If you're contemplating a career in cybersecurity and haven't come up to speed on Linux, now's the time to get ramped up and here's one easy way to do it. This new book from No Starch Press was written with people like you in mind. Authored by OccupyTheWeb, Linux Basics for Hackers: Getting Started with Networking, Scripting, and Security in Kali provides everything from basic Linux command-line skills through to scripting, manipulating logging, network scanning, using and abusing system services, and remaining stealthy in the process.Why Linux is important to security
Because Linux is open source, tool developers (and you) have a level of access that is unsurpassed. Linux is transparent, and that means you can learn to manipulate it in ways that are not possible with most OSes. In addition (and undoubtedly for the reason just mentioned), most cybersecurity tools are written to run on Linux.To read this article in full, please click here
When most enterprise companies worry about having their systems hacked by attackers, the main concern is for the enterprise networks. Few companies consider that their phone systems may be vulnerable to hacking resulting in costly toll fraud. Nevertheless, the practice of hacking into corporate PBX systems and injecting fraudulent calls over the network is causing billions of dollars in damage worldwide every year.Enterprise companies use modern PBX (private branch exchange) systems to run their communications. A PBX switches calls between enterprise users on local lines while allowing all users to share a certain number of external phone lines. Modern PBX systems work on the Session Initiation Protocol (SIP), which is a signaling protocol used for initiating, maintaining, and terminating real-time sessions that include voice, video, and messaging applications.To read this article in full, please click here
Guest host Juliet Beauchamp talks with senior writer J.M. Porup about the newly created cybersecurity insurance industry, and how a policy could fit into an organization's overall security strategy to help minimize risk.
Data created by Internet of Things (IoT) sensors must be secured better, say some. A simple password-on-device solution is no longer sufficient thanks to increasing data protection regulations, a new public awareness of tracking, and hugely proliferating devices. A new kind of architecture using Security Agents should be aggressively built into local routers and networks to handle IoT security and computation rather than offloading the number-crunching to a data center or the cloud, or indeed trying to perform it on the resource-limited IoT device, IEEE researchers say. In other words, IoT security should be handled at the network level rather than device for best results.To read this article in full, please click here
Address Space Layout Randomization (ASLR) is a memory-protection process for operating systems (OSes) that guards against buffer-overflow attacks. It helps to ensure that the memory addresses associated with running processes on systems are not predictable and, thus, flaws or vulnerabilities associated with these processes will be more difficult to exploit. ASLR is used today on Linux, Windows and MacOS systems. It was first implemented on Linux in 2005. In 2007, the technique was deployed on Microsoft Windows and MacOS. While ASLR provides the same function on each of these operating systems, it is implemented differently on each OS.The effectiveness of ASLR is dependent on the entirety of the address space layout remaining unknown to the attacker. In addition, only executables that are compiled as Position Independent Executable (PIE) programs will be able to claim the maximum protection from ASLR technique because all sections of the code will be loaded at random locations. PIE machine code will execute properly regardless of its absolute address.To read this article in full, please click here
Address Space Layout Randomization (ASLR) is a memory-protection process for operating systems that guards against buffer-overflow attacks. It helps to ensure that the memory addresses associated with running processes on systems are not predictable, thus flaws or vulnerabilities associated with these processes will be more difficult to exploit.ASLR is used today on Linux, Windows, and MacOS systems. It was first implemented on Linux in 2005. In 2007, the technique was deployed on Microsoft Windows and MacOS. While ASLR provides the same function on each of these operating systems, it is implemented differently on each one.The effectiveness of ASLR is dependent on the entirety of the address space layout remaining unknown to the attacker. In addition, only executables that are compiled as Position Independent Executable (PIE) programs will be able to claim the maximum protection from ASLR technique because all sections of the code will be loaded at random locations. PIE machine code will execute properly regardless of its absolute address.To read this article in full, please click here
The Internet Corporation for Assigned Names and Numbers will this week do some important housecleaning from its successful, first-ever cryptographic key change performed last October.In October ICANN rolled out a new, more secure root zone Key Signing Key -2017 (KSK-2017) but the process wasn’t complete as the old key, KSK-2010 remained in the zone. On January 10 ICANN will revoke the old key and remove it from the root zone. The KSK helps protect the internet’s address book – the Domain Name System (DNS) and overall Internet security.To read this article in full, please click here
The Internet Corporation for Assigned Names and Numbers (ICANN) this week will do some important housecleaning from its successful, first-ever cryptographic key change performed last October.In October, ICANN rolled out a new, more secure root zone Key Signing Key -2017 (KSK-2017), but the process wasn’t complete because the old key, KSK-2010 remained in the zone. On Jan. 10, ICANN will revoke the old key and remove it from the root zone. The KSK helps protect the internet’s address book — the Domain Name System (DNS) and overall Internet security.To read this article in full, please click here
This time of year, it can seem like the world is swimming in predictions for the new year, and the Internet of Things (IoT) is no exception. In fact, in fast-evolving areas like IoT, multitudes of trends and opportunities and challenges are in play, making predictions ridiculously easy — just about anything can happen, and probably will.[ Also read: Gartner’s top 10 IoT trends for 2019 and beyond | Get regularly scheduled insights: Sign up for Network World newsletters ]
So, my goal here is to identify a set of IoT predictions that are both likely to happen … and likely to have a significant impact on the development and implementation of the technology.To read this article in full, please click here
Cisco this week said it patched a “critical” patch for its Prime License Manager (PLM) software that would let attackers execute random SQL queries.The Cisco Prime License Manager offers enterprise-wide management of user-based licensing, including license fulfillment.RELATED: What IT admins love/hate about 8 top network monitoring tools
Released in November, the first version of the Prime License Manager patch caused its own “functional” problems that Cisco was then forced to fix. That patch, called ciscocm.CSCvk30822_v1.0.k3.cop.sgn addressed the SQL vulnerability but caused backup, upgrade and restore problems, and should no longer be used Cisco said.To read this article in full, please click here
It’s not necessarily easy to pick the coolest and wackiest tech stories of the year, especially when you have so much to choose from. Rather than trying to be all- inclusive as we have done in the past, see (here and here and here) we have tried to more “exclusive.” Have fun!To read this article in full, please click here
IDG
Software, software, and more software. That seems to be the mantra for Cisco in 2019 as the company pushes software-defined WANs, cloud partnerships, improved application programs, and its over-arching drive to sell more subscription-based software licenses.As the year closed on Cisco’s first quarter 2019 financials, the company was indeed touting its software growth, saying subscriptions were 57 percent of total software revenue, up five points year over year, and its application software businesses was up 18 percent to $1.42 billion. The company also said its security business, which is mostly software, rose 11 percent year over year to $651 million.To read this article in full, please click here
Unauthorized interception of DNS traffic provides enough information to ascertain internet users’ thoughts, desires, hopes and dreams. Not only is there concern for privacy from nearby nosey neighbors, but governments and corporations could use that information to learn about individuals’ internet behavior and use it to profile them and their organization for political purposes or target them with ads. Efforts like the DNS Privacy Project aim to raise awareness of this issue and provide pointers to resources to help mitigate these threats.To read this article in full, please click here(Insider Story)
The IoT era has arrived.Here's some proof: 83% of organizations say the Internet of Things (IoT) is important to business today, and 92% say it will be in two years.That's according to a recent DigiCert survey conducted by ReRez Research of 700 organizations in five countries to better understand the IoT and IoT security.Anecdotally, I always find that markets have matured when it’s no longer an unusual thing. For example, a few years ago, it was hard to find IoT deployments that were outside of the traditional machine-to-machine industries such as manufacturing and oil and gas. Today, connected things are everywhere. Case in point: I recently interviewed the IT director at an entertainment venue and he walked me through all the connected things without ever saying “IoT.” The organization was connecting more things to improve customer experience, and it was treated as no big deal.To read this article in full, please click here
Earlier this week, German carmaker Volkswagen announced an upgrade to its VW Car-Net mobile app that lets iPhone users control their Golfs and Jettas using Siri commands. Specifically, iPhone users on iOS 12 can say, “Hey, Siri” to lock and unlock the car, check estimated range remain, flash the warning lights, and toot the horn. You can also add Shortcuts to Siri with personalized phrases to start/stop charging, defrosting, and climate controls; set the temperature; and even ask, “Where is my car?”Woo-hoo, pretty exciting right? Not in most cases, actually, but the announcement got me thinking about the limits and perils of voice commands in automotive applications.To read this article in full, please click here
Everyone lives on the internet, period. Whether you’re streaming a standup special on Netflix, answering emails from your boss, chatting on Tinder, or completing everyday errands like paying bills online, you’re likely spending most of your day tangled up in the world wide web. Unfortunately, that makes you a high-risk candidate for a cyber attack at some point along the way, be it through malware, phishing, or hacking. Best-case scenario, it sucks up your time to fix (or your money by paying someone else to fix it). Worst case scenario, it puts you and your computer out of commission for days and damages your files beyond repair. Not to mention the sheer terror of knowing some hacker has complete and total access to virtually everything about you, including all of your banking and credit card information. Malwarebytes is a free program built to help you avoid the above scenarios altogether — and it makes traditional antivirus look old, tired, and played out (seriously it’s free, download it here).To read this article in full, please click here
Computer scientists at the University of California at Riverside have found that GPUs are vulnerable to side-channel attacks, the same kinds of exploits that have impacted Intel and AMD CPUs.Two professors and two students, one a computer science doctoral student and a post-doctoral researcher, reverse-engineered a Nvidia GPU to demonstrate three attacks on both graphics and computational stacks, as well as across them. The researchers believe these are the first reported side-channel attacks on GPUs.[ Read also: What are the Meltdown and Spectre exploits? | Get regularly scheduled insights: Sign up for Network World newsletters ]
A side-channel attack is one where the attacker uses how a technology operates, in this case a GPU, rather than a bug or flaw in the code. It takes advantage of how the processor is designed and exploits it in ways the designers hadn’t thought of.To read this article in full, please click here
iDrive has activated a significant discount on their Remote access software RemotePC in these days leading into Black Friday. RemotePC by iDrive is a full-featured remote access solution that lets you connect to your work, home or office computer securely from anywhere, and from any iOS or Android device. Right now, their 50 computer package is 90% off or just $6.95 for your 1st year. If you've been thinking about remote access solutions, now is a good time to consider RemotePC. Learn more about it here.To read this article in full, please click here
Despite the goal of keeping Web communications private, flaws in the design and implementation of Transport Layer Security have led to breaches, but the latest version – TLS 1.3 – is an overhaul that strengthens and streamlines the crypto protocol.What is TLS?
TLS is a cryptographic protocol that provides end-to-end communications security over networks and is widely used for internet communications and online transactions. It is an IETF standard intended to prevent eavesdropping, tampering and message forgery. Common applications that employ TLS include Web browsers, instant messaging, e-mail and voice over IP.To read this article in full, please click here
The Wi-Fi Alliance has introduced the first major security improvement to Wi-Fi in about 14 years: WPA3. The most significant additions to the new security protocol are greater protection for simple passwords, individualized encryption for personal and open networks, and even more secure encryption for enterprise networks.The original Wi-Fi Protected Access (WPA) standard was released back in 2003 to replace WEP, and the second edition of WPA came the year after. The third edition of WPA is a long-awaited and much-welcomed update that will benefit Wi-Fi industry, businesses, and the millions of average Wi-Fi users around the world—even though they might not know it.To read this article in full, please click here