What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2016-09-08 06:12:18 | A USB device is all it takes to steal credentials from locked PCs (lien direct) | Most users lock their computer screens when they temporarily step away from them. While this seems like a good security measure, it isn't good enough, a researcher demonstrated this week.Rob Fuller, principal security engineer at R5 Industries, found out that all it takes to copy an OS account password hash from a locked Windows computer is to plug in a special USB device for a few seconds. The hash can later be cracked or used directly in some network attacks.For his attack, Fuller used a flash-drive-size computer called USB Armory that costs $155, but the same attack can be pulled off with cheaper devices, like the Hak5 LAN Turtle, which costs $50.To read this article in full or to leave a comment, please click here | |||
|
2016-09-08 06:09:00 | IDG Contributor Network: People know they shouldn\'t click on links but do it anyway (lien direct) | Blatant nosiness is the reason why email users click on the links embedded within electronic messages, according to university researchers.This new evidence, discovered in a study, throws into question the basic premise behind phishing. That presumption is that when an iffy email looks like it comes from a legitimate organization, but contains a link to a bogus website where financial details are guzzled by bad guys, that gullible people are being bamboozled by the apparent legitimacy of the email.+ Also on Network World:Â 10 companies that can help you fight phishing +To read this article in full or to leave a comment, please click here | |||
|
2016-09-08 06:00:00 | Security Sessions: Why security training matters for all IT staff (lien direct) | In the latest episode of Security Sessions, CSO Editor-in-Chief Joan Goodchild talks with Bill Rosenthal, CEO of Logical Operations, about the benefits of tiered security training for IT staff members, not just those with 'security' in their title. | |||
|
2016-09-08 05:25:00 | (Déjà vu) Rugged devops: Build security into software development (lien direct) | Devops is transforming how developers and operations teams work together to deliver better software faster. At its core, devops is about automation. When several tasks in development, testing, and deployment are automated, developers can make changes to code and deploy to production frequently. Amazon, a leading devops proponent, at one point claimed to have more than 1,000 deployments a day.But such an accelerated workflow has the potential to bypass secure coding practices, which developers often find difficult to incorporate in the first place. If devops is to continue its momentum, developers need to integrate security testing earlier in the software delivery lifecycle.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-09-08 04:14:00 | Top EU court hedges on question of hyperlinking legality in Playboy case (lien direct) | To the old legal presumption of innocence until proven guilty, the European Union's highest court has added another: innocence until proven profitable.It's OK for websites to hyperlink to an image published elsewhere without the rights holder's permission -- as long as they don't know that, and don't make a profit from it, the Court of Justice of the EU ruled on Thursday.The ruling concerned Dutch website GeenStijl, accused by Playboy of linking to an Australian website that published, without the magazine's permission, a photoshoot it had commissioned with Dutch TV personality Britt Dekker.Playboy's lawyers wrote to GeenStijl asking it to remove the link, but it refused -- and published a new link to another website hosting the photos without permission when they were removed from the Australian site. When the pictures disappeared from that site too, GeenStijl allowed its forum users to link to the photos on other sites.To read this article in full or to leave a comment, please click here | |||
|
2016-09-07 23:52:56 | John McAfee\'s company could spoil the party for Intel\'s new venture (lien direct) | Intel's plans to spin out its security business under the McAfee name could be clouded by the plans of security expert and businessman John McAfee, who claims he had not assigned the rights to his personal name.The chip maker said Wednesday that it had signed an agreement with TPG for a deal that would see its Intel Security business as a separate cybersecurity company in which Intel shareholders would hold 49 percent of the equity with the balance held by the investment firm. Intel would also receive US$3.1 billion in cash. The new company would be named McAfee.To read this article in full or to leave a comment, please click here | |||
|
2016-09-07 15:51:00 | Intel spinout: McAfee is back (lien direct) | Intel is going to spin out its subsidiary Intel Security as a joint venture with investment firm TPG, redubbing the new entity with its old name – McAfee.The deal calls for TPG to make a $1.1 billion equity investment and own 51 percent of the company, with Intel retaining 49%.In a joint statement the companies say the investment will be used to help the spinout gain its feet as a stand-alone business and to drive growth.Intel bought McAfee in 2010 for $7.68 billion with the intent of tying McAfee's security technology with Intel's chips.Since then Intel has incorporated technology in some chips that power features of its security software, and Intel Security' endpoint protection technology is well thought of, consistently ranking among the leaders in Gartner's analysis of that category. It is ranked number two in market share behind Symantec and in front of Trend Micro.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-09-07 14:48:00 | Election exploits: What you need to know [infographic] (lien direct) | In late August, an FBI alert warning state election officials about an attack on voter registration databases from Illinois and Arizona was leaked and posted in a report on Yahoo News.'According to the FBI's alert, 'an unknown actor' attacked a state election database by using widely available penetrating testing tools, including Acunetix, SQLMap, and DirBuster,' wrote Michael Kan. 'The hackers then found an SQL injection vulnerability -- a common attack point in websites -- and exploited it to steal the data. The FBI has traced the attacks to eight IP addresses, which appear to be hosted from companies based in Bulgaria, the Netherlands, and Russia.'To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2016-09-07 14:21:49 | Why quantum computing has the cybersecurity world white-knuckled (lien direct) | As quantum computers inch closer to reality, experts are sweating over their potential to render many of today's cybersecurity technologies useless. Earlier this year the U.S. National Institute of Standards and Technology issued a call for help on the matter, and this week the Global Risk Institute added its voice to the mix.Because of quantum computing, there's a one-in-seven chance that fundamental public-key cryptography tools used today will be broken by 2026, warned Michele Mosca, co-founder of the University of Waterloo's Institute for Quantum Computing and special advisor on cybersecurity to the Global Risk Institute. By 2031, that chance jumps to 50 percent, Mosca wrote in a report published Monday.To read this article in full or to leave a comment, please click here | |||
|
2016-09-07 14:13:40 | Intel sells off majority stake in McAfee unit (lien direct) | Intel is selling off a majority stake in its McAfee unit and turning it back into an independent security company.Intel made the deal with investment firm TPG, which will own a 51 percent stake in the new McAfee company. Intel will own the remainder.As part of the deal, Intel is receiving $3.1 billion in cash. It originally bought McAfee back in 2011 for $7.7 billion -- a deal that caused some industry watchers to scratch their heads.Intel is best known as a chipmaker, but at the time it was also hoping to improve security around its products. PC security was a major concern back then, said Nathan Brookwood, principal analyst at Insight 64. But now cyberthreats are moving to target the cloud and servers.To read this article in full or to leave a comment, please click here | |||
|
2016-09-07 11:42:56 | US must beef up its cyber muscle, Trump says (lien direct) | The U.S. Department of Defense must pump up its cyber capabilities, including its offense, as part of a huge planned expansion of the military, Republican presidential candidate Donald Trump said Wednesday.Trump, repeatedly criticized in the IT community for a lack of a tech policy agenda, called for new investments in cybersecurity during a speech focused on military programs. The businessman didn't put a dollar figure on the new cybersecurity investments but mentioned them as part of a proposed multibillion-dollar expansion of the U.S. military.To read this article in full or to leave a comment, please click here | |||
|
2016-09-07 10:52:00 | IDG Contributor Network: Building an insider threat program that works – Part I (lien direct) | The consequences of failure range from failed security audits and interruptions of service or product deliveries to more significant degradation of ongoing operations, monetary losses and lasting reputational damage. In extreme scenarios, there is even the potential for bodily injury and loss of life.In response, many corporate and government leaders have invested heavily over the past few years in controls designed to mitigate the likelihood and consequences of a damaging insider event. Policy and procedural controls naturally have played a big part in these nascent insider threat programs, but so have a number of emerging technologies grouped under the umbrella of Security Analytics.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-09-07 10:49:00 | Security firm faces lawsuit with stock tanking tactic (lien direct) | One security firm's controversial approach to pointing out flaws in products is facing legal action. On Wednesday, the firm MedSec was hit with a lawsuit after trying to tank a company's stock. The company, St. Jude Medical, has filed the legal action against MedSec for making false accusations about its products and for conspiring to manipulate its stock. Two weeks ago, MedSec ignited an ethical firestorm when it publicized allegations that pacemakers and other devices from St. Jude Medical were insecure and open to hacks. Pointing out flaws is nothing new in the security industry. But MedSec took the unusual step of trying to profit from the research by betting against St. Jude Medical. To do so, it partnered with investment firm Muddy Waters Capital to short the stock.To read this article in full or to leave a comment, please click here | |||
|
2016-09-07 09:35:00 | IDG Contributor Network: HashiCorp slurps up cash to deliver DevOps goodness (lien direct) | Seemingly every company under the sun is now a DevOps leader-even ones that, while purporting to be about a new way of doing things, continue to market legacy, monolithic products and services. So, it's nice to see some genuine players achieve success and recognition in this space. A good example of this is HashiCorp-an important, but little-known DevOps vendor. The company manages a host of open-source tools, all of which tick of different parts of the application and infrastructure lifecycle. + Also on Network World: The shift to DevOps requires a new approach to security +To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-09-07 09:24:00 | VMware NSX gains traction as a security tool (lien direct) | In July of 2012, VMware shocked the world when it shelled out $1.26 billion to purchase software-defined networking (SDN) startup Nicira. The acquisition changed the face of VMware, as it created a big rift between itself and long-time data center partner Cisco. The product, now known as NSX, put VMware squarely in the next-generation network market with one of the top start-ups.+ Also on Network World:Â NSX, and its new chief, take center stage at VMWorld +To read this article in full or to leave a comment, please click here | |||
|
2016-09-07 07:22:00 | \'Stupid simple\' attack can steal credentials from locked Windows and Mac computers (lien direct) | Hats off to security researcher Rob Fuller, aka mubix, for spending part of his Labor Day weekend figuring out how to use a spoofed USB Ethernet adapter to steal credentials from logged in but locked Windows and Mac computers. It works!!! Muhahahahah I can steal credentials from a locked computer. Muahahahhahahahah pic.twitter.com/9l3d0tvs8i- Rob Fuller (@mubix) September 4, 2016 Fuller did not use a zero-day; although the attack is “stupid simple†and “should not work,†it does work because most computers automatically install Play-and-Play USB devices. “Even if a system is locked out, the device still gets installed.†There may be restrictions on what devices can be installed when the box is a locked state, but he said, “Ethernet/LAN is definitely on the white list.â€To read this article in full or to leave a comment, please click here | |||
|
2016-09-07 06:18:14 | Google Safe Browsing gives more details to compromised website owners (lien direct) | Google is now providing more information to website owners whose online properties are temporarily blocked as unsafe by its Safe Browsing technology as a way to help them fix the identified problems faster.Google Safe Browsing is a technology used by Google's search engine, the Google Chrome browser, Mozilla Firefox, Apple Safari, and Android to steer users away from websites that host malicious or deceptive content.On the back-end, Google uses robots to scan the web and build a list of websites that host malware, harmful downloads, or deceptive ads and pages. Software developers can then plug into an API to integrate this list into their own applications.To read this article in full or to leave a comment, please click here | |||
|
2016-09-07 04:26:00 | New tech can help catch spearphishing attacks (lien direct) | A CEO said that his controller had just received an email, ostensibly from him, asking her to process an urgent outgoing payment.Everything about the letter looked legit."It has my display name, spelled correctly," said Kevin O'Brien, co-founder and CEO at Belmont, Mass.-based GreatHorn. "There are no attachments. There's nothing in the email that's misspelled. My signature line was copied from my real emails."The text of the email was totally something that a CEO might say."Hi Caitlin," the message said, addressing the company's controller, Caitlin McLaughlin. "Are you available to process an outgoing payment today? Let me know and I will send the payment details as soon as I receive it from the consultant shortly; I am traveling and this is urgent."To read this article in full or to leave a comment, please click here | |||
|
2016-09-06 23:56:10 | OPM hack was avoidable, says congressional report (lien direct) | The compromise last year of the personal information of millions of current and former federal employees was entirely preventable, if the U.S. Office of Personnel Management that was attacked had taken the right measures on knowing it was targeted, according to a report set to be released Wednesday by the House Committee on Oversight and Government Reform.“In our report, we are going to show that once we knew that this was happening, we didn't make the right moves,†said Jason Chaffetz, chairman of the committee in an interview to CNN.Saying that he thinks that the attack came from overseas, Chaffetz, a Republican representative from Utah, did not name any country, saying it was classified information. After the hack there was speculation that it had been done by the Chinese.To read this article in full or to leave a comment, please click here | |||
|
2016-09-06 12:49:00 | Lessons learned from WordPress attacks (lien direct) | I traveled from VMworld to the lab last Wednesday, and during that time, something infected two websites I control.I suspect the servers were used as part of a Syn Flood attack. The servers, both using WordPress, would come up and serve their web pages, but then they would quickly run out of cache by processes that were difficult to track.+ Also on Network World:Â Analyzing real WordPress hacking attempts +They initially made contact with some IPs located conveniently in Russia, then lots of syn traffic, and interesting session waits and listens. It took about two minutes before the sites cratered from resource drainage, and the errantly injected processes dominated then effectively cratered the servers from their intended use.To read this article in full or to leave a comment, please click here | |||
|
2016-09-06 10:00:01 | Google\'s 3-level Android patch could cause confusion (lien direct) | Google has released another large monthly batch of security patches for Android, this time fixing 55 vulnerabilities, eight of which are rated critical.The novelty of this release is that the fixes are split into three different "security patch levels" -- date strings that indicate to users how up-to-date their devices are. While this could make it easier for device manufacturers to integrate patches applicable to their devices, it could lead to confusion among regular users.Since August 2015 Google has released security updates for Android according to a monthly schedule. This was intended to add some predictability to Android patches and indeed, some device makers committed to monthly security updates as well.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-09-06 09:45:00 | British Airways blamed glitch for long check-in delays (lien direct) | The old “IT glitch†was reportedly the cause of British Airways' multi-continent check-in delays on Monday. Angry travelers waited in check-in queues for hours while the airline fell back on the old school method of handwriting records, boarding passes and baggage labels.British Airways has been rolling out a new check-in system since last year; a BA spokesperson described the check-in delays as “teething problems.â€At first, BA claimed the glitch causing check-in delays was not a worldwide problem, but a “patchy†problem. Yet, the glitch in the check-in system affected more than people in the UK; travelers took to Twitter to complain about long delays in at least San Diego, Chicago, Atlanta, San Francisco, Rome, Las Vegas, Phoenix, Vancouver, the Bahamas, D.C., Seattle, Zurich, and Mexico City.To read this article in full or to leave a comment, please click here | |||
|
2016-09-06 08:02:22 | US investigates Russia for attempting to hack the election (lien direct) | Intelligence and law enforcement agencies are reportedly investigating whether Russia has launched a broad, covert operation to disrupt the U.S. elections in November.Officials believe that Russia appears to be attempting to spread disinformation and hack into U.S. political systems in an effort to undermine confidence in the upcoming election, according to a report in the Washington Post. Investigators do not have "definitive" proof of a Russian operation, but there is "significant concern," the Post quoted an anonymous senior intelligence official as saying.To read this article in full or to leave a comment, please click here | |||
|
2016-09-06 06:47:22 | Stealthy, tricky to remove rootkit targets Linux systems on ARM and x86 (lien direct) | Security researchers have identified a new family of Linux rootkits that, despite running from user mode, can be hard to detect and remove.Called Umbreon, after a Pokémon character that hides in the darkness, the rootkit has been in development since early 2015 and is now being sold on the underground markets. It targets Linux-based systems on the x86, x86-64 and ARM architectures, including many embedded devices such as routers.According to malware researchers from antivirus firm Trend Micro, Umbreon is a so-called ring 3 rootkit, meaning that it runs from user mode and doesn't need kernel privileges. Despite this apparent limitation, it is quite capable of hiding itself and persisting on the system.To read this article in full or to leave a comment, please click here | |||
|
2016-09-06 03:00:00 | Essential certifications for smart security pros (lien direct) | If you're pursuing a career in IT security, certifications can only help you. Certification-critics often say a certification means nothing, and acumen and experience are the true differentiators, but as a holder of dozens of IT security certifications, I beg to differ. So do employers.A particular certification is often the minimum hurdle to getting an one-on-one in-person job interview. If you don't have the cert, you don't get invited. Other times, having a particular certification can give you a leg up on competing job candidates who have similar skill sets and experience.[ Deep Dive: How to rethink security for the new world of IT. | Discover how to secure your systems with InfoWorld's Security newsletter. ] Every certification I've gained took focused, goal-oriented study -- which employers view favorably, as they do with college degrees. More important, I picked up many new skills and insights in IT security while studying for each certification test. I also gained new perspectives on even familiar information I thought I had already mastered. I became a better employee and thinker because of all the certifications I have studied for and obtained. You will too.To read this article in full or to leave a comment, please click here | |||
|
2016-09-05 22:08:29 | Obama aims to avoid a \'cycle of escalation\' in cyberattacks by countries (lien direct) | U.S. President Barack Obama said his country has had problems with cyber intrusions from Russia and other countries in the past, but aims to establish some norms of behavior rather than let the issue escalate as happened in arms races in the past.Obama's statement on the sidelines of the G20 summit in China, after he met with Russian President Vladimir Putin, did not refer specifically to a recent hack of the Democratic National Committee of the Democratic Party that the U.S. Federal Bureau of Investigation is probing.Politically embarrassing emails from the breach were leaked ahead of the convention of the party, with many security experts holding that the hack had the backing of Russian intelligence services. Whistleblowing website WikiLeaks released the emails but did not disclose their source. The U.S. government hasn't blamed Russia for the incident.To read this article in full or to leave a comment, please click here | |||
|
2016-09-05 09:31:48 | OpenOffice coders debate retiring the project (lien direct) | Concerns at the Apache Software Foundation that the Apache OpenOffice project it hosts might be failing have prompted a debate about retiring the project, and triggered the resignation of at least one member of the project's management committee. The office productivity suite was once a key element of efforts to build an open source alternative to Microsoft's dominance of the desktop.Now its remaining developers struggle to keep on top of security issues in the code, and the ASF Board  has asked the project's management committee to explain itself and propose a remedy, committee chair Dennis E. Hamilton said in an email to project contributors last week.To read this article in full or to leave a comment, please click here | |||
|
2016-09-05 09:01:00 | Vacations of the future (lien direct) | Not everyone gets Labor Day off as a holiday, but that doesn't mean the majority of people not working have literally gone on vacation. In the future, people scheduled to work on holidays and those with the days off but not the means to go on an exotic vacation, they can pick any day to explore wonders such as the Amazon rainforest or white beaches of the Caribbean. At least, that is what Expedia claimed; by using virtual and augmented reality, people won't even need to leave home to explore some of the world's wonders.If you really are not into the idea of a stay-at-home vacation, then VR and AR could also be used in a “try before you buy†vacation scenario. That tech might also be the answer to long-distance love affairs. Some futurists, such as Google's Dr. Ray Kurweil, have predicted, “We will spend considerable time in virtual and augmented realities allowing us to visit with each other even if hundreds of miles apart. We'll even be able to touch each other.â€To read this article in full or to leave a comment, please click here | |||
|
2016-09-05 05:15:29 | Sophos false positive detection ruins weekend for some Windows users (lien direct) | A bad malware signature caused Sophos antivirus products to detect a critical Windows file as malicious on Sunday, preventing some users from accessing their computers.The false positive detection flagged winlogon.exe, an important component of the Windows Login subsystem, as a Trojan program called Troj/FarFli-CT. Because the file was blocked, some users who attempted to log into their computers were greeted by a black screen.Sophos issued an update to fix the problem within a few hours and said that the issue only affected a specific 32-bit version of Windows 7 SP1 and not Windows XP, Vista, 8 or 10."Based on current case volume and customer feedback, we believe the number of impacted systems to be minimal and confined to a small number of cases," the company said in a support article.To read this article in full or to leave a comment, please click here | |||
|
2016-09-04 08:32:00 | OurMine hacked Variety, power-spammed subscribers (lien direct) | Two different hacking groups, both which claim to be of the non-malicious variety, have been busy bringing suspended Twitter accounts back from the dead and power-spamming Variety subscribers.OurMine hacked Variety, power-spammed subscribersIf folks who like news about Hollywood hadn't heard of the hacking group OurMine, then some of them are very familiar with the group's name now.OurMine reportedly compromised Variety's content management system around 9 am PT on Saturday and published a post which Engadget said was later removed, but the hacking collective's antics didn't stop there. Variety's subscribers were hammered with spam.To read this article in full or to leave a comment, please click here | |||
|
2016-09-02 13:59:29 | A mystery user breached an email account on Clinton\'s server (lien direct) | In 2013, an unknown user accessed an email account on Hillary Clinton's private email server through Tor, the anonymous web surfing tool, according to new FBI documents.On Friday, the FBI provided details on the possible breach in newly released files about its investigation of Clinton's use of a private email server when she was the U.S. secretary of state.The affected email account belonged to a member of Bill Clinton's staff. In January 2013, an unknown user managed to log in to the account and browse email folders and attachments.To read this article in full or to leave a comment, please click here | |||
|
2016-09-02 11:42:12 | Point-of-sale data breaches have now reached the cloud (lien direct) | The latest in a string of hacks against retail point-of-sale systems has hit the operator of a cloud-based service with about 38,000 business clients.Montreal-based Lightspeed reported the breach on Thursday and said it affected a system that retailers can use from tablets, smartphones and other devices. Â The incident occurs as a growing number of retailers and hotels have been targeted by hackers, who typically install malware into the point-of-sale systems to steal credit card numbers.To read this article in full or to leave a comment, please click here | |||
|
2016-09-02 09:06:00 | VMworld: My Cybersecurity-Centric Impressions (lien direct) | In my last blog, I wrote about what I was anticipating as far as cybersecurity for VMworld. Now that I'm back from Vegas, it's time for me to report on how reality aligned with my expectations.1.     NSX penetration. It seems like VMware has made progress in terms of NSX market penetration over the past year. At VMworld 2015, VMware talked about around 1,000 production environments for NSX while at VMworld 2016, VMware mentioned somewhere between 1,700 to 2,000 production NSX customers. Still a small percentage of the total VMware installed base but at least 70% growth year-over-year.  Yes, some of these customers are likely just getting started or are using NSX on an extremely limited basis, but I still see good progress happening as more and more organizations begin playing with and using NSX. VMware describes three primary uses for NSX: Disaster recovery, security, and network operations automation.  It is worth noting that around 60% to 70% of NSX deployment is skewed toward security use cases. To read this article in full or to leave a comment, please click here | |||
|
2016-09-02 08:38:22 | Suspect arrested in 5-year-old kernel.org breach (lien direct) | Five years after a security breach forced the Linux Foundation to take kernel.org offline and to rebuild several of its servers, police have arrested a suspect in the case.Donald Ryan Austin, a 27-year-old computer programmer from El Portal, Florida, was arrested during a traffic stop on Aug. 28 based on a sealed indictment returned by a federal grand jury in the Northern District of California in June.Austin is charged with intentionally damaging four protected servers operated by the Linux Foundation and one of its members in 2011. More specifically, the programmer is accused to have installed rootkit and trojan software on the servers in order to steal the credentials of authorized users connecting to them via SSH (Secure Shell).To read this article in full or to leave a comment, please click here | |||
|
2016-09-02 06:55:00 | Apple quashes 3 zero-days with emergency Mac update (lien direct) | Apple yesterday issued an emergency security update for the Mac, patching the same trio of vulnerabilities the company fixed last week on the iPhone. According to one of the groups that first revealed the flaws, the vulnerabilities could have been "weaponized" for use against OS X, the Mac's operating system. The out-of-band update was aimed at OS X El Capitan (aka 10.11) and Yosemite (10.10), the 2015 and 2014 editions, respectively. Older versions, including 2014's OS X Mavericks, went unpatched: Apple is nearing the release of its annual Mac operating system upgrade and thus the end of support for the edition of three years ago. Like the urgent update Apple released last week for the iPhone -- iOS 9.3.5 -- the Mac patches quash three bugs, two in the operating system's kernel and the third in the Safari browser.To read this article in full or to leave a comment, please click here | |||
|
2016-09-02 06:37:00 | Your strategy for dealing with web bots has to take into accout business context (lien direct) | This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.Between 30%-70% of traffic to most websites is from bots, meaning it is non-human traffic. And while many assume bot traffic should be blocked, that is a black and white approach to a problem that's very much grey. The reality is that some bots are good, some bots are bad, but most will be somewhere in between. What you need is a bot management tool that lets you apply a range of management actions based on your website's business model.Consider the airline industry. A typical airline bookings site might see 50% of its traffic coming from human visitors, with the other 50% coming from bots. While the first thought is often to block the bot traffic, a more effective approach is to understand why the bots are here and what the impact is on the business.To read this article in full or to leave a comment, please click here | |||
|
2016-09-02 05:33:26 | Microsoft bug bounty program adds .NET Core and ASP.NET Core (lien direct) | Microsoft has expanded its bug bounty programs to cover the open-source .NET Core and ASP.NET Core application development platforms.The .NET Core and ASP.NET Core technologies are used to create server applications that can run on Windows, Linux, and Mac. The ability to write code once and have it run on multiple platforms have made these technologies popular with enterprise software developers.Microsoft will pay monetary rewards between US$500 and $15,000 for critical vulnerabilities in the RTM (release to manufacturing), Beta, or RC (release candidate) releases of these platforms.Flaws in Microsoft's cross-platform Kestrel web server are also covered by the new bug bounty program, as well as vulnerabilities in the default ASP.NET Core templates provided with the ASP.NET Web Tools Extension for Visual Studio 2015 or later.To read this article in full or to leave a comment, please click here | |||
|
2016-09-01 12:32:00 | Iris scans as ID grow in use (lien direct) | Iris scanner technology is emerging in smartphones, including the new Samsung Note 7, but is expected to come soon to cars and ATM machines to verify a user's identity.Experts say an iris scan can be more reliable than a fingerprint scan, which is a big reason it is expected to be used in more devices in coming years. Each iris, the colorful part of the eye that forms a ring around the pupil, is unique and therefore a good biometric indicator.Samsung's Android 6-based Note 7, which shipped on Aug. 19, takes advantage of the technology as well as the Windows 10 Mobile-based HP Elite X3.To read this article in full or to leave a comment, please click here | |||
|
2016-09-01 12:29:00 | Regular password changes make things worse (lien direct) | Security experts have been saying for decades that human weakness can trump the best technology.Apparently, it can also trump conventional wisdom.Since passwords became the chief method of online authentication, conventional wisdom has been that changing them every month or so would improve a person's, or an organization's, security.Not according to Lorrie Cranor, chief technologist of the Federal Trade Commission (FTC), who created something of a media buzz earlier this year when she declared in a blog post that it was, “time to rethink mandatory password changes.†To read this article in full or to leave a comment, please click here | |||
|
2016-09-01 11:08:38 | FairWare ransomware infects servers through exposed Redis instances (lien direct) | Days after reports that a new ransomware attack was deleting files from web servers, security researchers determined that some of the affected servers were hacked through insecure deployments of the Redis database.Over the past week, reports popped up on support forums about web servers being wiped clean and hosting a ransom note through which attackers offered to return the deleted files in exchange for two bitcoins (around US$1,150). Experts from tech support forum BleepingComputer.com dubbed the new threat FairWare.To read this article in full or to leave a comment, please click here | |||
|
2016-09-01 10:46:58 | Romanian hacker Guccifer sentenced to 52 months in US prison (lien direct) | A Romanian hacker known as Guccifer has been sentenced to 52 months in prison after breaking into internet accounts of about 100 U.S. citizens, including government officials.The 44-year-old Marcel Lehel Lazar was sentenced on Thursday. He was extradited from Romania and brought to court in the U.S., where he pleaded guilty to the hacking-related charges in May.From Oct. 2012 to Jan. 2014, Lazar targeted the email and social media accounts of his U.S.-based victims, as a way to steal their personal information and email messages. That included hacking a family member of two former U.S. presidents and several former U.S. officials.  “In many instances, Lazar publicly released his victims' private email correspondence, medical and financial information and personal photographs,†the Department of Justice said in a statement.To read this article in full or to leave a comment, please click here | Guideline | ||
|
2016-09-01 10:21:27 | Last.fm breach from 2012 affected 43 million users (lien direct) | Stolen data obtained from music site Last.fm back in 2012 has surfaced, and it looks like hackers made off with accounts belonging to more than 43 million users.That's according to LeakedSource, a repository for data breaches that obtained a copy of the stolen data. Included in the trove are users' names, email addresses and passwords secured with an aging hashing algorithm called MD5, LeakedSource reported in a blog post on Thursday.Last.fm hasn't responded so far to a request for comment. The music service reported the breach four years ago and asked all its users to change their passwords immediately. It never made clear how many accounts were affected, however, or the hashing method it used to secure the passwords.To read this article in full or to leave a comment, please click here | |||
|
2016-09-01 08:09:44 | Keezel\'s wireless device protects hotel Wi-Fi , home IoT connections (lien direct) | In cryptography, the "man in the middle" is usually an attacker -- but when Keezel wants to get between you and the Wi-Fi connection in your hotel or your home, it's for your own good.After a long crowdfunding campaign, the company is getting ready to ship its Wi-Fi security device, also called Keezel, in October. Any orders it picks up at the IFA trade show in Berlin this week will be fulfilled from a second production run in November, said Keezel CEO Aike Muller.One problem Keezel aims to solve is that hotel and other public Wi-Fi services are often unencrypted, leaving your data wide open to eavesdropping by others in the area. If there is authentication, it's often only for billing purposes, and performed by a captive portal after the traffic has gone over the air in the clear.To read this article in full or to leave a comment, please click here | |||
|
2016-09-01 07:34:00 | Why these victims decided not to pay the ransom (lien direct) | Just say no Image by Andy ArmstrongWhen ransomware locks down a computer or an entire system at your organization, what do you do? If you get an email from a hacker threatening a DDoS attack that will level your website, how do you respond?To read this article in full or to leave a comment, please click here |
|||
|
2016-09-01 07:13:47 | Toshiba hopes cloudless smartphone backup will have a bright future (lien direct) | What will back up all the data on your smartphone, but doesn't physically exist? No, it's not another cloud backup service, it's the centerpiece of Toshiba Storage Peripherals' booth at IFA.The as-yet-unnamed (and unfinished) product will be about the size of a small plate, to judge by the prototype in a glass case on the booth. It will have a USB connection to charge your smartphone and back up its contents to an included 500 GB hard disk. There will be no cloud servers involved, and no internet connection needed: Everything will stay inside the device, said Toshiba's product manager for hard disks, Eun-Kyung Hong."This is for home backup where you know all your data is in your home, not in the cloud where you don't know whether it's secure or not," she said.To read this article in full or to leave a comment, please click here | |||
|
2016-09-01 05:56:00 | Why your smartphone is sicker than a room full of snotty toddlers (lien direct) | If you thought your smartphone was safe(r) from the wild west of malware, spyware and other viruses compared with the PC space, think again. A new report from Nokia proclaims a “sharp rise in the occurrence of smartphone malware infections†in the first half of 2016.Taking the big hit are smartphone infections, which now account for 78% of all infections across the mobile network, says Nokia in its latest Nokia Threat Intelligence Report. The report is compiled by the company's Threat Intelligence Lab, which aggregates anonymous data across global mobile networks using its Nokia NetGuard Endpoint Security product. Along with traffic monitor that detects malware command-and-control traffic and exploit attempts (among other attacks), the lab also keeps a database of the latest malware to analyze how attacks occur.To read this article in full or to leave a comment, please click here | |||
|
2016-08-31 14:39:23 | The Dropbox data breach is a warning to update passwords (lien direct) | Recent data breaches underline the need for Internet users to regularly update the passwords for all their Internet accounts.On Wednesday, Spotify reset the passwords of an unspecified number of users, just a day after data on 68 million accounts from Dropbox began reaching the Internet.In a notice to users, Spotify said their credentials may have been compromised in a leak involving another service, if they used the same password for both.“Spotify has not experienced a security breach and our user records are secure,†the company said in an email. The password reset is merely a precaution, it said.To read this article in full or to leave a comment, please click here | |||
|
2016-08-31 11:27:00 | 10 under-the-radar software products users love (lien direct) | Top mid-market software products G2 Crowd, an online platform hosting more than 100,000 user reviews, has shared its list of top mid-market software products as rated by users of such tools based on how much they like the software and would recommend it to others. While you might be familiar with some of the products on this list, you won't find much in the way from the highest profile software companies, such as Microsoft and Salesforce.com. “Like the majority of smaller organizations, mid-market companies [51 to 1,000 employees] require software products that are sophisticated but not too pricey, and also easy to use,†says Michael Fauscette, chief research officer at G2 Crowd.To read this article in full or to leave a comment, please click here |
|||
|
2016-08-31 09:16:00 | 1,650lb 3D printed aircraft tool sets Guinness World Record (lien direct) | A 17.5 foot long, 5.5 foot wide and 1.5 foot tall the 3D printed aircraft design tool has earned the title of largest solid 3D printed item by Guinness World Records.The 1,650 lb. apparatus known as a trim-and-drill tool is comparable in length to a large sport utility vehicle and will ultimately be tested for use in building the Boeing 777X passenger jet. Basically the tool will be used to secure the jet's composite wing skin for drilling and machining before assembly according to researchers at the Department of Energy's Oak Ridge National Laboratory (ONRL) who developed the tool.+More on Network World: The hottest 3D printing projects+To read this article in full or to leave a comment, please click here | ★★★★ | ||
|
2016-08-31 07:44:00 | Defense Department needs to embrace open source or military will lose tech superiority (lien direct) | The Department of Defense needs to move past open source myths that have been debunked and jump on the open source bandwagon or the DoD and U.S. military will not be able to maintain tech superiority, warns a Center for a New American Security (CNAS) report.To maintain technological superiority, the DoD needs “to acquire, develop, deploy, and maintain cutting-edge software†systems. “Unless the department is able to accelerate how it procures, builds, and delivers software, it will be left behind,†said the authors of “Open Source Software and the Department of Defense†(pdf).To read this article in full or to leave a comment, please click here |
To see everything:
Our RSS (filtrered)
