0

Black Hat: ATM spits out cash after chip and pin hack

We’ve been told that EMV (Europay, MasterCard and Visa) chip-equipped cards have an added layer of security, making them more secure and harder to clone that cards with only a magnetic stripe. But Rapid7 security research manager Tod Beardsley said, “The state of chip and pin security is that it’s a little oversold.”Black Hat USA attendees who watched an ATM spit out hundreds of dollars might tend to agree. The demonstration was part of Hacking Next-Gen ATMs: From Capture to Cashout which was presented by Rapid7’s Weston Hecker. The abstract of his talk said the system he devised could “cash out around $20,000/$50,000 in 15 minutes.”To read this article in full or to leave a comment, please click here

0

On the ‘net: Layered Control Planes

I was recently a guest on the Packet Pushers Podcast, where I talked with Ethan for a bit about the concept of layered control planes, and how the idea related to complexity.

The post On the ‘net: Layered Control Planes appeared first on 'net work.

0

Getting hackers to notice you

Stop right thereAttendees mill about the Black Hat 2016 trade show floor seeking tools they need to do their work. See how vendors make every effort to have them stop by.BeerAlways a favorite, Kaspersky doles out cases of it during the opening conference reception.To read this article in full or to leave a comment, please click here

0

Getting hackers to notice you

Stop right thereAttendees mill about the Black Hat 2016 trade show floor seeking tools they need to do their work. See how vendors make every effort to have them stop by.BeerAlways a favorite, Kaspersky doles out cases of it during the opening conference reception.To read this article in full or to leave a comment, please click here

0

F5 Networks: It’s time to rethink security architecture

F5 Networks held its annual industry analyst conference this week within its user conference, Agility in Chicago. One of the main messages F5 tried to get across to its customer base is that it’s time to rethink security.I agree with that thesis wholeheartedly, and it is consistent with many of the posts I have written in the past year, including one I wrote about defining the new rules of security in a digital world.+ Also on Network World: Review: 5 application security testing tools compared +To read this article in full or to leave a comment, please click here

0

F5 Networks: It’s time to rethink security architecture

F5 Networks held its annual industry analyst conference this week within its user conference, Agility in Chicago. One of the main messages F5 tried to get across to its customer base is that it’s time to rethink security.I agree with that thesis wholeheartedly, and it is consistent with many of the posts I have written in the past year, including one I wrote about defining the new rules of security in a digital world.+ Also on Network World: Review: 5 application security testing tools compared +To read this article in full or to leave a comment, please click here

0

PQ Show 88: Multi-Layered Control Planes

Todays Priority Queue explores the notion of multi-layered control planes. Guest Russ White joins us to outline the concept of a control plane thats broken out into separate functional classes. The goal is to keep the networking protocols that operate at each layer as simple as possible. The post PQ Show 88: Multi-Layered Control Planes appeared first on Packet Pushers.

0

Tinder swipes too much personal information, says EU lawmaker

Marc Tarabella wants to swipe left on Tinder's privacy policy.The company's terms of use breach European Union privacy laws, according to Tarabella, a member of the European Parliament.Tarabella particularly dislikes the way the company gives itself the right to swipe the personal information and photos of its users, and to continue using it even if they deactivate their accounts.It's not just Tinder: Tarabella is also unhappy about how much personal information Runkeeper keeps about runners' movements, even when the app is inactive. He has the same concerns about Happn, a sort of missed-connections dating service.The lawmaker wants the European Commission to root out abusive clauses in the terms of use of a number of mobile apps, and to penalize their developers.To read this article in full or to leave a comment, please click here

0

Tinder swipes too much personal information, says EU lawmaker

Marc Tarabella wants to swipe left on Tinder's privacy policy.The company's terms of use breach European Union privacy laws, according to Tarabella, a member of the European Parliament.Tarabella particularly dislikes the way the company gives itself the right to swipe the personal information and photos of its users, and to continue using it even if they deactivate their accounts.It's not just Tinder: Tarabella is also unhappy about how much personal information Runkeeper keeps about runners' movements, even when the app is inactive. He has the same concerns about Happn, a sort of missed-connections dating service.The lawmaker wants the European Commission to root out abusive clauses in the terms of use of a number of mobile apps, and to penalize their developers.To read this article in full or to leave a comment, please click here

0

Black Hat: We need agency focused on fixing internet’s problems

The country needs a federal agency akin to the National Institutes of Health in order to fix the problems with the internet, keynoter Dan Kaminsky yesterday told a record crowd of more than 6,400 at Black Hat 2016.Private companies are dealing with the security problems they face without sharing the solutions or pushing for the underlying engineering changes that are needed to make the internet more secure, says Kaminsky, who famously discovered a serious vulnerability in DNS, which underpins the internet.The solution is a central agency to address those engineering challenges. He says all the money that is spent piecemeal on battling security needs to be channeled to this agency so it has the resources and bureaucratic bulk to escape being derailed by transient public officeholders whose policies can change dramatically and quickly.To read this article in full or to leave a comment, please click here

0

Black Hat: We need agency focused on fixing internet’s problems

The country needs a federal agency akin to the National Institutes of Health in order to fix the problems with the internet, keynoter Dan Kaminsky yesterday told a record crowd of more than 6,400 at Black Hat 2016.Private companies are dealing with the security problems they face without sharing the solutions or pushing for the underlying engineering changes that are needed to make the internet more secure, says Kaminsky, who famously discovered a serious vulnerability in DNS, which underpins the internet.The solution is a central agency to address those engineering challenges. He says all the money that is spent piecemeal on battling security needs to be channeled to this agency so it has the resources and bureaucratic bulk to escape being derailed by transient public officeholders whose policies can change dramatically and quickly.To read this article in full or to leave a comment, please click here

0

Do developers really care about security?

Over the years, developers have been dogged by a reputation for placing security as an afterthought. Get a slick, full-featured experience up and running fast, and figure out how to deal with whatever holes crop up once QA gets its hands on the code.Organizations may have had a significant hand in fostering developers' laissez-faire attitude toward security by siloing teams in separate domains and giving development, QA, ops, and security operations isolated opportunities to levy their expertise on the code.[ Learn how to be a more security-minded developer with our 17 security tips for developers. | Also on InfoWorld: 19 open source GitHub projects for security pros. | Discover how to secure your systems with InfoWorld's Security newsletter. ] But with security and privacy increasingly top of mind among users and with companies moving more toward a devops approach to software development, developers need to shed that reputation and consider security concerns as an integral part of the development process.To read this article in full or to leave a comment, please click here

0

Do developers really care about security?

Over the years, developers have been dogged by a reputation for placing security as an afterthought. Get a slick, full-featured experience up and running fast, and figure out how to deal with whatever holes crop up once QA gets its hands on the code.Organizations may have had a significant hand in fostering developers' laissez-faire attitude toward security by siloing teams in separate domains and giving development, QA, ops, and security operations isolated opportunities to levy their expertise on the code.[ Learn how to be a more security-minded developer with our 17 security tips for developers. | Also on InfoWorld: 19 open source GitHub projects for security pros. | Discover how to secure your systems with InfoWorld's Security newsletter. ] But with security and privacy increasingly top of mind among users and with companies moving more toward a devops approach to software development, developers need to shed that reputation and consider security concerns as an integral part of the development process.To read this article in full or to leave a comment, please click here

0

Microsoft cranks up encryption in .Net Framework

Microsoft has released .Net Framework 4.6.2, tightening security in multiple areas, including the BCL (Base Class Library). The new version also makes improvements to the SQL client, Windows Communication Foundation, the CLR (Common Language Runtime), and the ASP.Net web framework.The security focus in the BCL impacts PKI capabilities, and X.509 certificates now support the FIPS 186-3 digital signature algorithm. "This support enables X.509 certificates with keys that exceed 1024-bit," Microsoft's Stacey Haffner said. "It also enables computing signatures with the SHA-2 family of hash algorithms (SHA256, SHA384, and SHA512)."To read this article in full or to leave a comment, please click here

0

Microsoft cranks up encryption in .Net Framework

Microsoft has released .Net Framework 4.6.2, tightening security in multiple areas, including the BCL (Base Class Library). The new version also makes improvements to the SQL client, Windows Communication Foundation, the CLR (Common Language Runtime), and the ASP.Net web framework.The security focus in the BCL impacts PKI capabilities, and X.509 certificates now support the FIPS 186-3 digital signature algorithm. "This support enables X.509 certificates with keys that exceed 1024-bit," Microsoft's Stacey Haffner said. "It also enables computing signatures with the SHA-2 family of hash algorithms (SHA256, SHA384, and SHA512)."To read this article in full or to leave a comment, please click here

0

What’s in a security score?

Fair Isaac Corp., the company that issues credit scores for individuals, was tired of other analytics companies developing security scoring tools for businesses and then proclaiming themselves “the FICO of security scores.”So in May, FICO upped its own scoring game. It acquired cybersecurity firm QuadMetrics to create its own brand of enterprise security scores for enterprises. The new scoring tool, available in August, uses predictive analytics and security risk assessment tools to issue scores and predict a company’s likelihood of a significant breach compared to other firms within the next 12 months.“Our own cyber breach insurance underwriters commented how great it would be if there was really a FICO score on this for the underwriting process,” says Doug Clare, vice president of cybersecurity solutions. The company had already invested in cybersecurity detection technology that assesses network traffic, and it saw the addition of QuadMetrics as “the right opportunity at the right time,” he adds.To read this article in full or to leave a comment, please click here

0

What’s in a security score?

Fair Isaac Corp., the company that issues credit scores for individuals, was tired of other analytics companies developing security scoring tools for businesses and then proclaiming themselves “the FICO of security scores.”So in May, FICO upped its own scoring game. It acquired cybersecurity firm QuadMetrics to create its own brand of enterprise security scores for enterprises. The new scoring tool, available in August, uses predictive analytics and security risk assessment tools to issue scores and predict a company’s likelihood of a significant breach compared to other firms within the next 12 months.“Our own cyber breach insurance underwriters commented how great it would be if there was really a FICO score on this for the underwriting process,” says Doug Clare, vice president of cybersecurity solutions. The company had already invested in cybersecurity detection technology that assesses network traffic, and it saw the addition of QuadMetrics as “the right opportunity at the right time,” he adds.To read this article in full or to leave a comment, please click here

0

Internet of things early adopters share 4 key takeaways

ARI Fleet Management manages 1.2 million things with wheels across North America and Europe, from telephone company trucks to corporate vehicles to railroad maintenance trucks.To read this article in full or to leave a comment, please click here(Insider Story)

0

57% off Executive Office Solutions Portable Adjustable Laptop Desk/Stand/Table – Deal Alert

The Executive Office Solutions Portable Adjustable Laptop Desk/Stand/Table is designed to allow you to set up an office anywhere! It is easy to carry, with a light weight aluminum frame. This device makes a perfect desk for your laptop.  The adjustable legs allow you to rotate 360 degrees and lock it in place at various angles. This desk is also vented and connects to your computer via the  included USB cord to power two quiet CPU cooling fans.To read this article in full or to leave a comment, please click here

0

Managing The Branch Network