A Site For All Your Needs

Archive for the month “August, 2015”

European firms take proactive security stance on APTs

European firms are taking a proactive approach to information security in the face of targeted attacks and advanced persistent threats (APTs), according to research firm Frost & Sullivan.

These threats take the form of cyber attacks that lie dormant inside the network for months and even years, exfiltrating valuable company data for illicit financial gain.

The severe repercussions have prompted managed security service providers (MSSPs) to expand their offerings to protect organisations against APTs, according to the company’s latest report.

The report, entitled A service-centric approach to APTs, concludes that a greater portion of market participants’ revenues in Europe, the Middle East and Africa will be devoted to threat intelligence research, detection and remediation to enable organisations to counteract the effects of APTs.

The report also predicts that intelligence and forensics will become the most important differentiators for companies selling APT defence systems and services.

Understanding how threat actors work is vital to identifying indicators of compromise during the early stages of an attack, the report said.

As a result, companies are deploying technologies such as advanced data analytics and event correlation alongside sandboxing to detect and remediate attacks once they are inside the network.

“European organisations have a more relaxed approach to cyber security than US organisations, wherein there is greater awareness of the threat of targeted cyber attacks,” said Beatriz Valle, information and communication technologies senior analyst at Frost & Sullivan.

“Slowly, however, European companies are coming to grips with the fact that they are prime targets – just as much as their US counterparts,” she said.

In the US, the possibility of a class action lawsuit resulting in large aggregate losses and the strength of the legal professional services sector have had a positive impact on the security posture adopted by organisations.

Frost & Sullivan expect this environment to reach western Europe soon and have an encouraging impact for MSSPs.

However, the analyst firm believes MSSPs should nevertheless create customer awareness of the damage a threat actor can cause in a short time to quickly expand their market in Europe, the Middle East and Africa.

“For now, MSSPs are partnering more than ever with product vendors to offer compelling APT solutions for the complex European market,” said Valle.

“This trend is becoming entrenched in the security landscape, with more product vendors joining forces with service providers to enhance their customer reach and exploit the rising demand for greater investment in analytics, APT research and behavioural modelling,” she said.

View the original article here


Sky on the hunt for women to join technology team

Sky has launched a technology hub to open in Leeds later in 2015, with 400 job openings and a push for women to join.

Based at Allied London’s Leeds Dock, the hub will focus on designing and developing Sky websites and apps to enable customers to watch content on multiple devices.

The additional 400 jobs will take the total number of Sky employees in Leeds to over 1,000 in its technology and customer services.

Natasha Sayce-Zelem, head of technology at Sky, told Computer Weekly the braodcaster is on the hunt for more women to join its team: “We are working on attracting and retaining female talent because gender-balanced teams bring better outcomes. Tech teams need to better reflect society. It’s about supercharging top female talent, supporting a women’s network and empowering people to take more control of when and where they work.

“This is an exciting time for people to be joining Sky. Businesses have to invest in skills, so the next graduates coming up through the pipeline are well prepared.”

Sayce-Zelem studied for a degree in film, specialising in producing before finding her way into the technology industry through websites and delivery. She said Sky is open to talent outside traditional computer science backgrounds, due to the shortage of candidates.

“After I was given a chance in this exciting and fast-paced industry, I never looked back. We recognise there are talented individuals out there who might not hold computer science degrees – so we’re open to those that show an aptitude for technology,” said Sayce-Zelem.

“There is a misconception that technology is just a lot of hardware and that you can’t do it without a computer science degree, which isn’t the case. There is no greater pleasure than seeing someone on the train using your app or reeling off to friends how many times people visit your website daily.”

Jeremy Darroch, group chief executive at Sky, said: “Digital skills and innovation are at the heart of what we do at Sky, helping us give customers the best possible TV experience, whether at home or on the move. With our investment in Leeds, we’re creating one of the largest digital communities in the UK.

“We are looking forward to bringing hundreds of new jobs to the city and giving young people the opportunity to build their skills and help shape the digital services of the future.”

Sajid Javid, secretary of state for business, skills and innovation, said: “I’m delighted that Sky is furthering its investment in Leeds with the creation of 400 new jobs and a new technology hub. The announcement is a boost to the digital economy of the entire Northern Powerhouse, and will undoubtedly help to cement Leeds as a leading technology cluster.”

Sky has also announced a Software Engineering Academy in Leeds, in addition to increasing the number of places on offer at its London academy.

Sky’s Software Engineering Academies aim to provide graduates with practical on the job training to develop and support software teams across Sky including the Sky Sports team.

The Software Engineering Academy in London has increased its available places from 24 to 36 and it will be recruiting a further 24 graduates and eight apprentices to its Leeds academy each year.

Sayce-Zelem said: “The academies are a seven-month programme designed to prepare young people for roles in the London and Leeds offices.

“Overtime we also hope to increase the amount of young people we take on.”

View the original article here

Rapid7 calls on router makers to eliminate backdoors

Security firm Rapid7 has called on makers of DSL routers to eliminate the common and long-standing vulnerability of hard-coded credentials.

The call comes after the issue was highlighted in a recent advisory by the Computer Emergency Response Team (Cert) sponsored by the US Department of Homeland Security.

According to the advisory, routers from a number of manufacturers still contain hard-coded credentials that could allow a hacker to access the devices via telnet services and remotely control them.

“Manufacturers must make every effort to at least allow end-users to change these passwords, and ideally, passwords would be generated, randomly, on first boot or firmware restore,” said Tod Beardsley, security engineering manager at Rapid7.

“Until manufacturers stop using default passwords on the devices users rely on for internet connectivity, we will continue to see opportunistic attacks on home and small business routers.”

Beardsley said it is important to highlight the issue because although hard-coded credentials are not like traditional software bugs, they are trivial to exploit across millions of routers.

The problem is illustrated by the fact that an internet search for the Observa Telecom hidden administrator account password, 7449airocon, turns up nearly 400 hits on sites ranging from legitimate router security research blogs to sites dedicated to criminal activity.

Observa Telecom is a common router used in Spain by its major ISP Telefonica and has a number of serious vulnerabilities, including persistent and unauthenticated cross-site scripting and cross-site request forgery on a number of its devices, the advisory said.

Other suppliers with affected router models named in the advisory were: AsusTek, Digicom, Philippine Long Distance Telephone and ZTE.

While these backdoors are usually not reachable directly from the internet because an attacker must be on the local network in order to use them to reconfigure devices, Beardsley said this should not necessarily be comforting.

“While attackers must be ‘local’, most of these credentials are usable on the configuration web interface, and a common technique is to use a cross-site scripting [XSS] attack on a given website to silently force the user on the inside network to log in to the device and commit changes on the attacker’s behalf,” he said.

Attackers on free, public Wi-Fi are also on the local network, Beardsley warned, and can make configuration changes to a router that can affect anyone else connected to that access point.

Once an attacker has administrative control over the router, the opportunities for mischief and fraud are “nearly limitless”, he said.

“An attacker can do anything from setting up custom DNS configurations, which will poison the local network’s name resolution, to completely replacing the firmware with his own, enabling him to snoop and redirect any and all traffic at will.”

As a temporary mitigation, the Cert advisory said organisations could write firewall rules that block telnet or SNMP on the device. Telnet network services are used by some manufacturers for remote support.

In March, Cisco consultants Kyle Lovett and Dor Tumarkin told the CrestCon & IISP Congress 2015 in London that unscrupulous internet service providers (ISPs) distribute routers that often have several security vulnerabilities.

“Wide swathes of IP space are being made vulnerable through ISPs in developing countries distributing routers with default passwords that can be easily found on the internet,” said Lovett.

He estimated at that time that between 25 million and 80 million devices used in small office and home office environments could be accessed remotely because default passwords are rarely changed by users.

One of the biggest router security vulnerabilities to date was discovered in December 2014 by security firm Check Point.

The flaw, dubbed Misfortune Cookie, affected more than 12 million devices running an embedded webserver called RomPager.

By exploiting the vulnerability, attackers could carry out man-in-the-middle attacks to enable access to traffic entering and leaving routers built by most manufacturers.

An attacker needed only to send a single packet containing a malicious HTTP cookie to exploit the vulnerability, corrupting memory on the device and allowing remote administrative access to it.

View the original article here

Application modernisation remains a top CIO priority

Modernising core business applications is among the top five priorities for IT departments, a recent study from Gartner has found.

The analyst reported that modernisation and digital transformation projects would help fuel a 7.5% growth in enterprise application spending.

“The majority of spending is going towards modernising, functionally expanding or substituting long-standing business and office applications with cloud-based software-as-a-service,” said Bianca Granetto, research director at Gartner. “Projects have been approved and budgeted for, often over a multi-year period, meaning the pace of spending and adoption isn’t subject to any impending urgency.”

With the growth of subscription-based software, Gartner found that alternative consumption models to traditional on-premises licences are accounting for more than 50% of new software implementations. These include SaaS, hosted licence, on-premises subscriptions and open source. 

In particular, by 2019, about 28% of installed human capital management systems globally will be SaaS-based, up from 13% in 2014, according to Gartner’s forecast.

The analyst predicted that cloud provisioning of office systems would grow from 15% in 2015 to about 60% by 2020. From a revenue growth perspective, the widespread move from on-premises to cloud office will disrupt the traditional revenue flow as more organisations pay smaller increments over a longer period, Gartner noted.

Gartner estimated that 75% of organisations will deploy advanced analytics as part of a platform or analytics application to improve business decision-making. Companies are accelerating the shift in focus of their investments from measurement to analysis, forecasting and optimisation. Deployment of advanced analytics technologies will become critical to achieving those aims, said Gartner.

It also predicted that IT buyers will shift from buying applications to building to drive digitisation projects.

Maintaining legacy IT is seen as a major drain on resources for many IT departments. A recent survey of more than 100 IT professionals conducted by Hitachi Data Systems found that 28% of respondents said they wanted to rip out legacy business intelligence and analytics systems and start again; 26% said the same for customer databases; and 25% for workflow and document management systems.

View the original article here

Screenshots: 10 cross-platform messaging apps you shouldn’t overlook

Cross-platform messaging apps keep you within reach while at your desk or on the go, and having cloud-synchronized chat logs, contact lists, and settings are important considerations. Learn about 10 options for your desktop and mobile platforms of choice.

Telegram’s focus is on security and being available on multiple platforms. Official desktop clients exist for Windows, OS X, and Linux, with official mobile clients available for iOS, Android, and Windows Phone. A proper tablet is available on iPad and Android, and the web version can be used in any modern browser. Telegram also has an open API for developers to build applications.

Telegram is managed by a German nonprofit and backed by Nikolai and Pavel Durov, the founders of the social networking website VK. Telegram receives a score of 4 out 7 for normal conversations from EFF’s Secure Messaging Scorecard, with secret chats on Telegram receiving a perfect score. (Check out other secure messaging programs.)

Image: James Sanders

James Sanders is a Java programmer specializing in software as a service and thin client design, and virtualizing legacy programs for modern hardware. James is currently a student at Wichita State University in Kansas.

View the original article here

Photos: 10 supercomputers that are leading innovation around the world

In July 2015 the Top 500 list of the most powerful supercomputers was released. Here are the top 10.

The current no. 1 system is the Tianhe-2, which is part of the National Supercomputer Center in Guangzho, China. The system has 16,000 nodes and more than three million computing cores.

Image: Jack Dongarra

Conner Forrest is a Staff Writer for TechRepublic. He covers startups and enterprise technology and is passionate about the convergence of tech and culture.

View the original article here

Photos: 12 high tech devices to monitor your kids’ health

CellScope is a company aimed at becoming a digital toolkit for medical needs. The first hardware product is Oto, to inspect ear infections.

Image: CellScope

Lyndsey Gilpin is a Staff Writer for TechRepublic. She covers sustainability, tech leadership, 3D printing, and social entrepreneurship. She’s co-author of the upcoming book, Follow the Geeks.

Lyndsey Gilpin is a Staff Writer for TechRepublic. She covers sustainability, tech leadership, 3D printing, and social entrepreneurship. She’s co-author of the upcoming book, Follow the Geeks.

View the original article here

Photos: The many angles of 360 cameras

Nokia announced its entrance into the virtual reality field with its OZO camera. The OZO is aimed at a professional audience, namely VR creators and filmmakers. They haven’t announced a release date or many specifics. What we do know is it shoots stereoscopic 3D video using eight synchronized global shutter sensors, and an additional eight integrated microphones capture spatial audio. What got the most buzz though, is its playback feature. In real time, users can watch the 3D video without going through an assembly process to stitch input from the different cameras together.

Image: Nokia

Erin Carson is a Staff Writer for TechRepublic. She covers the impact of social media in business and the ways technology is transforming the future of work.

View the original article here

Screenshots: Five tools for creating outstanding podcasts

Podcasting is the new blogging. Your business could greatly benefit from adding podcasts to your promotional and marketing efforts. With podcasts, you can bring a new dimension to your company/client relationship, train employees, advertise your products, and even cross-promote with others in your industry.

But how do you podcast? Where do you start? If you’ve already planned out your podcast (you know the content and audience, you have a host, etc.), you start with apps. You can’t just record a podcast on your phone and upload it to your server or iTunes—there are a number of steps between conception and publication. For those steps, you need apps. Here are five good ones that will help you hit the ground running with your podcast.

Note: This gallery is also available as an article.


Jack Wallen is an award-winning writer for TechRepublic and He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website

View the original article here

Photos: 10 cool virtual reality patents from the past 25 years

The patent for this virtual reality helmet was filed in 1993. The patent summary describes an improved field of view and image quality (compared to what, it doesn’t say), adjustable lenses, and a second set of lenses.

Erin Carson is a Staff Writer for TechRepublic. She covers the impact of social media in business and the ways technology is transforming the future of work.

View the original article here

Post Navigation