gregorylnewton

A Site For All Your Needs

Archive for the category “Electronics”

European firms take proactive security stance on APTs

European firms are taking a proactive approach to information security in the face of targeted attacks and advanced persistent threats (APTs), according to research firm Frost & Sullivan.

These threats take the form of cyber attacks that lie dormant inside the network for months and even years, exfiltrating valuable company data for illicit financial gain.

The severe repercussions have prompted managed security service providers (MSSPs) to expand their offerings to protect organisations against APTs, according to the company’s latest report.

The report, entitled A service-centric approach to APTs, concludes that a greater portion of market participants’ revenues in Europe, the Middle East and Africa will be devoted to threat intelligence research, detection and remediation to enable organisations to counteract the effects of APTs.

The report also predicts that intelligence and forensics will become the most important differentiators for companies selling APT defence systems and services.

Understanding how threat actors work is vital to identifying indicators of compromise during the early stages of an attack, the report said.

As a result, companies are deploying technologies such as advanced data analytics and event correlation alongside sandboxing to detect and remediate attacks once they are inside the network.

“European organisations have a more relaxed approach to cyber security than US organisations, wherein there is greater awareness of the threat of targeted cyber attacks,” said Beatriz Valle, information and communication technologies senior analyst at Frost & Sullivan.

“Slowly, however, European companies are coming to grips with the fact that they are prime targets – just as much as their US counterparts,” she said.

In the US, the possibility of a class action lawsuit resulting in large aggregate losses and the strength of the legal professional services sector have had a positive impact on the security posture adopted by organisations.

Frost & Sullivan expect this environment to reach western Europe soon and have an encouraging impact for MSSPs.

However, the analyst firm believes MSSPs should nevertheless create customer awareness of the damage a threat actor can cause in a short time to quickly expand their market in Europe, the Middle East and Africa.

“For now, MSSPs are partnering more than ever with product vendors to offer compelling APT solutions for the complex European market,” said Valle.

“This trend is becoming entrenched in the security landscape, with more product vendors joining forces with service providers to enhance their customer reach and exploit the rising demand for greater investment in analytics, APT research and behavioural modelling,” she said.

View the original article here

Advertisements

Sky on the hunt for women to join technology team

Sky has launched a technology hub to open in Leeds later in 2015, with 400 job openings and a push for women to join.

Based at Allied London’s Leeds Dock, the hub will focus on designing and developing Sky websites and apps to enable customers to watch content on multiple devices.

The additional 400 jobs will take the total number of Sky employees in Leeds to over 1,000 in its technology and customer services.

Natasha Sayce-Zelem, head of technology at Sky, told Computer Weekly the braodcaster is on the hunt for more women to join its team: “We are working on attracting and retaining female talent because gender-balanced teams bring better outcomes. Tech teams need to better reflect society. It’s about supercharging top female talent, supporting a women’s network and empowering people to take more control of when and where they work.

“This is an exciting time for people to be joining Sky. Businesses have to invest in skills, so the next graduates coming up through the pipeline are well prepared.”

Sayce-Zelem studied for a degree in film, specialising in producing before finding her way into the technology industry through websites and delivery. She said Sky is open to talent outside traditional computer science backgrounds, due to the shortage of candidates.

“After I was given a chance in this exciting and fast-paced industry, I never looked back. We recognise there are talented individuals out there who might not hold computer science degrees – so we’re open to those that show an aptitude for technology,” said Sayce-Zelem.

“There is a misconception that technology is just a lot of hardware and that you can’t do it without a computer science degree, which isn’t the case. There is no greater pleasure than seeing someone on the train using your app or reeling off to friends how many times people visit your website daily.”

Jeremy Darroch, group chief executive at Sky, said: “Digital skills and innovation are at the heart of what we do at Sky, helping us give customers the best possible TV experience, whether at home or on the move. With our investment in Leeds, we’re creating one of the largest digital communities in the UK.

“We are looking forward to bringing hundreds of new jobs to the city and giving young people the opportunity to build their skills and help shape the digital services of the future.”

Sajid Javid, secretary of state for business, skills and innovation, said: “I’m delighted that Sky is furthering its investment in Leeds with the creation of 400 new jobs and a new technology hub. The announcement is a boost to the digital economy of the entire Northern Powerhouse, and will undoubtedly help to cement Leeds as a leading technology cluster.”

Sky has also announced a Software Engineering Academy in Leeds, in addition to increasing the number of places on offer at its London academy.

Sky’s Software Engineering Academies aim to provide graduates with practical on the job training to develop and support software teams across Sky including the Sky Sports team.

The Software Engineering Academy in London has increased its available places from 24 to 36 and it will be recruiting a further 24 graduates and eight apprentices to its Leeds academy each year.

Sayce-Zelem said: “The academies are a seven-month programme designed to prepare young people for roles in the London and Leeds offices.

“Overtime we also hope to increase the amount of young people we take on.”

View the original article here

Rapid7 calls on router makers to eliminate backdoors

Security firm Rapid7 has called on makers of DSL routers to eliminate the common and long-standing vulnerability of hard-coded credentials.

The call comes after the issue was highlighted in a recent advisory by the Computer Emergency Response Team (Cert) sponsored by the US Department of Homeland Security.

According to the advisory, routers from a number of manufacturers still contain hard-coded credentials that could allow a hacker to access the devices via telnet services and remotely control them.

“Manufacturers must make every effort to at least allow end-users to change these passwords, and ideally, passwords would be generated, randomly, on first boot or firmware restore,” said Tod Beardsley, security engineering manager at Rapid7.

“Until manufacturers stop using default passwords on the devices users rely on for internet connectivity, we will continue to see opportunistic attacks on home and small business routers.”

Beardsley said it is important to highlight the issue because although hard-coded credentials are not like traditional software bugs, they are trivial to exploit across millions of routers.

The problem is illustrated by the fact that an internet search for the Observa Telecom hidden administrator account password, 7449airocon, turns up nearly 400 hits on sites ranging from legitimate router security research blogs to sites dedicated to criminal activity.

Observa Telecom is a common router used in Spain by its major ISP Telefonica and has a number of serious vulnerabilities, including persistent and unauthenticated cross-site scripting and cross-site request forgery on a number of its devices, the advisory said.

Other suppliers with affected router models named in the advisory were: AsusTek, Digicom, Philippine Long Distance Telephone and ZTE.

While these backdoors are usually not reachable directly from the internet because an attacker must be on the local network in order to use them to reconfigure devices, Beardsley said this should not necessarily be comforting.

“While attackers must be ‘local’, most of these credentials are usable on the configuration web interface, and a common technique is to use a cross-site scripting [XSS] attack on a given website to silently force the user on the inside network to log in to the device and commit changes on the attacker’s behalf,” he said.

Attackers on free, public Wi-Fi are also on the local network, Beardsley warned, and can make configuration changes to a router that can affect anyone else connected to that access point.

Once an attacker has administrative control over the router, the opportunities for mischief and fraud are “nearly limitless”, he said.

“An attacker can do anything from setting up custom DNS configurations, which will poison the local network’s name resolution, to completely replacing the firmware with his own, enabling him to snoop and redirect any and all traffic at will.”

As a temporary mitigation, the Cert advisory said organisations could write firewall rules that block telnet or SNMP on the device. Telnet network services are used by some manufacturers for remote support.

In March, Cisco consultants Kyle Lovett and Dor Tumarkin told the CrestCon & IISP Congress 2015 in London that unscrupulous internet service providers (ISPs) distribute routers that often have several security vulnerabilities.

“Wide swathes of IP space are being made vulnerable through ISPs in developing countries distributing routers with default passwords that can be easily found on the internet,” said Lovett.

He estimated at that time that between 25 million and 80 million devices used in small office and home office environments could be accessed remotely because default passwords are rarely changed by users.

One of the biggest router security vulnerabilities to date was discovered in December 2014 by security firm Check Point.

The flaw, dubbed Misfortune Cookie, affected more than 12 million devices running an embedded webserver called RomPager.

By exploiting the vulnerability, attackers could carry out man-in-the-middle attacks to enable access to traffic entering and leaving routers built by most manufacturers.

An attacker needed only to send a single packet containing a malicious HTTP cookie to exploit the vulnerability, corrupting memory on the device and allowing remote administrative access to it.

View the original article here

Application modernisation remains a top CIO priority

Modernising core business applications is among the top five priorities for IT departments, a recent study from Gartner has found.

The analyst reported that modernisation and digital transformation projects would help fuel a 7.5% growth in enterprise application spending.

“The majority of spending is going towards modernising, functionally expanding or substituting long-standing business and office applications with cloud-based software-as-a-service,” said Bianca Granetto, research director at Gartner. “Projects have been approved and budgeted for, often over a multi-year period, meaning the pace of spending and adoption isn’t subject to any impending urgency.”

With the growth of subscription-based software, Gartner found that alternative consumption models to traditional on-premises licences are accounting for more than 50% of new software implementations. These include SaaS, hosted licence, on-premises subscriptions and open source. 

In particular, by 2019, about 28% of installed human capital management systems globally will be SaaS-based, up from 13% in 2014, according to Gartner’s forecast.

The analyst predicted that cloud provisioning of office systems would grow from 15% in 2015 to about 60% by 2020. From a revenue growth perspective, the widespread move from on-premises to cloud office will disrupt the traditional revenue flow as more organisations pay smaller increments over a longer period, Gartner noted.

Gartner estimated that 75% of organisations will deploy advanced analytics as part of a platform or analytics application to improve business decision-making. Companies are accelerating the shift in focus of their investments from measurement to analysis, forecasting and optimisation. Deployment of advanced analytics technologies will become critical to achieving those aims, said Gartner.

It also predicted that IT buyers will shift from buying applications to building to drive digitisation projects.

Maintaining legacy IT is seen as a major drain on resources for many IT departments. A recent survey of more than 100 IT professionals conducted by Hitachi Data Systems found that 28% of respondents said they wanted to rip out legacy business intelligence and analytics systems and start again; 26% said the same for customer databases; and 25% for workflow and document management systems.

View the original article here

Coin Unveils The Next Generation Of Its All-In-One Credit Card

Coin, the device that wanted to replace all of your credit cards with a… card, is prepped and ready to dig into the future with Coin 2.0.

Coin 2.0 uses NFC and is EMV-compatible so that users can not only tap to pay, the way you would with Apple Pay on an iPhone, but can integrate their chip-and-pin cards to the device.

The original Coin, debuted in November 2013 on Kickstarter, didn’t start shipping until November 2014 to early backers, with regular orders going out in April of this year. A lot happened over that course of time. For one, the U.S. switched over to EMV cards, which is essentially a more secure technology used to protect credit card information.

Unfortunately for Coin, the switch to EMV effectively made the Coin useless to anyone who had an upgraded card.

With Coin 2.0, anyone with EMV credit cards can use the device through contactless payments, similar to the way Apple Pay works. Plus, the team has made a few other improvements including an improved electronic stripe, a 2x faster display, a thinner card (by 8 percent), and the ability to give cards nicknames within the app.

Another important note: If you have an original coin, don’t fret. The company is replacing all existing Coins out in the world with the Coin 2.0 for free. If you’ve already ordered an original Coin, but it hasn’t yet shipped, your order will automatically be upgraded to Coin 2.0 for free. To claim your new Coin, just update your Coin app and follow the instructions.

Since shipping in April, Coin has been swiped more than one million times, with more than 350,000 units ordered.

You can learn more about Coin here.

View the original article here

Why Android Auto may not be worth the wait (yet)

The battlefront for mobile platforms is hitting the road, literally.

Later this year, vehicles from more than two dozen brands will offer in-car systems built on both Android and iOS. One car, the 2015 Hyundai Sonata, already has Android Auto as an option and Ars Technica’s Ron Amadeo took it for a test drive.

The early verdict? Nicer than the standard car-maker’s info-tainment system but still very much a beta experience and very limited, suggesting Google has work to do yet.

For starters, it might surprise you that the implementation found on the Sonata is based on Android 2.3 Gingerbread software. Google launched Gingerbread in December 2010, so it’s fairly limited compared to the latest and greatest version of Android.

How so? Amadeo notes that this version of Android Auto only supports screen resolutions of 800 x 480, for example, making it feel like “a crappy 2011 Android tablet.” Voice control doesn’t yet sound as good as it is on handsets either.

The interface is also limited, but that’s by design. Google isn’t yet allowing any phone app to work with the in-car system. At the moment, only 17 Play Store apps are compatible with Android Auto and they’re based on messaging and media activities.

That’s not necessarily a bad thing. From a safety perspective, you really don’t want immersive experiences on the dashboard when you’re driving. Media apps such as Pandora, Spotify, TuneIn, Google Play Music and the like make sense here.

Personally, I’m not too keen on the supported messaging apps. Do we need Skype, WhatsApp, and Google Hangouts to take our attention away from the road? Google must think so because they — and many other similar apps — are on the supported app list. Even there, there’s work to be done though, according to Amadeo.

Incoming texts are read aloud by Android Auto but without any context:

“It’s also hard to not feel like an idiot when you tap on a message and get “New Message: OK.”–we really can’t see text even for really short messages? And remember, with no text, there’s no message history and no context. So when you get that inevitable “OK” message, you’d better remember what your last conversation with that person was about.”

And you’d better hope nobody sends you a text message with a link while you’re driving. The system will read the link aloud character by character.

On the plus side, key functionality such as Maps works as well as you’d expect, and it adds a satellite view while driving; something Maps on a phone doesn’t offer to those who want it.

Even so, Android Auto still sounds like a very limited, version 1.0 software product.

Will it get better over time? Very likely, yes, as Google removes some developer limitations — apps can only focus on messages and media for now — and as the platform matures.

Much of that maturity can come in the form of software updates; good since software can be changed far faster than hardware in vehicles that have a yearly refresh cycle. Even so, based on the early look, it sounds like you’re betting on the future of Android Auto now rather than getting a compelling experience on day one.

Don’t forget also that the phone you connect to the car for Android Auto requires Android 5.0 software or better; if you don’t have one, your Android Auto experience will stall out before you even start the car.

View the original article here

Zero Day Weekly: Jeep hacking stunt, JPMorgan bust, Ashley Madison and LifeLock ‘had one job’

zero day Jeep hack

Welcome to Zero Day’s Week In Security, our roundup of notable security news items for the week ending July 23, 2015. Covers news and business, is allergic to press releases: Enterprise, controversies, reports, and more.

Microsoft’s Advanced Threat Analytics (ATA) product will be generally available in August. ATA, Microsoft’s on-premises cybersecurity software based on technology Microsoft acquired when it bought Aorato last year. ATA is meant to help businesses block targeted attacks by automatically analyzing, learning and identifying all normal and abnormal behavior, using machine learning. Microsoft this week also may have purchased cybersecurity vendor Adallom to bolster its cloud-security play.Lockheed said Monday it will review alternatives for its IT services unit amid shifts in the cybersecurity market. Strategic alternatives typically means an acquisition, spin off or initial public offering of a division. Lockheed Martin said its review is likely to result in a spin-off or sale. Authorities arrested four people in Israel and Florida and revealed a complex securities fraud scheme tied to the computer hacks of JPMorgan Chase & Co. and other financial institutions. Behind the alleged crimes described Tuesday is a remarkable story of unpredictable alliances in modern computer crime involving, if true, a multi-layered organization with tentacles reaching Moscow, Tel Aviv and West Palm Beach.

View the original article here

All in the family: 2015 Moto G sounds like a 2013 Moto X for less money

Next week, Motorola is holding a press event where it’s expected to launch one, if not two, new Moto X handset models, as well as an updated Moto G phone. I’ll be there to report from the event and expect to have a device or two in hand.

While we wait, however, a fair amount of information has leaked about the Moto G, including alleged pictures and specifications for the device. Here’s a shot of new handset from Laptopmedia.com who says it has the phone in hand.

moto-g-2015-angled.jpg

I’m struck by the potential similarity here between what’s likely the 2015 Moto G and the 2013 Moto X; one of my all-time favorite Android handsets.

And not just in the looks department; frankly, the Moto X, G, E and Nexus 6 all share very similar design cues. It’s what’s reportedly on the inside of the next Moto G that reminds me of the phone I bought two years ago.

The Moto G is expected to have a quad-core 1.36 GHz Snapdragon 410 paired with 1 GB of memory, although there have been reports of a more expensive model with double the RAM.

The 2013 Moto X also came with 2 GB of memory and ran on a 1.7 GHz dual-core Snapdragon S4 that Motorola modified to include a natural-language processor and other sensors. I’m anticipating the Moto G configuration to rival the performance of the two-year old Moto X as a result.

That year, the Moto X display was 4.7-inches in size with a 1280 x 720 resolution. This year’s Moto G? It looks like a slightly larger 5-inch screen with the same resolution. And the Moto G’s anticipated 2470 mAh battery is similar to the 2200 mAh unit in the old Moto X.

In the case of the cameras, this year’s Moto G should actually exceed those found in the 2013 Moto X: The unit Laptopmedia.com has uses a 13 megapixel rear sensor and 5 megapixel front camera.

Keep in mind that when the Moto X debuted in September 2013 the base model carried a price tag of $199 with a two-year contract, or $499 off-contract. In contrast, the Moto G has started at $179 without a contract; a massive price difference.

We don’t know yet how Motorola will price this year’s model, but the Moto G line has always represented a solid value and I don’t expect that to change. You may be getting a budget-friendly phone that’s at least as capable, if not more so, than Motorola’s 2013 flagship.

View the original article here

Brazil-Angola undersea link gets datacenter

A 3,000 square meter datacenter will be built in the northeast of Brazil to support the requirements of a Brazil-Angola submarine fiber optic cable.

The facility that will serve the South Atlantic Cable System (SACS) project will be created under a partnership between the city of Fortaleza and African telecoms giant Angola Cable.

SACS will have capacity of at least 40 Tbps and is scheduled to commence operations in the first quarter of 2017.It will be the first ever undersea link connecting Africa and South America.

Currently, the Brazilian city of Fortaleza – which is the point in Brazil that is nearest to Africa and Europe – already has seven submarine fiber optic cables.

In addition to SACS, Angola Cables is also involved as one of the shareholders of Monet, a link connecting Fortaleza and Santos, in the southeast of Brazil, with Boca Ratón in Florida.

Monet, which has Google as another key shareholder, will span 10,556 km (6,560 miles) and six fiber pairs, with overall system design capacity of a whopping 64 Tbps and completion date set for late 2016.

There is currently one cable connecting Brazil to Europe, Atlantis II, which is old and has limited capacity, being almost exclusively used as a telephony link. The country has four other submarine cables, each connecting Brazil to the United States.

View the original article here

Pakistan to shut down BlackBerry services on “security” grounds

bbry.jpg (Image: CNET/CBS Interactive)

Pakistani authorities are planning to shut down BlackBerry’s secure messaging services in the country towards the end of the year, citing national security reasons.

A leaked memo dated July 22 from the Pakistan Telecommunications Authority (PTA), seen by ZDNet but its authenticity can’t be immediately verified, purports to show minutes from a meeting a week prior, calling on three of the largest major cell phone providers to shut down BlackBerry’s encrypted messaging service (BES).

“Due to serious concerns by the security agency, Mobilink, Ufone, and Telenor Pakistan are requested to offer 90 days notice as per the existing provisions to their BES customers for closing their BES connections, and ensure that all BES connections of their customers must be closed by or before November 30 without fail,” the official memo reads.

The named cell providers were asked to submit compliance reports due at the end of the month.

Citing an official at the PTA who asked not to be named, Reuters also confirmed the news.

There are thought to be only a few thousand BES customers in the country — most of which are government or business users, or attached to foreign embassies. But authorities are concerned that criminals are also using the encrypted service, which cannot be intercepted, amid almost daily terrorist attacks and abductions from both domestic threats and foreign fighters.

The country remains on high alert following recent bombings and numerous gun attacks in 2014.

News of the shut down comes just days after British civil liberties group Privacy International said Pakistan’s main intelligence branch was pushing for greater surveillance powers.

In a blog post, the privacy watchdog said the Pakistani Inter-Services Intelligence (ISI) agency was moving to “tap all internet protocol (IP)-bound communications traffic entering or travelling through Pakistan and corresponding monitoring capacities.”

13 best privacy tools for staying secure

From encrypted instant messengers to secure browsers and operating systems, thees privacy-enhancing apps, extensions, and services can protect you both online and offline.

“It means capacitating the country’s most notorious intelligence service to spy on more of the country’s citizens and expecting it to police its own actions,” the post read.

It’s not the first time BlackBerry has faced being shut down by a government.

The Canadian smartphone maker’s secure messaging service has faced disruption in India, Saudi Arabia, and the United Arab Emirates, and Indonesia, after their governments expressed concern that criminals and terrorists were using the service.

BlackBerry spokesperson Kara Yi said in an emailed statement: “BlackBerry provides the world’s most secure communications platform to government, military and enterprise customers. Protecting that security is paramount to our mission. While we recognize the need to cooperate with lawful government investigative requests of criminal activity, we have never permitted wholesale access to our BES servers.”

When asked to comment specifically on the reported upcoming Pakistan ban, Yi declined to comment further.

Representatives from Mobilink, Ufone, and Telenor Pakistan did not respond at the time of writing.

View the original article here

Post Navigation