Samsung’s SleepSense sleep tracker taps home appliances to help you doze off

There’s no shortage of devices these days that will track your sleep, but Samsung’s SleepSense is going a little further in helping you doze off in the first place. The slim device slips under a mattress and uses a contactless sensor to measure movements, heart rate, and respiratory rate. As the night goes on, SleepSense tracks how long it took to fall asleep, total sleep time, sleep efficiency, the number of times you wake up or get out of bed, and percentage of REM and deep sleep, all contributing to a general sleep score. Samsung also worked with a Harvard Medical School professor on sleep tips, which the SleepSense app will tailor to your own sleep patterns.To read this article in full or to leave a comment, please click here

Are white box switches less secure?

 

Are white box switches less secure than proprietary alternatives like Juniper or Cisco switches?

Gregory Pickett, Founder of Hellfire Security, did a presentation about white box security during the last Black Hat conference, triggering a multitude of news articles which we will study in this post. Without dwelling on the author mixing ideas between SDN and White Box Networking (which is quite common these days – the title of the presentation is about SDN and the presentation is all about white box networking security) the security issues raised are real.

Those security issues are either network operating system (NOS) specific (which I will not comment on as none of them are related to PicOS), or Pre-Boot related (Bootkit). I will focus on the key issues relating to security of NOS boot loaders, specific to Open Networking / White Box Networking.

Rootkit and Bootkit

The typical goal of a malicious user is to install a rootkit on the device under attack. A rootkit is a collection of software designed to enable unauthorized access while masking its existence.

Because NOS’s protection mechanisms are becoming more elaborate, a new kind of attack came up. This type of attack bypasses all NOS security by Continue reading

How Agari Uses Airbnb’s Airflow as a Smarter Cron

This is a guest repost by Siddharth Anand, Data Architect at Agari, on Airbnb's open source project Airflow, a workflow scheduler for data pipelines. Some think Airflow has a superior approach.

Workflow schedulers are systems that are responsbile for the periodic execution of workflows in a reliable and scalable manner. Workflow schedulers are pervasive - for instance, any company that has a data warehouse, a specialized database typically used for reporting, uses a workflow scheduler to coordinate nightly data loads into the data warehouse. Of more interest to companies like Agari is the use of workflow schedulers to reliably execute complex and business-critical "big" data science workloads! Agari, an email security company that tackles the problem of phishing, is increasingly leveraging data science, machine learning, and big data practices typically seen in data-driven companies like LinkedIn, Google, and Facebook in order to meet the demands of burgeoning data and dynamicism around modeling.

In a previous post, I described how we leverage AWS to build a scalable data pipeline at Agari. In this post, I discuss our need for a workflow scheduler in order to improve the reliablity of our data pipelines, providing the previous post's pipeline Continue reading

Cisco security chief: 4 things CISOs need to survive

As the criminal infrastructure that supports cyber attacks grows more efficient to speed up development of new threats CISOs need to constantly learn new skills to keep their businesses and their jobs safe, according to Cisco’s head of security solutions.They have to have solid knowledge of network security, but also have to be able to communicate well, develop in-house security talent and stay on top of how the threat landscape is changing, says James Mobley, Cisco vice president of security solutions and former CEO of security consulting firm Neohapsis, which Cisco bought last year.+More on Network World: FBI: Major business e-mail scam blasts 270% increase since 2015+To read this article in full or to leave a comment, please click here

Shopperz adware takes local DNS hijacking to the next level

New versions of a highly persistent adware program called Shopperz use a cunning technique to make DNS (Domain Name System) hijacking harder to detect and fix.Shopperz, also known as Groover, injects ads into users' Web traffic through methods researchers consider malicious and deceptive.In addition to installing extensions in Internet Explorer and Firefox, the program creates Windows services to make it harder for users to remove those add-ons. One service is configured to run even in Safe Mode, a Windows boot option often used to clean malware.Moreover, Shopperz creates a rogue Layered Service Provider (LSP) in Windows's network stack that allows it to inject ads into Web traffic regardless of the browser used.To read this article in full or to leave a comment, please click here

What’s the deal with Apple-Cisco deal?

Apple earlier this week expanded its push into enterprises, announcing a partnership with Cisco to sell more iPads and iPhones to businesses.But unlike the deal Apple struck with IBM last summer, the partnership with Cisco was outlined in only the broadest terms. The vagueness put off one analyst.To read this article in full or to leave a comment, please click here

Black Hat survey reveals a disconnect between losses and security program focus

I started to review the recently published Black Hat Attendee Survey. This study primarily focused on the concerns of practitioners, including how they actually spent their times and the losses that they incurred. In another article, I will try to compare those concerns with the actual conference content. For now though, the most notable statistic is the prominence of awareness related concerns, as a pain point for security professionals. Clearly, the news media and study after study indicate that attackers target poor awareness on the part of end users and administrators. It has been reported that spearphishing was behind the Sony and TV5Monde attacks. The Sony results are well known. The TV5Monde attack was originally credited to ISIS sympathizers and the fact that TV5Monde actually televised many of their passwords while broadcasting an interview from their studios. Passwords were written on a white board in the background. Whether the attack was the result of televised passwords or spearphishing, it is still a result of user actions.To read this article in full or to leave a comment, please click here

The myth of the cybersecurity skills shortage

Everyone seems to think that there’s a lack of qualified security professionals, and that the reason is that there aren’t enough people entering the field with the required skills. There is a fallacy behind that thinking, though. People think that security is a stand-alone discipline, but it is actually a discipline within the computer field. Treating it otherwise is a mistake.Most of the people who have been in the security profession for more than a decade, including me, entered the field without a cybersecurity degree. We might have certifications, but we don’t claim that those certs are the source of any expertise we may have.My own experience is not atypical. In all of my years of working, as an employee or contractor, for the National Security Agency and other military and intelligence agencies, I never performed specifically what would be considered security work.To read this article in full or to leave a comment, please click here

1 3,249 3,250 3,251 3,252 3,253 3,756