Archive

Category Archives for "Network World Security"

Fujitsu tech can track heavily blurred people in security videos

Fujitsu has developed image-processing technology that can be used to track people in security camera footage, even when the images are heavily blurred to protect their privacy.Fujitsu Laboratories said its technology is the first of its kind that can detect people from low-resolution imagery in which faces are indistinguishable.Detecting the movements of people could be useful for retail design, reducing pedestrian congestion in crowded urban areas or improving evacuation routes for emergencies, it said.Fujitsu used computer-vision algorithms to analyze the imagery and identify the rough shapes, such as heads and torsos, that remain even if the image is heavily pixelated. The system can pick out multiple people in a frame, even if they overlap.To read this article in full or to leave a comment, please click here

Lawmakers target data brokers in privacy bill

Four U.S. senators have resurrected legislation that would allow consumers to see and correct personal information held by data brokers and tell those businesses to stop sharing or selling it for marketing purposes.The Data Broker Accountability and Transparency Act, introduced by four Democratic senators Thursday, also would require the U.S. Federal Trade Commission to craft rules for a centralized website for consumers to view a list of data brokers covered by the bill.Data brokers collect personal information about consumers, often without their knowledge, and resell it to other businesses.To read this article in full or to leave a comment, please click here

Adobe invites help hunting vulnerabilities in its online services

Adobe Systems launched a new program that encourages security researchers to find and report vulnerabilities in the company’s websites and other online services.Unlike companies like Google, Mozilla, Facebook or Twitter that pay monetary rewards for vulnerabilities found in their Web properties, Adobe’s program only promises public recognition for such contributions.“Bug hunters who identify a web application vulnerability in an Adobe online service or web property can now privately disclose the issue to Adobe while boosting their HackerOne reputation score,” said Pieter Ockers, the security program manager at Adobe, in a blog post Wednesday.To read this article in full or to leave a comment, please click here

OpenDNS trials system that quickly detects computer crime

A security system undergoing testing by a San-Francisco-based company aims to speed up the detection of websites and domains used for cybercrime.The technology is being developed by OpenDNS, which specializes in performing DNS (Domain Name System) lookups. The DNS translates domain names such as idg.com into an IP address that can be called into a browserOpenDNS offers a secure DNS service for ISPs and organizations that blocks requests from Web browsers to sites that may be associated with cybercrime or spoof a company such as PayPal.The company, which was founded in 2005, has grown so much that its systems respond to some 71 billion DNS requests per day. That’s just 2 percent of global DNS traffic but is enough of a sample to pick up on many cybercrime campaigns.To read this article in full or to leave a comment, please click here

China says new cybersurveillance proposal follows US security practices

China is scratching its head over why the U.S. is opposing a new anti-terror law relating to cybersurveillance when the U.S. and other countries have also requested that tech companies hand over data to help stop terrorists.On Wednesday, China’s parliamentary spokeswoman tried to play down the impact the proposed legislation might have on foreign tech businesses, in the face of U.S. fears it would require companies to hand over sensitive data to the country’s government.The anti-terror law is still under review, but if passed, it would require tech companies to give encryption keys to the authorities, and create “back doors” into their systems for government surveillance access.To read this article in full or to leave a comment, please click here

Drive-by attack relies on hacked GoDaddy accounts

Hundreds of hacked domain name accounts registered through GoDaddy are being used as part of a highly effective campaign using the Angler exploit kit to infect computers with malware.The attackers are using the accounts to create subdomains that shuttle Web surfers to websites hosting Angler, wrote Nick Biasini, an outreach engineer with Cisco Systems.The owners of the accounts are usually unaware of the activity, which Cisco calls “domain shadowing,” since they may rarely log into their accounts. Hundreds of GoDaddy accounts that have several thousand domain names assigned to them have been compromised, Biasini wrote.To read this article in full or to leave a comment, please click here

FREAK is another serious flaw in the web’s encryption

Experts are warning of a serious security flaw that has apparently gone undetected for years and can weaken encrypted connections between computers and websites, potentially undermining security across the Internet.The flaw, which has been dubbed FREAK, affects the widely used Secure Sockets Layer protocol and its successor, Transport Layer Security, and can allow an attacker to intercept supposedly encrypted traffic as it moves between clients and servers.The flaw affects many popular websites, as well as programs including Apple’s Safari browser and Google’s Android mobile OS, security experts say. Applications that use a version of OpenSSL prior to 1.0.1k are also vulnerable to the bug, detailed in this advisory.To read this article in full or to leave a comment, please click here

Snowden willing to face trial in US, if it’s fair

Edward Snowden, the former U.S. National Security Agency contractor who leaked details of the agency’s surveillance programs, is willing to return to the U.S. and face criminal charges, if he’s assured of a fair trial, according to a Russian news report.Snowden, now living in Russia, is ready to return to the U.S. on the condition that he’s guaranteed a fair trial, Snowden lawyer Anatoly Kucherena told journalists Tuesday, according to a report from Russian news agency TASS.Several Snowden lawyers are negotiating his return to the U.S., Kucherena said. U.S. Attorney General Eric Holder has promised in a letter to Snowden’s lawyers that he would not face a death sentence, Kucherena added.To read this article in full or to leave a comment, please click here

Privacy advocates find Obama proposal lacking

A consumer privacy proposal from U.S. President Barack Obama’s administration gives people too little control over their personal data and companies too much latitude to use that information, a coalition of 14 privacy and digital rights groups said.The Obama administration’s consumer privacy bill of rights, released late Friday, allows companies holding personal data to determine whether consumers should be able to demand changes to the information, the groups said in a letter to Obama, sent Tuesday.The White House proposal contains several “shortcomings,” said the groups, including the Center for Democracy and Technology, Consumer Watchdog, Public Knowledge and the Electronic Frontier Foundation.To read this article in full or to leave a comment, please click here

Android users spammed with fake Amazon gift card offers

New malware spreading across Android devices via text messages promises free Amazon gift cards but delivers only spam to everyone on the device’s contact list.The “Gazon” threat, as it is called by IT security firm AdaptiveMobile, has already infected more than 4,000 Android phones in North America, making it the single largest text-based mobile malware attack against Android to date, according to the company. Gazon has also been seen on devices outside North America.Gazon has thus far spewed out more than 200,000 unsolicited SMS messages, luring some to click on a link promising free Amazon gift cards, an action that causes more messages to be sent out.To read this article in full or to leave a comment, please click here

EU data protection reform ‘badly broken,’ civil liberty groups warn

Leaked documents show that the European Union’s data protection is on its way to become an empty shell devoid of meaning, European civil rights groups warned Tuesday.The EU is busy overhauling its data protection rules, which date back to 1995. The European Commission and the European Parliament have already agreed on a draft regulation that seeks to modernize data protection rules to take new digital technologies into account.However, there is one more legislative body that has to sign off on the new rules: the Council of the EU, which consists of national ministers of EU member states.Since the Parliament approved the draft with minor changes in March last year, the Council has been busy changing the text. Ministers are expected to agree on how they want to reshape the text by Summer.To read this article in full or to leave a comment, please click here

China defends cybersecurity demands, amid complaints from U.S.

President Barack Obama isn’t happy with new rules from China that would require U.S. tech companies to abide by strict cybersecurity measures, but on Tuesday the country was quick to defend the proposed regulations.“All countries are paying attention to and taking measures to safeguard their own information security. This is beyond reproach,” said China’s Foreign Ministry spokesman Hua Chunying in a news briefing.She made the statement after Obama criticized a proposed anti-terror law that he said could stifle U.S. tech business in China. The legislation would require companies to hand over encryption keys to the country’s government, and create “back doors” into their systems to give the Chinese government surveillance access.To read this article in full or to leave a comment, please click here

iPhone theft victims tricked into unlocking devices

It seems there can be further indignity foisted onto people who’ve had their iPad or iPhone stolen.Symantec has discovered a campaign that aims to unlock Apple devices after they’ve been lost, which requires either the device’s passcode or the credentials for a person’s iCloud account.To get in contact with victims, the criminals appear to be relying on information displayed on the lost device, wrote Joji Hamada of Symantec in a blog post.Apple’s Find My iPhone feature has a “Lost Mode” that allows users to display a message on the screen of their lost device, such as a phone number, he wrote.To read this article in full or to leave a comment, please click here

Is data on your new Lollipop Android device encrypted? Maybe not

Some smartphone manufacturers are not configuring devices running the latest version of Android to automatically encrypt personal data, which Google had said would scramble data by default.Google has apparently left it up to manufacturers to turn encryption on or off, a surprising change that came after the company pledged last September to strengthen defenses around personal data.It’s unclear why Google did not publicize the change, although it is possible some hardware devices will not perform as well with encryption turned on. Analyst Canalys tweeted it was a wise move for Google, as many devices do not have the right hardware to accommodate it.To read this article in full or to leave a comment, please click here

D-Link patches router, says more fixes are on the way

D-Link issued fixes on Monday for flaws that could allow remote access to one of its routers, and will patch several other models in the coming week.The vulnerabilities were found by Peter Adkins, a systems engineer in Canada who said he alerted the company to the issues in early January and decided to publicize them last week after falling out of contact with D-Link.D-Link acknowledges Adkins’ findings in its advisory, which included three new firmware versions for its DIR-820L router. The company expects to release firmware updates in the next week for the DIR-626L, DIR-636L, DIR-808L, DIR-810L, DIR-826L, DIR-830L and DIR-836L.To read this article in full or to leave a comment, please click here

Finnish companies join forces to build secure OS for smartphones and tablets

Finnish companies Jolla and SSH Communications Security are counting on their European origins to help sell a secure mobile operating system they are co-developing.The need for more secure mobile communications has been apparent ever since former U.S. government contractor Edward Snowden made his revelations about National Security Agency (NSA) snooping.SSH is best known for the Secure Shell encrypted communications protocol invented by the company’s founder Tatu Ylönen. Jolla, founded in 2011 by a group of former Nokia employees, sells a smartphone running its open Sailfish OS, and will start shipping its first tablet running the OS next quarter.To read this article in full or to leave a comment, please click here

Finnish companies join forces to build secure OS for smartphones and tablets

Finnish companies Jolla and SSH Communications Security are counting on their European origins to help sell a secure mobile operating system they are co-developing. The need for more secure mobile communications has been apparent ever since former U.S. government contractor Edward Snowden made his revelations about National Security Agency (NSA) snooping. SSH is best known for the Secure Shell encrypted communications protocol invented by the company’s founder Tatu Ylönen. Jolla, founded in 2011 by a group of former Nokia employees, sells a smartphone running its open Sailfish OS, and will start shipping its first tablet running the OS next quarter.To read this article in full or to leave a comment, please click here

DoCoMo app shares SIM credentials with offline devices

Japanese mobile carrier NTT DoCoMo has developed an app that can wirelessly send authentication credentials to devices that are not connected to the Internet, allowing more hardware to get online or query the cloud.Potential applications of the technology include the ability to share mobile SIM user credentials such as phone numbers among multiple devices without the need to physically transfer a SIM card. It could also be used for giving online access to IoT (Internet of Things) hardware.Based on prototype hardware announced last year, the Portable SIM App for Android can transfer data with a wave of a hand. The carrier is exhibiting the app at Mobile World Congress this week in Barcelona.To read this article in full or to leave a comment, please click here

DoCoMo app shares SIM credentials with offline devices

Japanese mobile carrier NTT DoCoMo has developed an app that can wirelessly send authentication credentials to devices that are not connected to the Internet, allowing more hardware to get online or query the cloud. Potential applications of the technology include the ability to share mobile SIM user credentials such as phone numbers among multiple devices without the need to physically transfer a SIM card. It could also be used for giving online access to IoT (Internet of Things) hardware. Based on prototype hardware announced last year, the Portable SIM App for Android can transfer data with a wave of a hand. The carrier is exhibiting the app at Mobile World Congress this week in Barcelona.To read this article in full or to leave a comment, please click here

NSA authorization to collect bulk phone data extended to June 1

A U.S. secret court has extended until June 1 the controversial bulk collection of private phone records of Americans by the National Security Agency.The government said it had asked for reauthorization of the program as reform legislation, called the USA Freedom Act, was stalled in Congress. The bill would require telecommunications companies rather than the NSA to hold the bulk data, besides placing restrictions on the search terms used to retrieve the records.An added urgency for Congress to act comes from the upcoming expiry on June 1 of the relevant part of the Patriot Act that provides the legal framework for the bulk data collections. Under a so-called “sunset” clause, the provision will lapse unless it is reauthorized in some form or the other by legislation.To read this article in full or to leave a comment, please click here