Home Tags Authenticity

Tag: Authenticity

Two Tickets as Bait

Over the previous weekend, social networks were hit with a wave of posts that falsely claimed that major airlines were giving away tickets for free. Users from all over the world became involved in this: they published posts that mentioned Emirates, Air France, Aeroflot, S7 Airline, Eva Air, Turkish Airlines, Air Asia, Air India, and other companies.

How a few yellow dots burned the Intercept’s NSA leaker

By providing copy of leak, Intercept likely accelerated ID of contractor.

Acronis Backup 12.5 features world’s first blockchain-based data integrity verification and...

Not only does Acronis Backup 12.5 Advanced and Standard Editions ensure the authenticity and integrity of data backups by storing backup file checksum certificates in the blockchain database, but it also features automatic ransomware protection.

Conan drops players into iconic fantasy battles—and their 1930s mindset

But are there enough brains behind the brawn?

You won’t believe why Facebook will block this headline

Updates to news feed algorithms tweaked to catch spammy and deceptive headlines.

Clash of Greed

Yet, the more popular game is, the higher the probability that fraudsters will be looking to make a fortune on that popularity by, for example, organizing phishing attacks on the player base.

Those phishing attacks, though always quite similar in their nature, are very competently planned.

VU#507496: GIGABYTE BRIX UEFI firmware fails to implement write protection and...

GIGABYTE BRIX UEFI firmware for the GB-BSi7H-6500 and GB-BXi7-5775 platforms,versions vF6 and vF2 respectively,fails to properly set the BIOSWE,BLE,SMM_BWP,and PRx bits to enforce write protection. It also is not cryptographically signed. These issues may permit an attacker to write arbitrary code to the platform firmware,potentially allowing for persistent firmware level rootkits or the creation of a permanent denial of service condition in the platform.

Google takes Symantec to the woodshed for mis-issuing 30,000 HTTPS certs...

Chrome to immediately stop recognizing EV status and gradually nullify all certs.

At death’s door for years, widely used SHA1 function is now...

Algorithm underpinning Internet security falls to first-known collision attack.

Download Security Update 2016-003 Supplemental (10.11.6)

The OS X El Capitan Security Update 2016-003 Supplemental Update fixes a kernel issue that may cause your Mac to occasionally become unresponsive. For more information on the security content of this update see: http://support.apple.com/kb/HT1222See http://support.apple.com/kb/HT5044article for details on how to verify the authenticity of this download.

FTC Claims D-Link Routers and IP Cameras are Leaving Consumers at...

In a legal complaint, the FTC makes multiple allegations about improper security measures in D-Link devices that could potentially enable attacks.

D-Link calls the claims "vague and unsubstantiated." The U.S Federal Trade Commission (FTC) filed a legal complaint against networking equipment vendor D-Link Corporation on Jan. 5, alleging that the company has inadequate security measures in its products, leaving consumers at risk.

D-Link denies the allegations.In a 31-page legal complaint, the FTC outlined multiple alleged failings in D-Link's security.

According to the complaint, D-Link, "…failed to to take reasonable steps to protect their routers and IP cameras from widely known and reasonably foreseeable risks of unauthorized access..."Among the issues alleged by the FTC complaint are hard-coded user credentials, which are embedded passwords in devices that users cannot easily change, that could enable an attacker unauthorized access.

The FTC also warns about command injection flaws that might potentially enable a remote attacker to gain control of a vulnerable D-Link device.The FTC also takes issue with how D-Link secures mobile application login credentials, which allegedly are now being stored in a non-encrypted readable text format.

As well, the FTC is concerned with how D-Link has managed its own private encryption key, that is used to validate the authenticity of D-Link's software. "Hackers are increasingly targeting consumer routers and IP cameras -- and the consequences for consumers can include device compromise and exposure of their sensitive personal information," Jessica Rich, director of the FTC's Bureau of Consumer Protection, said in a statement. "When manufacturers tell consumers that their equipment is secure, it's critical that they take the necessary steps to make sure that's true." In an email sent to eWEEK, D-Link stated that it denies the allegations outlined in the complaint and is taking steps to defend the action."The security of our products and protection of our customers private data is always our top priority," the company stated.In a publicly posted response to the FTC claims, D-Link states that the allegations are vague and unsubstantiated.

Additionally, D-Link notes that the FTC complaint does not claim any specific breach of any D-Link product."The FTC speculates that consumers were placed 'at risk' to be hacked, but fails to allege, as it must, that actual consumers suffered or are likely to suffer actual substantial injuries," D-Link states. "D-Link Systems maintains a robust range of procedures to address potential security issues, which exist in all Internet of Things (IOT) devices."The FTC has been actively working in recent years to help protect consumers against potential dangers rising from improperly secured Internet of Things (IoT) devices.
In January 2015, the FTC released a report providing recommendations to vendors on how to improve IoT security.
In February 2016, networking vendor Asus settled with the FTC, over wireless router security issues.
In the Asus case, the company agreed to maintain a comprehensive security program that includes its wireless routers and associated firmware being independently audited every two years for the next 20 years.Earlier this week on  Jan. 4, the FTC announced the $25,000 IoT Home Inspector Challenge to help improve security in connected home devices.Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com.

Follow him on Twitter @TechJournalist.

Drone ID Takes Off to Deliver IoT Security

As increasing numbers of Drones take to the skies, the new Drone ID effort backed by AirMap and DigiCert aims to help provide identification and security. When a drone flies overhead, how can its owner be identified? That's a question that is not easil...