U.S. businesses and government agencies need to work more closely together to combat the growing threat of cyberattacks, President Barack Obama said Friday.Calling on U.S. agencies and businesses to share more cyberthreat information, Obama said he had signed an executive order intended to encourage more cooperation.Protecting against cyberattacks “has to be a shared mission,” Obama said during a speech at Stanford University. “Government cannot do this alone, but the fact is, the private sector cannot do this alone either.”To read this article in full or to leave a comment, please click here
Apple CEO Tim Cook has warned of “dire consequences” if tech companies can’t protect the privacy of those who use their products.Giving up our privacy to digital technologies exposes us to greater risks than just identity theft and financial losses—serious though those things are, Cook said in a brief speech at a cybersecurity summit in Silicon Valley on Friday.“History has shown us that sacrificing our right to privacy can have dire consequences,” Cook said.“We still live in a world where all people are not treated equally. Too many people do not feel free to practice their religion or express their opinion or love who they choose—or love who they choose,” he repeated for emphasis, “in a world in which that information can make the difference between life or death.”To read this article in full or to leave a comment, please click here
Senior U.S. government officials came to Silicon Valley on Friday to deliver a direct appeal to executives from major companies and the cybersecurity industry: work with us so the nation will be better protected from cyberattacks.The charm offensive, which includes a speech by President Barack Obama, comes as a new government agency is being formed to oversee preventive and reactive response to cyberattacks: the U.S. Cyber Threat Intelligence Integration Center. That’s part of the government’s response to the growing number of cyberattacks on large corporations, like Target and Sony Pictures, but the cooperation of industry is not guaranteed.Lisa Monaco, a senior advisor to President Obama on homeland security and counterterrorism, said she worried that the type of cyberattack that targeted Sony could become the norm in the future if more isn’t done.To read this article in full or to leave a comment, please click here
In the latest Internet of Things security blunder, personal weather station devices made by Netatmo were found sending users’ Wi-Fi passwords back to the company over unencrypted connections.Netatmo weather stations can be used to monitor indoor and outdoor temperature, humidity, carbon dioxide levels and overall air quality. Users can see the data collected by their stations in real-time through an app installed on their phones, tablets or computers.The public weather map on Netatmo’s website shows that thousands of such devices are installed around the world.When the weather stations are first configured, users need to give them access to their Wi-Fi networks, so they can transmit sensor readings to the Netatmo cloud over the Internet.To read this article in full or to leave a comment, please click here
Despite privacy concerns and doubts over its usefulness, a plan to track passengers entering or leaving the European Union in a series of national databases is likely to become reality by the end of the year.The call to build national databases of so-called passenger name records (PNRs) has become louder since the recent terror attacks in Paris in which 17 people were killed. EU countries have argued that storing data about who has flown where, and when, would help law enforcement with the prevention, detection, investigation and prosecution of terrorist offenses and serious transnational crime.The plan is for airlines to send data collected during reservation and check-in procedures, including travel itineraries, ticket information and contact details, to an authority of the relevant country. That authority would be responsible for analyzing the data and sharing its analysis with other competent authorities, including those in other countries.To read this article in full or to leave a comment, please click here
Obama visits Silicon Valley to headline cybersecurity summitThe White House is heading west to Silicon Valley on Friday looking for ideas on how to improve the nation’s cybersecurity. At the first-of-its-kind summit at Stanford University, U.S. President Barack Obama is expected to sign an executive order that urges companies to share threat information with one another and with the government. There are some areas of discord between the government and the tech industry: surveillance and encryption. Apple CEO Tim Cook is the most high-profile executive in attendance, while top execs from Google, Facebook and Yahoo declined invitations to attend (but will be represented in discussions at the event).To read this article in full or to leave a comment, please click here
In addition to personal phone numbers and email addresses for hundreds of people who corresponded with him, there’s something else inside the cache of emails that Jeb Bush released this week: computer viruses.Earlier this week, Bush, who some tip as a presidential hopeful, released thousands of emails from his time as governor of Florida, when he promoted his “[email protected]” email address as a way for voters to interact with him. The emails were released unredacted—a deliberate move intended to demonstrate transparency but one that backfired because the messages included the names, email addresses and phone numbers of thousands of people.Alongside a Web interface to read the emails, Bush also offered raw Microsoft Outlook files, and it’s in those files where the viruses lurked in file attachments.To read this article in full or to leave a comment, please click here
A long-standing effort to extend privacy protections to email and other data in the cloud got new life Thursday when U.S. lawmakers introduced not one, but two bills to reform the country’s electronic privacy laws.Both the Law Enforcement Access to Data Stored Abroad Act, called the LEADS Act, and the Electronic Communications Privacy Amendments Act would require law enforcement agencies to get court-ordered warrants to search data that’s been stored on Web-based or cloud-based services for more than 180 days.Under the 29-year-old Electronic Communications Privacy Act [ECPA], law enforcement agencies do not need a court-ordered warrant to search unopened email stored with a vendor for longer than 180 days, although they do need court approval to access unopened email less than 180 days old.To read this article in full or to leave a comment, please click here
A wave of cyberattacks aimed at government-related websites in Nigeria, Ghana and Senegal over the last two months has triggered a debate over how to bolster online security and deal with politically motivated hacking.A popular Senegalese news site, Seneweb and the website of the government’s ICT management agency, L’Agence De l’Informatique de l’Etat (ADIE), were the first to be hacked in the latest round of attacks, in December and January, respectively (though the Seneweb hack was not disclosed until January).The attacks were reportedly launched in response to Senegalese President Macky Sall’s participation in a rally in support of the French magazine, Charlie Hebdo. Twelve people were killed on Jan. 7 by two heavily armed men at the Paris office of satirical news weekly Charlie Hebdo. The attack was reportedly prompted by satirical material involving Muslim themes and historical figures.To read this article in full or to leave a comment, please click here
Internet Explorer is getting major repairs, as Microsoft has issued 41 patches to fix memory vulnerabilities in its browser.The Internet Explorer patches are part of the company's routine monthly release of security and bug fixes for its software products, called "Patch Tuesday." Microsoft Office and both the desktop and server editions of Windows are also getting fixes in this batch.Overall, Microsoft issued patches to cover 56 different vulnerabilities, which are bundled into nine separate security bulletins.Three of the bulletins are marked as critical, meaning they fix vulnerabilities that could be exploited by malicious attackers without user intervention. System administrators should tend to critical vulnerabilities as quickly as possible. These bulletins cover Internet Explorer and both the server and desktop editions of Windows.To read this article in full or to leave a comment, please click here
When it comes to unified threat management appliances aimed at the SMB market, vendors are finding a way to fit additional security features into smaller and more powerful appliances.
In 2013, we looked at nine UTMs. This time around we reviewed six products: the Calyptix AccessEnforcer AE800, Check Point Software’s 620, Dell/Sonicwall’s NSA 220 Wireless-N, Fortinet’s FortiWiFi-92D, Sophos’ UTM SG125 and Watchguard Technologies’ Firebox T10-W. (Cisco, Juniper and Netgear declined to participate.)
We observed several megatrends across all the units that we tested:To read this article in full or to leave a comment, please click here(Insider Story)
When you travel, a whole fleet of electronics come with you. Smartphone and laptop are a given, but there’s a good chance you’re also toting a tablet, and maybe a cellular hotspot or dedicated GPS.All of them are juicy targets for bad guys. Here’s how to make sure your devices’ travels are just as safe as your own.Protect yourself on public Wi-Fi
Public Wi-Fi hotspots are essential. They’re like an oasis in the disconnected desert when you run into their blessed signal in coffee shops, airports, or even public parks. But wide-open Wi-Fi hotspots can also be dangerous.To read this article in full or to leave a comment, please click here
As our lives increasingly go digital, security is a major concern not only for the various online services we use, but also for the devices on which we save our data. Chances are that if you’re reading this article, you own a Mac. And on your Mac, you’d like much of the work you do on it to be kept private.MORE ON NETWORK WORLD: Free security tools you should try
While OS X is relatively secure by default, there are some additional steps you can take to ensure the data on your Mac is only accessible by you, even if your Mac is stolen. Take the following tips to heart to better protect your Mac and its data.To read this article in full or to leave a comment, please click here
Many women gamers and developers, as well as those who support them, have lately come under attack from online trolls. A common intimidation tactic that trolls use is "doxxing," or publicly exposing their targets' personal details, including home address, phone number and even financial records.To read this article in full or to leave a comment, please click here
On the surface, the critical “Shellshock” bug revealed this week sounds devastating. By exploiting a bug in the Bash shell command line tool found in Unix-based systems, attackers can run code on your system—essentially giving them access to your system. Bad guys are already developing exploits that use Shellshock to crack your passwords and install DDoS bots on computers. And since Bash shell is borderline ubiquitous, a vast swath of devices are vulnerable to Shellshock: Macs, Linux systems, routers, web servers, “Internet of Things” gizmos, you name it.To read this article in full or to leave a comment, please click here
A lot of people right now are selling their old iPhones and iPad minis to trade up to the supersized iPhone 6 models. Unfortunately, I suspect some of them are being scammed out of their devices — I nearly was.I’m itching for a 64GB iPhone 6 Plus (Space Gray, please). To partly finance Apple’s turkey-platter-sized phablet, I decided to sell my first-generation iPad mini on Amazon. That’s where my scamming saga begins.Within one day of listing the tablet, I received an Amazon email from "Kimberly." She expressed interested in my mini and asked me to send pictures to her personal Yahoo email address.It seemed like a reasonable request, so I emailed a few pictures to her. She soon replied via her Yahoo email and asked for my Amazon seller name. I was a tad suspicious because she was communicating with me directly instead of going through Amazon’s messaging system, but I replied.To read this article in full or to leave a comment, please click here
Whatever your primary OS, Linux distro Tails 1.0 offers a plethora of security features to help you work online without worrying about privacy issues.These days, it seems as though anyone who uses the Internet is a tasty morsel for insatiable data thieves. Marketers, governments, criminals and random snoops won't be satisfied until they can snarf whatever information they want about us at any time.If you want to dodge ad trackers, have sensitive sources to protect or you just want to conduct your normal online activities without being spied on, then The Amnesiac Incognito Live System (better known as Tails) could help.To read this article in full or to leave a comment, please click here
You can't see some malware until it's too late. Sophisticated attacks arrive in pieces, each seemingly benign. Once these advanced attacks reassemble, the target is already compromised.FireEye takes a new approach to malware detection with its NX appliances. As this Clear Choice test shows, the FireEye device allows advanced malware to proceed – but only onto virtual machines running inside the appliance.In our tests, the FireEye appliance performed flawlessly. It detected all the multi-stage malware samples we threw at it, including some involving recent zero-day exploits. The top-of-the-line NX 10000 ran at speeds beyond 4Gbps in inline mode, and at better than 9Gbps in tap mode, both with and without attack traffic present.To read this article in full or to leave a comment, please click here
If you are ultra paranoid, what could be better than hiding your network traffic in such a way that no one could possibly intercept it? This is what Unisys is offering with its new Stealth appliance, which could make man-in-the-middle attacks and keylogger exploits obsolete, or at least more difficult to mount.Stealth has been around since 2005 when it was developed exclusively for the Defense Department. Several years ago Unisys took it to commercial enterprises and has paid for various independent tests to try to compromise the system, all of which have failed.This is because Stealth uses four layers of security: each packet is encrypted with AES256, then split into three separate pieces and dispersed across the network, destined for a particular group of users that have to be running its protocols.To read this article in full or to leave a comment, please click here