Marshals went to check on Paul Ceglia and discovered he had vanished.
'You’re going to be susceptible to your weakest link, which is your people,' Dan Lamorena, senior director in HP Enterprise Security group tells Computing
The FREAK SSL/TLS vulnerability and four other issues get patched in Mac OS X security update. While many Apple watchers were busy learning about the new Apple Watch on March 9, the company was busy patching its existing products. Apple released Security Update 2015-002, fixing five vulnerabilities in the Mac OS X operating system. The company also released iOS 8.2, which provides users with Apple Watch capabilities, as well as six security updates. The most notable of the updates is one for the so-called FREAK vulnerability (factoring attack on RSA-EXPORT Keys) that was first publicly disclosed on March 3. In Apple's security update, the fix for FREAK is identified as an update for Apple's Secure Transport mechanism. The FREAK flaw fix is included in both the OS X and iOS 8.2 security updates. "Secure Transport accepted short ephemeral RSA keys, usually used only in export-strength RSA cipher suites, on connections using full-strength RSA cipher suites," Apple warned in its advisory. "This issue, also known as FREAK, only affected connections to servers which support export-strength RSA cipher suites, and was addressed by removing support for ephemeral RSA keys." In addition to the FREAK fix, there are two patches for vulnerabilities that were reported to Apple by way of the Google Project Zero research effort. One of those issues is identified as CVE-2015-1061 and is a vulnerability in the IOSurface framework that affects both iOS and OS X. The impact of the flaw could have potentially enabled a malicious application to execute arbitrary code. Google Project Zero is also credited with reporting CVE-2015-1066 in the IOAcceleratorFamily component in OS X, which also could have potentially led to arbitrary code execution. Additionally, the Mac OS X kernel is getting patched for a vulnerability identified as CVE-2014-4496 that could have allowed malicious applications to determine addresses in the kernel. "The mach_port_kobject kernel interface leaked kernel addresses and heap permutation value, which may aid in bypassing address space layout randomization protection," Apple warned in its advisory. Both OS X and iOS are also being patched for a vulnerability in the iCloud Keychain, which is a feature that is used to safely store usernames and passwords. "Multiple buffer overflows existed in the handling of data during iCloud Keychain recovery," Apple warned. "These issues were addressed through improved bounds checking:" iOS 8.2 also includes a patch for a flaw in the CoreTelephony library identified as CVE-2015-1063, which could have potentially enabled a remote attacker to trigger an iOS device to restart, after receiving a malicious short Message Service (SMS) text. Another fix is in the MobileStorageMounter component in iOS 8.2, which is being updated to protect against the CVE-2015-1062 vulnerability that could have potentially enabled a malicious application to create folders in trusted locations in the file system. The last security patch in the iOS 8.2 update is for the CVE-2015-1064 vulnerability that impacts the home screen on iOS devices. "A person with physical access to the device may be able to see the home screen of the device, even if the device is not activated," Apple warned. Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.
Windermere Cay's "Social Media Addendum" claimed copyright of tenants' photos, too.
Zylpha (www.zylpha.com), the UK's leading legal systems innovator, has signed a partnership agreement with international eDisclosure group LDM Global (www.ldmglobal.com). The resultant fusion of eDisclosure services and court bundling solutions will pr...
Piper nv boasts 180-degree night vision, the widest field of view on the market, and advanced camera resolution London, 10th March 2015 - Icontrol Networks, a leader in connected home technology and innovation, today announces general availability in Europe for Piper nv, the only security system that can be easily tailored to what matters most. Building on the launch of the original Piper last year, the all-in-one home security, video monitoring and automation device has been engineered for reliability and built frustration free, making it easier than ever to connect via mobile device for peace of mind.Over the last year, Piper has ushered in a new approach to home monitoring, security and automation and continues to deliver users a new and smart way to interact with their homes. With the DIY smart home market projected to reach $7.8 billion in the US alone by 2019, according to NextMarket Insights, the connected home is becoming more easily accessible to consumers than ever before and Piper continues to be at the forefront of the movement with Piper nv. In addition to the already comprehensive Piper feature set, Piper nv boasts: Night Vision: Featuring the widest field of view available in the market, Piper nv's 180-degree day/night vision offers a clear and complete view of your home no matter the time of day. Night vision kicks in automatically once the room starts getting dark.Advanced camera resolution: The 3.4 megapixel camera sensor ensures you don't miss any details!"Being aware of events in your home has never been easier with Piper," said Russell Ure, creator of Piper and an executive vice president and GM at Icontrol Networks. "Piper nv provides homeowners with unsurpassed visibility into their homes and ensures places and loved ones are always protected and safe. It sets a new standard for the optimal video experience in the smart home marketplace."Piper has been recognised for its innovative technology and broad consumer appeal, and is powered by Icontrol Networks, a leader in the connected home marketplace. In addition to night vision and advanced camera resolution, Piper nv has been designed for maximum customisation and includes the core Piper features:Security: Customise three security modes (home, away and vacation), motion detector and piercing, 105-decibel siren. Automation: Integrate Z-Wave accessories into Piper's security modes, control them remotely, on a schedule, or using environmental data. HD Panoramic camera: 180° fisheye lens, electronic pan, tilt, and zoom, 1080p camera sensor.Customised alerts: Phone call, text message, email, and push notifications to users and their trusted circle when security rules are triggered. Environmental sensors: Monitor and control home temperature, humidity, ambient light and sound. Elegant Design: Simple, intuitive app. Stunning, compact, two-toned form with brushed metal legs.Smart Hardware: ARM processor, battery backup, internal memory for video storage, 802.11b/g/n Wi-Fi.Android & iOS support: Available on Android and iOS smartphones and tablets.Two-way audio: Talk directly to occupants through Piper through its app on your mobile device.Multi-Piper functionality: Support up to five different Pipers within a home so you always have visibility and control over your different spaces.Bedside mode: Featuring an active panic button, Bedside mode lets users manually turn on a siren in case of an emergency. Easy to reach and quick to access for fast action, users can now set Piper to Bedside mode before going to sleep for a more secure environment at night.Piper nv can now be purchased at getpiper.com starting at €299.00 (£217.00) and Piper will continue to be sold for €199.00 (£145.00)*. The free Piper application is also available for download in the iTunes App Store and in the Google Play Store. Notes to editorsGBP prices based on 1 Euro equaling 0.73 GBP.About PiperPiper was created by Russell Ure, and made available through Blacksumac, a company Russell co-founded with John Criswick in 2012. Blacksumac and the Piper brand were acquired by Icontrol Networks in April 2014. About Icontrol NetworksIcontrol Networks' vision is to provide a connected home solution for every household, so people worldwide spend less time managing their lives and more time living them. Icontrol is making the connected home a reality through its software platforms, which are deployed by home security companies and service providers, and the all-in-one Piper home security, video monitoring and automation device for consumers. Icontrol is further pioneering the next generation of connected living through its OpenHome™ Developer Program, the first community for application and device makers to partner on a common platform. Venture investors in Icontrol include Charles River Ventures, the Kleiner Perkins Caufield & Byers iFund, and Intel Capital, with strategic investments from a variety of service providers including ADT, Comcast Ventures, Comporium and Rogers Communications. For more information about Icontrol Networks and Piper visit icontrol.com and getpiper.com.Contact InformationFinn Partners for PiperJames RoweJames.firstname.lastname@example.org +44 (0) 207 655 0403 Source: RealWire
The US Central Intelligence Agency (CIA) has been running a sustained campaign to break the security of Apple iPhones and iPads, according to new documents from the trove leaked by National Security Agency (NSA) whistleblower Edward Snowden. The CIA even ran its own conference, called the Jamboree, sponsored by the CIA's Information Operations Center, which carries out covert cyber attacks, where attendees shared their strategies and tips for exploiting security flaws in a range of electronic devices - with the first Jamboree held in 2007, a year before Apple's first iPhone was released. The documents, revealed today in a report by The Intercept, indicate that the CIA was keen not just to crack the security of popular smartphones and other communications devices, but to uncover flaws in a wide range of electronic devices and to devise exploits that they could use. However, the popularity of Apple's iPhone quickly made it the CIA's number one target. Its aim was to break the devices' encryption in order to gain access to data held on the devices. "Studying both 'physical' and 'non-invasive' techniques, US government-sponsored research has been aimed at discovering ways to decrypt and ultimately penetrate Apple's encrypted firmware. This could enable spies to plant malicious code on Apple devices and seek out potential vulnerabilities in other parts of the iPhone and iPad currently masked by encryption," claims The Intercept. It continues: "The security researchers also claimed they had created a modified version of Apple's proprietary software development tool, Xcode, which could sneak surveillance backdoors into any apps or programs created using the tool. Xcode, which is distributed by Apple to hundreds of thousands of developers, is used to create apps that are sold through Apple's App Store." Apple Mac computers were also targeted, with the CIA claiming to have successfully modified the OSX update in order to install key-stroke loggers onto Mac desktop and laptop PCs. The subversion of the updater app is potentially highly damaging and raises the question of whether it - and similar applications, such as Microsoft's Windows Update - have, or could be, compromised in a similar way. Other presentations at the CIA conference have focused on the products of Apple's competitors, including Microsoft's BitLocker encryption system, which is used widely on laptop and desktop computers running premium editions of Windows, claims The Intercept. Both Apple and the CIA declined to comment on the story. Security researchers, though, were critical over the lack of detail provided by the reports. Ken Westin, a senior security analyst at Tripwire, said that it would be naïve to think that such programmes don't exist: "The story provided by The Intercept unfortunately does not tell us a whole lot that most security researchers did not already know or assume. The one document that The Intercept provides only reveals the existence of a CIA-sponsored event where security researchers met to discuss methods and techniques to compromise Trusted Computing systems. "The article also mentions that the documents they have do not show any evidence of actual successful compromise or active exploits. There have been a number of similar programmes such as the NSA's Dropout Jeep where the goal was to find ways to compromise devices. I think it is a bit naïve to think that these types of programmes don't exist either by the US government or other government agencies for that matter. "The question arises, however, if vulnerabilities were discovered that were not disclosed to Apple or other companies whose systems were potentially exploited, this is where the definition of security research and high-tech espionage diverge," said Westin. The new revelations follow claims that the NSA has been subverting hard-disk firmware in order to plant malware that is both difficult to detect and hard to eradicate from people's PCs.
Small cable operators have to pay the big ones for access to TV programming.
Courion to Discuss How Continuous Monitoring is Made Possible Through the Use of Identity and Access AnalyticsLONDON, UK, 10th March 2015 - Courion, a leading provider of intelligent identity and access management (IAM) solutions, today announced that ...