Thursday, 30 January 2014

Killer robots: Another moonshot for Google's Andy Rubin

LinkedIn RSS Topics Applications Cloud Computing Consumerization of IT Data Center Data Storage Government/Industries Hardware Internet Management Mobile/Wireless Networking Operating Systems Security All Topics News In Depth Reviews Blogs Featured BlogsAntone GonsalvesIT BlogwatchJonny EvansJR RaphaelPreston GrallaRichi JenningsRobert L. MitchellShark TankAll Bloggers Opinion Shark Tank IT Jobs More Enterprise IT Hot Topics IDGE CEO Interviews Insider Articles QuickPoll CenterSlideshows Video IT Verticals Financial IT Government IT Healthcare IT

View the Original article

But look how well everything else works!

computerworld.com. You'll get a stylish Shark shirt if I use it. Add your comments below, and read some great old tales in the Sharkives.

Get your daily dose of out-takes from the IT Theater of the Absurd delivered directly to your Inbox. Subscribe now to the Daily Shark Newsletter.

Print TAGS:door locks, generator, power outage, uninterruptible power supply, UPS TOPICS:Disaster Recovery, Infrastructure Management, Management, Project Management, Security Older Post: Yeah, that would explain itNewer Post: Now THAT'S secure! Our Commenting PoliciesView the discussion thread. Related Posts Apple iPhone 6 rumors rounded up by Richi: Phablets ahoy! The case against using a smartphone case Nokia's Lumia smartphone sales tank -- can Windows Phone survive it? Apple and Google want your body Android Power's 3 favorite things for January 2014 Hot PostsBlogs Home Apple's Macintosh: 30 years doomed Posted by Jonny Evans Apple iPhone 6 rumors rounded up by Richi: Phablets ahoy! Posted by Richi Jennings The case against using a smartphone case Posted by JR Raphael .sharktee

View the Original article

Wednesday, 29 January 2014

Now THAT'S secure!

LinkedIn RSS Topics Applications Cloud Computing Consumerization of IT Data Center Data Storage Government/Industries Hardware Internet Management Mobile/Wireless Networking Operating Systems Security All Topics News In Depth Reviews Blogs Featured BlogsAntone GonsalvesIT BlogwatchJonny EvansJR RaphaelPreston GrallaRichi JenningsRobert L. MitchellShark TankAll Bloggers Opinion Shark Tank IT Jobs More Enterprise IT Hot Topics IDGE CEO Interviews Insider Articles QuickPoll CenterSlideshows Video IT Verticals Financial IT Government IT Healthcare IT

View the Original article

Boycotting RSA Conference: Jaws all on the floor over NSA backdoor at #RSAC

 
RSA and F-Secure poster-boy Mikko Hypponen first were divorced, just before Christmas:

I’ve been working with computer security since 1991. Nowadays I do quite a bit of public speaking. ... I have spoken eight times at...RSA Conference

View the Original article

Safety first

computerworld.com. You'll get a stylish Shark shirt if I use it. Add your comments below, and read some great old tales in the Sharkives.

Get your daily dose of out-takes from the IT Theater of the Absurd delivered directly to your Inbox. Subscribe now to the Daily Shark Newsletter.

Print TAGS:BitTorrent, illegal downloads, offshore, Torrent TOPICS:Cybercrime and Hacking, IT Outsourcing, Malware and Vulnerabilities, Security Older Post: Emergency, redefinedNewer Post: Priorities Our Commenting PoliciesView the discussion thread. Related Posts Apple iPhone 6 rumors rounded up by Richi: Phablets ahoy! The case against using a smartphone case Nokia's Lumia smartphone sales tank -- can Windows Phone survive it? Apple and Google want your body Android Power's 3 favorite things for January 2014 Hot PostsBlogs Home Apple's Macintosh: 30 years doomed Posted by Jonny Evans Apple iPhone 6 rumors rounded up by Richi: Phablets ahoy! Posted by Richi Jennings The case against using a smartphone case Posted by JR Raphael .sharktee

View the Original article

Insecure healthcare.gov allowed hacker to access 70,000 records in 4 minutes

Kennedy has continually warned that healthcare.gov is insecure. In November, after the website was allegedly “fixed,” he told Congress it was even more vulnerable to hacking and privacy breaches.  Before Thursday's congressional hearings, Kennedy wrote, “Out of the issues identified last go around, there has been a half of a vulnerability closed out of the 17 previously disclosed and since my last appearance, other security researchers have also identified an additional 20

View the Original article

Tuesday, 28 January 2014

Microsoft Patch Tuesday for January: An easy start to the year

Greg Lambert is a product evangelist for Qompat Application Management Systems and co-founder of ChangeBASE.

Print TAGS:Adobe Reader, Dynamics, exploit, January Patch Tuesday, Office TOPICS:Applications, Security, Windows Older Post: That's a wrap: One more urgent fix for the last Patch Tuesday of 2013 Our Commenting PoliciesView the discussion thread. Related Posts Apple iPhone 6 rumors rounded up by Richi: Phablets ahoy! The case against using a smartphone case Nokia's Lumia smartphone sales tank -- can Windows Phone survive it? Apple and Google want your body Android Power's 3 favorite things for January 2014 Hot PostsBlogs Home Apple's Macintosh: 30 years doomed Posted by Jonny Evans Apple iPhone 6 rumors rounded up by Richi: Phablets ahoy! Posted by Richi Jennings The case against using a smartphone case Posted by JR Raphael Browse Computerworld Blogs All Bloggers By Blogger Sharky Nicholas D. Evans Jonny Evans Sharon Gaudin Antone Gonsalves Preston Gralla Matt Hamblen Michael Horowitz Richi Jennings Barbara Krasnoff Sharon Machlis Lucas Mearian Robert L. Mitchell Chris Poelker Valerie Potter JR Raphael Darlene Storm Patrick Thibodeau Jaikumar Vijayan By BlogAndroid PowerApple HolicD.C.Defensive ComputingIT BlogwatchIT Leadership PerspectivesMachlis MusingsMobile Security TrendsPlatform AgnosticRamblin' HamblenReality CheckSecond TakeSecurity Is SexySeeing Through WindowsShark TankTech SpaceThe Interesting Bits ... and BytesThe World in Which We LiveVideo BrewWhere Tech Meets Life By TopicApplicationsCloud ComputingConsumerization of ITData CenterData StorageGovernment/IndustriesHardwareInternetManagementMobile/WirelessNetworkingOperating SystemsSecuritySee all topics

View the Original article

Massive blimps over Maryland to conduct 24/7 domestic aerial surveillance

Officials don’t flat out say the terrorist threat, but they mention threats like anti-ship cruise missiles, drones with 10-foot wing spans, tactical ballistic missiles, large caliber rockets, and moving surface vehicles like swarming boats, mine-laying ships, automobiles and tanks. Marc Rotenberg executive director of The Electronic Privacy Information Center (EPIC) believes the threat is real all right, the threat to privacy that is. He said, "When the government is conducting real-time aerial surveillance within the United States, there are privacy issues that need to be addressed."

While officials claimed that, on a clear day, people in downtown Baltimore will be able to see the unmanned blimps from 16 – 19 miles away, one of the two 243-foot long blimps will have 360-degree surveillance capabilities allowing it to see up to 340 miles in any direction; that one is on the lookout for “threats,” while the second blimp carries a powerful integrated fire-control radar system “to detect, track and target a variety of threats.” Together, the Joint Land Attack Cruise Missile Defense Elevated Netted Sensor System – quite a mouthful that was shortened to JLENS – can “spot objects in the air from North Carolina to the Canadian border, and objects on the ground from Virginia to New Jersey.”



View the Original article

Sunday, 26 January 2014

How about we use your name and see what happens?

computerworld.com. You'll get a stylish Shark shirt if I use it. Add your comments below, and read some great old tales in the Sharkives.

Get your daily dose of out-takes from the IT Theater of the Absurd delivered directly to your Inbox. Subscribe now to the Daily Shark Newsletter.

Print TAGS:Active Directory, inactive accounts, security TOPICS:Application Security, Security, Windows Older Post: Why we love our technologyNewer Post: Identity crisis Our Commenting PoliciesView the discussion thread. Related Posts Apple iPhone 6 rumors rounded up by Richi: Phablets ahoy! The case against using a smartphone case Nokia's Lumia smartphone sales tank -- can Windows Phone survive it? Apple and Google want your body Android Power's 3 favorite things for January 2014 Hot PostsBlogs Home Apple's Macintosh: 30 years doomed Posted by Jonny Evans Apple iPhone 6 rumors rounded up by Richi: Phablets ahoy! Posted by Richi Jennings The case against using a smartphone case Posted by JR Raphael .sharktee

View the Original article

Identity crisis

computerworld.com. You'll snag a snazzy Shark shirt if I use it. Add your comments below, and read some great old tales in the Sharkives.

Get your daily dose of out-takes from the IT Theater of the Absurd delivered directly to your Inbox. Subscribe now to the Daily Shark Newsletter.

Print TAGS:deleted files, login, user support TOPICS:Operating Systems, Privacy, Security Older Post: How about we use your name and see what happens?Newer Post: Sometimes you just can't leave Our Commenting PoliciesView the discussion thread. Related Posts Apple iPhone 6 rumors rounded up by Richi: Phablets ahoy! The case against using a smartphone case Nokia's Lumia smartphone sales tank -- can Windows Phone survive it? Apple and Google want your body Android Power's 3 favorite things for January 2014 Hot PostsBlogs Home Apple's Macintosh: 30 years doomed Posted by Jonny Evans Apple iPhone 6 rumors rounded up by Richi: Phablets ahoy! Posted by Richi Jennings The case against using a smartphone case Posted by JR Raphael .sharktee

View the Original article

Saturday, 25 January 2014

Could a $150,000 enforced bug bounty put zero-day exploit brokers out of business?

“It is time to examine the economics of depriving cyber criminals' access to new vulnerabilities through the systematic purchase of all vulnerabilities discovered at or above black market prices,” proposed Stefan Frei, research director of NSS Labs. A report titled “International Vulnerability Purchase Program,” states, “If all of the vulnerabilities for all products are purchased at USD $150,000 each, this still would amount to less than 0.01 percent of the yearly gross domestic product (GDP) for either the US or the European Union (EU). The cost for major software vendors to purchase all of their vulnerabilities at USD $150,000 each is less than one percent of their revenue.”

“Frei’s analysis conservatively estimated that private companies which purchase software vulnerabilities for use by nation states and other practitioners of cyber espionage provide access to at least 85 zero-day exploits on any given day of the year,” wrote Brian Krebs of Krebs on Security. “That estimate doesn’t even consider the number of zero-day bugs that may be sold or traded each day in the cybercrime underground. …The market for finding, stockpiling and hoarding (keeping secret) software flaws is expanding rapidly."

“Everyone is going to use Adobe Flash or Java or Windows,” wrote Adam Kujawa, lead of the Malware Intelligence Team at Malwarebytes. “This means that said vulnerable applications are not only targeted greatly because of their widespread use but also completely unopposed in the market, which (in theory) means that they don’t have to update or patch because users will still use their products because they don’t have any competition.”

While “paying $150k for bug bounties would help the industry because more professional vulnerability researchers would opt to go the white hat route,” eliminating software flaws will not stop social engineering and web attacks which play a “massive part of the process.” Kujawa also suggested a “federally approved industry seal for software that has been tested.” Then users would know whether or not the app is secure.

You could also approach the benefits from a liability standpoint. Many banks are held liable for the loss of money from a robbery, an amusement park is liable for a ride that malfunctions and injures a guest. Why don’t we hold software developers to the same standard and when their product gets exploited, you can hold them liable for the data loss.

"Software security is a 'negative externality': like environmental pollution, vulnerabilities in software impose costs on users and on society as a whole, while software vendors internalize profits and externalise costs," Krebs explained. "Thus, absent any demand from their shareholders or customers, profit-driven businesses tend not to invest in eliminating negative externalities."

“No matter how large a vendors’ security team, it cannot compete with the combined experiences of a global group of individual specialists or organizations with diverse backgrounds, education, culture, and skills,” NSS Labs noted. Critical zero-day vulnerabilities will continue to be discovered and exploited by cyber crooks. An enforced high price as a bug bounty could be the solution. As a plus, it could put some serious hurt to exploit brokers' wallets.

I like the proposal of $150,000 per exploit, regardless of if the vulnerability is big or small, as it would keep bug hunters searching for software flaws and keep us safer as a whole. It could also help the black hat sons of Grinches decide to do the “right” white hat thing; then they might even make the nice instead of naughty list. That’s all for now. Have a very Merry Christmas and a happy New Year!

Print TAGS:bug bounty, cybercrime & hacking, NSS Labs, software vulnerabilities, zero-day TOPICS:Cybercrime and Hacking, Malware and Vulnerabilities, Security Older Post: Mind-reading dog gadget decodes barks into human-speakNewer Post: Court says no stinking suspicion required for gov't to search devices at... Our Commenting PoliciesView the discussion thread. Related Posts Apple iPhone 6 rumors rounded up by Richi: Phablets ahoy! The case against using a smartphone case Nokia's Lumia smartphone sales tank -- can Windows Phone survive it? Apple and Google want your body Android Power's 3 favorite things for January 2014 Hot PostsBlogs Home Apple's Macintosh: 30 years doomed Posted by Jonny Evans Apple iPhone 6 rumors rounded up by Richi: Phablets ahoy! Posted by Richi Jennings The case against using a smartphone case Posted by JR Raphael Browse Computerworld Blogs All Bloggers By Blogger Sharky Nicholas D. Evans Jonny Evans Sharon Gaudin Antone Gonsalves Preston Gralla Matt Hamblen Michael Horowitz Richi Jennings Barbara Krasnoff Sharon Machlis Lucas Mearian Robert L. Mitchell Chris Poelker Valerie Potter JR Raphael Darlene Storm Patrick Thibodeau Jaikumar Vijayan By BlogAndroid PowerApple HolicD.C.Defensive ComputingIT BlogwatchIT Leadership PerspectivesMachlis MusingsMobile Security TrendsPlatform AgnosticRamblin' HamblenReality CheckSecond TakeSecurity Is SexySeeing Through WindowsShark TankTech SpaceThe Interesting Bits ... and BytesThe World in Which We LiveVideo BrewWhere Tech Meets Life By TopicApplicationsCloud ComputingConsumerization of ITData CenterData StorageGovernment/IndustriesHardwareInternetManagementMobile/WirelessNetworkingOperating SystemsSecuritySee all topics

View the Original article

You were expecting an accountant?

computerworld.com. You'll score a sharp Shark shirt if I use it. Add your comments below, and read some great old tales in the Sharkives.

Get your daily dose of out-takes from the IT Theater of the Absurd delivered directly to your Inbox. Subscribe now to the Daily Shark Newsletter.

Print TAGS:Career Day, Education TOPICS:IT Careers, Network Security, Security Older Post: Now THAT'S secure!Newer Post: New year, same old users Our Commenting PoliciesView the discussion thread. Related Posts Apple iPhone 6 rumors rounded up by Richi: Phablets ahoy! The case against using a smartphone case Nokia's Lumia smartphone sales tank -- can Windows Phone survive it? Apple and Google want your body Android Power's 3 favorite things for January 2014 Hot PostsBlogs Home Apple's Macintosh: 30 years doomed Posted by Jonny Evans Apple iPhone 6 rumors rounded up by Richi: Phablets ahoy! Posted by Richi Jennings The case against using a smartphone case Posted by JR Raphael .sharktee

View the Original article