Author Archive

When U.S. CERT comes knocking, it seems unwise for a company to stick its head in the sand and hide. But that’s reportedly what happened when the CERT division of the Carnegie Mellon Software Engineering Institute tried to contact Belkin about numerous vulnerabilities discovered in Belkin WeMo home automation devices.

CERT was contacted by researchers from IOActive after they uncovered “multiple vulnerabilities in Belkin WeMo Home Automation devices that could affect over half a million users.” Since Belkin failed to issue a fix for any of the flaws, IOActive “recommends unplugging all devices from the affected WeMo products.”

 

 

 

READ MORE …

Category: IT Security  | Leave a Comment

PC World – Thanks to cloud storage, files are bursting from the confines of your PC’s hard drive. Now, you can get work done on a laptop, tablet, smartphone, or even portable mini-PCs and dongles. Still, many users still haven’t fully worked the cloud into the way they go about their daily business. Here’s how to seamlessly integrate the cloud into your workflow, starting with the most crucial part: Choosing a service that plays nice with your PC.

All the clouds in the sky

Cloud storage services are plentiful, with dozens of potential solutions to choose from and new programs coming to market every day. Of these, a handful of standouts are well worth considering as you look to make cloud storage as easy as using your hard drive.

 

 

 

 

READ MORE …

Category: Business  | Leave a Comment
Microsoft Lync to play nice with Cisco, Android
Friday, February 21st, 2014 | Author:

Network World – Microsoft is accommodating Cisco conferencing systems and Android tablets to help make Microsoft Lync and Skype communications platforms able to connect any customers by voice, video, messaging and conferencing regardless of what device they use.

Microsoft’s making nice with the competition is part of a larger vision the company is calling universal communications to make the distinction that customers will be able to use these apps from any platform – phone, PC, tablet, even Xbox – for both personal and business purposes, says Gurdeep Singh Pall, vice president of information platform and experience.

 

 

 

READ MORE …

Category: Business  | Leave a Comment
A10 Networks files IPO intent for up to $100 million
Friday, February 21st, 2014 | Author:

Network World – A10 Networks, the California-based manufacturer of application delivery controllers, filed paperwork with the Securities and Exchange Commission on Tuesday night for a $100 million initial public offering, capping an apparent resurgence in the company’s fortunes – and joining its rivals on the stock exchange.

The IPO is being underwritten by J.P. Morgan, Merrill Lynch, Morgan Stanley, RBC, Oppenheimer and Pacific Crest. A10 will trade on the New York Stock Exchange under the symbol “ATEN,” though no initial asking price for shares has been released.

 

 

 

READ MORE …

Category: Business  | Leave a Comment
IBM, AT&T pair to offer ‘Internet of things’ systems
Friday, February 21st, 2014 | Author:

IDG News Service – AT&T and IBM will start jointly offering services designed to help municipalities, utility companies and other organizations use “Internet of things” technologies to better manage their infrastructure.

“There is a huge amount of growth of the things that are connected” to networks, said Michael Curry, IBM vice president of product management. “When you have that many things connected in, you have a big data problem. Companies want to be able to take that data and use it to optimize operations and predict failures.”

IBM estimates that there will be over 18 billion connected devices in the world by 2022. Examples of connected devices include mobile phones and sensors.

 

 

 

READ MORE …

Category: IT Security  | Leave a Comment

How you feel about this particular application of technology to police work will likely depend on how you feel about Twitter.

READ MORE …

Category: Business  | Leave a Comment

An IT entrepreneur has played down security fears over the UK National Health Service’s new digital records database and has stated that the digitising of records is long overdue.

Related: NHS admits its medical records database is a security nightmare waiting to happen

Scott Fletcher, IT entrepreneur and ANS Group founder, thinks that people have nothing to fear from the new system that has been a long time coming and that a secure cloud will help to make sure the system isn’t beset by security problems.

“People say this will be expensive and difficult but it doesn’t have to be that way. Electronic medical records are a basic piece of a more efficient and effective health care system,” Fletcher said. “Such records, safe and secure in “The Cloud,” will improve physicians’ ability to diagnose and treat patients accurately and more quickly and do away with unnecessary, costly and time-wasting tests.”

Banks turn to smartphone tech to fight online fraud
Wednesday, February 19th, 2014 | Author:

Network World – To ward off cyber-crooks trying to break into customers’ accounts, banks are expanding their security efforts beyond desktops and onto iPhones and other mobile devices.

Take HSBC Bank USA, for instance, which this week announced it’s handing out free two-factor authentication tokens in the next few months for customers to use in their personal Internet banking. These digital and physical security tokens from Vasco Data Security can generate unique one-time passwords each time a customer logs in. And another financial institution, U.S. Bank, this week said it’s testing how voice biometrics in a mobile banking app for smartphones can let customers authenticate via their own voice for access to their payment-card accounts rather than having to type passwords.

 

 

 

READ MORE …

Category: IT Security  | Leave a Comment
Measuring the effectiveness of your security awareness program
Wednesday, February 19th, 2014 | Author:

CSO – As Yogi Berra put it, “If you don’t know where you’re going, you’ll end up someplace else.” Do you know where you’re going with respect to your privacy and security awareness programs? How will you know when–or if–you get there?

[How to use Syrian Electronic Army attacks to improve security awareness]

“But wait just a minute,” you object. “Everyone knows that security is a process, not a destination. Is there really any such thing as arriving?” Well, of course there is. Just because a process is dynamic doesn’t mean it’s left without any measurable aspects. Besides, if any process is to be improved, it must also be measured.

There are many benefits an organization will enjoy when it makes those improvements, not the least of which is the budget justification for creating a security awareness program that help will boost security effectiveness overall. Martin Sadler, Director of Security at HP Labs, summed them up thusly: “Organizations that have achieved a high level of security effectiveness are better able to identify major data breaches, secure confidential information, limit physical access to data storage devices, and achieve compliance with legal and self-regulatory frameworks. They are also in a better position to attract and retain high-quality security personnel and enforce corporate policies.”

 

 

 

READ MORE …

Category: IT Security  | Leave a Comment

Network World – Every week it seems we hear about some advanced persistent threat (APT) that infiltrated a corporate network and slinked off with financial data or intellectual property. With so many similar stories in the news – and many more that we never hear about publicly – it makes you wonder about the ability of hackers to get into industrial control networks.

What would happen if an attacker could get to the point of being able to manipulate the industrial controls of a nuclear power plant, or a municipal water system, or a sprawling petrochemical plant? It was bad enough that Target and other merchants had tens of millions of cardholder records stolen, but at least nobody died from those incidents. But if an attacker could jack up the temperature gauges of a petrochemical hydrocracker unit, there could be massive casualties from the resulting explosions and fires.

In 2013 Trend Micro reported an experiment the company conducted where it deployed a dozen honey pots around the world that were designed to look like the ICS (industrial control system) networks of municipal water utilities. Between March and June, the honey pots attracted 74 intentional attacks, including at least 10 where the attackers were able to take over the control system.

 

 

 

READ MORE …

Category: IT Security  | Leave a Comment