Android malware steals one-time passcodes

One-time passcodes, a crucial defense for online banking applications, are being intercepted by a malware program for Android, according to new research from Symantec.The malware, called Android.Bankosy, has been updated to intercept the codes, which are part of so-called two-factor authentication systems.Many online banking applications require a login and password plus a time-sensitive code in order to gain access. The one-time passcode is sent over SMS but also can be delivered via an automated phone call.Some banks have moved to call-based delivery of passcodes. In theory, that provides better security since SMS messages can be intercepted by some malware, wrote Dinesh Venkatesan of Symantec in a blog post on Tuesday.To read this article in full or to leave a comment, please click here

Robotic falconry to foil unwanted drones

Described as “Robotic Falconry”, a new way to deal with drones that need to be removed from the air has been demonstrated by Michigan Tech. What’s so neat about this solution to controlling unwanted drones in your airspace is that the system, which uses a net that is fired at the target drone from another drone, snags the intruder and then hauls it away to a secure area so that any payload (for example, drugs or explosives)  can be dealt with. Here's the system in testing:To read this article in full or to leave a comment, please click here

Seven weeks later, here’s your Cisco UCS password!

This might be up there with the cable connector boot that hit the reset button on Cisco switches…For seven weeks, Cisco’s been shipping UCS servers with a default password unknown to its systems administration customers, the company said in a field notice posted yesterday. The Register was first to report on the situation.The default password when initially configuring these servers is supposed to be “password.” But Cisco changed that to “Cisco1234” back in November, apparently without telling customers.To read this article in full or to leave a comment, please click here

Patch Tuesday: Microsoft released 9 security updates, 6 rated critical, 7 for RCE

To start off 2016 Patch Tuesdays, Microsoft released nine security bulletins, six of which are rated as critical and seven resolve remote code execution vulnerabilities.While that many RCEs don’t set any records, Bobby Kuzma, CISSP, systems engineer at Core Security, said, “It still distresses me. Web browsers are not safe, and everyone should be using some kind of content filtering on their networks. It's like wearing a seat belt. Just do it.”Rated criticalFirst up is MS16-001, the cumulative fix for flaws in Internet Explorer which an attacker could exploit to gain remote code execution and have the same rights as the user. The patch is meant to modify how VBScript handles objects in memory and to help ensure that cross-domain policies are properly enforced in Internet Explorer.To read this article in full or to leave a comment, please click here

Wall Street Technology Association introduces its board

The Wall Street Technology Association, which provides a forum for financial industry technology professionals, vendors, service providers, and consultants learn from one another, has introduced its board of directors for the new year.Having been around since 1967, the group is one of the oldest organizations catering to IT professionals, so we figure it's a good thing to give those volunteering as leaders to get a bit of attention. Here's the board:*President : James Kostulias, Chief Information Officer, TD Ameritrade To read this article in full or to leave a comment, please click here

Will your car become a mini-data center? IBM thinks that’s just the beginning

In the not too distant future many consumers expect autonomous, self-driving cars that repair problems without human intervention, implement cognitive computing to adapt the car to a particular driver’s behaviors and react to the vehicle’s environment.Those are at least some of the conclusions gleaned from IBM’s “Auto 2025: A New Relationship – People and Cars” research involving 16,000 global consumers who were asked how they expect to use vehicles in the next ten years.+More on Network World: 20 years ago: Hot sci/tech images from 1995+To read this article in full or to leave a comment, please click here

Will your car become a mini-data center? IBM thinks that’s just the beginning

In the not too distant future many consumers expect autonomous, self-driving cars that repair problems without human intervention, implement cognitive computing to adapt the car to a particular driver’s behaviors and react to the vehicle’s environment.Those are at least some of the conclusions gleaned from IBM’s “Auto 2025: A New Relationship – People and Cars” research involving 16,000 global consumers who were asked how they expect to use vehicles in the next ten years.+More on Network World: 20 years ago: Hot sci/tech images from 1995+To read this article in full or to leave a comment, please click here

My Thoughts On The Death Of IP Telephony

A Candlestick Phone (image courtesy of WIkipedia)

A Candlestick Phone (image courtesy of Wikipedia)

Greg Ferro (@EtherealMind) posted a thought provoking article about collaboration in his Human Infrastructure magazine (which you should be reading). He talks about the death of IP Telephony and the rise of asynchronous communications methods like Slack. He’s got a very interesting point of view. I just happen to disagree with a few of his assertions.

IP Telephony Is Only Mostly Dead

Greg’s stance that IP Telephony is dead is a bit pointed to say the least. He is correct that the market isn’t growing. It is also true that a great number of new workers entering the workforce prefer to use their smartphones for communications, especially the asynchronous kind. However, desk phones are a huge part of corporate communications going forward.

IT shops have a stilted and bizarre world view. If you have a workforce that has to be mobile, whether it be for making service calls or going to customer sites for visits, you have a disproportionately large number of mobile users for sure. But what about organizations that don’t have large mobile populations? What about financial firms or law offices or hospitals? What about retail organizations? These Continue reading

New remote access Trojan Trochilus used in cyberespionage operations

A cyberespionage group has been discovered using a new remote access Trojan, dubbed Trochilus, whose detection rate was very low among antivirus products.The malware was discovered by researchers from Arbor Networks while investigating attacks in Myanmar that were launched from compromised government websites.The researchers linked the compromises to a sophisticated group of attackers known as Group 27, who are known to use different malware programs in their operations, some with overlapping capabilities.Arbor Networks has uncovered seven malware programs used by the group so far, including three remote access Trojans: PlugX, 9002, and the new Trochilus.To read this article in full or to leave a comment, please click here

Europol tracks DD4BC cyber-extortion gang to Bosnia

Police believe they have nabbed a key figure behind a series of online extortion attacks that have taken place around the world over the last 18 months. Operation Pleiades, a joint operation by police forces from around the world, led to the arrest of a "main target" and the detention of another suspect, Europol said Tuesday. The denial-of-service attacks on webservers and the like made by group going by the name DD4BC (Distributed DoS for Bitcoin), are followed by an email threatening that the attack will be stepped up unless a payment is made in bitcoin. Attackers using the name DD4BC have targeted businesses large and small -- and also email addresses leaked from the Ashley Madison website.To read this article in full or to leave a comment, please click here

Windows 8, older Internet Explorer versions face end-of-life deadline this week

This week's Patch Tuesday will be the final time the Windows 8 OS and Internet Explorer versions 8, 9, and 10 see any more fixes. Microsoft is again making the necessary decision to cut the cord and let the aging browsers go, and it has begun urging users to upgrade.As always, the products will continue to work, they just won't be patched if a flaw or exploit is found. With this end-of-life patch, IE users will be given an upgrade notification informing them that the browser will no longer be supported and encouraging them to use the latest version. It's a similar ritual Microsoft had to go through with Windows XP two years ago.And, as it turns out, there are still a fair number of users of the old IE versions – around 19.8%, according to NetMarketShare analytics. So why are the old browser versions hanging on? Two reasons, I suspect.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Addressing hybrid network challenges with SD-WAN

In previous articles I outlined one of the most clear-cut use cases for Software Defined WAN: replacing traditional Internet-based VPNs with a centrally-managed SD-WAN solution. This is easy for enterprises to relate to, and the benefits of deploying this type of project can be considerable.However, many enterprises deal with a much more complex hybrid WAN, and the challenges with this type of environment can be substantial. A hybrid WAN means that multiple technologies are integrated to deliver the end-to-end solution; this can include MPLS, VPLS, point-to-point circuits and Internet VPNs. Traffic flows between end users and applications can span multiple technologies and multiple boundaries of management responsibility. I've worked with many global enterprises that operate networks like this, and I hear several recurring complaints:To read this article in full or to leave a comment, please click here

Security ‘net: Social Media & Narratives

I have a rather motley collection of links this week roaming over security, social media, and algorithms. First up is three interesting reads on social media, some of which isn’t very technical, but it’s tangential to technology, so I still get to post them here. Since beginning work in earnest on a PhD in philosophy, I’ve been paying a lot more attention to stories in this realm, and thinking about how these things impact us as people and our culture at large.

First up, a prediction that Facebook is going to die because it’s a “garbage dump.” I’m not a huge user of Facebook, so I really don’t pay attention to what goes on there (which is probably why if you’ve tried to friend me there, I’ve not answered — I rarely look at requests, and almost never approve them).

It’s sort of like going to your junk drawer to find the nail clippers, and rifling through old receipts, coupons, paper clips. Instead of fetching your clippers, which you know are in the back, you occupy yourself momentarily with what’s in your drawer and why it’s there.

It’s important for communication channels to keep their signal to noise ratio Continue reading

Lies vendors tell about Service Level Agreements and how to negotiate for something better

Although vendor-written, this contributed piece does not advocate a position that is particular to the author’s employer and has been edited and approved by Network World editors.

Most companies now use a range of cloud applications, and uptime performance for those applications is measured by Service Level Agreements (SLAs). These agreements acknowledge that glitches, system crashes and downtime have an enormous impact on business continuity and can adversely affect customer loyalty and churn. Gartner estimates downtime can cost major corporations as much as $100,000 per hour.

To read this article in full or to leave a comment, please click here

1 3,186 3,187 3,188 3,189 3,190 3,841