Archive

Category Archives for "Networking"

Ask.com serves as a conduit for malware – again

Businesses that allow the Ask.com toolbar in their environments might want to rethink that after endpoints equipped with the browser add-on were compromised last November and then again the very next month using pretty much the same attack methods.In both cases attackers managed to infiltrate the Ask.com updater infrastructure to the point that they used legitimate Ask signing certificates to authenticate malware that was masquerading as software updates.And in both cases Ask Partner Network (APN), which distributes the Ask.com toolbar, told the security vendors who discovered the incidents that it had fixed the problem. The first one was discovered by security vendor Red Canary, and the second was caught by Carbon Black, whose researchers just wrote about it in their company blog.To read this article in full or to leave a comment, please click here

Ask.com serves as a conduit for malware – again

Businesses that allow the Ask.com toolbar in their environments might want to rethink that after endpoints equipped with the browser add-on were compromised last November and then again the very next month using pretty much the same attack methods.In both cases attackers managed to infiltrate the Ask.com updater infrastructure to the point that they used legitimate Ask signing certificates to authenticate malware that was masquerading as software updates.And in both cases Ask Partner Network (APN), which distributes the Ask.com toolbar, told the security vendors who discovered the incidents that it had fixed the problem. The first one was discovered by security vendor Red Canary, and the second was caught by Carbon Black, whose researchers just wrote about it in their company blog.To read this article in full or to leave a comment, please click here

Cobol plays major role in U.S. government breaches

New research is turning on its head the idea that legacy systems -- such as Cobol and Fortran -- are more secure because hackers are unfamiliar with the technology.New research found that these outdated systems, which may not be encrypted or even documented, were more susceptible to threats.By analyzing publicly available federal spending and security breach data, the researchers found that a 1% increase in the share of new IT development spending is associated with a 5% decrease in security breaches."In other words, federal agencies that spend more in maintenance of legacy systems experience more frequent security incidents, a result that contradicts a widespread notion that legacy systems are more secure," the paper found. The research paper was written by Min-Seok Pang, an assistant professor of management information systems at Temple University, and Huseyin Tanriverdi, an associate professor in the Information, Risk and Operations Department at the University of Texas at Austin.To read this article in full or to leave a comment, please click here

Cobol plays major role in U.S. government breaches

New research is turning on its head the idea that legacy systems -- such as Cobol and Fortran -- are more secure because hackers are unfamiliar with the technology.New research found that these outdated systems, which may not be encrypted or even documented, were more susceptible to threats.By analyzing publicly available federal spending and security breach data, the researchers found that a 1% increase in the share of new IT development spending is associated with a 5% decrease in security breaches."In other words, federal agencies that spend more in maintenance of legacy systems experience more frequent security incidents, a result that contradicts a widespread notion that legacy systems are more secure," the paper found. The research paper was written by Min-Seok Pang, an assistant professor of management information systems at Temple University, and Huseyin Tanriverdi, an associate professor in the Information, Risk and Operations Department at the University of Texas at Austin.To read this article in full or to leave a comment, please click here

Windows 10 ‘servicing stack’ update cripples some PCs

Some users have reported that one of this week's Windows 10 updates crippled their PCs, according to a thread on Reddit.They fingered the KB4013418 update as the most likely culprit. That update was marked simply as "Update for Windows 10 Version 1607" in Windows Update, and in the accompanying support document, tagged as a "servicing stack update."[ Related: Fix Windows 10 problems with these free Microsoft tools ] In Microsoft's parlance, a servicing stack consists of the executable file and associated libraries needed to install Windows and its updates.To read this article in full or to leave a comment, please click here

Google pulls virtual assistant ad after user outcry

Google Home users got a surprise on Thursday when their virtual assistants cheerily mentioned that the live-action remake of “Beauty and the Beast” is opening in theaters this weekend.The ad seems to pop up when users ask for a rundown of their day, which kicks off the Home’s “My Day” feature. That feature is supposed to offer users information about the weather, their calendars and relevant news. But at the end of the rundown, the Google Assistant offered the following unsolicited tidbit, according to a video posted to Twitter by Bryson Meunier :“By the way, Disney’s live action 'Beauty and The Beast' opens today,” it says. “In this version of the story, Belle is the inventor instead of Maurice. That rings truer, if you ask me. For some more movie fun, ask me something about Belle.”To read this article in full or to leave a comment, please click here

Augmented and virtual reality to see aggressive growth by 2021

Augmented and virtual reality are catching on, even if it is still early days for both.While some analysts at Strategy Analytics worry there aren't enough engaging 360-degree VR movies and other content on the market, IDC analysts on Thursday said there are plenty of early business-focused rollouts of AR to justify optimism.[ To comment on this story, visit Computerworld's Facebook page. ] IDC pointed to medical, industrial and marketing applications already in use and predicted a bullish, 10-fold spike for AR and VR headsets by 2021.To read this article in full or to leave a comment, please click here

Recruiters: Coding talent needed, degree optional

Employers who once focused on finding software development talent from top universities are now hiring developers who learned the trade from coding bootcamps, junior colleges, and online resources, technical recruiter HackerRank says.To read this article in full or to leave a comment, please click here(Insider Story)

Do you have an incident response plan in place?

Details matter when developing an incident response (IR) plan. But, even the most successful IR plans can lack critical information, impeding how quickly normal business operations are restored.This guide from Cybereason takes a closer look at nine of the often forgotten, but important steps that you should incorporate into your IR plan.Preparation across the entire companyGood security leaders should be able to get people from across the company to help develop the IR plan. While CISOs will most likely manage the team that handles the threat, dealing with the fallout from a breach requires the efforts of the entire company.To read this article in full or to leave a comment, please click here(Insider Story)

Future of tech policy murky under Trump administration

At the outset of the Trump presidency, there is considerable uncertainty around what the new administration might mean for tech policy, a deeply complex set of issues that were largely out of view on the campaign trail.As a candidate, Trump did not articulate a tech policy agenda, though he stressed the need for a tougher posture on cybersecurity.[ Related: What to expect from the Trump administration on cybersecurity ]Now in the Oval Office, Trump has a range of areas where he could advance polices that impact the tech sector, from immigration to privacy to curbing regulations on emerging technologies such as drones and health IT applications.To read this article in full or to leave a comment, please click here

Experts divided on value of Cyber National Guard

This past weekend at SXSW, two Congressmen suggested that the U.S. create a cybersecurity reserves system, similar to the National Guard, but the idea has received a mixed welcome from the cybersecurity community.According to House Rep. Will Hurd, a Republican from Texas, a national cybersecurity reserve could help strengthen national security and bring in a diversity of experience. Hurd, who has a degree in computer science from Texas A&M, has served as an undercover CIA officer and has worked as a partner at cybersecurity firm FusionX.He has been pitching the idea of a Cyber National Guard for a while, and has suggested that the government could forgive student loan debt for those who serve. It would also help ensure a cross-pollination of experience between government and industry.To read this article in full or to leave a comment, please click here

Experts divided on value of Cyber National Guard

This past weekend at SXSW, two Congressmen suggested that the U.S. create a cybersecurity reserves system, similar to the National Guard, but the idea has received a mixed welcome from the cybersecurity community.According to House Rep. Will Hurd, a Republican from Texas, a national cybersecurity reserve could help strengthen national security and bring in a diversity of experience. Hurd, who has a degree in computer science from Texas A&M, has served as an undercover CIA officer and has worked as a partner at cybersecurity firm FusionX.He has been pitching the idea of a Cyber National Guard for a while, and has suggested that the government could forgive student loan debt for those who serve. It would also help ensure a cross-pollination of experience between government and industry.To read this article in full or to leave a comment, please click here

Microsoft ends updates for Windows 7/8.1 on new processors

As it promised, Microsoft has stopped issuing updates for Windows 7 and Windows 8.1 users whose PCs run Intel's seventh-generation processors (codename Kaby Lake), AMD's seventh-generation processors (Bristol Ridge), and Qualcomm's 8996 processor or newer. It's also likely that AMD's new Ryzen processor is included in that list. Bristol Ridge is a slightly older processor made on an older core design.Mainstream support for Windows 7 ended on January 2015, but extended support—in other words, patches—is supposed to continue until January 2020. Support for Windows 8.1 runs through next year and support ends in 2023. However, Windows 7 and Windows 8.1 PCs running these new CPUs will not scan for updates or download them from Windows Update. Windows 7 and Windows 8.1 users with new processors who run the Windows Update tool get one of two messages. The first is straightforward: To read this article in full or to leave a comment, please click here

Epoch Rollover: Coming Two Years Early To A Router Near You!

The 2038 Problem

Broken Time? -  Roeland van der Hoorn
Many computer systems and applications keep track of time by counting the seconds from "the epoch", an arbitrary date. Epoch for UNIX-based systems is the stroke of midnight in Greenwich on 1 January 1970.

Lots of application functions and system libraries keep track of the time using a 32-bit signed integer, which has a maximum value of around 2.1 billion. It's good for a bit more than 68 years worth of seconds.

Things are likely to get weird 2.1 billion seconds after the epoch on January 19th, 2038.

As the binary counter rolls over from 01111111111111111111111111111111 to 10000000000000000000000000000000, the sign bit gets flipped. The counter will have changed from its farthest reach after the epoch to its farthest reach before the epoch. time will appear to have jumped from early 2038 to late 1901.

Things might even get weird within the next year (January 2018!) as systems begin encounter freshly minted CA certificates with expirations after the epoch rollover (it's common for CA certificates to last for 20 years.) These certificates may appear to have expired in late 1901, over a century prior to their Continue reading

Yahoo breach exposes the drawbacks of state-sponsored hacking

When governments turn to private hackers to carry out state-sponsored attacks, as the FBI alleges Russia did in the 2014 breach of Yahoo, they're taking a big risk. On the one hand, it gives them a bit of plausible deniability while reaping the potential spoils of each attack, but if the hackers aren't kept on a tight leash things can turn bad. Karim Baratov, the 22-year-old Canadian hacker who the FBI alleges Russia's state security agency hired to carry out the Yahoo breach, didn't care much for a low profile. His Facebook and Instagram posts boasted of the million-dollar house he bought in a Toronto suburb and there were numerous pictures of him with expensive sports cars -- the latest an Aston Martin DB9 with the license plate "MR KARIM."To read this article in full or to leave a comment, please click here

1 1,929 1,930 1,931 1,932 1,933 3,455