Search This Blog

Tuesday, August 12, 2014

Def Con talk gives low-tech tips for detecting high-tech surveillance

Hacker hunts and pwns WiFi Pineapples with zero-day at Def Con | Testing service rolls out vast federated identity management system using Oracle

Network World Security

Forward this to a Friend >>>


Def Con talk gives low-tech tips for detecting high-tech surveillance
An associate professor of digital forensics presented, "Am I being spied on: Low-tech ways of detecting high-tech surveillance," at Def Con 22. Read More


RESOURCE COMPLIMENTS OF: CSO Perspective

Save the Date: Boston-Area CSO Perspectives Conference 9/16
The Boston-area CSO Perspectives Conference is being held on Tuesday, September 16 at the Sheraton Framingham Hotel. At this one-day event, produced by CSO and focused on "Defending Against the Pervasive Attacker," you'll have the opportunity to connect with an extensive network of visionary CSOs, CIOs and business experts. Register now.

WHITE PAPER: HP

Why you need a next-generation firewall
This white paper explores the reasons for implementing NG firewalls and lays out a path to success for overburdened IT organizations. Learn More

Hacker hunts and pwns WiFi Pineapples with zero-day at Def Con
The WiFi Pineapple makes man-in-the-middle attacks incredibly easy, but users better know what they're doing before trying out the Pineapple at the biggest hacker hangout in the U.S. A classic example of that wisdom can be seen via a screenshot tweeted by @JoFo after an intern deployed a Pineapple at Def Con 22.Feel free to see it yourself in the original form, but the general gist is below...with creative asterisk spellings for words I can't publish here. Hopefully you will be as amused by the message as I was.To read this article in full or to leave a comment, please click here Read More

Testing service rolls out vast federated identity management system using Oracle
The Educational Testing Service, a non-profit organization that provides academic assessment tests, says it has gained efficiencies by centralizing its identity and access management (IAM) for on-premises, cloud and hosted applications. But it had to cope with a few bumps in the road along the way, especially in extending IAM into the cloud.ETS deployed Oracle Identity Management for its thousands of employees in order to be able to provision and de-provision applications quickly for single sign-on convenience that’s a boon to both end users and the IT department staff. One advantage was “we went from days to minutes” when it came to granting access to applications, says Jim Moran, chief information security officer (CISO).To read this article in full or to leave a comment, please click here Read More

Seven ways DARPA is trying to kill the password
A seemingly constant stream of data breaches and this week’s news that Russian hackers have amassed a database of 1.2 billion Internet credentials has many people asking: Isn’t it time we dumped the user name and password?A lot of the best technology of today exploits biometric factors such as retina patterns, fingerprints and voice analysis, but beyond that a number of researchers are looking to tap into the way we think, walk and breathe to differentiate between us and an intruder.Helping to lead the research is DARPA, the U.S. military’s Defense Advanced Research Projects Agency. Its active authentication project is funding research at a number of institutions working on desktop and mobile technologies that work not just for the initial login but continuously while the user is accessing a device. The array of sensors already found in mobile phones makes some of the ideas particularly interesting.To read this article in full or to leave a comment, please click here Read More


WHITE PAPER: BMC Software

Guide to Managing and Lowering Mainframe Software Charges
Monthly license charges (MLC) are rising by 7% or more each year, and account for 30% of total mainframe costs. Yet managing MLC costs is an inexact science. This best practice guide provides a step-by-step process to reduce mainframe MLC costs up to 20% without compromising business critical services. Learn More

Atos succeeds in bid to buy Bull, will boost security and cloud offerings
Atos’s offer to acquire servers and services specialist Bull has been approved, making it possible for the company to beef up its security and cloud computing offerings.The French IT services company announced a €620 million (US$830 million) bid for Bull at the end of May.The deal required Atos to acquire 50 percent plus one share of Bull’s equity, and that condition has been met, Atos said Monday. It will hold 84.25 percent of Bull’s share capital and voting rights and 18.4 percent of the convertible bonds in circulation by a settlement date set for next Monday, the company said.With the approval out of the way, Atos can get on with the integration work. The goal of the acquisition is to take advantage of Bull’s know-how in sectors such as cloud operations, security and big data.To read this article in full or to leave a comment, please click here Read More

Mobile chips face lockdown to prevent hacks
Chip makers want to make hardware the first layer of defense against data breaches and other attacks on tablets and smartphones.Mobile devices are becoming increasingly vulnerable, with more personal information, banking data, passwords and contacts residing on devices without any protection, said presenters at the Hot Chips conference in Cupertino, California, on Sunday.The NSA revelations and a mounting pile of data breaches have reminded hardware makers that well-designed chips for PCs, servers and mobile devices, can minimize, if not prevent, attacks, said Leendert VanDoom, corporate fellow at Advanced Micro Devices.“You can’t open a newspaper without reading about a security attack,” VanDoom said.To read this article in full or to leave a comment, please click here Read More

Many home routers supplied by ISPs can be compromised en masse, researchers say
Specialized servers used by many ISPs to manage routers and other gateway devices provisioned to their customers are accessible from the Internet and can easily be taken over by attackers, researchers warn.By gaining access to such servers, hackers or intelligence agencies could potentially compromise millions of routers and implicitly the home networks they serve, said Shahar Tal, a security researcher at Check Point Software Technologies. Tal gave a presentation Saturday at the DefCon security conference in Las Vegas.At the core of the problem is an increasingly used protocol known as TR-069 or CWMP (customer-premises equipment wide area network management protocol) that is leveraged by technical support departments at many ISPs to remotely troubleshoot configuration problems on routers provided to customers.To read this article in full or to leave a comment, please click here Read More


WEBCAST: OutSystems

Cash Isn't King, User Adoption Is!
Wodify, a SaaS solution for Cross Fit Gyms, is built with OutSystems Platform and currently supports over 100,000 users across the globe. With OutSystems Platform, the Wodify team can build and iterate at an extremely fast pace and deploy without loss of service. Read More

Hacker coalition sets out to improve critical device security, challenges car makers
The group aims to improve cyber security of medical, automotive, home electronics, and public infrastructure systems Read More

US consumer agency warns of several Bitcoin risks
Investing in Bitcoin can expose users to hackers and scammers, the US CFPB says Read More

Payment cards with chips aren't perfect, so encrypt everything, experts say
The EMV or 'chip-and-PIN' system is not without security flaws, researchers warned Read More


SLIDESHOWS

Black Hat 2014: How to crack just about everything

From cell phones and cars to IPv6 security researchers have turned their skills against a world of technology.

JOIN THE NETWORK WORLD COMMUNITIES

As network pros you understand that the value of connections increase as the number of connections increase, the so called network effect, and no where is this more evident than in professional relationships. Join Network World's LinkedIn and Facebook communities to share ideas, post questions, see what your peers are working on and scout out job applicants (or maybe find your next opportunity).

Network World on Facebook

Network World on LinkedIn

MOST-READ STORIES of 2014

1. Netscout sues Gartner over Magic Quadrant rating

2. Why TCP/IP is on the way out

3. Amazon Fire Phone: Nice but nothing to get fired up about

4. Rackspace bows out commodity IaaS market in favor of 'managed cloud'

5. Cisco's new UCS fabric interconnect: no ACI?

6. Smartphone kill-switch bill passes California assembly

7. Emerging networking technology used by Apple, Cisco will frustrate firewalls

8. IBM/DARPA turn out brain-like 5-billion transistor superchip

9. 10 ways to get noticed at Black Hat

10. Top 20 colleges for computer science majors, based on earning potential


Do You Tweet?
Follow everything from NetworkWorld.com on Twitter @NetworkWorld.

You are currently subscribed to networkworld_security_alert as security.world@gmail.com.

Unsubscribe from this newsletter | Manage your subscriptions | Subscribe | Privacy Policy

When accessing content promoted in this email, you are providing consent for your information to be shared with the sponsors of the content. Please see our Privacy Policy for more information.

If you are interested in advertising in this newsletter, please contact: bglynn@cxo.com

To contact Network World, please send an e-mail to customer_service@nww.com.

Copyright (C) 2014 Network World, 492 Old Connecticut Path, Framingham MA 01701

** Please do not reply to this message. If you want to contact someone directly, send an e-mail to customer_service@nww.com. **


No comments: