Archive

Category Archives for "Network World Security"

Are you a Reckless Rebel or a Nervous Nellie when it comes to online privacy?

In an era of constant likes and shares, where is the privacy line drawn? Are you someone who worries about being watched as you purchase an item online? Or do you consider loss of privacy the price you pay for having the world at your fingertips.Forrester recently released a report that reveals the characteristics of users and the factors that go into how much – or how little – each category of user shares. “We frequently hear that Millennials don’t care about privacy — just look at everything they share on social media! But this ignores the fact that Millennials actually manage their online identities quite aggressively.""While it may appear that they overshare online, they use privacy settings, ephemeral messaging, and browser plug-ins to control who sees what about them. This is exactly how most of us behave in the physical world: Our willingness to share personal information with specific people changes depending on our relationship with them.”To read this article in full or to leave a comment, please click here

How to protect your data, your vehicles, and your people against automotive cyber threats?

Modern vehicles increasingly connect to the rest of the world via short range wireless technologies such as Wi-Fi and Bluetooth, wired interfaces such as OBD-II and USB, long range wireless communications such as 4G and the coming 5G for internet, and services such as OnStar, LoJack, and Automatic, to name only some. That world includes your enterprise and the criminal hackers and cyber carjackers who want to undo your data, your corporate fleets, and your people.The costs of their attacks include exposure of personal identifiable information and private data, and exposure or destruction of valuable intellectual property, according to Eric Friedberg, co-president at Stroz Friedberg. Loss of life in the midst of vehicle destruction/collision weighs heavily as a potential personal, professional, and corporate cost, as well.To read this article in full or to leave a comment, please click here(Insider Story)

That Heartbleed problem may be more pervasive than you think

 That lingering Heartbleed flaw recently discovered in 200,000 devices is more insidious than that number indicates.According to a report posted by Shodan, the Heartbleed vulnerability first exposed in April 2014 was still found in 199,594 internet-accessible devices during a scan it performed last weekend.But according to open-source security firm Black Duck, about 11% of more than 200 applications it audited between Oct. 2015 and March 2016 contained the flaw, which enables a buffer overread that endangers data from clients and servers running affected versions of OpenSSL.To read this article in full or to leave a comment, please click here

Trump administration is giving us a good lesson on Twitter security

Several recent incidents involving U.S. President Donald Trump's administration can teach users something about IT security -- particularly about Twitter and what not to do with it.It turns out that several White House-related Twitter accounts -- including the president's official account, @POTUS -- until recently were revealing sensitive information that hackers might be able to exploit.The problem revolves around the service’s password reset function. If the account holder doesn't take certain steps to secure it, Twitter exposes information that anyone with the right skills can use to uncover what email address -- in redacted form -- was used to secure a Twitter account.To read this article in full or to leave a comment, please click here

U.S. companies spending millions to satisfy Europe’s GDPR

Ninety-two percent of U.S. multinational companies cited compliance with the looming General Data Protection Regulation (GDPR) as a top data protection priority, according to new research from PwC. Sixty-eight percent are earmarking between $1 million and $10 million on GDPR readiness and compliance efforts, with 9 percent expecting to spend over $10 million, says Jay Cline, PwC’s U.S. privacy leader.Cline says PwC ‘slatest survey showed that fear remains the biggest motivator for U.S. CIOs, who are “connecting the dots” after watching data breaches lead to lost revenues, regulatory fines and the erosion of consumer trust. “U.S. companies see the connection between doing privacy well and greater revenues and consumer trust,” says Cline, who surveyed 200 CIOs, CISOs and other C-suite executives.To read this article in full or to leave a comment, please click here

Gmail will block JavaScript attachments, a common source of malware

Starting Feb. 13, Google will no longer allow JavaScript attachments on its Gmail service, killing one of the main methods of malware distribution over the past two years.Users will no longer be able to attach .JS files to emails in Gmail, regardless of whether they attach them directly or they include them in archives like .gz, .bz2, .zip or .tgz. For those rare cases when such files need to be shared via email, users can upload them to a storage service like Google Drive and then share the link.The .JS file extension will be added an existing list of other banned file attachments that includes: .ADE, .ADP, .BAT, .CHM, .CMD, .COM, .CPL, .EXE, .HTA, .INS, .ISP, .JAR, .JSE, .LIB, .LNK, .MDE, .MSC, .MSP, .MST, .PIF, .SCR, .SCT, .SHB, .SYS, .VB, .VBE, .VBS, .VXD, .WSC, .WSF and .WSH. Most of these file types have long been abused by cybercriminals to send malware via email.To read this article in full or to leave a comment, please click here

Commuting Chelsea Manning’s Sentence Was Just and Proper

Before leaving office, President Barack Obama commuted the sentence of former Army soldier Chelsea (Bradley) Manning.  At the time, Manning was serving a sentence of 35 years for leaking classified material to WikiLeaks in 2010.  This material was subsequently published by WikiLeaks, embarrassing the US government and exposing several previously undocumented war crimes that took place in Afghanistan and Iraq.  The President’s decision to commute Manning’s sentence was extremely controversial.  The verdict was made over the objection of Secretary of Defense Ashton Carter, while other military and government officials quickly criticized Obama’s pronouncement.   Just today, President Trump referred to Manning as an “ungrateful traitor” who should have never been released from prison on Twitter.To read this article in full or to leave a comment, please click here

Commuting Chelsea Manning’s sentence was just and proper

Before leaving office, President Barack Obama commuted the sentence of former Army soldier Chelsea (Bradley) Manning. At the time, Manning was serving a sentence of 35 years for leaking classified material to WikiLeaks in 2010. This material was subsequently published by WikiLeaks, embarrassing the U.S. government and exposing several previously undocumented war crimes that took place in Afghanistan and Iraq.  The President’s decision to commute Manning’s sentence was extremely controversial.  The verdict was made over the objection of Secretary of Defense Ashton Carter, while other military and government officials quickly criticized Obama’s pronouncement.   Just today, President Trump on Twitter referred to Manning as an “ungrateful traitor” who should have never been released from prison.To read this article in full or to leave a comment, please click here

Chrome, Firefox start warning users when websites use insecure HTTP logins

The war on insecure webpages has begun, and Mozilla fired the first shot.Recently, Mozilla rolled out Firefox 51 to its mainstream user base. With the new release comes an insecure warning on any page that offers a login form over an HTTP connection instead of HTTPS. Chrome plans to follow suit with version 56, expected to be released to mainstream users on Tuesday, January 31, as Ars Technica first pointed out.MORE ON NETWORK WORLD: 6 simple tricks for protecting your passwords HTTP uses an open, unencrypted connection between you and the website you’re visiting that could be intercepted by anyone monitoring traffic between you and the site. For that reason, it’s never a good idea to share login or credit card information over an HTTP connection. Most major sites offer the encrypted version—HTTPS—but every now and then you’ll come across a site that doesn’t.To read this article in full or to leave a comment, please click here

Face-off: Oracle vs. CA for identity management

Employees come and go, or switch departments, so IT managers seek an automated way to give (or deny) them access privileges to corporate systems. Two of the top software products for identity and access management (IAM) are Oracle Identity Manager and CA Identity Manager, according to IT Central Station, an online community where IT professionals review enterprise products.Both products have their fans who say the sophisticated software helps them handle routine access tasks … without paperwork. But users also note that there are areas where the products have room for improvement — areas such as the user interface, initial setup and vendor tech support, according to reviews at IT Central Station. Plus, several users said the vendors need to migrate these products to the cloud.To read this article in full or to leave a comment, please click here(Insider Story)

IDG Contributor Network: Thales Data Threat Report: Security spending up, but so are breaches

It’s interesting seeing how much money technology vendors spend on surveys that (at least most often) justify their own existence. It would be easy to be cynical about them, but beyond the self-serving aspects of it all, the data these surveys generate is interesting as a general “state of the nation” assessment.A good case in point is Thales' new Data Threat Report (pdf). Thales is a huge vendor that employs over 60,000 people across 56 countries. With multibillion euro revenue, it makes sense for the company to increase the perception that it is a thought leader in its field. And Thales' field is a big one. It is a systems integrator, equipment supplier and service provider in the aerospace, transport, defense and security markets. A major part of the company's offering lies around cybersecurity. This report is, therefore, very much in its wheelhouse.To read this article in full or to leave a comment, please click here

Top data breach trends in 2016 — Phishing, skimming rise; hacking holds ground

When news broke in December of a massive data breach at Yahoo, it was met with a collective “This, again? Didn’t they just report a breach?” The company had, in fact, reported a record-breaking breach of 500 million user accounts three months earlier, but it was dwarfed by the December breach, which impacted over 1 billion records.That pair of record breaking breaches was a fitting way to cap off a year marked by massive data breaches. As security intelligence provider Risk Based Security (RBS) points out in its newly-released 2016 Data Breach Trends report, “six 2016 breaches have taken their place on the Top 10 List of All Time Largest Breaches.”To read this article in full or to leave a comment, please click here(Insider Story)

Self-protection is key to Linux kernel security

Linux has quietly taken over the world. The operating system now powers the large datacenters that make all our cloud applications and services possible, along with billions of Android devices and internet-connected gadgets that comprise the internet of things (IoT). Even the systems that handle the day-to-day operations on the International Space Station run Linux.The fact that Linux is everywhere makes kernel security the highest priority. An issue in the kernel can easily create ripples that are felt by practically everyone. Finding and fixing vulnerabilities in the kernel is only one aspect of Linux security; enabling the kernel to withstand attacks is even more vital.To read this article in full or to leave a comment, please click here(Insider Story)

A new service for the less techie criminals

Sketchy charactersImage by ThinkstockYou’ve heard of big business owners like Jeff Bezos, Larry Page and Warren Buffet. However, did you know there’s a long list of business owners, all of who have access to millions of dollars at their fingertips, that you’ll never hear about. These people are the owners of crimeware-as-a-service (CaaS) businesses. For underground cybercriminals, CaaS provides a new dimension to cybercrime by making it more organized, automated and accessible to criminals with limited technical skills. Today, cybercriminals can develop, advertise and sell anything from a botnet to a browser exploit pack or DDoS attack toolkits. Aditya K Sood, director of security and cloud threat labs at Blue Coat Systems, a part of Symantec, details how cybercriminals can obtain sensitive data, like credit card numbers, names and addresses, with just a couple of clicks and a payment.To read this article in full or to leave a comment, please click here

Password-free security uses voice, user behavior to verify identity

Tired of conventional passwords? So is Nuance Communications, a tech firm that is promoting the human voice as a way to secure user accounts.The company’s voice biometric product is among the technologies that promise to replace traditional -- and often vulnerable -- password authentication systems, which can be easy to hack. That isn’t the case with Nuance’s solution, the company claims.   “To determine if it’s you or not, we are looking at over 100 different characteristics of your voice,” said Brett Beranek, Nuance’s director of product strategy.The problem with passwords The need to move beyond passwords hasn’t been more urgent, given that hackers are routinely finding ways to steal them. Last year, Yahoo, LinkedIn and Dropbox all reported major data breaches involving account details such as email addresses and hashed passwords.  To read this article in full or to leave a comment, please click here

Get 72% off NordVPN Virtual Private Network Service For a Limited Time – Deal Alert

NordVPN gives you a private and fast path through the public Internet. All of your data is protected every step of the way using revolutionary 2048-bit SSL encryption even a supercomputer can’t crack. Access Hulu, Netflix, BBC, ITV, Sky, RaiTV and much more from anywhere in the world. Unmetered access for 6 simultaneous devices. You're sure to find dozens of good uses for a VPN. Take advantage of the current 72% off deal that makes all of this available to you for just $3.29/month (access deal here). This is a special deal available for a limited time.To read this article in full or to leave a comment, please click here

Trump fence-sitting on encryption backdoors can’t last

It looks like the Donald Trump administration is interested in encryption backdoors, but, like his predecessor’s, so far it has fallen short of coming out for them or against them. Trump himself famously urged a boycott of Apple for refusing to help the FBI crack an iPhone used by the terrorist who attacked in San Bernardino, Calif., which indicated he favored backdoors. But that was last year. The latest comes from Sen. Jeff Sessions, Trump’s nominee for attorney general, who says he favors strong encryption but also favors law enforcement being able to “overcome encryption” when necessary.To read this article in full or to leave a comment, please click here

US Park Service tweets were result of old Twitter passwords

Two instances of tweets from U.S. National Park Service accounts that became political hot potatoes in the last few days were the result of bad password management, according to officials.The first incident took place on inauguration day when the main National Park Service account retweeted images from a CNN reporter that compared unfavorably the crowd size at President Donald Trump's inauguration with that of President Barack Obama's in 2009.When Trump began to openly dispute the images and smaller crowd sizes, the National Park Service deleted the retweet and apologized."We regret the mistaken RTs from our account yesterday and look forward to continuing to share the beauty and history of our parks with you," it said on Saturday.To read this article in full or to leave a comment, please click here

What to ask IDaaS vendors before you buy

Identity as a service (IDaaS), also known as identity and access management as a service, uses a cloud infrastructure for securely managing user identities and access enforcement. At its most basic level, IDaaS enables single sign-on (SSO) for systems in the cloud or on-premises, but it goes well beyond that to include access provisioning and deprovisioning, governance and analytics.Leading vendors in the IDaaS field in 2016 (per Gartner) included Okta, Microsoft and Centrify, with OneLogin, Ping Identity, SailPoint, Covisint, Salesforce, Lighthouse Security (IBM) and EMC/RSA figuring prominently as well. Although each company offers IDaaS, differences in feature sets and capabilities can make one solution preferable over the others for a particular organization.To read this article in full or to leave a comment, please click here(Insider Story)

Ransomware makes California nursing school feel ill

About three months ago, an instructor at Gurnick Academy, a California-based nursing school, had his biggest fear come alive. When he tried to access his lectures, the files were encrypted. The teacher was literally locked out of his classroom.If it wasn’t for a quick acting IT department, the entire school might have been in the same situation. They noticed the incident at the early stage and managed to prevent the encryption from spreading by disconnecting the infected device from the corporate network.Val Paschenko, IT department manager at the school, said the instructor was met with a ransomware note demanding 1 bitcoin or $740 in exchange for the files to be decrypted. The instructor called support and requested to get his files back, but it was already too late. He lost some recently created files, and he needed to redo some of his work. It took a few hours to reinstall the OS and configure everything; obviously during that time he was not able to work on his PC. To read this article in full or to leave a comment, please click here