Remote management app exposes millions of Android users to hacking

Poor implementation of encryption in a popular Android remote management application exposes millions of users to data theft and remote code execution attacks.According to researchers from mobile security firm Zimperium, the AirDroid screen sharing and remote control application sends authentication information encrypted with a hard-coded key. This information could allow man-in-the-middle attackers to push out malicious AirDroid add-on updates, which would then gain the permissions of the app itself.AirDroid has access to a device's contacts, location information, text messages, photos, call logs, dialer, camera, microphone and the contents of the SD card. It can also perform in-app purchases, change system settings, disable the screen lock, change network connectivity and much more.To read this article in full or to leave a comment, please click here

Worth Reading: Akamai on the Krebs DDoS

Internet infrastructure giant Akamai last week released a special State of the Internet report. Normally, the quarterly accounting of noteworthy changes in distributed denial-of-service (DDoS) attacks doesn’t delve into attacks on specific customers. But this latest Akamai report makes an exception in describing in great detail the record-sized attack against KrebsOnSecurity.com in September, the largest such assault it has ever mitigated. —Krebs on Security

LinkedInTwitterGoogle+Facebook

The post Worth Reading: Akamai on the Krebs DDoS appeared first on 'net work.

Post Black Friday 2016 deals: Best Buy Special Edition Tech Sale

Just in case you aren't spending enough already on tech products, Best Buy is offering a post-Black Friday 2016 Special Edition Tech Sale featuring super fancy laptops, tablet cases and computer mice. We're talking everything the fashionista or hardcore fanboy/fangirl on your holiday shopping list didn't know they needed. Best Buy's Special Edition Tech collection features 11 items and they'll be available while supplies last starting on Dec. 4 in select stores and online at BestBuy.com. MORE: 50-plus eye-popping Black Friday 2016 tech dealsTo read this article in full or to leave a comment, please click here

Trump cybersecurity dos and don’ts

President-elect Donald Trump ran a campaign focused on national security and making America great again through economic reform. Clearly both goals should include policies and programs to bolster the nation’s cybersecurity capabilities. This shouldn’t be an abstract concept to Mr. Trump after an election cycle featuring Russian hacks and WikiLeaks posts. To reinforce this priority, it is also worth noting that in a pre-election survey by ESG research, 49 percent of cybersecurity professionals said cybersecurity is a critical issue and should be the top national security priority for the next President, while 45 percent said cybersecurity is a very important issue and should be one of the top national security priorities for the next President. If those citizens on the front line see cybersecurity as a major priority, this should speak volumes to the President-elect. To read this article in full or to leave a comment, please click here

Trump cybersecurity dos and don’ts

President-elect Donald Trump ran a campaign focused on national security and making America great again through economic reform. Clearly both goals should include policies and programs to bolster the nation’s cybersecurity capabilities. This shouldn’t be an abstract concept to Mr. Trump after an election cycle featuring Russian hacks and WikiLeaks posts. To reinforce this priority, it is also worth noting that in a pre-election survey by ESG research, 49 percent of cybersecurity professionals said cybersecurity is a critical issue and should be the top national security priority for the next President, while 45 percent said cybersecurity is a very important issue and should be one of the top national security priorities for the next President. If those citizens on the front line see cybersecurity as a major priority, this should speak volumes to the President-elect. To read this article in full or to leave a comment, please click here

IDG Contributor Network: Cloud isn’t easy, but it needs to be

Over the past decade, I've witnessed a constant stream of IT executives and technology professionals view cloud as a threat to their careers. The business side of the organization has always been a captive customer of IT's services, and now IT feels threatened by the litany of low-cost solutions readily available in the public cloud.  Every once in a while IT begrudgingly agrees to implement a public cloud solution.  When the do, they carefully fence it off from the rest of IT—nominally to protect the company from hackers, but equally to protect the purity of IT. Treating cloud as a standalone point solution enables them to create a self-fulfilling prophecy, using the mixed results to demonstrate that cloud just can’t hack it in the real world. To read this article in full or to leave a comment, please click here

‘Distributed guessing’ attack lets hackers verify Visa card details

Add credit card fraud to the list of things that distributed processing can speed up. An e-commerce site will typically block a credit card number after 10 or 20 failed attempts to enter the corresponding expiry date and CVV (card verification value), making life difficult for fraudsters who don't have a full set of credentials. But there are plenty of e-commerce sites out there, and it's possible to obtain missing account details by submitting slightly different payment requests to hundreds of them in parallel. It takes less than six seconds to perform the "distributed guessing attack," according to the researchers at Newcastle University in the U.K. who figured out how to do it.To read this article in full or to leave a comment, please click here

‘Distributed guessing’ attack lets hackers verify Visa card details

Add credit card fraud to the list of things that distributed processing can speed up. An e-commerce site will typically block a credit card number after 10 or 20 failed attempts to enter the corresponding expiry date and CVV (card verification value), making life difficult for fraudsters who don't have a full set of credentials. But there are plenty of e-commerce sites out there, and it's possible to obtain missing account details by submitting slightly different payment requests to hundreds of them in parallel. It takes less than six seconds to perform the "distributed guessing attack," according to the researchers at Newcastle University in the U.K. who figured out how to do it.To read this article in full or to leave a comment, please click here

28% off Bushbox Titanium Outdoor Pocket Stove – Deal Alert

This Bushbox is an ultra light Titanium multi-fuel pocket stove for the great outdoors. It can be used with wood, organic material, a standard alcohol burner or esbit tabs, and folds down so small and lightweight that you could fit it in your pocket (or a Christmas stocking!). It comes with two trivets for any pot size, and comes with an ash pan for soil/ground protection. It averages 4.5 out of 5 stars on Amazon, where its list price of $69 has been reduced to $49.90. See the discounted titanium Bushbox on Amazon.To read this article in full or to leave a comment, please click here

How to find out if your iPhone 6s is eligible for free battery replacement

When my iPhone 6s started shutting down earlier this month even though it still had 20% or 30% battery life showing, I suspected maybe it was just getting too cold. After all, I've seen my iPhones be temperature sensitive in the past.But it turns out that the problem really stemmed from a bug in version 10.1 or 10.1.1 of Apple iOS, and now Apple is offering free battery replacement by those affected. The weird thing that those of us affected by this have experienced is that after charging the phone back in, it almost immediately turns back on, back at its 20% or 30% battery level.MORE: Best Black Friday 2016 deals on Apple iPhones, Macs & MoreTo read this article in full or to leave a comment, please click here

Windows 10 posts user-share gains after multi-month stall

After a two-month stretch of no growth, Windows 10 in November gained user share, powering more than a quarter of all Windows PCs for the first time, data published today showed.According to U.S. metrics vendor Net Applications, Windows 10 gained 1.1 percentage points of user share last month, ending with 23.7% of all personal computers. Windows 10 ran 26.1% of all Windows machines: The difference between the user share of all PCs and only those running Windows stemmed from the fact that Windows powered 91% of all personal computers, not 100%.User share is an estimate of the proportion of all personal computer users who run a device powered by a specific operating system. The analytics company measures OS user share by counting devices whose browsers reach websites of Net Applications' clients.To read this article in full or to leave a comment, please click here

Western Digital releases series of Raspberry Pi disk drives

Western Digital (WD) today introduced a new series of storage devices designed specifically for use with Raspberry Pi, a single-board micro PC.The WD PiDrive Foundation Edition drives include a microSD card preloaded with the custom New Out of Box Software OS installer.Raspberry Pi's official OS, Raspbian PIXEL, can be installed directly from WD's microSD card without an Internet connection, the company stated. In addition, the drives include Project Spaces, independent partitions of the drive with Raspbian Lite, which allows up to five separate projects to be developed on a single drive.To read this article in full or to leave a comment, please click here

22 wildly imaginative PCs that don’t look like PCs at all

More than meets the eyeImage by Anshel SagFor many people, PCs are just a tool; a bland beige or black box shoved underneath a desk and physically ignored except for when you press the power button. But not for everyone. In the right hands, PCs can be transformed into works of art inside and out.To read this article in full or to leave a comment, please click here

AWS looks to take the drudge work out of data analysis

Amazon Web Services is looking to make it easier, and more efficient, for enterprises to analyze their data in the cloud."Eighty percent of what we call analytics is not analytics at all but just hard work," said Werner Vogels, chief technology officer at Amazon.com, speaking during a keynote speech this morning at the AWS re:Invent cloud conference in Las Vegas.Instead of digging down into a company's data to find patterns and insights that will give an enterprise a competitive advantage, too much time is spent on indexing, storage, security, and making sure the right access is set up.+ MORE FROM AWS RE:INVENT: Cool tech at AWS re:Invent +To read this article in full or to leave a comment, please click here

The Daily DDoS: Ten Days of Massive Attacks

Back in March my colleague Marek wrote about a Winter of Whopping Weekend DDoS Attacks where we were seeing 400Gbps attacks occurring mostly at the weekends. We speculated that attackers were busy with something else during the week.

This winter we've seen a new pattern, and attackers aren't taking the week off, but they do seem to be working regular hours.

CC BY 2.0 image by Carol VanHook

On November 23, the day before US Thanksgiving, our systems detected and mitigated an attack that peaked at 172Mpps and 400Gbps. The attack started at 1830 UTC and lasted non-stop for almost exactly 8.5 hours stopping at 0300 UTC. It felt as if an attacker 'worked' a day and then went home.

The very next day the same thing happened again (although the attack started 30 minutes earlier at 1800 UTC).

On the third day the attacker started promptly at 1800 UTC but went home a little early at around 0130 UTC. But they managed to peak the attack over 200Mpps and 480Gbps.

And the attacker just kept this up day after day. Right through Thanksgiving, Black Friday, Cyber Monday and into this week. Night after night attacks were peaking Continue reading

Face-off: New Relic vs. AppDynamics for APM

Application performance management (APM) software must serve multiple masters -- developers, IT and business managers -- all of whom want visibility into the performance of corporate software to make sure it produces a great, reliable experience for the end-user.To read this article in full or to leave a comment, please click here(Insider Story)

How Windows 10 data collection trades privacy for security

Windows 10’s aggressive data-collection capabilities may concern users about corporate spying, but enterprises have control that consumer-edition Windows users do not: Administrators can decide how much information gets sent back to Microsoft.But enterprises need to think twice before turning off Windows telemetry to increase corporate privacy. That’s because doing so can decrease the effectiveness of Windows 10’s security features.[ InfoWorld’s deep look: Why (and how) you should manage Windows 10 PCs like iPhones. | The essentials for Windows 10 installation: Download the Windows 10 Installation Superguide today. ] Microsoft isn’t merely hoovering up large amounts of data because it can. The company has repeatedly reiterated its stance that Windows 10 does not collect the user’s personal data, but rather anonymized file data that is then used to improve overall user experience and Windows functionality.To read this article in full or to leave a comment, please click here

1 2,449 2,450 2,451 2,452 2,453 3,808