Home Tags The Path

Tag: The Path

AT&T/Time Warner merger is one step closer to government approval

Time Warner sells a TV station to avoid public interest review of AT&T deal.

VU#921560: Microsoft OLE URL Moniker improperly handles remotely-linked HTA data

Microsoft OLE uses the URL Moniker to open application data based on the server-provided MIME type,which can allow an unauthenticated remote attacker to execute arbitrary code on a vulnerable system.

Confirmit Compass Guides Companies Along the Path of VoC Maturity

Company expands customer experience methodology with innovative five-part framework to help businesses map out Voice of the Customer (VoC) programme evolutionLondon, UK and Oslo, Norway and New York, NY – 5 April, 2017 – Confirmit, the leading global customer experience solutions provider for Customer Experience, Voice of the Employee, and Market Research, today launches Confirmit Compass™, a comprehensive, five-stage VoC maturity model.

Confirmit Compass is designed to advance the overall goals of effective customer experience... Source: RealWire

IDG Contributor Network: How to work with FileSystemWatcher in C#

The FileSystemWatcher class in the System.IO namespace can be used to monitor changes to the file system.
It watches a file or a directory in your system for changes and triggers events when changes occur.In order for the FileSystemWatcher to work, ...

C++ toolkit helps shorten the path to AI apps

Hoping to spread development of artificial intelligence applications, neural network platform builder Neurala is offering a toolkit that uses C++ for building AI applications. The Neurala Developers Program includes C++ APIs, testing tools, code sa...

The path to cloud success goes through your data

Last week, Google showcased its enterprise cloud offerings at the Google Cloud Next conference, trying to show it could meet the needs of businesses, not only schools and small companies.

The underlying pattern I saw in Google’s presentations was data.Increasingly, I see the same focus on data among all cloud providers.
It’s not Google alone that understands the need for data.

Data should also be your IT organization’s measure of success in the cloud.
I often look at the state of the data to determine success or failure of an enterprise that’s moving—or has moved—to the cloud.To read this article in full or to leave a comment, please click here

Magnetic storage reaches the atomic level

The magnetic field of a single atom is read and written, but it's not very stable.

VU#168699: dotCMS contains multiple vulnerabilities

The dotCMS administration panel is vulnerable to cross-site request forgery,and the"Push Publishing"feature in Enterprise Pro is vulnerable to path traversal and arbitrary file upload. dotCMS versions 3.7.1 and earlier are affected.

The future of solar power technology is bright

From photovoltaic paint to thermal fuel, we peek at a future beyond today's solar cells.

RiskIQ Offers Security Analysts Free Cyberthreat Hunter and Defender Tools with...

New RiskIQ Digital Threat Management Offering Promotes Collaboration Among the Security Analyst CommunityLONDON, UK – February 13, 2017 – Recognising the power of team collaboration and online communities, RiskIQ, the leader in digital threat management, today launched a Community Edition of its RiskIQ PassiveTotal® and RiskIQ™ Digital Footprint products at no cost to security analysts. Fast and simple registration sets cyberthreat hunters and defenders on the path to superior discovery, investigation and research of threats,... Source: RealWire

Furby Rickroll demo: what fresh hell is this?

Toy-makers, please quit this rubbish, you're NO GOOD at security Here's your future botnet, world: connected kids toys that will Rickroll their owners while hosing big servers and guessing the nuclear codes. Hacker Jake Davis, once known as "Topiary" of LulzSec, has pulled apart the Bluetooth variant that toy-maker Hasbro uses to update its "Furby" dolls with new content. The video below the fold is equal parts cute and scary, but as you can see from Davis' GitHub repo, he's well along the path to reverse-engineering Hasbro's Bluetooth. “Furby can be interacted with stand-alone or while connected to the Android / iOS App 'Furby Connect World', which takes full control of Furby's movement and speech and sends updates it pulls from Hasbro's servers at Amazon AWS.” He's already documented a decent amount of what goes on in a Furby's “brain” (two microcontrollers, a GeneralPlus chip that seems to handle movement, and a Nordic Semiconductor chip that runs Bluetooth Low Energy comms). Youtube Video His documentation list covers Furby Bluetooth; the two chips' commands and responses; Furby's action sequences; the app update mechanism; a list of possible names for Furby; and the DLC files that bring new content and firmware upgrades into Furbies' brains. With all that, you won't be surprised that he's also worked out how to flash a custom DLC, which is why Davis thought of botnets: A Furby that can be updated from "the app" is a Furby whose eyes will flash red and whose mouth will constantly sing Never Gonna Give You Up — Jake Davis (@DoubleJake) January 23, 2017 In his GitHub post, Davis notes that no Furbies were harmed in the making of the hack: he didn't want to peel it open, partly because a Furby isn't cheap. Here's a nice detail: if Davis' documentation is correct, the Furby Connect World app doesn't bother with niceties like HTTPS for its startup connection: “When first starting up, the Furby Connect World connects to a server http://fluff-gameupdates.s3.amazonaws.com/ and downloads in-game content, like the 3D models, background music and other sounds”. Later, stuff gets encrypted – but Davis notes, with a suitable proxy, that wasn't a problem. Since Davis still has a few items on his to-do list, including working the structure of the DLC files, there's still plenty of fun to be had for tinkerers. ® Sponsored: Customer Identity and Access Management

US Marines seek more than a few good men (3,000 men...

From the phones of Montezuma to the servers of Tripoli The head of the US Marines wants to recruit about 3,000 troops skilled in online warfare and espionage to make sure the Corps is ready for 21st-century battle. On Thursday, General Robert Neller told the Surface Navy Association's annual convention that he was looking to raise his numbers from 182,000 to 185,000 in the next Defense Appropriations Bill – and wants to use the extra heads to beef up online and electronic warfare capabilities. The Marine Forces Cyber Command has about 1,000 military and civilian staff; this needs to be drastically increased, he said.

That may mean withdrawing frontline troops that have the right aptitude, training them in online warfare, and deploying them in the world's cyber-trenches, for want of a better word. "Most of these people come off and start off as communicators or intelligence folks or radio battalion people, and then they morph and they get trained," he told his audience in Arlington, Virginia. Seeing as that process takes time, perhaps it would be better to fast track people into cyber-offense teams straight away, Neller pondered out loud. "We've got to go back and map the path, and figure out, is it really somebody you can bring in from the beginning," he said. Marines have, right now, no military occupational specialty (MOS) for online warfare, he continued.

That mil jargon means marines aren't trained to exploit and compromise enemy computers.

They can do signals intelligence and defend computer networks, but they are not taught how carry out attacks on systems, and this needs addressing. "There's no cyber MOS," he said, meaning marines who want to get into cyber-war have to look elsewhere. "How am I going to keep them? We spent a lot of money training these marines." If the army can't swell its computer security teams from its own ranks, it will have to tap up civilians.

Getting good hackers and security folks for the armed forces isn't easy, though.
In hacking competitions, civvies regularly clean the clocks of full-time military counterparts – and convincing them to sign up for military life in the Marine Corps could be a very tough sell indeed. ® Sponsored: Next gen cybersecurity.
Visit The Register's security hub