11.5 C
London
Sunday, October 22, 2017

Revenge porn mogul cops plea, faces up to 7 years in...

Hunter Moore pleads guilty to 2 counts; co-conspirator soon heads to trial.

FCC overturns state laws that protect ISPs from local competition

Municipal broadband networks could expand because of FCC's controversial vote.

Google Scraps Format for Pwnium Bug Disclosures

Researchers will now be able to submit Chrome bug-chains throughout the year, reducing the likelihood of multiple researchers working on discovering the same bugs. Google has scrapped its once-a-year Pwnium competition for bug hunters, replacing it with ongoing working exploits against Chrome OS, Flash and related software. Instead of an annual one-day event at CanSecWest, security researchers will now have an opportunity to disclose Pwnium style bug chains throughout the year via Google's Chrome Vulnerability Reward Program  (VRP). The change is designed to remove some of the barriers to entry under the existing Pwnium format, Tim Will, a member of the Chrome security team said in a blog post Tuesday. With the one-day format, security researchers had to wait until the event in March in order to be able to report a working exploit and become eligible for a cash award. "This is a bad scenario for all parties," Will said, "It's bad for us because the bug doesn't get fixed immediately and our users are left at risk." Letting researchers disclose security vulnerabilities and exploits all year round also reduces the likelihood of multiple researchers working on or discovering the same bug. The once-a-year format also required bug hunters to register for the conference, be there physically and demonstrate the exploit under relatively rigid time restraints and terms and conditions. The new Pwnium removes such barriers by permitting bug and exploit submissions throughout the year via the Chrome VRP, Will said. On top of all of these reasons, the participants in Pwnium program wanted an option to report bugs all year. "They did, so we're delivering." The rules for disclosing Pwnium bug chains are the same as those governing the Chrome reward program. Researchers who discover security bugs in stable, beta and development versions of Chrome or Chrome OS will be eligible for rewards ranging from $500 to $15,000. Google also has a standing offer of $50,000 for anyone that can break into a Chromebook or Chromebox while in guest mode. The numbers are only an indication of the typical amounts Google awards to bug finders. Many times, Google has handed out awards in excess of $30,000 under the Chrome rewards program, according to the company. The rewards offered to bug hunters under the Chrome VRP are relatively substantial but pale in comparison to the $110,000 to $150,000 that Google used to offer during the annual Pwnium contest at CanSecWest. But that's only because the Pwnium event required researchers to be physically present at the event. It also required them to be willing to accept the chance that some other researcher, including those at Google, would find the bug before the security researcher had a chance to claim credit for it, Google said in a FAQ on the Chrome Rewards Program page. The Pwnium program revamp is the second major change that Google has made to its security disclosures programs in recent weeks. Earlier this month the company announced a new Vulnerability Research Grants initiative under which Google is offering cash awards of up to $3,133.70 to qualified researchers interested in finding security bugs in specific Google products. Unlike typical bug bounty programs, the research grants initiative pays researchers who have been invited to participate even if they do not always find any flaws in Google products. In addition, Google also has its own vulnerability research program dubbed Project Zero that is focused on finding security vulnerabilities in software products from other vendors.

Europol, Microsoft and Symantec take down Ramnit botnet

Cyber criminals had been using 3.2 million infected PCs to steal personal data

PDF Selects SearchYourCloud Enhanced Search and Security Application for SharePoint Applications

- PDF will be anchor implementation for latest version of SearchYourCloud Cloud Platform -SearchYourCloud (SYC) today announces that PDF Solutions has selected SYC's patented federated search to enable secure access, searching and sharing on the ShareP...

Kroll Ontrack survey reveals solid state disk (SSD) technology highly adopted,...

SSD usage up, but recovery incidents are also on the riseEPSOM - 26th February, 2015 - According to a recent SSD technology use survey, Kroll Ontrack, the leading provider of data recovery and ediscovery, revealed that while nearly 90 per cent of respo...

AdaptiveMobile claims CSPs uniquely positioned to offer holistic, flexible, transparent and...

Research finds Network Function Virtualization among the game-changers DUBLIN & DALLAS — February 26, 2015 — AdaptiveMobile (www.adaptivemobile.com), the world leader in mobile security, today issued research that outlines the opportunity that communications service providers (CSPs) have in securing the enterprise by offering Security-as-a-Service (SaaS). The company has issued the findings in a new white paper, which found that trends such as remote working, the adoption of public and private cloud services, BYOD and shadow IT are making the traditional perimeter approach to security almost impossible to maintain. The research found that two developments in technology --network function virtualization and software defined networking - allow CPSs to offer shortened network configuration times as well as a combination of network services and hosted security offerings that better meet the changing nature of enterprise security. CSPs can deploy Internet-facing services -- such as enterprise firewalls, mail relays, anti-virus, VPN concentrators, and intrusion prevention systems -- as Virtual Network Functions, which give the level of security that larger enterprises need while also offering a level of protection not fully available to small to medium businesses today. Among the points covered in the whitepaper:Why enterprises of all sizes are living below the "security poverty line" due to factors as diverse as limitations from best of breed security vendors, ad hoc security deployments, and poor security practices associated with practices like Single Sign OnHow the mobile carrier network is best suited to provide security in a perimeter-less world, where always-on, easy access and data access across devices is the normWhat Identity Access Management means for enterprises and why CSPs are best equipped to manage it "We are looking at an enterprise security environment in which it is necessary to monitor data from the network perimeter, server farms and all endpoint devices," said Jim Donnelly, Director of Strategic Programmes, AdaptiveMobile. "Given the changes in technology, mobile operators are now positioned to protect the enterprise network to give carrier-grade protection against a host of security threats. This opportunity will give a powerful version of SaaS that will help in data protection as the enterprise network continues to evolve."To download a copy of the whitepaper, visit http://www.adaptivemobile.com/downloads/enterprise-security-as-a-service-delivered-by-csps.About AdaptiveMobile:AdaptiveMobile is the world leader in mobile security protecting over one billion subscribers worldwide and the only mobile security company offering products designed to protect all services on both fixed and mobile networks through in-network and cloud solutions. With deep expertise and a unique focus on network-to-handset security, AdaptiveMobile's award winning security solutions provide its customers with advanced threat detection and actionable intelligence, combined with the most comprehensive mobile security products available on the market today. AdaptiveMobile's sophisticated, revenue-generating security-as-a-service portfolio empowers consumers and enterprises alike to take greater control of their own security.AdaptiveMobile was founded in 2004 and boasts some of the world's largest mobile operators as customers and the leading security and telecom equipment vendors as partners. The company is headquartered in Dublin with offices in the North America, Europe, South Africa, Middle East and Asia Pacific.Press contacts:ACSCom PR (USA)Anne Coyle, +1 857 2226363adaptivemobile@acscompr.comAxiCom (UK)Daniel Beattie, +44 (0)20 8392 4050adaptivemobile@axicom.comSource: RealWire

IT needs to reassess the meaning of compliance for cloud

IT departments need to reassess the technology they deliver, given that users are circumventing corporate IT and using their own applications in preference to those supported by their employer. A TNS survey of 2,016 people by Trustmarque found that 40% of cloud users admitted to using applications that have not been sanctioned or provided by their organisation. Significantly, many of the unsanctioned applications used by employees, such as Evernote and Dropbox, are designed to increase productivity and improve collaboration. While such software generally infringes IT security compliance, users prefer the ease with which documents can be shared. In fact, the survey found that a significant number of cloud users – some 27% – are turning to these applications because corporate IT is failing to meet their needs. Limits on email attachment size and data storage force users to use file-sharing and personal cloud storage applications that allow them to access their documents anywhere, at any time. "Consumerisation of IT means people can consume services on demand," said James Butler, cloud services director at Trustmarque. The challenge for IT is that it has traditionally been entrusted to keep the company’s data secure. Products and services that enable data to move outside this control result in data leakage and potential non-compliance in regulated industries. Butler said IT needs to have a sensible conversation with the business to understand where data is going. "There are different types of data. For example, an internal company financial report should not be put in Dropbox," he said. But IT cannot continue to lock down user computing. "You have to make things easy to use," said Butler. For instance, he cited single sign-on on using Azure Active Directory as a far more intuitive and easier-to-use login process than on-premise authentication, Butler recommended that the walled garden mentality of corporate IT should change, pointing out that IT should be about making the business more efficient. In the past, IT departments may have focused on building systems, but he said the new role of IT is as a broker for compliance, risk, cost and understanding people on the ground. Richard Godfrey, ICT programme manager at Peterborough City Council, is among a growing number of IT heads who recognise that a different approach to IT is needed.  Speaking to Computer Weekly about his decision to use cloud storage via Box, Salesforce.com for customer relationship management and Amazon Web Services, he said: "A blanket 'no' is not an option. The council spent a lot of time educating users on what data could be put into Box. Email Alerts Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox. By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy. Read More Related content from ComputerWeekly.com RELATED CONTENT FROM THE TECHTARGET NETWORK

John Chen pushes BES12 as Android for Work platform

BlackBerry may be heading for the breakthrough it needs under the leadership of CEO John Chen with a new Google integration. BlackBerry will enable the BES12 server to support Google’s new Android for Work programme, as part of its cross-platform enterprise mobility management platform. Android for Work aims to deliver secure mail, calendar, contacts, documents, browsing and access to approved work apps that can be completely managed by IT, said Rajen Sheth, director of product management, Android and Chrome for Work. Using BES12, Android for Work will enable IT departments to create a secure, dedicated profile for business data and applications. It creates a dedicated work profile that isolates and protects work data. “IT can deploy approved work apps right alongside their users' personal apps knowing their sensitive data remains secured." said Sheth. “People can use their personal apps knowing their employer only manages work data and won’t erase or view their personal content." According to BlackBerry, BES12 integrates with the Android operating system to enable platform-level containerisation. It gives users access to Google Now and any Android application available on Google Play that is permitted by an organisation’s IT security policies, according to BlackBerry. Android for Work smartphones and tablets will be natively managed within the BES12 environment. Android users will also gain access to BBM Meetings, BBM Protected, VPN Authentication by BlackBerry and WorkLife by BlackBerry. Commenting on the Seeking Alpha financial site about the integration between BES12 and Android for Work, one user noted: “John Chen is in the midst of another successful turnaround. BB is already cashflow positive after only one year of his leadership, and 2015 will be a watershed for the company as he moves through the last of his 'transitional quarters' in the first half of the year." While sales of BlackBerry devices have struggled, Chen has tried to refocus the company towards BES12 and mobile software. By giving Android users a secure workplace using BES12, IT does not have to deploy a new mobile device management server for the switch from BlackBerry devices. But Chen’s transformation of BlackBerry is at an early stage. Apple’s tie-up with IBM last year to provide a line of business applications for iOS has moved the goalposts from device security to using mobile to enable business processes. Last week, BlackBerry released BlackBerry 10.3.1, enabling Z10, Z30, Q5 and Q10 smartphone users to access Android apps on the Amazon Appstore. Email Alerts Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox. By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy. Read More Related content from ComputerWeekly.com RELATED CONTENT FROM THE TECHTARGET NETWORK

Surveillance-based manipulation: How Facebook or Google could tilt elections

From Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World.

Cloud security still needs a lot more work, say European experts

Security and privacy remain a stumbling block for cloud computing, according to information experts speaking at the Trust in the Digital World conference in Madrid. Cloud computing is secure in general, agreed a panel of experts, but there are gaps and there is no such thing as 100% security, said Raul Granadino, cyber security excellence programme manager at Spain’s national cyber security institute, Incibe. “Cloud computing is secure enough for what it is currently being used, such as e-commerce, but a lot more work will be needed to make it secure enough for critical applications and infrastructure,” said European Union Agency for Network and Information Security Agency (Enisa) head of operations Steve Purser. “Cloud computing for critical infrastructure is a whole new ball game and the industry will have to do a lot more work before that could happen,” he said. Enisa believes cloud service providers will have to solve some of the risks of cloud computing, but Purser points out that not all of them are security and privacy-related. “Availability is key to critical infrastructure and applications, yet that is often overlooked as a stumbling block for cloud computing, with the focus tending to be on security and privacy,” he said. “Cloud computing is also just one element, but providers of critical infrastructure should be looking at the whole set of components in terms of availability, including things like electricity supplies.” In the context of security, Enisa believes cryptography and key management is the key challenge when it comes to using cloud computing for critical applications and infrastructure. “There is a need for strong cryptographic controls in the cloud, but key management in the cloud is still very difficult to do and more research has to be done to find a way forward,” said Purser. In general, the panel said cloud service providers should seek to build trust through being completely open about their security processes and making it easy for customers to run independent assessments. “There is a need for greater transparency, particularly for things like processes for incident response, log management and security audits,” said Telefonica chief technology officer David Barroso. However, the panel said not all consumers of cloud services will be able to make meaningful assessments of their service providers. Cloud security certification scheme To get around this problem and make it easier for consumers of cloud services to choose providers that meet their particular security requirements, Enisa is proposing to introduce a certification scheme. Enisa believes certification against a set of generally agreed security requirements for Europe will go a long way to creating trust and giving customers confidence in their cloud service providers. NIS will help the whole cloud ecosystem and provide an opportunity for cloud service providers to help businesses that have less mature IT strategies Raul Granandino, Incibe “Comprehensive certification for cloud service providers that includes things like legal and service level requirements will make it easier for companies of all sizes make confident choices,” said Purser. The panel said the public and private sector should work together to improve the security and privacy of cloud services and grow trust in cloud service providers through transparency. “The role of the public sector is to raise issues to ensure public safety, while the private sector should seek to build the solutions to those problems as market differentiators,” said Purser. Granadino, who co-chairs one of the working groups for the for the EU’s Network Information Security (NIS) platform, said the planned NIS directive will help set a common security baseline for cloud service providers. “NIS will help the whole cloud ecosystem and provide an opportunity for cloud service providers to help businesses that have less mature IT strategies, which typically includes most small and medium businesses,” he said. Enisa considers regulation to be good, but “in limited doses,” said Purser. The organisation believes best practice is important and often the best way forward when it comes to fast-moving technologies such as cloud computing, he said. However, Purser said the good thing about the proposed NIS directive is that it is very abstract, allowing for plenty of opportunity for Enisa to work with the private sector to find the most “business-friendly” way of implementing the directive. The ideal, he said, would be to ensure that the principles of the NIS directive are implemented in such a way that businesses are able to realise the full potential of cloud computing or any other new technology. Security concerns often overlooked Purser expressed concern that businesses may be getting too comfortable with technology and that security and privacy concerns are often overlooked in favour of functionality and cost savings. However, Barroso said he is seeing a change in enterprise behaviour, with a growing number of businesses including security requirements as part of their procurement processes. “Security is becoming increasingly important for enterprises and there is greater scope for CIOs to include security in purchasing decisions, but the final say still rests mostly with non-IT executives,” he said. Security is becoming increasingly important for enterprises and there is greater scope for CIOs to include security in purchasing decisions, but the final say still rests mostly with non-IT executives David Barroso, Telefonica Barroso said another indication of this trend is an increasing demand from customers for datacentres in their own countries or regions. “And that is not limited to customers in Europe, we are getting similar requests from customers in other parts of the world too,” he said. Looking to the future of cloud computing, most members of the panel were optimistic and said that cloud services would continue to evolve and grow. But Purser said security, privacy and guaranteed availability are key obstacles to the further development of cloud services. “The winners will be those who can find practical ways of solving these issues, but so far I can see very little progress in this regard,” he said. Intel Security panel chair and chief technology officer for Europoe Raj Samani said he believes cloud service brokers will play an important role in the future of cloud computing. Under this proposed model, a cloud broker would manage the use, performance and deliver of cloud services, and negotiate relationships between cloud service providers and consumers. Advocates of this model believe it has the potential to eliminate many of the concerns businesses have over cloud computing as well as simplying the process of managing multiple cloud service providers. “It is surprising that cloud brokers are not already a reality because this approach would help avoid the problem of getting locked into particular cloud service providers,” said Samani. Barroso said companies with the greatest concerns about public cloud are currently focused on setting up private clouds to realise the benefits of cost reduction and scalability. “Cloud brokers could be the next step in the evolution, but I think that will still take another five to ten years,” he said. Granadino said that certification of cloud services is likely to be important, and that big data and data generated by the internet of things will be among the best use cases for cloud computing. “The winners will be those cloud service providers that can create a secure technology stack for delivering services in these two areas,” he said. Email Alerts Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox. By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy. Read More Related content from ComputerWeekly.com RELATED CONTENT FROM THE TECHTARGET NETWORK

Transparency key to Europe’s big data opportunity

There is a huge opportunity for Europe to take the lead in big data analysis, says Richard Benjamins, group director business intelligence big data, Telefonica. “But complete transparency is the only way to make using customer data sustainable,” he told the Trust in the digital world conference in Madrid. Transparency is the key to unlocking that opportunity, he said, because that is the only way for businesses to ensure customers are happy with the way their data is collected and used. However, in Benjamins’ view, this remains a challenge – as no company has yet achieved the necessary level of transparency. “It is vital for companies to engage with their customers and take them on the journey towards transparency that enables using their data for mutual benefit,” he said. This is the way forward, said Benjamins, rather than simply trying to work out what can be done with customers’ data without breaking the law. “The challenge is finding a way of reaching the same level of trust with customers that exists between doctors and patients,” he said. Benjamins believes this level of trust is necessary to extend to all members of society the confidence of young people in using online services and their comfort with getting something in return for their data. “At present, most people who use online services are not aware their data is being collected or how their data is being used – but that is not sustainable,” he said. Regulators, especially in Europe, are increasingly looking at what companies are doing with customers’ data and, in some cases, fining them for contravening privacy laws. However, he said there are a lot of opportunities for companies in analysing this data if they can find the right balance between making customers aware and exploiting their data. “People are generally happy to share their information if they know that it is being collected and how it is being used to improve their lives,” said Benjamins. For example, he said by analysing the mobile phone call and text data of people in a city hit by an earthquake, authorities can quickly identify the worst affected areas. “The areas where there is most activity are likely to be the worst affected, and this can help authorities decide which areas probably need the most help,” said Benjamins. “The data is a by-product of mobile communication, but by analysing that data it can tell an interesting and useful story.” Email Alerts Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox. By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy. Read More Related content from ComputerWeekly.com RELATED CONTENT FROM THE TECHTARGET NETWORK