Voice hackers can record your voice then use morpher to trick authentication systems

It's easy for someone with potentially malicious intentions to record your voice, as you leave traces of your voice when simply talking somewhere out in public, during mobile phone calls, in videos posted on social networking sites, or even when sending a recorded voice greeting card. Your voice is considered to be unique enough to serve as an authentication of your identity.But after studying the implications of commonplace voice leakage and developing voice impersonation attacks, researchers from the University of Alabama at Birmingham warned that an attacker, in possession of only a very limited number of your voice samples, with "just a few minutes worth of audio of a victim's voice," can clone your voice and could compromise your security, safety, and privacy.To read this article in full or to leave a comment, please click here

Microsoft’s Windows chief Myerson falls short of addressing Windows 10 spying concerns

After a month of stern accusations, including one from yours truly, the chief of Microsoft's Windows group addressed user concerns over privacy and information gathering in a blog post.Since its launch two months ago, Windows 10 has been dogged by a number of privacy concerns, ranging from machine IDs to keylogging to spying on your Cortana queries. Windows 7 and 8 were also drawn into the controversy, as Microsoft back-ported some of its telemetry gathering functions to the older operating systems, and the company was also found to be downloading the multigigabyte installation files to Windows 7 and Windows 8 machines without user permission.To read this article in full or to leave a comment, please click here

Jeb Bush is a cyber-weenie

Jeb Bush, one of them many 2016 presidential candidates, has numerous positions on "cyber" issues. They are all pretty silly, demonstrating that not only he but also his advisors profoundly misunderstand the issues.

For example, his recent position opposing "NetNeutrality" regulations says this:
these rules prohibit one group of companies (ISPs) from charging another group of companies (content companies) the full cost for using their services
Uh, no, that's how Democrats frame the debate. ISPs charging content providers is actually a very bad thing. That we Republicans oppose NetNeutrality is not based on the belief that "charging content companies" is a good thing.

Instead, NetNeutrality is about technical issues like congestion and routing. Congestion is an inherent property of the Internet. NetNeutrality shifts the blame for congestion onto the ISPs. NetNeutrality means the 90% of Comcast subscribers who do not use Netflix must subsidize the 10% who are.

Or at least, that's one of the many ways Republicans would phrase the debate. More simply, all Republicans oppose NetNeutrality simply because it's over-regulation. My point is that Jeb Bush doesn't realized he's been sucked into the Democrat framing, and that what he says is garbage.


A better example is Jeb's position Continue reading

21 of the greatest computer quotes ever

He said itImage by Mark GibbsThe world of computers and programming isn’t just a world of algorithms, bits, and coding; it’s also a world of dark, sarcastic and or sardonic humor about the world of computers and programming, by which I mean it’s also recursive (see recursive). Here are arguably (and I’m sure you will argue) 21 of the greatest computer quotes ever. Let the wit begin!To read this article in full or to leave a comment, please click here

Is Apple’s walled garden showing signs of erosion?

Apple has long benefitted from a perception that its devices and the software that powers them are more safe and secure than the competition, but last year's high-profile iCloud hack and a recent large-scale malware attack bring Apple security into question. Earlier this month, Apple suffered a potentially catastrophic security lapse when malicious code injected into a counterfeit version of Xcode, the company's app development toolset, made its way into hundreds (and perhaps thousands) of apps from Chinese developers. The malware affected hugely popular apps, including WeChat, which was eventually pulled from the App Store. Apple failed to detect and stop the malware from entering its "walled garden" and gaining access to an untold number of customers' iOS devices.To read this article in full or to leave a comment, please click here

Breaking free of legacy tech

Rotary Club members who donate $1,000 or more to the Rotary Foundation get a lot of special attention. They are named Paul Harris Fellows in honor of the organization's founder. They receive a certificate and an elegant lapel pin. It's an important award in the Rotary world, and one that has been around since 1957. But recently it had become the source of a lot of unhappiness.When Discover Financial Services set out to expand its offerings beginning in 2007, the company's legacy technology was an obvious impediment, according to executive vice president and CIO Glenn Schneider. "As with many others who've been around for years and have multiple generations of technology in their data centers, the question was, how do we leverage that?" he says. The company's move into the banking business, with IRAs, CDs and many other types of accounts, made its banking platform an obvious choice for an update. "Our mission is to be the leading direct bank and payments platform," Schneider says. "We are all online, so to create competitive differentiation, we felt the necessity to start at the foundation level itself and create a new platform."To read this article in full or Continue reading

2015’s most dangerous celebrity web searches

DJ Armin van BuurenImage by Jorge Mejía PeraltaElectronic Dance Music (EDM) DJ Armin van Buuren replaces comedian and talk show host Jimmy Kimmel as Intel Security’s most dangerous celebrity to search for online. For the ninth year in a row, Intel Security researched popular culture’s most famous people to reveal which of them generates the most dangerous search results.To read this article in full or to leave a comment, please click here

Network security weaknesses plague federal agencies

In the shadow of the recent Office of Personnel Management break-in it likely comes as little surprise to many that the federal government needs to pick up its security game in a big way.This challenge is perhaps reflected best in report this week by watchdogs at the Government Accountability Office that shows despite years of recommendations and billions of dollars spent, most federal agencies remain frighteningly weak when it comes to cybersecurity.To read this article in full or to leave a comment, please click here

Strategy: Taming Linux Scheduler Jitter Using CPU Isolation and Thread Affinity

When nanoseconds matter you have to pay attention to OS scheduling details. Mark Price, who works in the rarified high performance environment of high finance, shows how in his excellent article on Reducing system jitter.

For a tuning example he uses the famous Disrupter inter-thread messaging library. The goal is to keep the OS continuously feeding CPUs work from high priority threads. His baseline test shows the fastest message is sent in 76 nanoseconds, 1 in 100 messages took longer than 2 milliseconds, and the longest delay was 11 milliseconds.

The next section of the article shows in loving detail how to bring those latencies lower and more consistent, a job many people will need to do in practice. You'll want to read the article for a full explanation, including how to use perf_events and HdrHistogram. It's really great at showing the process, but in short:

  • Turning off power save mode on the CPU reduced brought the max latency from 11 msec down to 8 msec.
  • Guaranteeing threads will always have CPU resources using CPU isolation and thread affinity brought the maximum latency down to 14 microseconds.

Related Articles

Verisign introduces free, privacy-focused public DNS

When it comes to domain name systems (DNS), there are a lot of choices available. Yesterday, Verisign introduced a free, public Domain Name System (DNS) service that respects users' privacy.I think we're all aware now that much of the information we put into websites is often sold and used for good and bad purposes. We search for certain restaurants and all of sudden we're being pushed coupons for it. We update our LinkedIn profile and now we're being approached about jobs at competing companies. When we purchase an item online with a credit card, the number may be stolen. Even though there are risks, we still do those activities because they make our lives more convenient, and for that we're willing to deal with the consequences.To read this article in full or to leave a comment, please click here

Verifying SSL Certificate Chains

Found this link very useful doing this:

http://www.herongyang.com/Cryptography/OpenSSL-Certificate-Path-Validation-Tests.html

Some useful commands:
Display a certificate:
openssl x509 -in test-cert-top.pem -noout -text

Display a certificate's issuer:
openssl x509 -in test-cert-top.pem -noout -issuer

Display a certificate's subject:
openssl x509 -in test-cert-top.pem -noout -subject

Verify a certificate:
openssl verify test-cert-top.pem

Verify a certificate chain with 3 certificates:
openssl verify -CAfile test-cert-bottom.pem -untrusted test-cert-middle.pem test-cert-top.pem
-CAfile keyword indicates which certificate is used as the root certificate, with the -untrusted option being set to validate the intermediate certificate in the chain

Verify a certificate chain with 2 certificates:
openssl verify -CAfile test-cert-bottom.pem test-cert-middle.pem


Dyreza malware steals IT supply chain credentials

Cyber-criminals using the Dyreza computer trojan appear to be shifting gears from online banking and moving into the industrial supply chain.New versions of Dyreza are configured to steal credentials for order fulfillment, warehousing, inventory management, e-commerce and other IT and supply chain services. This represents a deliberate strategy on the part of attackers to target new industries at all points across the supply chain, researchers from security firm Proofpoint said in a blog post."We suspect a financial motivation," they said. "Once an attacker has obtained login credentials for their targeted systems, the potential to harvest payment information, make fraudulent financial transfers, and even divert physical shipments is immense."To read this article in full or to leave a comment, please click here

Your Ansible Playbook for OpenStack Summit Tokyo

Openstack-Tokyo

The next OpenStack Summit is quickly approaching -- and the schedule is, as always, packed with great sessions, collaboration days, social events, get-togethers, and more.

If you’re joining the event in Tokyo, which runs from October 27-30, and you’re a fan of Ansible, you just might be thinking to yourself… “If only there was a playbook for this!”

Behold! My amazing psychic capabilities alerted me to this exact scenario. Okay, not really, but: in, ahem, "playbook-inspired" format, you’ll find a list of tasks for each type of role -- conference sessions, OpenStack projects using Ansible to know about, the Ansible Collaboration Day onsite at Summit, and how to stay up to date with Ansible-related happenings on-site and beforehand.

Not familiar with Ansible yet, or how it works with OpenStack? Here's the great news: There will be plenty of opportunities for you to learn all about it at OpenStack Summit. And just like Ansible makes it easy for you to deploy and operate your OpenStack cloud -- this blog post makes it easy for you to find the Ansible-related content to get you started on your path to Ansible+OpenStack cloud bliss.

All you have to do is decide which Continue reading

Cisco acquires security consultancy

Cisco this week said it intends to purchase Portcullis, a privately held cybersecurity consultancy based in the United Kingdom.Terms of the deal were not disclosed.+MORE ON NETWORK WORLD: Cisco security chief: 4 things CISOs need to survive+ Cisco James Mobley, Cisco vice president of security solutionsTo read this article in full or to leave a comment, please click here

Worth Reading: Antivirus and Zero Day

Deploying multiple AV products might expand the total number of known malware signatures in your AV armor, but this approach doesn’t combat the biggest flaw: new, zero-day malware that no AV product has ever encountered (and therefore can’t possibly recognize). Even with frequent updates to the signature database, AV software just can’t keep up. via the cloud security alliance

The post Worth Reading: Antivirus and Zero Day appeared first on 'net work.

1 3,316 3,317 3,318 3,319 3,320 3,855