Faulty ransomware renders files unrecoverable, even by the attacker

A cybercriminal has built a ransomware program based on proof-of-concept code released online, but messed up the implementation, resulting in victims' files being completely unrecoverable.Researchers from antivirus vendor Trend Micro recently spotted a new file-encrypting ransomware program distributed as a Flash Player update through a compromised website in Paraguay.After they analyzed the program's code, they realized that it was a modification of a proof-of-concept file encryptor application called Hidden Tear that was published on GitHub in August by a Turkish security enthusiast.Hidden Tear comes with a disclaimer that the code may only be used for education purposes and a warning that people using it as ransomware could go to jail.To read this article in full or to leave a comment, please click here

U.S. patent numbers decline; IBM retains top spot in IFI ranking

The number of U.S. patents granted declined for the first time since 2007, ending a seven-year run of increases.According to IFI Claims Patent Services, there were 298,407 utility patents granted during the 2015 calendar year. That represents a decrease of almost 1% compared to 2014, when patent grants hit 300,674 and surpassed the 300,000 threshold for the first time. IFI, which specializes in patent analysis, tracks utility patents from the U.S. Patent and Trademark Office (USPTO), and each year it releases its annual ranking of the top 50 recipients.To read this article in full or to leave a comment, please click here

Microsoft fixes critical flaws in Windows, Office, Edge, IE and other products

Microsoft has released the first batch of security updates for 2016 and they include critical fixes for remote code execution flaws in Windows, Office, Edge, Internet Explorer, Silverlight and Visual Basic.The company has also fixed remote code execution and elevation of privilege vulnerabilities in Windows and an address spoofing flaw in Exchange Server, that were rated important, not critical, due to various mitigating factors.In total, Microsoft issued 9 security bulletins covering patches for 24 vulnerabilities.According to Wolfgang Kandek, the CTO of security firm Qualys, administrators should prioritize the MS16-005 security bulletin, especially for systems running Windows Vista, 7 and Server 2008.To read this article in full or to leave a comment, please click here

GIT Bootcamp: Getting things started with GIT

What is GIT?

GIT is a distributed VCS (Version Control System). In a few words, this means that is a system that allows you to keep track of changes made to a file. The files are stored on a server and each contributor has a local copy of them. Most of the times it’s used when dealing with software development environments, because there is usually a team that works on the same set of files. If it weren’t for GIT (or any other similar tool) everyone would probably overwrite changes that everyone else did to the code and madness would break loose. Still, if you’re not a code developer, you can use GIT to help you keep track of your own files, changes, etc. and keep your head clean!

First time I ran into GIT I had absolutely no idea what it was. For some time, until I had the time to ding into it, I had a note with commands and “what does it do” for each command. This is a “don’t do it like this”-like story. Most definitely, it’s a mistake to take this path because you’ll get to the point where you’ll screw things up so badly Continue reading

15 big data and analytics companies to watch

Making sense of dataJust as practically every startup these days claims to be a cloud company or an IoT company, they’re all big data and analytics firms, too. Well, not really, but they at least toss the hot terms into their company descriptions. We’ve tried to pull out the real big data and analytics companies to highlight them here, listed alphabetically. Most focus on helping companies make sense of their oodles of data, sometimes for customer service, sometimes for IT purposes and sometimes for security reasons. And not all of them are brand new firms.To read this article in full or to leave a comment, please click here

Flexible, secure SSH with DNSSEC

Flexible, secure SSH with DNSSEC

If you read this blog on a regular basis, you probably use the little tool called SSH, especially its ubiquitous and most popular implementation OpenSSH.

Maybe you’re savvy enough to only use it with public/private keys, and therefore protect yourself from dictionary attacks. If you do then you know that in order to configure access to a new host, you need to make a copy of a public key available to that host (usually by writing it to its disk). Managing keys can be painful if you have many hosts, especially when you need to renew one of the keys. What if DNSSEC could help?

Flexible, secure SSH with DNSSEC CC BY 2.0 image by William Neuheisel

With version 6.2 of OpenSSH came a feature that allows the remote host to retrieve a public key in a customised way, instead of the typical authorized_keys file in the ~/.ssh/ directory. For example, you can gather the keys of a group of users that require access to a number of machines on a single server (for example, an LDAP server), and have all the hosts query that server when they need the public key of the user attempting to log in. This saves Continue reading

1 3,198 3,199 3,200 3,201 3,202 3,855