Archive

Category Archives for "Network World Security"

British spies cast net to monitor every web surfer, leaked documents show

When British spies gave their Internet surveillance program the codename Karma Police they may have given away a little too much about its epic purpose: "To build a web-browsing profile for every visible user on the Internet."The system ultimately gathered trillions of metadata records about Internet users' browsing habits.In official documents obtained by The Intercept, the intent of Karma Police stands out alongside more cryptically named projects such as Moose Milk (using data mining to detect suspicious use of telephone kiosks) or Salty Otter (a technique for detecting when use of one medium, such as a telephone call, is used to trigger another, such as a chat service).To read this article in full or to leave a comment, please click here

Researchers tout technology to make electronics out of old tires

Researchers are working with a process that turns old tires – and there are some 300,000 tossed yearly – into electrodes for supercapacitors that would be used on the grid or in cars and other electronics applications.+More on Network World: Real Jobs for Real Robots+ The technology developed at the Department of Energy’s Oak Ridge National Laboratory and Drexel University produces carbon composite papers through a process described like this: “the researchers soaked crumbs of irregularly shaped tire rubber in concentrated sulfuric acid. They then washed the rubber and put it into a tubular furnace under a flowing nitrogen gas atmosphere. They gradually increased the temperature from 400 degrees Celsius to 1,100 degrees. After several additional steps, including mixing the material with potassium hydroxide and additional baking and washing with deionized water and oven drying, researchers have a material they could mix with polyaniline, an electrically conductive polymer, until they have a finished product.”To read this article in full or to leave a comment, please click here

Cookie handling in browsers can break HTTPS security

Cookies, the files that websites create in browsers to remember logged-in users and track other information about them, could be abused by attackers to extract sensitive information from encrypted HTTPS connections.The issue stems from the fact that the HTTP State Management standard, or RFC 6265, which defines how cookies should be created and handled, does not specify any mechanism for isolating them or checking their integrity.As such, Web browsers don't always authenticate the domains that set cookies. That allows malicious attackers to inject cookies via plain HTTP connections that would later be transmitted for HTTPS connections instead of those set by the HTTPS sites themselves, the CERT Coordination Center (CERT/CC) at Carnegie Mellon University said in an advisory Thursday.To read this article in full or to leave a comment, please click here

10 cutting-edge security threats

New tech, new bugs, new headachesWhen you think of security vulnerabilities, the first thing that likely comes to your mind are flaws in Windows or apps like Adobe Reader that let hackers wreak havoc on your PC. But computers are everywhere these days, and with more computers come more security headaches.Join us as we look at ten hacks and vulnerabilities that take threats to the next level. Somehow, things have gotten even crazier since our last look at shocking security exploits.To read this article in full or to leave a comment, please click here

IDG Contributor Network: 5 myths about data encryption

It's a heartache, nothing but a heartache. Hits you when it's too late, hits you when you're down. It's a fools' game, nothing but a fool's game. Standing in the cold rain, feeling like a clown.When singer Bonnie Tyler recorded in her distinctive raspy voice "It's A Heartache" in 1978, you'd think she was an oracle of sorts, predicting the rocky road that encryption would have to travel.Just a year earlier in 1977 the Encryption Standard (DES) became the federal standard for block symmetric encryption (FIPS 46). But, oh, what a disappointment encryption DES would become. In less than 20 years since its inception, DES would be declared DOA (dead on arrival), impenetrable NOT.To read this article in full or to leave a comment, please click here

Are your biggest security threats on the inside?

The now infamous Ashley Madison website has had a pretty successful run at helping its clientele be disloyal. So perhaps some would view it as poetic justice if the website became one of the most scandalous breaches in history at the hands of one of its own. At least that is the conclusion of IT security analyst John McAfee, who noted recently “yes, it is true. Ashley Madison was not hacked – the data was stolen by a woman operating on her own who worked for Avid Life Media.” If true, the fact that the Ashley Madison breach was due to an internal, and not external, threat shouldn’t come as too big a surprise. Many IT security studies this year have pointed to the growing threat of insider data theft and corporate breaches. To read this article in full or to leave a comment, please click here

Facebook goes down and Twitter lights up

Facebook crashed for at least 10 minutes today and then struggled to fully come back online.When users tried to open or refresh their Facebook pages a little after 12:30 p.m. ET today, they were greeted not with their news feed but with a largely blank screen that simply said, "Sorry, something went wrong. We're working on it and we'll get it fixed as soon as we can."The site began to come back online around 12:50 p.m., though some users reported still having trouble loading the site until about 1 p.m.MORE ON NETWORK WORLD: 26 crazy and scary things the TSA has found on travelers Facebook did not return a request for information on what caused the problem.To read this article in full or to leave a comment, please click here

IDG Contributor Network: IoT security will soon be common in the enterprise, Gartner says

A fifth of all businesses will have deployed IoT-related security by the end of 2017, analyst Gartner thinks.Dedicated digital security services that are committed to "protecting business initiatives using devices and services in the Internet of Things" will be in place by then, the research and advisory company says.Gartner made the statement in a press release on its website in relation to a security and risk management summit earlier this month in Mumbai.'Reshape IT' "The IoT redefines security," Ganesh Ramamoorthy, research vice president at Gartner, said in the press release.To read this article in full or to leave a comment, please click here

ZingBox: Startup brings Cisco, Stanford pedigree to IoT security

ZingBox, an Internet of Things security startup whose founders have ties to Cisco and Stanford University, is working on software that guards IoT devices from threats on the Internet. May Wang The year-old company’s focus is upgrading routers and gateways with intelligence to detect when IoT devices are behaving abnormally, indicating that they might be compromised, says May Wang, CTO of the company and a co-founder who spent 14 years at Cisco in its office of the CTO where she was a principal architect.To read this article in full or to leave a comment, please click here

New malware program infects ATMs, dispenses cash on command

Security researchers have discovered a new malware program that infects automated teller machines (ATMs) and allows attackers to extract cash on command.The program is dubbed GreenDispenser and was detected in Mexico. However, it's only a matter of time until similar attacks are adopted by cybercriminals in other countries, researchers from security firm Proofpoint said in a blog post.GreenDispenser is not the first malware program to target ATMs. In October 2013, security researchers from Symantec warned about a backdoor called Ploutus that could infect ATMs when a new boot disk is inserted into their CD-ROM drives.To read this article in full or to leave a comment, please click here

Ransomware pushers up their game against small businesses

After extorting millions from consumers over the past few years, file-encrypting ransomware creators are increasingly focusing their attention on victims who are more likely to pay up: small and medium-sized businesses.Throughout June and July, over 67 percent of users who clicked on malicious links in CryptoWall-related emails were from the SMB sector, researchers from antivirus vendor Trend Micro found. An additional 17 percent were from within large enterprises.CryptoWall is one of the most widespread ransomware programs, infecting nearly 625,000 systems between March and August 2014 and many more since then. Researchers estimate that it has earned well over $1 million for its creators.To read this article in full or to leave a comment, please click here

Apple devs: Don’t let Apple’s Xcode validation scare you

The Apple App Store has long enjoyed a sterling reputation for screening out malware. But last weekend, the company pulled apps infected with XcodeGhost malware from the Chinese Apple App Store -- infected apps that had apparently been created with a counterfeit version of Apple's Xcode IDE by unsuspecting developers.As a precaution, Apple emailed its developers on Tuesday, recommending that they validate their installed version of Xcode using a simple procedure to ensure it wasn't a hacked version. The email also contained a reminder to "always download Xcode directly from the Mac App Store, or from the Apple Developer website, and leave Gatekeeper enabled on all your systems to protect against tampered software."To read this article in full or to leave a comment, please click here

Privacy group calls for a boycott of tech companies supporting CISA

Privacy advocates are stepping up their lobbying efforts against the controversial cyber threat information sharing bill currently in Congress after several tech giants indicated their support.Activist group Fight for the Future criticized Salesforce for supporting legislation which would "grant blanket immunity for American companies to participate in government mass surveillance programs like PRISM, without meaningfully addressing any of the fundamental cyber security problems we face in the U.S." Accordingly, Fight for the Future said it will abandon the Heroku cloud application platform within the next 90 days and encourages others to follow suit. The letter to Salesforce CEO Marc Benioff was posted on the site YouBetrayedUs.org.To read this article in full or to leave a comment, please click here

Cybersecurity hall of fame names inductees

Incoming class The National Cyber Security Hall of Fame has announced its recent class of inductees. In noting them we also highlight some of the past winners. The hall of fame recognizes the history and contributions of pioneers, innovators and educators who influenced the industry. The inductees are chosen by a board of advisers. Pictured from left to right are: Susan Landau, Steven Lipner, Cynthia Irvine, Ron Ross, and Jerry Saltzer is in front.To read this article in full or to leave a comment, please click here

Apple lists 25 apps impacted by XcodeGhost

Apple has identified 25 apps on its stores that had used a rogue version of its Xcode development tool, and advised users to update the affected apps to fix the issue on their devices.Figuring in the list are the WeChat app from Tencent and the Didi ride-hailing app, which had been identified earlier as affected. Other apps included in the list released by Apple on its China website include local chatting tool Encounter, the app for Baidu Music and China Unicorn's customer service app.To read this article in full or to leave a comment, please click here

Datiphy tracks what data is up to for security, auditing purposes

Datiphy, a service provider founded in Taiwan, has bundled its technology for sale as a software package to make inroads in the U.S. as a security/data auditing tool that detects and reports suspicious access to databases.The company has been selling its service in Asia-Pacific since 2011 but has decided to improve the user interface and give it natural-language search to make it more attractive in the U.S. where the large enterprises it seeks as customers want to have an on-premises platform, says Mike Hoffman, executive vice president of sales and marketing.Datiphy has also gotten a financial shot in the arm, pulling down $7 million from Highland Capital Partners in its first round of institutional funding that it will use in part to hire staff to pursue partnerships so data gathered by the platform can be shared with other security products.To read this article in full or to leave a comment, please click here

DerbyCon: Former BlueHat prize winner will bypass Control Flow Guard in Windows 10

Windows 10, and even Windows 8.1 Update 3, uses Control Flow Guard (CFG) to protect against memory-corruption attacks. Close to the end of last year, Microsoft said the CFG security feature could "detect attempts to hijack your code" and stop executing the code "before the hijacker can do damage to your data or PC."This summer at Black Hat, Yunhai Zhang showed how to "Bypass Control Flow Guard Comprehensively" (pdf). And at DerbyCon on Friday, Jared DeMott and Rafal Wojtczuk will present "Gadgets Zoo: Bypassing Control Flow Guard in Windows 10."To read this article in full or to leave a comment, please click here

Book Report: Future Crimes

Future Crimes by Marc Goodman details the dark side of technology, examining how new technologies are used and abused for criminal purposes.  In just under 400 pages, Goodman provides some basic historical background on computer security and then guides the reader through a cybercrime journey spanning consumer, industrial, medical, and various other technologies.Fair warning to prospective readers: the story isn’t pretty. The author starts with a wake-up call about data privacy and how a plethora of companies like Facebook, Google, and OkCupid, and the $150 billion dollar data broker industry regularly collect, sell, and abuse user data.  Future Crimes also explores the current derelict world of cyber peeping toms, bullies, revenge porn, and extortion. While these crimes are already rampant today, Goodman theorizes that things will get worse with the proliferation of surveillance cameras, geo-location services, RFID tags, and wireless networking technology. The point is crystal clear: each technology innovation increases the attack surface, and cybercriminals are only too happy to exploit these vulnerabilities for profit.To read this article in full or to leave a comment, please click here

OPM underestimated the number of stolen fingerprints by 4.5 million

The number of people whose fingerprints have been stolen as a result of the high-profile hack into the computer systems of the U.S. Office of Personnel Management earlier this year is now 5.6 million.The agency revised its original estimate of 1.1 million Wednesday after finding fingerprint data in archived records that had previously not been taken into account.This does not change the overall number of 21.5 million former, current and prospective federal employees and contractors whose Social Security numbers, personal information and background investigation records were exposed in the breach.The OPM announced in June that it was the target of a cybersecurity breach that resulted in the theft of personnel data including full names, birth dates, home addresses, and Social Security numbers of 4.2 million current and former government employees.To read this article in full or to leave a comment, please click here

1 264 265 266 267 268 319