Pwn2Own contest highlights renewed hacker focus on kernel issues

Hackers demonstrated 21 new vulnerabilities in attacks against browsers and operating systems during this year's Pwn2Own hacking contest. The complexity of the exploits, though, shows that hackers have to jump through many hoops to gain full system control.On Wednesday and Thursday, five contestants -- four teams and one independent researcher -- demonstrated three successful remote code execution attacks against Safari on OS X, two against Microsoft Edge on Windows, four against Adobe Flash on Windows and one partially successful attack against Google Chrome on Windows. Firefox was not a target in this year's contest.To read this article in full or to leave a comment, please click here

Securing BGP: A Case Study (5)

BGP provides reachability for the global ‘net, as well as being used in many private networks. As a system, BGP (ultimately) isn’t very secure. But how do we go about securing BGP? This series investigates the questions, constraints, and solutions any proposal to secure BGP must deal with as a case study of asking the right questions, and working at the intersection of business and technology.

As a short review, we started off with three questions, described in the first post, each of which we’ve been considering in some detail:

  • Should we focus on a centralized solution to this problem, or a distributed one?
    • Assuming we’re using some sort of encryption to secure the information used in path validation, where do the keys come from? The fourth post considers this question.
    • Should the information used to validate paths be distributed or stored in a somewhat centralized database?
  • Should we consider solutions that are carried within the control plane, within BGP itself, or outside?
  • What is it we can actually prove in a packet switched network? This is considered in post 2 and post 3.

Here I’m going to discuss the problem of a centralized versus distributed database to carry the Continue reading

Apple sees weakness in FBI hearing request

A last-minute request by the FBI to call witnesses to next week's court hearing in the San Bernardino iPhone case indicates the agency might feel some weakness in its legal arguments, Apple says.On Wednesday evening, the FBI asked for an evidentiary hearing, which means the court will hear live testimony from expert witnesses from both sides. Apple agreed to the FBI's request on Thursday.Speaking on Friday with reporters, lawyers for Apple said the FBI's request was a surprise, and they don't understand why the government wants to present witnesses to the court.If lawyers believe they have a strong legal case, they typically want to get up and argue it without bothering with witnesses in these types of hearings, so the request perhaps indicates the FBI isn't as comfortable as it was in relying solely on legal arguments, an Apple lawyer said.To read this article in full or to leave a comment, please click here

5 things you need to know about SSL

An uptick in cyberattacks and greater awareness about government surveillance have prompted calls for tighter security on the Internet, and a big part of that is encrypting  the traffic that flows to and from websites. Google, Facebook and Microsoft are among the many companies that have been pushing for wider use of SSL/TLS (Secure Sockets Layer/Transport Layer Security) encryption, though it can be tricky and expensive to implement. Here's the basics of what you need to know.To read this article in full or to leave a comment, please click here

Apple engineers could walk away from FBI’s iPhone demands

Should the FBI prevail in getting Apple to offer a backdoor for an encrypted iPhone, the agency may have trouble getting anyone to build it.At least that’s the word from several current and former Apple employees—including security engineers—who spoke anonymously to the New York Times. Some said they’re refuse to do the work, or quit their jobs if necessary, rather than create what they believe is a major security compromise for all users.+ MORE: Tim Cook to Time: 'I feel like I'm in this bad dream' +To read this article in full or to leave a comment, please click here

FBI warning puts car hacking on bigger radar screen

The FBI this week warned carmakers and owners that they need to pay much closer attention to automotive cybersecurity.The National Highway Transportation Safety joined with the FBI in warning consumer that the increasing number of computers in the form of electronic control units (ECUs) that control numerous vehicle functions from steering, braking, and acceleration, to the lights and windshield wipers make them vulnerable to potential cybersecurity problems.+More on Network World: World’s coolest concept cars+To read this article in full or to leave a comment, please click here

Stuff The Internet Says On Scalability For March 18th, 2016


We come in peace. 5,000 years of battles mapped from Wikipedia. Maybe not.

 

If you like this sort of Stuff then please consider offering your support on Patreon.

 

  • 500 petabytes: data stored in Dropbox; 8.5 kB: amount of drum memory in an IBM 650; JavaScript: most popular programming language in the world (OMG); $20+ billion: Twitch in 2020; Two years: time it took to fill the Mediterranean; 

  • Quotable Quotes:
    • Dark Territory: The other bit of luck was that the Serbs had recently given their phone system a software upgrade. The Swiss company that sold them the software gave U.S. intelligence the security codes.
    • Alec Ross~ The principle political binary of the 20th century is left versus right. In the 21st century the principle political binary is open versus closed. The real tension both inside and outside countries are those that embrace more open economic, political and cultural systems versus those that are more closed. Looking forward to the next 20 years the states and societies that are more open are those that will compete and succeed more effectively in tomorrows industry.
    • @chrismaddern"Population size: 1. Facebook 2. China ?? 3. Continue reading

Worth Reading: On collaborative blocking and filtering

On the Internet, there are many reasons why blocking and filtering of communication takes place. Some of us use ad-blockers because we get tired of kitchen utilities ads on every single page we visit, simply because we’ve been surfing online recipes. Parents may want to block adult content for minors. Companies may want to ensure their confidential trade secrets don’t leak. All of us want to keep viruses and malware off our computers and networks. Other reasons to block communication include copyright protection, preventing illegal trade (pills, handbags, gambling), public safety, health, and/or moral concerns, the latter triad often being a motivation for the type of blocking and filtering we call censorship. -via the Internet Society

LinkedInTwitterGoogle+FacebookPinterest

The post Worth Reading: On collaborative blocking and filtering appeared first on 'net work.

Cybersecurity Skills Shortage Impact on Cloud Computing

Look at any industry data and you’ll see a consistent trend – the march toward cloud computing continues to gain momentum.  According to ESG research, 75% of organizations are currently using public cloud services (note: I am an ESG employee).  This is dominated by the use of SaaS today but ESG research reveals that 38% of organizations use IaaS while 33% use PaaS.  The research also indicates that these numbers will continue to increase in the future.Now before you short HP and double-down on AWS, there is also a potential fly in the ointment – the global cybersecurity skills shortage.  ESG research indicates that 46% of organizations say that they have a “problematic shortage” of cybersecurity skills in 2016, up from 28% last year.  ESG also asked survey respondents to identify the area where they have the biggest cybersecurity skills shortage.  Not surprisingly, 33% say that their biggest deficiency was cloud security specialists, followed by 28% who pointed to a deficiency with network security specialists, and 27% who have a shortage of security analysts – pretty scary stuff when you think about cloud security defense along with incident detection and response for cloud-based cyber-threats. Continue reading

Deutsche Telekom to boost security offering for European enterprises

"Bring your own device" can easily turn into bring your own disaster for corporate networks, if attackers use a compromised device as a bridgehead into a secure environment.That's one of the reasons Deutsche Telekom is partnering with two security companies to offer services to smaller companies that don't have the resources to install and operate their own MDM (mobile device management) or endpoint security systems.Internet Protect Pro and Mobile Protect Pro are rebranded versions of services from Zscaler and Zimperium, respectively. The CEOs of the two companies joined Deutsche Telekom executives on stage at the Cebit tradeshow in Hanover, Germany, on Thursday to announce the deals.To read this article in full or to leave a comment, please click here

The 10 Windows group policy settings you need to get right

One of the most common methods to configure an office full of Microsoft Windows computers is with group policy. For the most part, group policies are settings pushed into a computer's registry to configure security settings and other operational behaviors. Group policies can be pushed down from Active Directory (actually, pulled down by the client) or configured locally.I've been doing Windows computer security since 1990, so I've seen a lot of group policies. In my work with customers, I scrutinize each group policy setting within each group policy object. With Windows 8.1 and Windows Server 2012 R2, for example, there are more than 3,700 settings for the operating system alone.To read this article in full or to leave a comment, please click here(Insider Story)

1 3,097 3,098 3,099 3,100 3,101 3,850