What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2016-10-05 14:03:00 | Phishing still fools people, but at least more are cautious (lien direct) | While people still have a really hard time telling the difference between legit and phishing emails, at least there is enough awareness of the phishing threat that many people will err on the side of caution when it comes to clicking on links.This was one finding from Carnegie Mellon University's CyLab in a study titled "Quantifying Phishing Susceptibility for Detection and Behavior Decisions" that published recently in the journal Human Factors.MORE: New tech can help catch spearphishing attacksTo read this article in full or to leave a comment, please click here | |||
|
2016-10-05 11:32:24 | FBI arrests an NSA contractor suspected of stealing hacking tools (lien direct) | The FBI has arrested a U.S. government contractor for allegedly stealing classified documents, possibly including hacking tools.Harold Thomas Martin III, 51, has been charged with stealing government materials, including top secret information, the U.S. Department of Justice said on Wednesday.Martin, who held a top-secret national security clearance, allegedly took six classified documents produced in 2014."These documents were produced through sensitive government sources, methods, and capabilities, which are critical to a wide variety of national security issues," the DOJ said. To read this article in full or to leave a comment, please click here | |||
|
2016-10-05 11:28:00 | IDG Contributor Network: Many people abandon security, risky behavior surges (lien direct) | People are sick and tired of being told to be more secure in their use of computers and when participating in online activities. So much so that they're simply ignoring the blitz of annoying demands and are carrying on as imprudently as they've always done, according to National Institute of Standards and Technology (NIST) researchers.The U.S. Department of Commerce-operated lab recently published a report (subscription) on the subject in IEEE's IT Professional Journal.The study's participants “expressed a sense of resignation and loss of control†when the scientists asked them about their online activity, such as shopping and banking.To read this article in full or to leave a comment, please click here | |||
|
2016-10-05 10:02:00 | Creepy clown craze actually addressed at White House press conference (lien direct) | It's been a week since we looked at the clown hysteria sweeping the nation, including a sheriff consulting with the FBI and Homeland Security over the clown threat, and now creepy clowns have even been addressed during a White House press conference.On Tuesday, Bloomberg's Justin Sink asked White House press secretary Josh Earnest about the creepy clown craze. Sink mentioned that the New York Times reported 12 people have been arrested for either making fake clown reports, threats, or chasing people, and law enforcement is seeking clown advise from DHS and the FBI. He asked if President Obama was keeping tabs on the creepy clown phenomena and if the White House had any comments to discourage clown pranks.To read this article in full or to leave a comment, please click here | |||
|
2016-10-05 08:07:43 | Guccifer 2.0 claims to have hacked the Clinton Foundation (lien direct) | Hacker Guccifer 2.0 now claims to have hacked the Clinton Foundation, but the documents posted show Democratic campaign data from organizations already compromised.Guccifer 2.0, believed by some security experts to be a Russian team of hackers, posted several documents Tuesday that he claims to have taken from servers at the Clinton Foundation, the charity founded by former U.S. President Bill Clinton, husband of Democratic presidential candidate Hillary Clinton.Earlier this year, Guccifer 2.0 claimed to have hacked both the Democratic National Committee and the Democratic Congressional Campaign Committee (DCCC), and the new documents appear to be more of the same. To read this article in full or to leave a comment, please click here | |||
|
2016-10-05 07:30:06 | Yahoo calls report of secret email scanning \'misleading\' (lien direct) | Yahoo has called a Reuters article about a secret email scanning program "misleading," and said no such system exists. On Tuesday, the Reuters article claimed that Yahoo had created the custom software program after receiving a classified U.S. government order.  That software program is reportedly capable of scanning all incoming emails from Yahoo customers for information provided by U.S. intelligence officials.However, on Wednesday Yahoo disputed the report.“We narrowly interpret every government request for user data to minimize disclosure. The mail scanning described in the article does not exist on our systems," the company said in an email. To read this article in full or to leave a comment, please click here | Guideline | Yahoo | |
|
2016-10-05 06:46:05 | Cerber ransomware kills database connections to access important data (lien direct) | In order to encrypt some of the most important data stored on computers and servers, the Cerber ransomware now tries to kill processes associated with database servers.The goal for ransomware programs is to affect as many valuable files as possible in order to increase the chance that affected users will pay to have them restored. For consumers these files are things like personal photos, videos, documents and even game saves, but for businesses, its usually data stored in databases.The problem for hackers is that write access to database files can be blocked by the OS if they're already being used by other processes, which prevents the ransomware program from encrypting them.To read this article in full or to leave a comment, please click here | |||
|
2016-10-05 04:40:00 | Q&A: The myths and realities of hacking an election (lien direct) | Election hacking has become a key topic during this year's presidential elections, more so now that candidates and voters are being actively targeted by actors that are assumed to be acting with Russian support. In this modified edition of CSO Online's Hacked Opinions series, we explore the myths and realities of hacking an election, by speaking with a number of security experts.Q: Can the national election really be hacked? If so, how? "It's unlikely that the national election could really be hacked to alter the outcome. Voter registration databases have recently proven vulnerable, but adding, modifying, or deleting records doesn't produce the intended effect (changed outcome); it just raises questions about the integrity of the database on election day," said Levi Gundert, CP of Intelligence and Strategy, Recorded Future.To read this article in full or to leave a comment, please click here | |||
|
2016-10-05 04:39:00 | Hacking an election is about influence and disruption, not voting machines (lien direct) | Every time there's an election, the topic of hacking one comes to the surface. During a presidential election, that conversation gets louder. Yet, even the elections held every two years see some sort of vote hacking coverage. But can you really hack an election? Maybe, but that depends on your goals.The topic of election hacking is different this year, and that's because someone is actually hacking political targets. Adding fuel to the fire, on Aug. 12, 2016, during an event in Pennsylvania, Donald Trump warned the crowd that if he loses the battleground state, it's because the vote was rigged.To read this article in full or to leave a comment, please click here | |||
|
2016-10-05 04:37:00 | One election-system vendor uses developers in Serbia (lien direct) |
Voting machines are privately manufactured and developed and, as with other many other IT systems, the code is typically proprietary.The use of proprietary systems in elections has its critics. One Silicon Valley group, the Open Source Election Technology Foundation, is pushing for an election system that shifts from proprietary, vendor-owned systems to one that that is owned "by the people of the United States."To read this article in full or to leave a comment, please click here |
|||
|
2016-10-05 04:35:00 | If the election is hacked, we may never know (lien direct) |
The upcoming U.S. presidential election can be rigged and sabotaged, and we might never even know it happened.This Election Day voters in 10 states, or parts of them, will use touch-screen voting machines with rewritable flash memory and no paper backup of an individual's vote; some will have rewritable flash memory. If malware is inserted into these machines that's smart enough to rewrite itself, votes can be erased or assigned to another candidate with little possibility of figuring out the actual vote.To read this article in full or to leave a comment, please click here |
|||
|
2016-10-05 04:00:00 | Hacked voter registration systems: a recipe for election chaos (lien direct) | How do you disrupt the U.S. election? Hacking a voter registration database could very well do just that. Imagine thousands or even millions of citizens' names mysteriously disappearing from a database. Then when election day comes along, they find out they aren't registered to vote. Â Some security experts warn that this scenario isn't totally far-fetched and could deny citizens from casting ballots. "If that happens to a few voters here and a few there, it's not a big deal," said Dan Wallach, a professor at Rice University who studies electronic voting systems. "If that happens to millions of voters, the processes and procedures we have would grind to a halt."To read this article in full or to leave a comment, please click here | |||
|
2016-10-05 04:00:00 | 3 nightmare election hack scenarios (lien direct) | The question on the mind of many voting security experts is not whether hackers could disrupt a U.S. election. Instead, they wonder how likely an election hack might be and how it might happen. The good news is a hack that changes the outcome of a U.S. presidential election would be difficult, although not impossible. First of all, there are technology challenges -- more than 20 voting technologies are used across the country, including a half dozen electronic voting machine models and several optical scanners, in addition to hand-counted paper ballots. But the major difficulty of hacking an election is less a technological challenge than an organizational one, with hackers needing to marshal and manage the resources needed to pull it off, election security experts say. And a handful of conditions would need to fall into place for an election hack to work.To read this article in full or to leave a comment, please click here | |||
|
2016-10-05 04:00:00 | 5 ways to improve voting security in the US (lien direct) | With the U.S. presidential election just weeks away, questions about election security continue to dog the nation's voting system. It's too late for election officials to make major improvements, "and there are no resources," said Joe Kiniry, a long-time election security researcher. However, officials can take several steps for upcoming elections, security experts say. "Nobody should ever imagine changing the voting technology used this close to a general election," said Douglas Jones, a computer science professor at the University of Iowa. "The best time to buy new equipment would be in January after a general election, so you've got almost two years to learn how to use it."To read this article in full or to leave a comment, please click here | |||
|
2016-10-05 03:30:00 | IDG Contributor Network: Building an insider threat program that works - Part 2 (lien direct) | Organizations attempting to implement a world-class insider threat program have learned from experience what doesn't work well (see Part I of this post). As a result, they have a better sense of what they require to prevail in today's evolving insider threat landscape.There is an emerging consensus that any world-class insider threat program must have the following three core characteristics:1. Preventive: Organizations want more than just a threat detection system that tells them an attack has already taken place. They need an early-warning system that allows them to prevent insider threat events through a comprehensive threat assessment framework that leverages all available internal and external data and produces far fewer false negatives and positives.To read this article in full or to leave a comment, please click here | |||
|
2016-10-04 17:37:53 | US tech giants say they didn\'t do Yahoo-style email spying (lien direct) | Reports of a secret Yahoo program to search through customers' incoming emails has spurred other tech companies to deny ever receiving a similar request from the U.S. government.The program, reportedly created last year through a classified U.S. order, involves Yahoo searching through hundreds of millions of user accounts at the behest of the National Security Agency or FBI.Other U.S. tech companies, including Google, Microsoft, Twitter and Facebook, denied doing anything like it. Most also said they would challenge such a request in court.Privacy advocates said the government enlisting Yahoo to assist in email monitoring would be wrong.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2016-10-04 13:19:07 | WikiLeaks plans to dump more sensitive files on US election (lien direct) | WikiLeaks is promising to release secret documents relating to the U.S. election, at a time when there are already questions over whether Russian hackers are feeding the site information.WikiLeaks will publish the documents "every week for the next 10 weeks" and the topics include the U.S. election, war, arms, Google, and mass surveillance, site founder Julian Assange said on Tuesday in a press conference. Â All the U.S. election documents will be released before Nov. 8, when voters cast their ballots. The leaks pertain to "U.S. power factions and how they operate," Assange said. However, he denied deliberately trying to sabotage Democratic presidential candidate Hillary Clinton's election chances.To read this article in full or to leave a comment, please click here | |||
|
2016-10-04 13:09:53 | New insulin pump flaws highlights security risks from medical devices (lien direct) | Medical device manufacturer Animas, a subsidiary of Johnson & Johnson, is warning diabetic patients who use its OneTouch Ping insulin pumps about security issues that could allow hackers to deliver unauthorized doses of insulin.The vulnerabilities were discovered by Jay Radcliffe, a security researcher at Rapid7 who is a Type I diabetic and user of the pump. The flaws primarily stem from a lack of encryption in the communication between the device's two parts: the insulin pump itself and the meter-remote that monitors blood sugar levels and remotely tells the pump how much insulin to administer.The pump and the meter use a proprietary wireless management protocol through radio frequency communications that are not encrypted. This exposes the system to several attacks.To read this article in full or to leave a comment, please click here | |||
|
2016-10-04 11:47:19 | Yahoo may have allowed US government to search user emails (lien direct) | Yahoo has reportedly searched through all of its users' incoming emails with a secret software program that's designed to ferret out information for U.S. government agencies.The software program, which was created last year, has scanned hundreds of millions of Yahoo Mail accounts at the behest of the National Security Agency or FBI, according to a Tuesday report from Reuters.Yahoo reportedly created the program to comply with a U.S. classified government directive. It's unclear if the mass email searching program is still in use."Yahoo is a law-abiding company and complies with the laws of the United States," the company said in a statement.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2016-10-04 09:12:43 | After Mozilla inquiry, Apple untrusts Chinese certificate authority (lien direct) | Following a Mozilla-led investigation that found multiple problems in the SSL certificate issuance process of WoSign, a China-based certificate authority, Apple will make modifications to the iOS and macOS to block future certificates issued by the company.Although there is no WoSign root certificate in Apple's trusted certificate store, a WoSign intermediate CA certificate is cross-signed by two other CAs that Apple trusts: StartCom and Comodo. This means that until now Apple products have automatically trusted certificates issued through the WoSign intermediate CA.Because WoSign experienced multiple control failures in their certificate issuance processes for the WoSign CA Free SSL Certificate G2 intermediate CA, "we are taking action to protect users in an upcoming security update," Apple said in support notes for both iOS and macOS. "Apple products will no longer trust the WoSign CA Free SSL Certificate G2 intermediate CA."To read this article in full or to leave a comment, please click here | |||
|
2016-10-04 07:23:00 | Hackers can remotely exploit insulin pump for unauthorized insulin injections (lien direct) | Rapid7 and Johnson & Johnson disclosed three vulnerabilities in the Animas OneTouch Ping insulin pump system, flaws which could be remotely exploited. However, the attack is sophisticated and both say the risk of exploitation is “relatively low.â€OneTouch Ping is a medical device which comes with a wireless remote control that patients can use to deliver insulin instead of accessing the device under their clothes. The Johnson & Johnson Animas device is described as a “two-part system;†the pump and a meter remote which communicates wirelessly via RF communication “to deliver insulin from the pump.â€To read this article in full or to leave a comment, please click here | |||
|
2016-10-04 06:00:00 | IDG Contributor Network: SoftLayer founder\'s new company, StackPath, releases app security product (lien direct) | It's always interesting to see what happens when a high-profile CEO sells his company and then finishes up his earn-out period. There are a few different models: some individuals go buy an island, start making films or go on permanent vacation. Others take some time to work out what they're going to do and maybe take an entrepreneur-in-residence position for a time, while others jump straight back into the shark tank.+ Also on Network World:Â Application-layer DDoS attacks will increase, Kaspersky Labs predicts +To read this article in full or to leave a comment, please click here | |||
|
2016-10-04 04:48:00 | Security for your collaborative software (lien direct) | There's a gaping hole in your security infrastructure right now. The front door is open, the side window is ajar, and there's an open safe with a neon sign saying “steal my data†in flashing lights. While you might have locked down the network used for this software, instituted strict usage policies, and insist on having users stick to complex passwords, the data is leaking.Collaborative apps like Slack and Convo are like a sieve at some larger companies, but no one quite knows what to do about it. The apps let users share documents, business plans, financials, and many other files, but one reason it's such a security risk is that we tend to use these glorified chat tools all day, everyday.To read this article in full or to leave a comment, please click here | |||
|
2016-10-04 04:46:00 | Turn data from risk liability into an asset (lien direct) | Big data has proven to be a big asset for corporations who are trying to collect information and make informed business decisions, but if the proper strategies for protecting that data are not in place, the risks to the enterprise can be costly.Earlier this year Cisco reported that worldwide mobile traffic is expected to grow eightfold from 2015 to 2020 reaching 30.6 exabytes, monthly. Planning for that data inflation raises a very important question: “How can organizations ensure their data is an asset and not a liability?â€Â To read this article in full or to leave a comment, please click here | |||
|
2016-10-03 17:22:47 | IoT botnet highlights the dangers of default passwords (lien direct) | A botnet responsible for a massive DDOS (distributed denial-of-service) attack was created thanks to weak default usernames and passwords found in internet-connected cameras and DVRs.The Mirai botnet grabbed headlines last month for taking down the website of cybersecurity reporter Brian Krebs with a huge DDOS attack. Unlike most botnets, which rely on infected PCs, this one used IoT devices to target its victims.It turns out the botnet was specifically designed to scan the internet for poorly secured products like cameras and then access them through easily guessable passwords like "admin" or "12345." Last Friday, the botnet's maker released its source code, and security experts have noticed it's built to try a list of more than 60 combinations of user names and passwords.To read this article in full or to leave a comment, please click here | |||
|
2016-10-03 12:11:00 | IoT: We\'re serfs and pawns (lien direct) | There is a huge problem with the ugly Internet of Things (IoT). Many IoT thingies have the security of wet tissue paper, and they're being used in large swarms and masses to wreak havoc. A colleague of mine, Stephen Satchell, says misbehaving IoT devices should bear the full front of the Consumer Product Safety Commission and be recalled, every last one of them. Recalled. Why won't this happen? Let me speculate. It's because our own government, that is to say the more covert parts of the U.S. government, has its own cadre of botnets and control vectors that allows them interesting windows into foreign lands. To read this article in full or to leave a comment, please click here | |||
|
2016-10-03 12:05:14 | Dell EMC patches critical flaws in VMAX enterprise storage systems (lien direct) | Dell EMC has fixed six flaws in its management interfaces for VMAX enterprise storage systems, including three vulnerabilities that are rated critical and could lead to the exposure of sensitive files or a complete system compromise.One of the critical flaws is located in the Unisphere for VMAX enterprise storage arrays, an appliance that provides a web-based management interface to provision, manage, and monitor such systems.More specifically, the flaw is in the GraniteDS library that provides server-side support for the Flash-based portion of the Unisphere web application. According to researchers from vulnerability management firm Digital Defense, the issue allows unauthenticated attackers to retrieve arbitrary text files from the virtual appliance with root privileges.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-10-03 11:13:17 | Hackers find little demand for their stolen NSA hacking tools (lien direct) | The hackers who are auctioning off cyberweapons allegedly stolen from the National Security Agency are growing annoyed and want cash.The ShadowBrokers' sale of the stolen tools has so far generated little interest, and over the weekend, the hackers complained in a message posted online, using broken English."TheShadowBrokers is not being interested in fame. TheShadowBrokers is selling to be making money," the hackers said.As of Monday, their auction only had one substantial bid at 1.5 bitcoins, or US $918. Many of the other bids were valued at less than $1. To read this article in full or to leave a comment, please click here | |||
|
2016-10-03 09:25:00 | The craziest stories of the tech sector (lien direct) | Network World started its Wider Net stories in 2003 in an effort to lighten up our news pages, acknowledging that there is a lot more to the world of enterprise networking and IT other than speeds and feeds of switches and routers and WAN links. The story approach was modeled somewhat after the Wall Street Journal's famed and quirky front page A-Hed articles (i.e., the middle column), but tended more to networking topics, from "When animals attack…networks" to the story of networking's most famous couple, Alice and Bob of security lesson fame. While Network World did away with its formal weekly Wider Net articles when the publication switched over to publishing twice a month, we've tried to continue mixing in lighthearted pieces through our blogs and in other places on our website and print magazine. Here are some of our favorites:To read this article in full or to leave a comment, please click here | |||
|
2016-10-03 08:27:48 | Trump calls for US to use offensive cyberweapons (lien direct) | The U.S. government needs to be ready to use its offensive cyberweapons in response to attacks from other nations, Republican presidential candidate Donald Trump said Monday.The U.S. has significant offensive cybercapabilities, but it has been shy about deploying them, Trump said during a speech in Herdon, Virginia. "This is the warfare of the future," he said. The U.S. should also increase its use of cyberweapons to attack terrorists, Trump said. President Barack Obama has failed to protect the nation's cybersecurity and a new focus is needed, added Trump, who has largely avoided technology issues in his campaign. Trump said he will create an international cybersecurity task force to battle hackers, and he will ask U.S. military leaders for suggestions on how to improve the nation's cyberdefenses. To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-10-03 07:57:00 | Can credit cards with CVVs that automatically change every hour kill off card fraud? (lien direct) | When shopping online and paying with a credit or debit card, you have to enter the three-digit CVV (card verification value) from the back. These are card-not-present transactions and entering the security code is supposed to help verify that you physically have the card. But cyber thugs have plenty of ways to get hold of your CVV and burn through your money until you happen to notice the purchases and cancel your card. In fact, card-not-present transactions made up 65 percent of all card fraud.A French digital payment security company called Oberthur Technologies (OT) thinks it can do away such fraud by changing static CVVs to dynamic CVVs which change every hour. If a crook gets hold of your card number, his or her shopping spree could last no more than an hour; after the security code changes, the card number would be useless.To read this article in full or to leave a comment, please click here | |||
|
2016-10-03 07:03:00 | Designing your business for the 21st century (lien direct) | “Most companies are simply not designed to survive. They become successful on the basis of one big idea or breakthrough product,†says CEO Mike Walsh of Tomorrow, a global consultancy that helps design 21st century businesses. The companies that will thrive in the near future are the ones not only embracing change but breaking the rules. Learn how to leverage disruptive innovation, solve business problems with social networks and apply “the new lean IT mindset†to sharpen your focus on how future customers will think, talk and transact. | |||
|
2016-10-03 07:03:00 | IDG Contributor Network: Decoy networks are the secret to deflecting hackers (lien direct) | Attackers have a time advantage over static computer networks because the bad guys can simply hover around the network for long periods, study it and look for an advantage. The computer network is usually just sitting there, dawdling like unfortunate prey silhouetted in a hunter's rifle scope.The observing hackers can even disappear for a while, return and find nothing's changed. The vulnerabilities are still in place. Bang! The perp hits when it's convenient, and it's all over.The best solution to this time-advantage problem are computer defenses that sense malevolent investigations of the network and then squirt the attack over to a fake network that proffers no intelligence about the genuine network, according to some. They were written about as long ago as 2004 in the International Journal of Digital Evidence (PDF).To read this article in full or to leave a comment, please click here | |||
|
2016-10-03 07:02:14 | IoT malware behind record DDoS attack is now available to all hackers (lien direct) | The source code for a trojan program that infected hundreds of thousands of internet-of-things devices and used them to launch distributed denial-of-service attacks has been published online, paving the way for more such botnets.The code for the trojan, which its creator calls Mirai, was released Friday on an English-language hackers' forum, cybersecurity blogger Brian Krebs reported over the weekend. Krebs' website was the target of a record DDoS attack two weeks ago that was launched from the Mirai botnet.The trojan's creator, who uses the online handle Anna-senpai, said that the decision to release the source code was taken because there's a lot of attention now on IoT-powered DDoS attacks and he wants to get out of this business.To read this article in full or to leave a comment, please click here | |||
|
2016-10-03 06:27:00 | Down the rabbit hole, part 3: Linux and Tor are key to ensuring privacy, security (lien direct) | So, I've decided I need to improve the privacy and security of my life (especially as it relates to computing). And I've come to the conclusion that in order to effectively do this, I need to focus on utilizing open source software as much as possible. What next? Let's start at a very simple, basic level: the operating system of my laptop computers (I don't actually have a desktop currently, but the same ideas will apply) and how they connect to the internet.To read this article in full or to leave a comment, please click here | |||
|
2016-10-03 05:43:00 | Waratek upgrades Java protection (lien direct) | Waratek is introducing a feature to its Java-protection platform that enables upgrading to the current version of Java without having to install Java updates or touch the apps running within the Java virtual machine.The latest version of its AppSecurity for Java uses secure virtual containers around the entire Java application stack to apply the security and performance features of the current Java 8 platform's security and performance levels without having to install Java 8, the company says.The alternative would be to replace the Java Runtime Environment (JRE) and upgrade the application code directly. That would involve taking the application offline while the upgrades are performed.To read this article in full or to leave a comment, please click here | |||
|
2016-10-03 05:34:00 | (Déjà vu) ICANN will generate new DNSSec key (lien direct) | Rotating cryptographic keys is a security best practice, so it's good news that ICANN has begun the process to change the root key pair underpinning the security of the DNS. While the chances of a misstep is small, the fact remains that changing the root key pair has never been done before. A mistake can potentially -- temporarily -- break the Internet.No pressure, ICANN.[ Safeguard your data! The tools you need to encrypt your communications and web data. • Maximum-security essential tools for everyday encryption. • InfoWorld's encryption Deep Dive how-to report. | Discover how to secure your systems with InfoWorld's Security newsletter. ] As the phone book of the Internet, DNS translates easy-to-remember domain names into IP addresses so that users don't have to remember strings of numbers in order to access web applications and services. However, attackers can hijack legitimate DNS requests to divert users to fraudulent sites through DNS cache poisoning or DNS spoofing.To read this article in full or to leave a comment, please click here | |||
|
2016-10-03 05:28:00 | Duct tape, modeling clay and a handgun are not standard computer parts (lien direct) |
We'll get to the unusual computer configuration in a moment.The Transportation Safety Administration may not be the most popular federal agency, but it does put out a blog post every week that is highly entertaining for the look it offers into the scary and sometimes mystifying panoply of weaponry that passengers believe they can either carry onboard or surreptitiously stow in their luggage.Just this week for instance we have his example of fine cutlery: TSA
The TSA notes: “These 5-bladed floggers were discovered in a carry-on bag at Houston (IAH). All bladed items should be packed in checked baggage.â€To read this article in full or to leave a comment, please click here |
|||
|
2016-10-03 04:11:00 | New products of the week 10.3.16 (lien direct) | New products of the week Our roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.Daptiv TTM Key features: With Daptiv TTM, teams can better track tasks and submit timesheets, stakeholders get a more accurate view of project status, and initiatives move forward on time and on budget. More info.To read this article in full or to leave a comment, please click here |
|||
|
2016-10-03 03:00:00 | Demo: Hacking a voting machine (lien direct) | Samir Kapuria from Symantec gives a demonstration about how someone could hack an electronic voting machine to provide extra votes for candidates. | |||
|
2016-10-03 03:00:00 | Can you hack the vote? Yes, but not how you might think (lien direct) | With Donald Trump already talking about the presidential election being rigged, Symantec has set up a simulated voting station that shows how electronic systems might be hacked to alter actual vote tallies for just a few hundred dollars.+More on Network World: Was Trump bitten by Twitter time-stamp bug that stung Alec Baldwin's wife?+They found that while it's possible to change the number of votes cast for each candidate, it would be very difficult to do so on a large enough scale to swing the election one way or the other.To read this article in full or to leave a comment, please click here | |||
|
2016-10-02 10:19:00 | Shadow Brokers rant about people wanting stolen NSA-linked hacking tools for free (lien direct) | The hacking group trying to auction off NSA-linked Equation Group hacking tools is unhappy because no one has coughed up the big bucks yet to buy the exploits.On Saturday, the Shadow Brokers took to Medium to release the group's third message. The hackers sound hurt that people don't trust them and – if cursing is any indication – the hackers are angry that the Equation Group cyber weapons auction has flopped so far.The Shadow Brokers want $1 million dollars and sound irritated that interested parties want the stolen hacking tools for free. “Peoples is having interest in free files. But people is no interest in #EQGRP_Auction.â€To read this article in full or to leave a comment, please click here | |||
|
2016-09-30 13:34:00 | We don\'t need more InfoSec analysts: We need analysts to train AI infrastructures to detect attacks (lien direct) | This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.Everyone says there is an information security talent gap. In fact, some sources say the demand for security professionals exceeds the supply by a million jobs. Their argument is basically this: attacks are not being detected quickly or often enough, and the tools are generating more alerts than can be investigated, so we need more people to investigate those alarms.Makes sense, right?Wrong.We believe that, even if companies aroaund the world miraculously hired a million qualified InfoSec professionals tomorrow there would be no change in detection effectiveness and we would still have a “talent gap.†The problem isn't a people issue so much as it is an InfoSec infrastructure issue.To read this article in full or to leave a comment, please click here | |||
|
2016-09-30 12:57:00 | By 2020, your Wi-Fi-connected car will pay for parking, gas (lien direct) | Wi-Fi communications in vehicles, whether from the factory or in aftermarket devices, will increase from 6.9 million per year in 2015 to 61 million per year in 2020 -- and this will usher in a new era of consumer services and applications, according to a new report from Gartner.Over the next four years, the total number of connected cars and trucks will reach 220 million, a number that will drive a huge uptick in the delivery of digital content, such as streaming music and video, navigation and location-based services.Connected vehicles increasingly will be able to direct drivers to, and pay for, parking spaces, fuel and other services, and the technology will eventually enable increased levels of automated driving, Gartner's report stated.To read this article in full or to leave a comment, please click here | |||
|
2016-09-30 12:10:22 | Android malware that can infiltrate corporate networks is spreading (lien direct) | An Android malware is spreading across app stores, including Google Play, and has the capability of stealing sensitive files from corporate networks.DressCode, a family of Android malware, has been found circulating in at least 3,000 Trojanized apps, security firm Trend Micro said on Friday.DressCode hides itself inside games, user interface themes, and phone optimization boosters. It can also be difficult to detect because the malicious coding only makes up a small portion of the overall app.To read this article in full or to leave a comment, please click here | |||
|
2016-09-30 10:16:00 | Splunk Intent on Extending Cybersecurity Leadership (lien direct) | I attending the Splunk user conference earlier this week (.Conf2016) and came away pretty impressed. Since I started watching Splunk years ago, the company climbed from a freemium log management and query tool for IT and security nerds to one of the leading security analytics and operations platform. Not surprisingly then, security now represents around 40% of Splunk's revenue. Given the state of the cybersecurity market, Splunk wants to work with existing customers and get new ones to join in to build on this financial and market success.To that end, Splunk really highlighted three enhancements for its enterprise security product:1.     An ecosystem and architecture for incident response. Splunk often acts as a security nexus for its customers, integrating disparate data into a common platform. It now wants to extend this position from analytics to incident response by building IR capabilities into its own software and extending this architecture to partners through APIs, workflows, and automation. Splunk calls this adaptive response. For now, Splunk doesn't see itself as an IR automation and orchestration platform for complex enterprise environments (in fact Phantom and ServiceNow were both exhibiting at the event) but it does want to use its position and market power to make IR connections, data flows, and tasks easier and more effective for security and IT personnel alike.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-09-30 10:01:00 | White House asks: Do you need more data portability? (lien direct) | It's a question of who controls your data – all of it. Think of all the data that say Apple, Google or Facebook or even your health care provider has collected on you and you wanted to remove it or move it elsewhere. It wouldn't be easy.The White House Office of Science and Technology Policy (OSTP) has issued a request for information about how much is too much or too little data portability and what are the implications?+More on Network World: The weirdest, wackiest and coolest sci/tech stories of 2016 (so far!)+To read this article in full or to leave a comment, please click here | |||
|
2016-09-30 09:36:16 | Firefox blocks websites with vulnerable encryption keys (lien direct) | To protect users from cryptographic attacks that can compromise secure web connections, the popular Firefox browser will block access to HTTPS servers that use weak Diffie-Hellman keys.Diffie-Hellman is a key exchange protocol that is slowly replacing the widely used RSA key agreement for the TLS  (Transport Layer Security) protocol. Unlike RSA, Diffie-Hellman can be used with TLS's ephemeral modes, which provide forward secrecy -- a property that prevents the decryption of previously captured traffic if the key is cracked at a later time.However, in May 2015 a team of researchers devised a downgrade attack that could compromise the encryption connection between browsers and servers if those servers supported DHE_EXPORT, a version of Diffie-Hellman key exchange imposed on exported cryptographic systems by the U.S. National Security Agency in the 1990s and which limited the key size to 512 bits. In May 2015 around 7 percent of websites on the internet were vulnerable to the attack, which was dubbed LogJam.To read this article in full or to leave a comment, please click here | |||
|
2016-09-30 06:11:57 | Ransomware spreads through weak remote desktop credentials (lien direct) | Stolen or weak remote desktop credentials are routinely used to infect point-of-sale systems with malware, but recently they've also become a common distribution method for file-encrypting ransomware.In March, researchers discovered a ransomware program dubbed Surprise that was being installed through stolen credentials for TeamViewer, a popular remote administration tool. But the trend had started long before that, with some ransomware variants being distributed through brute-force password guessing attacks against Remote Desktop Protocol (RDP) servers since 2015.While this method of infection was initially used by relatively obscure ransomware programs, recently it has been adopted by an increasing number of cybercriminals, including those behind widespread ransomware programs such as Crysis.To read this article in full or to leave a comment, please click here | |||
|
2016-09-29 13:33:03 | Bounty for iOS jailbreak exploit jumps to $1.5 million (lien direct) | The value for zero-day exploits targeting Apple's iOS software is jumping. On Thursday, a company called Zerodium began offering as much as US $1.5 million for them.Zerodium is the same company that offered $1 million last year for an exclusive iOS zero-day exploit that can remotely jailbreak a device. However, that bounty was only temporary, and it was eventually awarded last November.Zerodium's new $1.5 million bounty is asking for a remote jailbreak exploit targeting iOS 10. The bounty will be offered all year long, Chaouki Bekrar, the company's CEO, said in an email. The company's original offer was a maximum of $500,000.To read this article in full or to leave a comment, please click here |
To see everything:
Our RSS (filtrered)
