Sign up for our Technology Newsletter 
Google And Yahoo Get Blocked
May 24, 2016 by admin
Filed under Around The Net
Comments Off on Google And Yahoo Get Blocked
The IT department of the U.S. House of Representatives is prohibiting access to Yahoo Mail and the Google App Engine platform due to malware threats.
On April 30, the House’s Technology Service Desk informed users about an increase in ransomware-related emails on third-party email services like Yahoo Mail and Gmail.
“The House Information Security Office is taking a number of steps to address this specific attack,” the Technology Service Desk said in an email obtained and published by Gizmodo. “As part of that effort, we will be blocking access to Yahoo Mail on the House Network until further notice.”
The ban on Yahoo Mail access suggests that some House of Representatives workers accessed Yahoo mailboxes from their work computers. This raises questions: Are House workers using Yahoo Mail for official business, and, if they’re not, are they allowed to check their private email accounts on work devices?
If they use the same devices for both personal and work activities, one would hope that there are access controls in place to separate the work and personal data. Otherwise, if they are allowed to take those devices outside of the House’s network, they could just as easily become infected there, where the ban is not in effect.
“The recent attacks have focused on using .js files attached as ZIP files to e-mail that appear to come from known senders,” the House’s Technology Service Desk said. “The primary focus appears to be through Yahoo Mail at this time.”
The increase in ZIP and RAR attachments that contain malicious JavaScript (JS) files has been observed by multiple security companies in recent months. Microsoft offers several recommendations, like using the Windows AppLocker group policy to restrict the execution of .JS files.
The House Information Security Office also banned access to appspot.com, the domain name used by applications hosted on the Google App Engine platform, Reuters reported.
Source- http://www.thegurureview.net/aroundnet-category/u-s-house-of-representatives-block-yahoo-and-google-apps.html
Oracle Goes Deeper Into The Cloud
Right on the heels of a similar acquisition last week, Oracle has announced it will pay $532 million to buy Opower, a provider of cloud services to the utilities industry.
Once a die-hard cloud holdout, Oracle has been making up for lost time by buying a foothold in specific industries through acquisitions such as this one. Last week’s Textura buy gave it a leg up in engineering and construction.
“It’s a good move on Oracle’s part, and it definitely strengthens Oracle’s cloud story,” said Frank Scavo, president of Computer Economics.
Opower’s big-data platform helps utilities improve customer service, reduce costs and meet regulatory requirements. It currently stores and analyzes more than 600 billion meter readings from 60 million end customers. Opower claims more than 100 global utilities among its clients, including PG&E, Exelon and National Grid.
Opower will continue to operate independently until the transaction closes, which is expected later this year. The union will create the largest provider of mission-critical cloud services to an industry that’s worth $2.3 trillion, Oracle said.
Oracle’s Utilities business delivers applications and cloud services that automate core operational processes and enable compliance for global electric, gas and water utilities.
“Oracle’s industry organizations maintain unique domain knowledge, specialized expertise and focused product investments,” said Rodger Smith, a senior vice president who leads the Utilities global business unit, in a letter to customers and partners. “This model has proven highly successful across several industries, and we look forward to bringing these same benefits to the customers of Opower.”
Source- http://www.thegurureview.net/aroundnet-category/oracle-pushes-deeper-into-cloud-computing-with-another-acquisition.html
Is Microsoft A Risk?
Hewlett Packard Enterprise (HPE) has cast a shade on what it believes to be the biggest risks facing enterprises, and included on that list is Microsoft.
We ain’t surprised, but it is quite a shocking and naked fact when you consider it. The naming and resulting shaming happens in the HPE Cyber Risk Report 2016, which HPE said “identifies the top security threats plaguing enterprises”.
Enterprises, it seems, have myriad problems, of which Microsoft is just one.
“In 2015, we saw attackers infiltrate networks at an alarming rate, leading to some of the largest data breaches to date, but now is not the time to take the foot off the gas and put the enterprise on lockdown,” said Sue Barsamian, senior vice president and general manager for security products at HPE.
“We must learn from these incidents, understand and monitor the risk environment, and build security into the fabric of the organisation to better mitigate known and unknown threats, which will enable companies to fearlessly innovate and accelerate business growth.”
Microsoft earned its place in the enterprise nightmare probably because of its ubiquity. Applications, malware and vulnerabilities are a real problem, and it is Windows that provides the platform for this havoc.
“Software vulnerability exploitation continues to be a primary vector for attack, with mobile exploits gaining traction. Similar to 2014, the top 10 vulnerabilities exploited in 2015 were more than one-year-old, with 68 percent being three years old or more,” explained the report.
“In 2015, Microsoft Windows represented the most targeted software platform, with 42 percent of the top 20 discovered exploits directed at Microsoft platforms and applications.”
It is not all bad news for Redmond, as the Google-operated Android is also put forward as a professional pain in the butt. So is iOS, before Apple users get any ideas.
“Malware has evolved from being simply disruptive to a revenue-generating activity for attackers. While the overall number of newly discovered malware samples declined 3.6 percent year over year, the attack targets shifted notably in line with evolving enterprise trends and focused heavily on monetisation,” added the firm.
“As the number of connected mobile devices expands, malware is diversifying to target the most popular mobile operating platforms. The number of Android threats, malware and potentially unwanted applications have grown to more than 10,000 new threats discovered daily, reaching a total year-over-year increase of 153 percent.
“Apple iOS represented the greatest growth rate with a malware sample increase of more than 230 percent.”
Courtesy-TheInq
Microsoft To Release Advanced Threat Analytics
Comments Off on Microsoft To Release Advanced Threat Analytics
Microsoft is very close to releasing Advanced Threat Analytics (ATA) the security sure-up that it first announced three months ago.
ATA, or MATA as we called it for our own small amusement, is the result of three months’ real world testing, and the culmination of enough user feedback to inform a final release.
That final release will happen in August, which should give you plenty of time to get your head around it.
Hmmm. Microsoft’s Advanced Threat Analytics seems like a very good idea focused on the enterprise.
— Kevin Jones (@vcsjones) May 4, 2015
Idan Plotnik, who leads the ATA team at Microsoft, explained in an Active Directory Team Blog post that the firm is working towards removing blind spots from security analytics, and that this release should provide a strong and hardy tool for the whacking away of hacking.
“Many security monitoring and management solutions fail to show you the real picture and provide false alarms. We’ve taken a different approach with Microsoft ATA,” he said.
“Our secret sauce is our combination of network Deep Packet Inspection, information about the entities from Active Directory, and analysis of specific events.
“With this unique approach, we give you the ability to detect advanced attacks and stolen credentials, and view all suspicious activities on an easy to consume, simple to explore, social media feed like attack timeline.”
The Microsoft approach is an on-premise device that detects and analyses threats as they happen and on a retrospective basis. Plotnik said that it combines machine learning and knowledge about existing techniques and tactics to proactively protect systems.
“ATA detects many kinds of abnormal user behaviour many of which are strong indicators of attacks. We do this by using behavioural analytics powered by advanced machine learning to uncover questionable activities and abnormal behaviour,” he added.
“This gives the ability for ATA to show you attack indicators like anomalous log-ins, abnormal working hours, password sharing, lateral movement and unknown threats.”
A number of features will be added to the preview release, including performance improvements and the ability to deal with more traffic, before general availability next month.
FCC To Tighten Rules On Robocalls
June 9, 2015 by admin
Filed under Around The Net
Comments Off on FCC To Tighten Rules On Robocalls
The top U.S. telecommunications regulator wants to make it more difficult for telemarketers and other businesses to robocall and text messages consumers under changes to autodialing rules being proposed.
The Federal Communications Commission plans to vote on June 18 on the proposal, which would give legal cover to telephone companies to offer consumers technologies that would block robocalls, regardless of where they originate.
“The FCC wants to make it clear: Telephone companies can – and in fact should – offer consumers robocall-blocking tools,” FCC Chairman Tom Wheeler said in a blog post.
The wireless carriers have worried that blocking automated calls could be construed as violations of the law that requires them to ensure that all calls placed over their networks reach their intended recipients.
The proposal would also reassert that consumers have to agree to receive automated calls and texts and clarify that they can revoke their consent in any “reasonable” way, including a simple request for calls to stop, without the need to file convoluted paperwork.
Robocalls and robotexts are by far the most common cause of consumer complaints at the FCC, topping 215,000 in the last year alone. Consumer advocates and the majority of U.S. states attorneys general had pressed the FCC to clarify the robocall rules.
Numerous business associations, including the U.S. Chamber of Commerce, have also pushed for clarifications, facing a growing number of lawsuits prompted by violations such as calling cellphone users whose numbers used to belong to someone else.
The FCC’s proposal would reassert that companies should try to avoid numbers reassigned to consumers who have not agreed to receive their calls. If they do not know that a number has been reassigned, they are allowed one call to find out.
The business community had also complained that some lawsuits unfairly target them for using dialing technologies that could be modified to become autodialers. FCC officials said any technology with the capacity to dial random or sequential numbers qualifies as an autodialer, even if it would require modification.
U.S. law prohibits telemarketing calls to both landline and cellphones of consumers who have not given written consent.
Text To 911 Has Low Adoption Rate
May 19, 2015 by admin
Filed under Around The Net
Comments Off on Text To 911 Has Low Adoption Rate
Only 5% of the nation’s 6,500 emergency dispatch centers are capable of receiving and responding to emergency text-to-911 messages.
That’s not good enough for more than 41,000 signers of a Change.org petition. They want Congress to pass legislation requiring emergency centers to update their systems to accommodate texting.
Text-to-911 would have provided much-needed help for Lisbeth (not her real name), a mother of two who said she was repeatedly battered by her boyfriend in her home over several years. One day three years ago, when he was yelling at her, she tried to call 911 on her cell phone for help, but he broke down the door where she was hiding and demanded to know whom she was calling.
“I was trying to whisper, but he got in and punched me and asked me who I was talking to,” Lisbeth said in an interview. That time, a neighbor overheard the fight and called 911 to bring police to the scene.
“911 works, but I wish it worked with text,” she added. “If they had it back then, it might have made a difference.” Lisbeth later moved into a shelter for abused women in California’s San Fernando Valley and said her life has improved for herself and her children. “Anybody who is going through the same situation as I was should ask for help,” she said.
The Federal Communications Commission last yea rrequired U.S. carriers and makers of some texting apps to provide emergency texting with their services, but the FCC doesn’t regulate the nation’s emergency dispatch centers. Instead, the centers are regulated locally by 3,200 different states, counties and cities, even though many of those jurisdictions receive federal funds for the dispatch centers.
FCC Commissioner Ajit Pai last August expressed concerns that FCC mandates for carriers might give the public a false impression that they can send texts to emergency responders when so few are prepared to receive texts.
Will The Drupal Flaw Be Catastrophic?
Comments Off on Will The Drupal Flaw Be Catastrophic?
The Drupal web content management system has been exposed as having backdoor access that could deliver your site to hackers.
The problem is not particularly new. Drupal warned about it earlier this month, but it still needs tackling as millions of websites may be at risk.
Drupal said that sites running version 7 really ought to have upgraded to 7.32 by now, because not doing so leaves them as open as a torn tea bag.
Initially the alert was about the threat, but the firm has updated its earlier advice and is now warning of in-the-wild attacks.
That earlier advice was about a problem in a database API. “A vulnerability in this API allows an attacker to send specially crafted requests resulting in arbitrary SQL execution,” warned Drupal in a security alert.
“Depending on the content of the requests this can lead to privilege escalation, arbitrary PHP execution, or other attacks. This vulnerability can be exploited by anonymous users.”
More recent information from the firm points users toward the released upgrade, and informs them that attacks started not long after the initial announcement.
“You should proceed under the assumption that every Drupal 7 website was compromised unless updated or patched before Oct 15th, 11pm UTC, that is seven hours after the announcement,” it said, adding that, even when updated, sites will have some cleaning up to do.
“If you have not updated or applied this patch, do so immediately, then continue reading this announcement; updating to version 7.32 or applying the patch fixes the vulnerability but does not fix an already compromised website,” it explains.
“If you find that your site is already patched but you didn’t do it, that can be a symptom that the site was compromised – some attacks have applied the patch as a way to guarantee they are the only attacker in control of the site.”
Gavin Millard, EMEA technical director at Tenable Network Security, advised people to follow Drupal’s advice.
“The so-called ‘Drupageddon’ vulnerability could have easily led to exploitation of any systems running the vulnerable code. With such an easy to exploit flaw, the chance of exfiltration of data or further exploitation are high,” he said.
“For those who have good security controls, reviewing of logs and traffic directed at the sites following the vulnerability being announced and the patch applied is common sense and highly advisable, with appropriate action taken if indicators of compromise are found.
“For those who don’t have such a good level of security or visibility into the logs, the advice from the Drupal team should be heeded. If you don’t know if you were exploited you should assume that you have been.”
FBI Worried About Encryption
October 9, 2014 by admin
Filed under Smartphones
Comments Off on FBI Worried About Encryption
The U.S. Federal Bureau of Investigation expressed some concerns about moves by Apple and Google to include encryption on smartphones, the agency’s director has stated.
Quick law enforcement access to the contents of smartphones could save lives in some kidnapping and terrorism cases, FBI Director James Comey said in a briefing with some reporters. Comey said he’s concerned that smartphone companies are marketing “something expressly to allow people to place themselves beyond the law,” according to news reports.
An FBI spokesman confirmed the general direction of Comey’s remarks. The FBI has contacted Apple and Google about their encryption plans, Comey told a group of reporters who regularly cover his agency.
Just last week, Google announced it would be turning on data encryption by default in the next version of Android. Apple, with the release of iOS 8 earlier this month, allowed iPhone and iPad users to encrypt most personal data with a password.
Comey’s remarks, prompted by a reporter’s question, came just days after Ronald Hosko, president of the Law Enforcement Legal Defense Fund and former assistant director of the FBI Criminal Investigative Division, decried mobile phone encryption in a column in the Washington Post.
Smartphone companies shouldn’t give criminals “one more tool,” he wrote. “Apple’s and Android’s new protections will protect many thousands of criminals who seek to do us great harm, physically or financially. They will protect those who desperately need to be stopped from lawful, authorized, and entirely necessary safety and security efforts. And they will make it impossible for police to access crucial information, even with a warrant.”
Representatives of Apple and Google didn’t immediately respond to requests for comments on Comey’s concerns.
FCC Mandates Text-To-911
August 19, 2014 by admin
Filed under Around The Net
Comments Off on FCC Mandates Text-To-911
The U.S. Federal Communications Commission voted last week to require U.S. mobile carriers and many text-messaging apps to support functionality that allows texting emergency dispatch centers, even after questions about whether the centers will be ready by the deadline.
The commission’s vote requires U.S. mobile carriers and some texting apps to put emergency text-to-911 functionality in place by the end of the year.
Even though the nation’s four largest mobile carriers have all added text-to-911 functionality this year, less than 2 percent of the nation’s 6,800 emergency dispatch centers are ready to receive texts, said Commissioner Ajit Pai. The commission’s action will give smartphone users the impression they can send text to emergency responders, when many will not be able to, he said.
The FCC’s action “encourages the public to dive into text-to-911 functionality, when in reality, there’s hardly any water in the pool,” Pai said. “The order is sure to result in massive consumer confusion, and therefore will endanger, rather than advance, public safety.”
FCC Chairman Tom Wheeler applauded the largest mobile carriers — Verizon Wireless, AT&T, Sprint and T-Mobile USA — for adding text-to-911 functionality. The agency needs to push other carriers and emergency dispatch centers, called public-safety answering points or PSAPs, to do the same, he added.
“A lot of time of has passed since [the four largest] carriers stepped up and did something voluntarily, and the other carriers serving the consumers of America did not,” he said. “If you don’t step up to your responsibility, we will.”
Smartphone users should still call 911 if possible, but text-to-911 services need to be more widely available, Wheeler said.
The adoption of text-to-911 will let smartphone users contact police and other emergency responders when it’s not safe to talk on the phone, Wheeler said. It will also aid people with hearing or speech disabilities, he noted.
“Texting is now as important a function on a mobile device as talking,” Wheeler said. “Some of those text messages are cries for help.”
Verizon Wants Dish’s Spectrum
July 3, 2014 by admin
Filed under Around The Net
Comments Off on Verizon Wants Dish’s Spectrum
Verizon Communications Inc unit Verizon Wireless is in hot pursuit of satellite-TV operator Dish Network Corp’s spectrum to improve wireless internet speeds, the New York Post reported, citing sources familiar with the matter.
The two companies have held informal, early talks about the spectrum, the report said.
In May, Verizon Communications Chief Executive Lowell McAdam shot down rumors that the company was in potential merger talks with Dish.
Federal Communications Commission Chairman Tom Wheeler has proposed restrictions on how much the biggest wireless carriers can bid for in a major auction of TV spectrum scheduled for mid-2015.
A possible merger between Sprint Corp and T-Mobile US Inc could prompt U.S. regulators to rewrite rules they are now considering for the auction.