14.1 C
Tuesday, September 19, 2017
Home Authors Posts by cyberparse


Our purpose is to provide the right information to our readers. For obvious reasons, our information journey will of couse be ever changing, but from the outset we plan on the following: Break down and communicate knowledge relating to Cyber Crime, Cyber Security, Information Security and Computer Security. Use Risk Management practices to help in translating the technical aspects of the Risks, Threats and Vulnerabilities into business language. Communicate the appropriate Controls necessary to reduce the Impact and Probability. We will do this by: Identifying, collating and providing relevant information. Highlighting relevant News articles. Investigating trends and providing Analysis. Providing How-to tips and tricks to reduce the Threats and Vulnerabilities. Offering Products and Solutions designed to mitigate or defend against the risks. ------ Joe Woods, Editor and CTO

Oscar-nominated Dallas Buyers Club sues 31 over BitTorrent downloads

It's an unusual case of a well-received movie filing copyright lawsuits.    

Google Again Paying Rewards for Chrome OS Security Fixes

Google is putting up $2.7 million to pay for security fixes from software researchers who identify and fix vulnerabilities in Chrome OS code. Google is offering rewards of up to $150,000 each to security researchers who help the company identify and patch serious vulnerabilities in the code for Chrome OS as Google continues to sponsor competitions that help it root out bad code in its products. "Security is a core tenet of Chromium, which is why we hold regular competitions to learn from security researchers," wrote Jorge Lucángeli Obes, a Google security engineer, in a recent post on The Chromium Blog. "Contests like Pwnium help us make Chromium even more secure.

This year Pwnium 4 will once again set sights on Chrome OS, and will be hosted in March at the CanSecWest security conference," which will be held March 12-14 at the Sheraton Wall Centre hotel in downtown Vancouver, British Columbia. At this year's event, Google will offer a total of $2.7 million in Pwnium rewards for eligible Chrome OS exploits, he wrote. Prizes of $110,000 will be paid for fixes for browser or system-level compromises in guest mode or as a logged-in user, delivered via a Web page. Prizes of $150,000 will be paid for compromises involving device persistence such as guest to guest with interim reboot, delivered via a Web page, according to Obes. "New this year, we will also consider significant bonuses for demonstrating a particularly impressive or surprising exploit," he wrote. "Potential examples include defeating kASLR, exploiting memory corruption in the 64-bit browser process or exploiting the kernel directly from a renderer process." Participants in the past were asked to focus their bug-seeking efforts on Intel-based Chrome OS devices, according to Obes, but are now also welcome to seek vulnerabilities on platforms such as ARM-based Chromebooks, the HP Chromebook 11 (WiFi) or the Acer C720 Chromebook (2GB WiFi), which is based on the Intel Haswell microarchitecture, he wrote. "The attack must be demonstrated against one of these devices running the then-current stable version of Chrome OS." Participants can use any software included with the default installation as part of their Chrome OS attack, according to Obes. "For those without access to a physical device, the Chromium OS developer's guide offers assistance on getting up and running inside a virtual machine, but note that a virtual environment might differ from the physical devices where the attack must be demonstrated," he wrote. Entrants in the competition must register in advance for a timeslot at the conference so that every entrant has enough time to demonstrate his or her exploit, wrote Obes. Participants must send an email to pwnium4@chromium.org to register. The deadline for registration is 8 p.m. EST on March 10 for exploits that are to be considered for awards. "The official rules contain more details, but standard Pwnium rules apply: the deliverable is the full exploit, with explanations for all individual bugs used (which must be unknown); and exploits should be served from a password-authenticated and HTTPS-supported Google App Engine URL," wrote Obes. In 2013, Google put up $3.1 million in prize money at the same conference as payments to researchers who identified security holes in Chrome OS.

Seven Surprising Trends from HP’s Security Risk Report

Hewlett-Packard has a somewhat unique position when it comes to security visibility, as the company has multiple sources of security intelligence from both public and privately reported sources. HP's Zero Day Initiative (ZDI) is one of the leading effo...

Imperva Consolidates Security Holdings With Two Acquisitions

Imperva acquires two security companies it already had close ties with: Incapsula and Skyfence. Security firm Imperva is acquiring a pair of companies it is very familiar with: Incapsula and Skyfence. Incapsula is a cloud-based security platform spun off from Imperva, and Skyfence, which recently emerged from stealth mode with a behavior-based cloud application security offering, was founded by former Imperva employees. Imperva is paying approximately $60 million for Skyfence, Mark Kraynak, Imperva's senior vice president of worldwide marketing, told eWEEK. Imperva already owned approximately 80 percent of Incapsula and is now moving to buy the remaining share. Nearly all employees from the two acquisitions will be retained, Kraynak said. Imperva originally seeded Incapsula more than four years ago because it recognized that cloud delivery would change the Web application security landscape.

As it turns out, that idea has proven correct, with Incapsula having 272 percent year-over-year revenue growth in 2013. "Now that Incapsula has reached this stage, the time is right to bring them into a larger company to help take them to the next stage," Kraynak said. "Skyfence is similar in that we are now at a time where we recognize that software-as-a-service [SaaS] delivery models for internally facing corporate applications will substantially change the landscape for data center security and compliance." Imperva intellectual property as well as one of Imperva's co-founders, Marc Gaffan, were at the core of Incapsula.While Imperva owned 80 percent of Incapsula, the rest was employee-owned. "We chose this structure to give them the agility to develop and go to market without constraints that could have been imposed by a larger entity," Kraynak said. "Now they have crossed the point where they are highly successful, and we're seeing synergies in the form of side-by-side deployments of Imperva Web application firewall [WAF] and Incapsula cloud distributed denial-of-service [DDoS] protection." Imperva's SecureSphere WAF product can now also run on the Amazon Web Services (AWS) cloud in addition to being an on-premise solution.

The Incapsula solution in contrast works by having an organization point their Domain Name System (DNS) information at the Incapsula cloud service, which then defends the site. The Skyfence technology that Imperva is acquiring will remain a stand-alone product.

The Skyfence Cloud Application Gateway leverages user behavior as a key tool for cloud security. "There is no technology integration in the current road map with Skyfence," Kraynak said. "This reflects that it's an early market, and we expect it to be a stand-alone sale at this point." The expectation is that customers will begin to look for a hybrid solution in the future, and at that point, Imperva will deliver integrations based on customer demand if and when that happens, Kraynak said. Imperva does offer a hybrid SecureSphere and Incapsula DDoS service today, and the company expects to continue to add incremental improvements and integrations over time, he added. "We think we're at the early stages of a very high-potential and high-growth market, both for data center security generally, but also for cloud security," Kraynak said. "So what's next for us is to continue to execute in those markets and track trends in the threat environment to protect our customers." Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.  

New bill demands that smartphones have “kill switch” in case of...

California bill could become a de facto national rule if it passes.    

Turning table on NSA, US diplomats’ phone call is bugged, leaked...

Did Russian spy apparatus capture senior official's "F*ck the EU" comment?

Report: NSA bulk metadata program doesn’t cover cellphones

Controversial dragnet “only collects data for about 20 percent” of US calls.    

Secret court approves Obama’s small tweaks to phone metadata collection

Foreign Intelligence Surveillance Court ruling to be published soon.    

Nadella’s key challenges

When Satya Nadella was confirmed as the new CEO of Microsoft, it brought the company’s six-month saga to find a new leader to a boringly predictable end.

While the board of Microsoft had toyed with the idea of bringing in a star CEO from outside, such as Ford chief Alan Mulally, in truth, a company of the size and technical complexity of Microsoft needs an insider who can combine in-depth technical knowledge with sound business understanding – someone just like Bill Gates, perhaps. While Gates will be making a come-back to focus on “special projects”, his unspoken role will also be to support Nadella as he settles in.

There will certainly be many who think he isn’t up to the job and that it should be them sitting in the most expensive chair in the building. And Nadella will require support from Gates and the Microsoft board if he is to take on the company’s well-entrenched groups and rise to the challenges that the company faces.Windows first Windows and Office remain the most important divisions at Microsoft simply on the grounds of their vast profitability. On the principle that it is easier to lose customers than win them, Nadella’s number-one priority must therefore be to iron out the shambolic disaster of Windows 8.

In the past, new Microsoft operating systems propelled PC sales growth. But after Microsoft launched Windows 8 in October 2012, the decline in PC sales actually accelerated. Furthermore, the illogical split between desktop PCs, laptops and Intel-based tablet computers; ARM-based tablet computers; and then smartphones – with Windows Phone – has only confused potential customers. This baffling combination has proved especially damaging in mobile, with the split between the unpopular Windows RT operating system for ARM-based tablet computers and Windows Phone for smart phones defying convention. While Apple’s iOS and Google’s Android were primarily intended for mobile devices – both smartphones and tablets – the division between the two genres of mobile device has undermined the market for app developers on Microsoft's splintered platforms. Nadella will therefore have to address these inconsistencies and prioritise the development of a user interface for Windows 9 that works well on both touch and non-touch devices.That also touches upon Nadella’s second priority: mobile – including Windows Phone. This will be more challenging as it is a market that his predecessor Ballmer didn’t just fluff, but let escape from Microsoft’s grasp without him even realising it as he guffawed at the iPhone and iPad.Microsoft, for example, published a “tablet PC” specification in 2000, while Windows Mobile, the predecessor to Windows Phone, enjoyed a US market share of 42 per cent in 2007 before first Apple’s iOS, then Google’s Android, blasted it to near oblivion. Surveys on mobile by Computing, however, suggest that Windows Phone nevertheless remains one of the operating systems on CIOs’ radar, and one they would strongly consider standardising on as part of a corporate mobile strategy. Furthermore, with the Nokia acquisition, Microsoft will be able to offer a range of smartphone devices at much more competitive prices than Apple, while offering better security than Android.

First there were CAPTCHAs, now there are GOTCHAs

New system uses abstract art to hide passwords.

Tim Berners-Lee: We need a Web that’s open and international

In an interview with Wired, the inventor of the World Wide Web stresses the importance of an open environment following efforts by certain countries to centralize the Web. February 7, 2014 6:40 AM PST Tim Berners-Lee speaking at the 2013 World E...

Contactless payments: are we sacrificing security for convenience?

Danny Palmer investigates whether contactless card payments could see us handing our details to cyber criminals, all for the sake of buying a coffee a l...