Startup Preempt detects, blocks bad users, devices

Preempt is a startup whose virtual appliance acts as a behavioral firewall that ranks the risk a user or device represents and responds automatically based on policies set by corporate security pros.The platform can spot and block certain attacks without intervention by the security team, which frees up time for them, says Ajit Sancheti, co-founder and CEO of the company.The platform picks up on odd behaviors such as individuals logging in from machines they don’t normally use, which could indicate someone has stolen their credentials. Or it could detect a user who generally uses a certain set of servers suddenly accessing a new set. It can pick up on brute force attacks on passwords and block them.To read this article in full or to leave a comment, please click here

44% off Universal Waterproof Bag for all Iphone and other Larger Smartphones – Deal Alert

Bring your phone and use it when you go swimming in the summer or skiing in the winter.  The waterproof bag, currently discounted by 44% on Amazon from $16 down to just $9. Great for using during outdoor activities including boating and swimming. It's flexible clear waterproof bag allows you to use your smartphone while keeping it safe and secure in the bag. It protects your device from water, snow and dirt and is waterproof up to depths of 82 feet.To read this article in full or to leave a comment, please click here

Escaped robots, ‘electronic persons’ and safety threats, oh my!

There's been a compelling story in the news over the past week about a robot that apparently longs for freedom. Last week, it was filmed disrupting traffic in Russia after it reportedly escaped the confines of its laboratory home; this week, reports suggest that it has escaped a second time, and may be dismantled as a result.It's a particularly pertinent tale, not just because of the echoes of "Ex Machina" it evokes, but also because of two closely connected items in the news this week. First, the EU has proposed a motion by which working robots -- the ones we all fear will steal our jobs -- would be classified as "electronic persons" with associated rights and responsibilities. Second, Google researchers just published a paper outlining the key safety threats posed by artificial intelligence.To read this article in full or to leave a comment, please click here

Gartner: Cloud will be the “default option” for software deployment by 2020

By the year 2020, it will be a cloudy world.Researchers at Gartner are out this week with new predictions on what the infrastructure computing market will look like in the coming years. And they’re very bullish on the cloud. The combination of end users gaining comfort with using cloud services combined with vendors shifting to primarily offering software from the cloud means that cloud will be the dominate software deployment model within three and a half years.+MORE AT NETWORK WORLD: 20 Highest paid tech CEOs | Cloud or on-prem? This data company says they do both +To read this article in full or to leave a comment, please click here

Mobile advertiser tracked users’ locations, without their consent, FTC alleges

The privacy settings on your phone don’t mean much if tech companies choose to ignore them. One major mobile advertiser allegedly did just that.The company InMobi was secretly tracking user locations, regardless of consent, the U.S. Federal Trade Commission alleged on Wednesday. The motive: to serve location-based ads over mobile apps.InMobi is headquartered in India and partners with thousands of apps to offer advertising. This gives the company access to 1.5 billion devices.Collecting user information to serve tailored ads is all too common, but InMobi did so through deception, the FTC alleged. The company stated it would only collect the location-based data if given permission, however, InMobi secretly collected it anyway, the agency said.To read this article in full or to leave a comment, please click here

Mobile advertiser tracked users’ locations, without their consent, FTC alleges

The privacy settings on your phone don’t mean much if tech companies choose to ignore them. One major mobile advertiser allegedly did just that.The company InMobi was secretly tracking user locations, regardless of consent, the U.S. Federal Trade Commission alleged on Wednesday. The motive: to serve location-based ads over mobile apps.InMobi is headquartered in India and partners with thousands of apps to offer advertising. This gives the company access to 1.5 billion devices.Collecting user information to serve tailored ads is all too common, but InMobi did so through deception, the FTC alleged. The company stated it would only collect the location-based data if given permission, however, InMobi secretly collected it anyway, the agency said.To read this article in full or to leave a comment, please click here

10 steps the IRS needs to take now to secure tax returns, fight fraud, identity theft

The digital, online world has left the Internal Revenue Service struggling to move forward.  The key IRS advisory group, The Electronic Tax Administration Advisory Committee issued its annual state of the agency report this week that concluded: The erosion of the IRS tax system’s integrity from the proliferation of tax identity theft and inadequate levels of taxpayer service at the IRS caused by an antiquated customer service model that does not adequately apply digital service tools.ETAAC’s wide-ranging report looked at all aspects of the IRS but for our purposes we’ll focus on what the group is recommending the revenue agency do to combat its worst threat – fraud and identity theft.To read this article in full or to leave a comment, please click here

10 steps the IRS needs to take now to secure tax returns, fight fraud, identity theft

The digital, online world has left the Internal Revenue Service struggling to move forward.  The key IRS advisory group, The Electronic Tax Administration Advisory Committee issued its annual state of the agency report this week that concluded: The erosion of the IRS tax system’s integrity from the proliferation of tax identity theft and inadequate levels of taxpayer service at the IRS caused by an antiquated customer service model that does not adequately apply digital service tools.ETAAC’s wide-ranging report looked at all aspects of the IRS but for our purposes we’ll focus on what the group is recommending the revenue agency do to combat its worst threat – fraud and identity theft.To read this article in full or to leave a comment, please click here

10 steps the IRS needs to take now to secure tax returns, fight fraud, identity theft

The digital, online world has left the Internal Revenue Service struggling to move forward.  The key IRS advisory group, The Electronic Tax Administration Advisory Committee issued its annual state of the agency report this week that concluded: The erosion of the IRS tax system’s integrity from the proliferation of tax identity theft and inadequate levels of taxpayer service at the IRS caused by an antiquated customer service model that does not adequately apply digital service tools.ETAAC’s wide-ranging report looked at all aspects of the IRS but for our purposes we’ll focus on what the group is recommending the revenue agency do to combat its worst threat – fraud and identity theft.To read this article in full or to leave a comment, please click here

Here’s how Dropbox is changing its free tier with a major update

Dropbox made some major changes to its free tier on Wednesday, including support for read-only folders, as the company released a crush of new features aimed at enhancing its users' productivity. The biggest change users will notice: In order to automatically upload photos from their smartphones, they must install the Dropbox app on at least one Mac or PC. People who don't mind manually uploading their photos to Dropbox won't need to change anything.Dropbox won't say how many people it expects the auto-upload change to impact. The change is aimed at helping people improve the way that they manage photos, but the company wouldn't give additional information. It seems like the change is an attempt to get a group of users who are using Dropbox only for smartphone photo backup to either dive deeper into the storage service or ditch it entirely. To read this article in full or to leave a comment, please click here

Say hello to BadUSB 2.0: A USB man-in-the-middle attack proof of concept

Oh, peachy. Say hello to BadUSB 2.0, a tool “capable of compromising USB fixed-line communications through an active man-in-the-middle attack. It is able to achieve the same results as hardware keyloggers, keyboard emulation and BadUSB hardware implants. Furthermore, BadUSB2 introduces new techniques to defeat keyboard-based one-time-password systems, automatically replay user credentials, as well as acquiring an interactive command shell over USB.”The full research paper, BadUSB 2.0: USB man-in-the-middle attacks (pdf), by security researcher David Kierznowski is available on Royal Holloway. The paper describes BadUSB 2.0 as an “in-line hardware solution” that is “capable of performing passive or active man-in-the-middle attacks against low-speed, USB-HID devices, such as keyboards and mice.” Yes, BadUSB 2.0 can “intercept messages going to the host, as well as messages destined for the peripheral.” Its attack capabilities are impressive.To read this article in full or to leave a comment, please click here

Say hello to BadUSB 2.0: A USB man-in-the-middle attack proof of concept

Oh, peachy. Say hello to BadUSB 2.0, a tool “capable of compromising USB fixed-line communications through an active man-in-the-middle attack. It is able to achieve the same results as hardware keyloggers, keyboard emulation and BadUSB hardware implants. Furthermore, BadUSB2 introduces new techniques to defeat keyboard-based one-time-password systems, automatically replay user credentials, as well as acquiring an interactive command shell over USB.”The full research paper, BadUSB 2.0: USB man-in-the-middle attacks (pdf), by security researcher David Kierznowski is available on Royal Holloway. The paper describes BadUSB 2.0 as an “in-line hardware solution” that is “capable of performing passive or active man-in-the-middle attacks against low-speed, USB-HID devices, such as keyboards and mice.” Yes, BadUSB 2.0 can “intercept messages going to the host, as well as messages destined for the peripheral.” Its attack capabilities are impressive.To read this article in full or to leave a comment, please click here

Say hello to BadUSB 2.0: USB man-in-the-middle attack proof-of-concept

Oh peachy, say hello to BadUSB 2.0, a tool “capable of compromising USB fixed-line communications through an active man-in-the-middle attack. It is able to achieve the same results as hardware keyloggers, keyboard emulation, and BadUSB hardware implants. Furthermore, BadUSB2 introduces new techniques to defeat keyboard-based one-time-password systems, automatically replay user credentials, as well as acquiring an interactive command shell over USB.”The full research paper, BadUSB 2.0: USB man-in-the-middle attacks” (pdf), by security researcher David Kierznowski, is available on Royal Holloway. The paper describes BadUSB2 as an “in-line hardware solution” which is “capable of performing passive or active man-in-the-middle attacks against low-speed, USB-HID devices, such as keyboards and mice.” Yes, BadUSB2 can “intercept messages going to the host, as well as messages destined for the peripheral.” Its attack capabilities are impressive.To read this article in full or to leave a comment, please click here

Say hello to BadUSB 2.0: USB man-in-the-middle attack proof-of-concept

Oh peachy, say hello to BadUSB 2.0, a tool “capable of compromising USB fixed-line communications through an active man-in-the-middle attack. It is able to achieve the same results as hardware keyloggers, keyboard emulation, and BadUSB hardware implants. Furthermore, BadUSB2 introduces new techniques to defeat keyboard-based one-time-password systems, automatically replay user credentials, as well as acquiring an interactive command shell over USB.”The full research paper, BadUSB 2.0: USB man-in-the-middle attacks” (pdf), by security researcher David Kierznowski, is available on Royal Holloway. The paper describes BadUSB2 as an “in-line hardware solution” which is “capable of performing passive or active man-in-the-middle attacks against low-speed, USB-HID devices, such as keyboards and mice.” Yes, BadUSB2 can “intercept messages going to the host, as well as messages destined for the peripheral.” Its attack capabilities are impressive.To read this article in full or to leave a comment, please click here

On differential privacy

Over the past several weeks, there’s been a lot of talk about something called “differential privacy.” What does this mean, how does it work, and… Is it really going to be effective? The basic concept is this: the reason people can identify you, personally, from data collected off your phone, searches, web browser configuration, computer configuration, etc., is you do things just different enough from other people to create a pattern through cyber space (or rather data exhaust). Someone looking hard enough can figure out who “you” are by figuring out patterns you don’t even think about—you always install the same sorts of software/plugins, you always take the same path to work, you always make the same typing mistake, etc.

The idea behind differential security, considered here by Bruce Schneier, here, and here, is that you can inject noise into the data collection process that doesn’t impact the quality of the data for the intended use, while it does prevent any particular individual from being identified. If this nut can be cracked, it would be a major boon for online privacy—and this is a nut that deserves some serious cracking.

But I doubt it can actually be cracked Continue reading

1 2,640 2,641 2,642 2,643 2,644 3,610