Apple’s bug bounty program favors quality over quantity

After years of reluctance to pay researchers for exploits, Apple has given in and is ready to hand out up to US$200,000 for critical vulnerabilities found in the latest version of iOS and the newest iPhones.Apple announced the program Thursday at the Black Hat security conference in Las Vegas. It starts in September, and unlike bounty programs run by other large technology companies it will be invite only.The program will start with a few dozen researchers hand-picked by Apple, though any outsider who submits a flaw that qualifies can receive a reward and be invited to join the program, said Ivan Krstić, the head of Apple Security Engineering and Architecture.To read this article in full or to leave a comment, please click here

Apple’s bug bounty program favors quality over quantity

After years of reluctance to pay researchers for exploits, Apple has given in and is ready to hand out up to US$200,000 for critical vulnerabilities found in the latest version of iOS and the newest iPhones. Apple announced the program Thursday at the Black Hat security conference in Las Vegas. It starts in September, and unlike bounty programs run by other large technology companies it will be invite only. The program will start with a few dozen researchers hand-picked by Apple, though any outsider who submits a flaw that qualifies can receive a reward and be invited to join the program, said Ivan Krstić, the head of Apple Security Engineering and Architecture.To read this article in full or to leave a comment, please click here

This new Skype bot lets you chat with Spock

Microsoft has made no secret of its grand plans for chat bots, and this week it rolled out five new ones for Skype. Surely the most fun is "Spock," a bot that promises to help you "learn the ways of Vulcan logic."Back in April, Microsoft debuted a preview of Skype bots, the artificial intelligence-based helpers it hopes will make it easier for users to get things done. Today, more than 30,000 developers are building bots for Skype, it says.To read this article in full or to leave a comment, please click here

Black Hat: Quick look at hot issues

Security subjectsImage by Reuters/David BeckerBlack Hat includes a variety of security topics from how USB drives are a menace and how drones are fast becoming a threat you need to pay attention to and much more. Here we take a look at just a few of the hot topics presented at the conference.To read this article in full or to leave a comment, please click here

Black Hat: Quick look at hot issues

Security subjectsImage by Reuters/David BeckerBlack Hat includes a variety of security topics from how USB drives are a menace and how drones are fast becoming a threat you need to pay attention to and much more. Here we take a look at just a few of the hot topics presented at the conference.To read this article in full or to leave a comment, please click here

Forensics Challenge for CSIRT Team – Part 2 Solution

The goal of the tutorial is to provide a solution to the forensic challenge game that I created for testing forensic skills of CSIRT team. Please be careful and run a suspicious binary file located inside a provided virtual machine only in a secured environment in order to avoid unwanted damage or loss.

As you can notice, some files are being encrypted right after boot of a virtual machine. All these files have suffix .enc001. You can easily located them with the command:

$ find / -name "*.enc001" -type f 2>/dev/null

There is also a file named encryption_warning.txt located in a home directory of an actual user and it contains a following warning message.
*** Your files have been encrypted! ***
*** To decrypt them, run '/usr/local/bin/ls %1a%your_decryption_key ***

Without any doubts a utility ls is not a cryptography tool so it is a good place where we can start our investigation. The command /usr/local/bin/ls -la  shows files in a actual directory.

ubuntu@ubuntu:~$ /usr/local/bin/ls -la

Picture1-ls_Command_Existing_File

Picture 1 - Content of  Actual Directory

The output looks good. But what does happen if we display a non-existing file kdkdkdkdk?

ubuntu@ubuntu:~$ /usr/local/bin/ls kdkdkdkdk

Picture2-ls_Command_Non-Existing_File

Picture 2 - Two Error Messages

They are two interesting facts shown in the output of the command /usr/local/bin/ls . Firstly, two Continue reading

Raspberry Pi 3 gets the Windows 10 anniversary update

After Microsoft released an anniversary update of Windows 10 for PCs, a version is now available for the popular Raspberry Pi 3 developer board.The Anniversary Update is for Windows 10 IoT Core, a slimmed-down version of the OS for Raspberry Pi 3 and other developer boards. Users develop gadgets, robots, drones, and other smart devices with Raspberry Pi 3.The update has new features, as well as performance and application-support improvements, Microsoft said. It also provides an easier installation experience.Beyond Raspberry Pi 3, the Anniversary Update will also work with the MinnowMax, Raspberry Pi 2, and DragonBoard 410c developer boards.To read this article in full or to leave a comment, please click here

Google education guru: Classroom laptop bans make no sense

Google Chief Education Evangelist Jaime Casap’s oldest daughter scored a full ride to college on a swimming scholarship but she only lasted one semester out of frustration with the lack of technology at the school. She had been used to taking notes on her laptop in high school, for example, but was told she couldn’t bring her device into the college classroom. “I’ve been in education for 10 years and I remember talking to CIOs at universities saying technology is not a differentiator for their schools…that students don’t pick schools based on their technology,” says Casap, an adjunct lecturer in innovation at Arizona State University, where his daughter wound up attending and graduating from. “I can tell you that’s starting to change.”To read this article in full or to leave a comment, please click here

Qualcomm up in arms over LTE-U testing framework

The announcement this week of a final testing protocol aimed at discovering, once and for all, whether LTE-U technology can coexist peacefully with existing Wi-Fi networks has the LTE-U camp up in arms, as Qualcomm issued a thunderous denunciation of the Wi-Fi Alliance’s framework. The plan, said Qualcomm senior vice president for government affairs Dean Brenner, is heavily biased against LTE-U and offers no real opportunity to demonstrate the technology’s ability to work harmoniously alongside Wi-Fi networks. +ALSO ON NETWORK WORLD: Wi-Fi, LTE-U enter new phase of coexistence debate + LTE-U: A quick explainerTo read this article in full or to leave a comment, please click here

Qualcomm up in arms over LTE-U testing framework

The announcement this week of a final testing protocol aimed at discovering, once and for all, whether LTE-U technology can coexist peacefully with existing Wi-Fi networks has the LTE-U camp up in arms, as Qualcomm issued a thunderous denunciation of the Wi-Fi Alliance’s framework. The plan, said Qualcomm senior vice president for government affairs Dean Brenner, is heavily biased against LTE-U and offers no real opportunity to demonstrate the technology’s ability to work harmoniously alongside Wi-Fi networks. +ALSO ON NETWORK WORLD: Wi-Fi, LTE-U enter new phase of coexistence debate + LTE-U: A quick explainerTo read this article in full or to leave a comment, please click here

34% off Go Cubes Chewable Coffee – Deal Alert

Successfully funded on Indiegogo, Go Cubes are a more creative way to get your fix. They're made with real cold-brewed coffee -- the equivalent of 1/2 cup (50mg) in each chewable cube. They're also crafted with precise amounts of other safe, effective supplements that improve the caffeine intake for enhanced focus & clarity, so you can get the most out of your day. They come in 3 flavors, and with this particular deal you get a box of 20 four-packs (80 cubes) in assorted flavors for $39. That's 34% off the typical list price of $59. If you love coffee, and the idea of "mocha", "drip" and "latte" flavored gummy cubes makes your mouth water, then this deal is right up your alley. See the discounted Go Cubes now on Amazon.To read this article in full or to leave a comment, please click here

Worth Reading: Real world security and the Internet of Things

Right now, the only way to patch most home routers is to throw them away and buy new ones. And the security that comes from replacing your computer and phone every few years won’t work with your refrigerator and thermostat: on the average, you replace the former every 15 years, and the latter approximately never. A recent Princeton survey found 500,000 insecure devices on the Internet. That number is about to explode. —Schneier on Security

LinkedInTwitterGoogle+Facebook

The post Worth Reading: Real world security and the Internet of Things appeared first on 'net work.

Making The Case For Big Xeon Iron

The two-socket Xeon server has been the default workhorse machine in the datacenter for so long and to such a great extent that using anything else almost looks aberrant. But there are occasions where a fatter machine makes sense based on the applications under consideration and the specific economics of the hardware and software supporting those applications.

All things being equal, of course companies would want to buy the most powerful machines they can, and indeed, Intel has said time and time again that customers are continuing to buy up the Xeon stack within the Xeon D, Xeon E5, and

Making The Case For Big Xeon Iron was written by Timothy Prickett Morgan at The Next Platform.

Why some risk assessments fail

At the Black Hat conference in Las Vegas, CSO’s Steve Ragan chats with Itzik Kotler, CTO and co-founder of SafeBreach, about why many companies end up failing in their security risk assessments, as well as how some companies are tackling these failures to improve their overall security.

Tablets continue to fall out of favor

If you think PC sales are in the toilet, you should look at what's happening in the tablet world. For the second quarter in a row, sales are down by double digits as consumers and businesses alike seek something more functional.Tablets have a bunch of things going against them. Primarily, the problem is they are a consumption device, not a creation device, and people want something more powerful. In addition, phablets and large smartphones have eaten into the market, there are no compelling reasons to upgrade because new generations are only a little better than the old, and the chief advocate for tablets, Steve Jobs, is no longer among us.The result, according to IDC, is a 12.3 percent decline in sales year over year for the second quarter of 2016. That comes on the heels of a 14.7 percent decline in Q1. IDC said this is due to vendors restructuring their product lines and customers delaying purchases as the market shifts focus towards productivity-oriented devices such as detachables.To read this article in full or to leave a comment, please click here

The 15 best cities for information security pay

High-flying salaries in some unexpected placesImage by Greg GjerdingenBefore moving to this top city for InfoSec pay, you might want to read the latest John Sanford novel, brace for a bitter cold winter and develop a taste for tater tot hot dish. Yes, that's right, if you want to get the most bang for your InfoSec salary buck, a move to Minneapolis might be in your future.To read this article in full or to leave a comment, please click here(Insider Story)

1 2,538 2,539 2,540 2,541 2,542 3,613