Thursday, December 14, 2017
Home Tags Twitter

Tag: Twitter

After a professor pens a blog post about the NSA's alleged clandestine program to break digital encryptions, the university asks him to take it down...

Then changes its mind. September 9, 2013 6:43 PM PDT (Credit: CNET) Johns Hopkins University ...
VIDEO: CIO of Linux vendor Red Hat explains how he brings technologies into the organization and how BYOD policy plays out. Every organization today faces a similar set of challenges about implementing bring-you...
Hewlett-Packard takes aim at helping enterprises comply with government regulations like the U.S.

Health Insurance Portability and Accountability Act (HIPAA). Meeting government compliance regulations is often a complex task—one that Hewlett-Packard wants to help enterprises achieve. That's where HP's Data Privacy Services come into play as a new suite of services that are intended to help enable enterprises meet some of the complex demands of the modern regulatory environment. The new offering is intended to be a comprehensive portfolio for data privacy. "What we're seeing is demand for this type of service from customers, driven by compliance and liability concerns about leakage of data," Lou Berger, vice president, Services Enablement and Readiness, Storage, at HP, told eWEEK. HP built some of the initial data-privacy-related services to support United States’ Health Insurance Portability and Accountability Act (HIPAA), which has data privacy requirements. That offering has broader global applicability now as other jurisdictions around the world enact data-privacy rules, for example, the United Kingdom, which has its own set of data-privacy regulations. Among the components that are part of the Data Privacy Services, are the HP Defective Media Retention (DMR) and the HP Comprehensive Defective Material Retention (CDMR) services. Berger explained that the DMR service is about data retention from failing spinning disk drives, while the CDMR includes system boards, memory and networking equipment that holds persistent data. Another key component is the HP Data Sanitization Service, which will clean an enterprise's storage prior to that storage device being moved or hitting its end-of-life phase. Berger noted that HP has had versions of the data sanitization service available in the past.

The new offering is now a globally standardized offering that can be done on both storage arrays and servers. "When we finish the data erasure, we provide certification to the customer so they have an audit trail for their own legal requirements," Berger said. When the data storage device is no longer needed, HP can also break down the device after the data has been sanitized. In cases where the enterprise no longer needs or wants the storage device, after HP sanitizes the device, it can be resold by HP with the value being returned to the customer. Audit While HP's Data Privacy Services are intended to help organizations meet compliance requirements, they do not currently include a full compliance audit. That said, HP does have an advisory service that helps organizations figure out what their compliance requirements are and how to meet them. "Today, we're not acting as an auditor, we're acting as a trusted advisor, that will make recommendations and explain requirements," Berger said. "The actual audit will come from another agency, or it could be an internal function at the customer." HP's Data Privacy Services also do not come with any specific legal guarantees. Berger explained that HP can provide a statement of work about what they will do, but that statement does not include any liability protection. Different regulatory efforts can often include a security vulnerability audit as part of compliance, as well. HP's Data Privacy Services are specifically about physical data devices. Berger noted that HP does have other elements in its portfolio that can deliver security vulnerability audits. Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist. ${QSComments.incrementNestedCommentsCounter()} {{if QSComments.checkCommentsDepth()}} {{if _childComments}}
In a move clearly designed to limit free speech, the country modifies its laws to ensure that those who spread what it calls "online rumors" could spend up to three years in jail. September 9, 2013 6:03 AM PDT China's government on Monday made o...
Is there any greater reason to believe that companies to which we give our information every day will guard it more preciously than any government? (Credit: Chris Matyszczyk/CNET) "We want to be really, really clear that whenever you give us informatio...
The FBI has decided that the Syrian Electronic Army is really a criminal organisation and has listed it on its wanted posters. It's an unusual move because the SEA is seen not as a hacker organisation, like LulzSec, but as a division of the Syrian army. It is loyal to Syrian president Bashar al-Assad if not directly under military control. This means the FBI seems to be taking on another country's military, something that you would expect the Pentagon to be more interested in doing. Last week the SEA went too far and tinkered with the New York Times, which meant that Apple fanboys had no ready source of press releases from their favourite company. The SEA also hit the Twitter feed of Associated Press, which led to a temporary stock market crash. Normally acting as a paid police force for Big Content, the FBI Cyber Division unit has officially added  the pro-Assad hacker collective to its wanted list. The FBI issued an advisory that included information about the SEA, its capabilities, and some of its more heinous attacks. The advisory warns networks to be on the lookout for attacks, and that anyone found to be aiding the SEA will be seen as terrorists actively aiding attacks against US websites. 
A 43 year old man was arrested on suspicion of tweeting the name of a girl who accused Coronation Street actor Michael Le Vell of r**e. Phil Davies, from the Greater Manchester Police, said public identification of sex abuse victims - in particular child victims during court proceedings - can "cause both immediate and long term distress and harm, especially in cases as serious as this". Michael Le Vell, real name Michael Turner, denies 12 charges, including five of r**e, the BBC reports.

The actor played car mechanic Kevin Webster on Britain's longest running TV soap. Davies said disclosing names on social media is effectively the same as through the mainstream media. "People may not understand that when they use social media they are required by the law to keep victims anonymous in exactly the same way as people who work in mainstream media," Davies said. The point about social media has surfaced again and again - Twitter is essentially a public domain, even if you have privacy restricted your account - and posting online can provide more unwanted exposure than shouting on the street. 
The camera maker settles a claim after hundreds of its home security cameras were hacked and videos of babies sleeping and children playing were published on the Web. September 4, 2013 6:30 PM PDT The TrendNet TV-IP110W was one of the allegedly ...
Will "fade into the mists of myth and legend."    
The Syrian hacktivist attack on the New York Times website highlights urgent need for registry locking, says communications and analysis firm Neustar. The site was unavailable after the Syrian Electronic Army (SEA) that supports Syrian president Bashar al-Assad was able to access the domain name system (DNS) settings for the site. The SEA breached the NYT’s domain name registrar Melbourne IT and changed the DNS record to point to systems in Syria and Russia. Melbourne IT blamed the NYT outage on one of its resellers, whose account was compromised. Setting up a registry lock provides a relatively easy and inexpensive way to mitigate risk of unauthorised DNS changes, said Rodney Joffe, senior technologist at Neustar. The bad thing about being able to access DNS setting is that attackers can redirect visitors to malicious sites, he told Computer Weekly. This can have a huge financial impact ranging from hundreds of thousands to millions of dollars through lost business, but it can also cause brand damage by association with exposure to malware, said Joffe. Applying a registry lock provides protection by requiring any changes to a domain name server to be verified and authenticated by the website owners. A registry lock provides protection against DNS tampering, even if an attacker is in possession of a username and password of if a domain name registrar is compromised as happened in the NYT attack. Twitter's best practice commended Twitter was also targeted by the SEA, but impact was minimal because the attackers were unable to change DNS settings because the microblogging site has a registry lock in place. According to Joffe, all website owners should follow Twitter’s example in line with industry best practices published by the internet’s main governance body Icann. Security firm Rapid7 notes that in the immediate aftermath of the SEA attack on the NYT site, several unlocked domains at Melbourne IT rushed to put registry locks in place, including Starbucks. Failure to put registry locks in place puts any company, its customers and its brand at risk, and yet this threat can be blocked for under $100, said Joffe. “Considering the high risk of attack and the low cost of protection, it is mind boggling that relatively few large companies have registry locks in place,” he said. According to Rapid7, around 90 company websites hosted by Melbourne IT did not have registry locks in place at the time of the SEA attack, including adobe.com, ibm.com, mcafee.com, and royalmail.com. Neustar has seen an increasing number of attempts by attackers to access domain name setting since May, but the targets have not included high-profile domain name until the past two to three weeks. Changing landscape of threats It is just another evolution in the threat landscape that companies will have to bear in mind when updating their information security strategies, said Joffe. Companies will have to adjust their defence strategies, he said, just as they have done in the past three years as they have moved from defence only to include elements of mitigation. “They have realised that no matter how hard they worked and how much effort they put in into their infrastructure, they had to prepare for attacks,” said Joffe. The threat landscape has demanded a shift from building higher thicker walls to what can be done when an attacker breaches those defences, he said. Attackers are also beginning to go after the weakest links in the supply chain, which means that information security strategies need to extend beyond an organisation to its business partners. Kenneth Geers, senior global threat analyst at FireEye said the method of attack on the NYT may indicate that the SEA has begun going after media organisations’ supply chains. “Rather than attacking a large firm directly, the SEA is opting to identify weaker links between the firm and other partnering organisations that they use for business operations. “This is because the victim firm may not have as much control over the operational security employed by the partners, so the partners are an easier target to focus on,” he said. Geers said it is likely that this type of attack will continue as long as supply chain security remains weak. Email Alerts Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox. By submitting you agree to receive email from TechTarget and its partners.

If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy Read More Related content from ComputerWeekly.com
VIDEO: One of the most infamous hackers of all time talks about Website security and what users should do to protect themselves. In the world of computer security hackers, few are as well-known as Kevin Mitnick....
Hewlett-Packard's Fortify Source Code Analyzer 4.0 release is designed to deliver faster and more accurate analysis of software code. Hewlett-Packard is updating its Fortify Static Code Analyzer (SCA) to version 4.0, boosting both the performance, accuracy and feature set of the security and code quality tool. Static Analysis refers to the examination of code at rest that is not actually running. Such an analysis can often find programmatic code errors that can impact code execution as well as security. The SCA 4.0 version is 10 times faster at code analysis than prior releases, Mike Armistead, vice president and general manager, Enterprise Security Products for HP's Fortify division, told eWEEK.

Armistead is a co-founder of Fortify, a company that HP acquired in 2010 for its source-code analysis capabilities. SCA 4.0 is able to scan source code in 21 different programming languages as well as their associated programming frameworks. "SCA is all about stitching together an application and giving you an idea of how data may flow through and how functions are used," Armistead explained. With the 4.0 release, in addition to the speed boost, there has also been a 20 percent accuracy improvement in code analysis, which means that there will now be fewer false positives for code defects, he said. In the early days of static analysis, one of the primary defects that was caught is a coding flaw known as a "null pointer." A null pointer is a code element where a program is trying to access a memory location that doesn't exist. That flaw can lead to stability and security problems. While SCA 4.0 will detect null pointers, Armistead noted that those types of errors are more common in the C and C++ programming language than in other languages.

As Java and .NET language use has proliferated, there are fewer null pointer defects due to features in those languages that mitigate the risks of the same kinds of memory issues. "The adversary has now also moved on," Armistead said. "They have moved on to Cross Site Scripting and Cross Site Request Forgery as well as other categories of flaws that have not been as easily recognized by developers." SCA 4.0 has its own built-in analysis engine and it also benefits from a quarterly update from HP that delivers intelligence on secure coding rules, Armistead said. HP's security intelligence has insight into how new forms of attack are taking place and is able to pass along that information to help developers write more secure code. In the modern development world, a key area of focus for SCA 4.0 is on mobile development, including both Apple iOS and Google Android. "There are vulnerabilities that are unique to mobile apps," Armistead said.  The reality is also that even though mobile development and new programming frameworks have emerged over the years, many of the coding mistakes that static analysis can find are the same year-after-year. "I wish it were sexier than this, but development organizations keep making the same mistakes," Armistead said. Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.