congressional hearing entitled “Astrobiology and the Search for Life Beyond Earth in the Next Decade” was on tap this week to take a look at what some key issues are as NASA and other space organization look toward the future.+More on Network World: NASA touts real technologies highlighted in imminent 'The Martian' flick+To read this article in full or to leave a comment, please click here
Apple is making it very clear how it uses your data with a revamp of its privacy policy, posted in full on the company’s website. In the process, Cupertino is also making it plain just how different it is from other tech companies.Apple affirmed its commitment to customer privacy a year ago, and Tuesday’s update covers everything new in iOS 9 and OS X El Capitan. The company isn’t just issuing platitudes about how great its privacy protections are—it dives into real detail about how its various services use and protect your data.To read this article in full or to leave a comment, please click here
A Linux botnet has grown so powerful that it can generate crippling distributed denial-of-service attacks at over 150 Gbps, many times greater than a typical company's infrastructure can withstand.The malware behind the botnet is known as XOR DDoS and was first identified in September last year. Attackers install it on Linux systems, including embedded devices such as WiFi routers and network-attached storage devices, by guessing SSH (Secure Shell) login credentials using brute-force attacks.The credentials are used to log into the vulnerable systems and execute shell commands that download and install the malicious program. To hide its presence, the malware also uses common rootkit techniques.To read this article in full or to leave a comment, please click here
Within a span of a few days, two of three giants in the tech industry made changes that could directly affect your privacy; the third tried to clear up "privacy and Windows 10."Apple updates privacy policy, releases iOS security guideToday Apple published an updated privacy policy that explains, in detailed but easy-to-understand language, how it uses customers’ data. It begins with a message about Apple’s commitment to your privacy from Apple CEO Tim Cook. He promised Apple never "worked with any government agency from any country to create a backdoor in any of our products or services. We have also never allowed access to our servers. And we never will." Apple also revealed that 94% of the government data requests it receives deal with cops trying to find stolen iPhones.To read this article in full or to leave a comment, please click here
Windows users who rely on TrueCrypt to encrypt their hard drives have a security problem: a researcher has discovered two serious flaws in the program.TrueCrypt may have been abandoned by its original developers, but it remains one of the few encryption options for Windows. That keeps researchers interested in finding holes in the program and its spin-offs.James Forshaw, a member of Google's Project Zero team that regularly finds vulnerabilities in widely used software, has recently discovered two vulnerabilities in the driver that TrueCrypt installs on Windows systems.The flaws, which were apparently missed in an earlier independent audit of the TrueCrypt source code, could allow attackers to obtain elevated privileges on a system if they have access to a limited user account.To read this article in full or to leave a comment, please click here
NASA said today that liquid water flows intermittently on Mars– a significant finding in the decades-long search for life and for possible human use on future trips to the red planet.The water flow evidence was spotted by researchers from Georgia Tech employing NASA’s Mars Reconnaissance Orbiter (MRO) – a 4,800lb spacecraft that has been taking pictures and measurements of Mars since 2006. In this case, using an imaging spectrometer researchers detected signatures of hydrated minerals on slopes where mysterious dark streaks are seen on the red planet in dozens of locations.+More on Network World: NASA touts real technologies highlighted in imminent 'The Martian' flick+To read this article in full or to leave a comment, please click here
Getting a top job in information security has never been as simple as just having the required training and experience. Yes, those are mandatory, but the modern hiring process also includes personality evaluations to determine the so-called “XQ” – whether a candidate would be a good “fit” for a position – background checks and yes, the personal interview.It is generally the final stop before either a job offer, or a perfunctory “thanks-for-your-interest” dismissal.And as the roles of the CISO and CSO have evolved in recent years from a relatively narrow focus as “guardians of the data” to members of the C suite who are expected to speak the language of business, participate in strategic planning and be perceived as business enablers rather than impediments, the interview has evolved as well.To read this article in full or to leave a comment, please click here(Insider Story)
Just ahead of the opening of Strata + Hadoop World in New York City tomorrow, Cloudera today unveiled a new open source project to enable real-time analytic applications in Hadoop and an open source security layer for unified access control enforcement in Hadoop.The first project, Kudu, is an in-memory store for Hadoop that supports high-performance sequential and random reads and writes, enabling fast analytics on changing data.To read this article in full or to leave a comment, please click here
On the eve of a significant agreement between the United States and China on trade and information security, the head of the National Security Agency cautioned that the two superpowers must develop a set of norms that would curb cyber-espionage and theft of intellectual property from U.S. firms.Adm. Michael Rogers appeared in a rare open hearing of the Senate intelligence committee to offer an update on the agency's work, with a particular focus on the various cyberthreats, which increasingly are coming from state-sponsored actors.[ Related: What would a U.S.-China cybertreaty really mean? ]To read this article in full or to leave a comment, please click here
Rogue online advertisements that infect computers with malware have become a common occurrence on the Internet. But now, it appears, hackers have also figured out how to launch crippling distributed denial-of-service (DDoS) attacks through ad networks.The DDoS mitigation team at CloudFlare recently observed a large-scale attack which they believe was the result of malicious ads being loaded inside apps and browsers on mobile devices.The attack, which targeted one of the company's customers, peaked at 275,000 HTTP requests per second and was launched from over 650,000 unique IP (Internet Protocol) addresses, most of them from China.What was interesting about this attack was that the requests appeared to be generated by real browsers, not scripts or malware, as are typically used in HTTP-based DDoS attacks. Furthermore, an analysis of the request headers indicated that almost 80 percent of the devices generating the traffic were smartphones and tablets.To read this article in full or to leave a comment, please click here
Almost 18 million people were victims of identity theft in the United States last year, with the majority of crimes targeting credit cards and bank accounts, the Department of Justice said Sunday.The figure represents 7 percent of the U.S. population aged 16 or older and is a rise of 1 million people from 2012, the last year for which the DOJ's Bureau of Justice Statistics published a similar report.The latest report counts instances where a person experienced misuse of a financial or other account -- not simply a breach of their personal information.MORE ON NETWORK WORLD: 6 simple tricks for protecting your passwords
Just over two in every five cases involved a credit card account and just under two in five involved a bank account.To read this article in full or to leave a comment, please click here
Silent Circle's second privacy-focused device, the Blackphone 2, is designed to meet the management and security needs of enterprises, while not alienating workers who will end up using it for their personal affairs as well.
The phone, launched Monday, integrates with Google's Android for Work program, which allows companies to manage and secure the Android devices of their employees. The phone also works with major device management platforms including those from MobileIron, Citrix, Good and SOTI.
One of the most important new features of Blackphone 2 is called Spaces and allows users to create virtual phone environments with different security settings.To read this article in full or to leave a comment, please click here
It's time to face a cold, hard fact: The "shadow IT" parade is passing you by, and if you don't get out in front of it and lead it where you want it to go, you might get run over.Gartner projected in 2012 that marketing department spending on IT will surpass IT department spending on IT in the near future. True, that has yet to happen, but the scales keep tipping. Take a hard look at that future: You may not be in it.[ Navigate the modern hiring landscape with InfoWorld's special report, "The care and feeding of a rockstar developer." | Share your tech story and get a $50 American Express gift cheque if published. Send it to [email protected]. | Keep up with hot topics in programming with InfoWorld's Application Development newsletter. ]
Shadow IT has been presented as a new threat to IT departments because of the cloud. Not true -- the cloud has simply made it easier for non-IT personnel to acquire and create their own solutions without waiting for IT's permission. Moreover, the cloud has made this means of technical problem-solving more visible, bringing shadow IT into the light. In fact, Continue reading
New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.BitbucketKey features: Bitbucket Server (formerly named Stash) is a Git solution for professional teams. New capabilities include Git Mirroring for distributed team members, Large File Storage support and help in organizing complex repository structures. More info.To read this article in full or to leave a comment, please click here
The Department of Commerce's National Institute of Standards and Technology (NIST) is awarding roughly $3.7 million for three pilot projects designed to make online transactions more private and secure.
This fourth round of recipients of the National Strategy for Trusted Identities in Cyberspace (NSTIC) grants will, respectively, pilot technologies designed to safeguard tax returns, secure medical information and protect online storage. The NSTIC, which unites the public and private sectors, launched in 2011.
The new grantees are:
MorphoTrust USA (Billerica, Mass., $1,005,168)MorphoTrust’s second NSTIC pilot grant will focus on preventing the theft of personal state tax refunds in multiple states. MorphoTrust will leverage trust created during the online driver licensing process, which includes biometrics and more, to build trustworthy electronic IDs. To read this article in full or to leave a comment, please click here
After Volkswagen used software that manipulated exhaust values and defeated emissions tests, it has affected 11 million VW diesel cars built since 2008. A 2007 letter from VW parts supplier Bosch warned Volkswagen not to use the software for regular operations; in 2011, a Volkswagen technician raised concerns about the illegal practices in connection with the emissions levels.“We should be allowed to know how the things we buy work,” Eben Moglen, a Columbia University law professor and technologist told the New York Times. “Let’s say everybody who bought a Volkswagen were guaranteed the right to read the source code of everything in the car. 99% of the buyers would never read anything, but out of the 11 million people whose car was cheating, one of them would have found it. And Volkswagen would have been caught in 2009, not 2015.”To read this article in full or to leave a comment, please click here
When encryption is outlawed, bayl bhgynjf jvyy unir rapelcgvba *.If you don't get it or you have a better joke, drop me a note ... * (mouse over, don't click)
To read this article in full or to leave a comment, please click here
Presidents Obama and Xi agree that the U.S. and China won’t steal corporate secrets from each other, but the wording is so full of loopholes that CISOs shouldn’t take too much comfort in the pact for quite a while.The agreement sets up high-level talks twice a year to deal with complaints the U.S. and China have about whether the other is responding quickly and thoroughly to claims by the other side about malicious cyber activity.It also takes a run at corporate spying in particular: “[N]either country’s government will conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors.”To read this article in full or to leave a comment, please click here
Rumors of the demise of Flash have been greatly exaggerated, to paraphrase Mark Twain. The multimedia and software platform's days may well be numbered, but today it’s still alive, even if its kicks are not exactly vigorous.It’s now five years since the late Steve Jobs published his famous Thoughts on Flash memo, in which he put the knife in to Flash on the grounds that it was proprietary, unreliable and insecure, that it drains mobile device batteries and is a cross-platform development tool that results in developers using only a lowest common denominator set of features.MORE ON NETWORK WORLD: 26 crazy and scary things the TSA has found on travelers
It's certainly true that Flash has been plagued by security issues – prompting Mozilla to block Flash plugins in Firefox and Google to block most Flash content from its Chrome browser. Google also converts many Flash ads on its AdWords system into HTML5, and Amazon has also stopped accepting Flash ads entirely.To read this article in full or to leave a comment, please click here