18.3 C
Tuesday, August 22, 2017

Hackers emit 9GB of stolen Macron ’emails’ two days before French...

Hmm, who could possibly do such a thing? Emmanuel Macron, the front-runner in France's presidential election, has condemned the online leakage of what's alleged to be his campaign staff's emails.…

WTF, Russia’s domestic Internet traffic mysteriously passes through Chinese routers

Unexplained diversion underscores insecurity of Net's global routing system.

Dell Offers Security Suite for Corporate Endpoints

The vendor is rolling out a security solution that includes authentication, encryption and threat protection capabilities for PCs and tablets. Dell is giving organizations an easier way to ensure that the growing numbers of endpoints being used by their employees are protected against malware and other threats. Company officials on March 10 rolled out the Dell Data Protection/Endpoint Security Suite (DDP/ESS), a single offering that can be used with commercial systems from Dell or other hardware makers that offers an array of authentication, encryption and threat protection capabilities. The suite, which is available now, comes at a time when cyber-attacks are getting more sophisticated and when the numbers of devices—from notebooks to smartphones to tablets—being used for business are growing. "Data breaches are getting worse and are getting expensive," Brett Hansen, executive director of end-user computing software and mobility, told eWEEK in an interview in Boston, noting the prominent role endpoints play in many security incidents. "It's perhaps the most important situation that needs to be addressed when we talk about security. Systems and devices that are lost, stolen or misplaced pose a significant risk of data exposure. Dell officials note that 87 percent of organizations have experienced a data breach over the past 12 months, and 70 percent of security breaches can be traced to humans. In addition, the value of a lost laptop is about $49,000, with more than 80 percent of that value being attributed to the data inside. Dell over the past several years has been working to build out its security capabilities, both through in-house development and through acquisitions of such companies as SecureWorks, SonicWall, Quest and Credant Technologies, as part of its larger effort to become a complete IT solutions provider. Hansen said a growing percentage of businesses are looking for a complete suite of security from a single vendor, which is easier to deploy and manage than trying to integrate a number of products from multiple suppliers, which can be complex and costly. Dell's DDP/ESS offering is designed to be that single solution businesses are looking for, he said. The security includes authentication (such as fingerprint, smartcards and the ability to reset a Windows password via a smartphone) and encryption (of such components as local drives and external media, as well offering agentless security for Android and iOS devices) based on Dell IP, Hansen said. The threat protection features—such as anti-virus, anti-spyware and host firewall and intrusion protection—comes from a third-party security provider that he declined to name. Bringing all this together is a management layer that gives users a single pane of glass for all elements of the suite, consolidated status and compliance reporting and virtual console options that can support thousands of users. The software suite can be sold as a standalone product for both Dell and non-Dell hardware, as well as an integrated offering with commercial notebooks, desktops and tablets from Dell. Organizations can remotely manage all components through the single console, and setup and deployment can be done through such tools as a wizard and a virtual appliance management server. In addition, preset policy and report templates enable businesses to generate compliance reports. "You don't need to be an expert to set it up," Hansen said. "We'll do it for you." There also is support for best-of-breed encryption technologies, including removable media protection, advanced port controls, Microsoft BitLocker and Self-Encrypting Drive management and Dell's Hardware Crypto Accelerator with FIPS 140-2 Level 3 validation, which officials said is the highest level for a disk encryption offering. Dell plans to expand on the capabilities of DDP/ESS later this year, including integration with Dell SonicWall software and enterprise mobility management offerings, server encryption and network file share encryption.

Petition: Time Warner Cable mistreats customers, shouldn’t merge with Comcast

Deceptive billing practices and other harms to consumers described in complaint.

Meet the major Silk Road dope dealer who only got 10...

Dutch man gets short prison term compared to Ross Ulbricht's life sentence.

5 enterprise-related things you can do with blockchain technology today

Diamonds. Bitcoin. Pork. If you think you’ve spotted the odd one out, think again: All three are things you can track using blockchain technologies today. Blockchains are distributed, tamper-proof, public ledgers of transactions, brought to public attention by the cryptocurrency bitcoin, which is based on what is still the most widespread blockchain. But blockchains are being used for a whole lot more than making pseudonymous payments outside the traditional banking system. Because blockchains are distributed, an industry or a marketplace can use them without the risk of a single point of failure. And because they can’t be modified, there is no question of whether the record keeper can be trusted. Those factors have prompted a number of enterprises to build blockchains into essential business functions, or at least to test them there. Here are five ways your business could use blockchain technology today. Making payments Bitcoin introduced the first blockchain as a tool for making payments without going through the banks. But what if you work for a bank? Strangely, many of the features that made bitcoin distasteful to the banks are making the underlying blockchain technology attractive as a way to settle transactions among themselves in dollars or sterling. It’s public, so banks can see whether their counterparties can afford to settle their debts, and distributed, so they can settle faster than some central banks will allow. Ripple is one of the first such blockchain-based settlement mechanisms: Its banking partners include UBS, Santander, and Standard Chartered. But UBS and Santander are also working on another blockchain project called Utility Settlement Coin, which will allow them to settle payments in multiple currencies, with Deutsche Bank, BNY Mellon, and others. If these systems catch on, it’s surely only a matter of time before such blockchain payments trickle down to compete with traditional inter-bank transfer mechanisms such as SWIFT. Identity of Things On the internet, famously, no one knows if you’re a dog, and on the internet of things, identity can be similarly difficult to pin down. That’s not great if you’re trying to securely identify the devices that connect to your network, and it’s what prompted the U.S. Department of Homeland Security to fund a project by Factom to create a timestamped log of such devices in a blockchain, recording their identification number, manufacturer, available device updates, known security issues, and granted permissions. That could all go in a regular device-management database, but the DHS hopes that the immutability of the blockchain will make it harder for hackers to spoof known devices by preventing them from altering the records. Certifying certificates It’s not just devices that can be spoofed, but also qualifications. If you were looking to hire someone with blockchain expertise, and the applicant told you they had a professional certification, what would you do to check the certificate’s validity? Software developer Learning Machine hopes candidates will present their certificates in its mobile app, and that you will check their validity using Blockcerts. This is a way of storing details of a certificate in the blockchain, so that anyone can verify its content and the identity of the person to whom it was issued without the need to contact a central issuing authority. The certificates can be about educational qualifications, professional training, membership of a group, anything, so if your organization issues certificates, you could issue them on the blockchain, too. Learning Machine and co-developer MIT Media Lab have published details of Blockcerts as an open standard and posted the code to Github. Diamonds are forever Diamonds, they say, are forever, so that means whatever system you use to track them is going to have to stand the test of time too. Everledger is counting on blockchain technology to prove the provenance and ownership of diamonds recorded in its ledger. In fact, it’s using two blockchains: A private one to record information that diamond sellers need to share with buyers, but may not want widely known, and the public bitcoin blockchain to provide an indisputable timestamp for the private records. The company built its first diamond database on the Eris blockchain application platform developed by Monax but recently moved to a system running in IBM’s Bluemix cloud. Diamonds are eminently traceable as the uncut ones have unique physical characteristics and the cut ones are, these days, typically laser-etched with a tiny serial number. Recording each movement of such valuable items allows insurers to identify fraud and international bodies to ensure that trade in diamonds is not funding conflicts. Everledger CEO Leanne Kemp believes the system could transform trade in other valuable commodities, too. The company has identified luxury goods and works of art as possibilities. And finally, the pork But what about the pork? It may not be worth as much by weight as a diamond, but in China at least, it more than makes up for that in volume. And because pork is not forever, being able to demonstrate that a particular piece of it is fresh and fit for consumption can be vital. Pork is one of many products for which fine-grained tracking and tracing of inventory can be helpful, and happens to be the one Walmart is testing blockchain technology with. It’s using IBM’s blockchain to record where each piece of pork it sells in China comes from, where and how it is processed, its storage temperature and expected expiration date. If a product recall becomes necessary, it will be able to narrow down the batches affected and identify exactly where they are or, if they have already been sold, who bought them. The project may extend to other products: The company has just opened the Walmart Food Safety Collaboration Center (WFSCC) in China to work with IBM and industry partners to make food supplies safer and healthier using blockchain technology.

FBI ends second iPhone fight after someone, um, ‘remembers’ the PIN

Feds backing away from effort to set legal precedent For the second time, the FBI has dropped a legal attempt to force Apple to unlock an iPhone at the last minute.…

Family of dead AlphaBay suspect says he was a “good boy”

Alexandre Cazes, 26, also apparently spent a lot of time in a "pickup artist" forum.

Facebook will not allow anyone to hide

Facebook is removing a privacy setting that enables people to hide their profiles from the social networking site’s search function. The company is unhappy that its search appears to be broken when people are searching for friends they know are on Facebook. The setting called “Who can look up your Timeline by name?” was removed last year for Facebook account-holders who were not using it. Now the social networking firm is to remove it from those who are. Facebook argues that only a “small percentage” of members are using it, but does not say exactly what that percentage is. The social networking firm also argues that other privacy settings – introduced to enable members to choose who can see individual things they share – provide a better way of controlling what people can find about them. The new controls were introduced after continual criticism from privacy groups that Facebook’s privacy controls were difficult to use and for its policy of making user content publicly available by default. “The old setting was created when Facebook was a simple directory of profiles and it was very limited,” said Michael Richter, chief privacy officer at Facebook. “For example, it didn’t prevent people from navigating to your Timeline by clicking your name in a story in News Feed, or from a mutual friend’s Timeline,” he wrote in a blog post. Richter also points out that people can now also search Facebook using Graph Search, for example, "People who live in Seattle”. He said this makes it even more important for members to control the privacy of the things they share, rather than how others get to their Timeline. In the coming weeks, Facebook plans to remind members who are sharing posts publicly that those posts can be seen by anyone. Notices will remind members on how to control the audience for each post. Email Alerts Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox. By submitting you agree to receive email from TechTarget and its partners.

If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy Read More Related content from ComputerWeekly.com

Large DDoS Attacks on the Rise, Akamai Report Finds

As internet speeds around the world continue to get faster and an increasing number of devices are being connected, there is also an increasing volume of high-bandwidth attacks.

That's one of the top-level findings in Akamai's fourth-quarter 2016 State...

The latest in quantum computing: 10ft tall, 2,000 qubits, $15m price...

D-Wave's new and improved quantum computer is dubbed the 2000Q, representing the number of qubits in its quantum processor.

Update your buggy Samsung PC bloatware to plug privilege bug

Malicious DLL can lead to pwnage Another vulnerability has emerged in Samsung's Software Updater (SW Update) service – this time giving an attacker potential “full control” over a system. Announced by German consultants Blue Frost Security, the vulnerability could be exploited to give an attacker full control over a victim's machine. To exploit the vulnerability, posted to Full Disclosure, the attacker needs authenticated access to the target machine, so they can drop a crafted DLL into the SW Update directory. That's because SW Service allows any authenticated user to write to the C:\ProgramData\Samsung\SW Update Service\ directory. On the next restart, the advisory states, the crafted DLL will run and the attacker will have full control of the target. Sysadmins should update to SW Update version, or if they can't, they should change the permissions on affected machines so users can't write to the SW Update directory. Back in March, the same service was found to be vulnerable to a man-in-the-middle attack. PC vendors' OEM software has been under the spotlight since May, when Lenovo, Acer, Asus, Dell and HP were spanked over what Duo Security called “vendor-incentivized crapware”. ® Sponsored: Rise of the machines