Sign up for our Technology Newsletter 
Swift To Focus More On Security
June 6, 2016 by admin
Filed under Around The Net
Comments Off on Swift To Focus More On Security
The SWIFT secure messaging service that underpins international banking announced that it will launch a new security program as it fights to rebuild its reputation in the wake of the Bangladesh Bank heist.
The Society for Worldwide Interbank Financial Telecommunication (SWIFT)’s chief executive, Gottfried Leibbrandt, told a financial services conference in Brussels that SWIFT will launch a five-point plan later this week.
Banks send payment instructions to one another via SWIFT messages. In February, thieves hacked into the SWIFT system of the Bangladesh central bank, sending messages to the Federal Reserve Bank of New York allowing them to steal $81 million.
The attack follows a similar but little-noticed theft from Banco del Austro in Ecuador last year that netted thieves more than $12 million, and a previously undisclosed attack on Vietnam’s Tien Phong Bank that was not successful.
The crimes have dented the banking industry’s faith in SWIFT, a Belgium-based co-operative owned by its users.
The Bangladesh Bank hack was a “watershed event for the banking industry”, Leibbrandt said.
“There will be a before and an after Bangladesh. The Bangladesh fraud is not an isolated incident … this is a big deal. And it gets to the heart of banking.”
SWIFT wants banks to “drastically” improve information sharing, to toughen up security procedures around SWIFT and to increase their use of software that could spot fraudulent payments.
SWIFT will also provide tighter guidelines that auditors and regulators can use to assess whether banks’ SWIFT security procedures are good enough.
Leibbrandt again defended SWIFT’s role, saying the hacks happened primarily because of failures at users. “Many of the less protected banks are in countries were skills are really scarce,” he said, pointing the finger at providers of services to banks.
“We will have to create an ecosystem of providers and partners, for example by introducing certification requirements for third-party providers,” he said.
Courtesy-http://www.thegurureview.net/uncategorized/swift-to-implement-new-security-program-after-recent-hacking.html
Twitter’s Authentication Has Vulnerabilities
June 6, 2013 by admin
Filed under Around The Net
Comments Off on Twitter’s Authentication Has Vulnerabilities
Twitter’s SMS-based, two-factor authentication feature could be abused to lock users who have not enabled it for their accounts if attackers gain access to their log-in credentials, according to researchers from Finnish antivirus vendor F-Secure.
Twitter introduced two-factor authentication last week as an optional security feature in order to make it harder for attackers to hijack users’ accounts even if they manage to steal their usernames and passwords. If enabled, the feature introduces a second authentication factor in the form of secret codes sent via SMS.
According to Sean Sullivan, a security advisor at F-Secure, attackers could actually abuse this feature in order to prolong their unauthorized access to those accounts that don’t have two-factor authentication enabled. The researcher first described the issue Friday in a blog post.
An attacker who steals someone’s log-in credentials, via phishing or some other method, could associate a prepaid phone number with that person’s account and then turn on two-factor authentication, Sullivan said Monday. If that happens, the real owner won’t be able to recover the account by simply performing a password reset, and will have to contact Twitter support, he said.
This is possible because Twitter doesn’t use any additional method to verify that whoever has access to an account via Twitter’s website is also authorized to enable two-factor authentication.
When the two-factor authentication option called “Account Security” is first enabled on the account settings page, the site asks users if they successfully received a test message sent to their phone. Users can simply click “yes,” even if they didn’t receive the message, Sullivan said.
Instead, Twitter should send a confirmation link to the email address associated with the account for the account owner to click in order to confirm that two-factor authentication should be enabled, Sullivan said.
As it is, the researcher is concerned that this feature could be abused by determined attackers like the Syrian Electronic Army, a hacker group that recently hijacked the Twitter accounts of several news organizations, in order to prolong their unauthorized access to compromised accounts.
Some security researchers already expressed their belief that Twitter’s two-factor authentication feature in its current implementation is impractical for news organizations and companies with geographically dispersed social media teams, where different employees have access to the same Twitter account and cannot share a single phone number for authentication.
Twitter did not immediately respond to a request for comment regarding the issue described by Sullivan.
Microsoft Gives Money To Hackers
Microsoft has given out more than $250,000 in prize money to Black Hat hackers who found ways to protect its software. Redmond’s first Blue Hat prize were unveiled at a hip club at a mobbed party complete with dancers, high-energy DJ, and explosions of shimmering confetti.
The top prize of $200,000 went to doctoral student Vasilis Pappas. Pappas came up with a method to countering “the most popular attack technique” that Redmond is seeing at the moment. This is called Return-Oriented Programming which is a hacker technique that is often used to disable or circumvent a program’s computer security controls. Pappas came up with something called kBouncer which blocks anything that looks like an ROP attack from running.
Microsoft security response center senior director Mike Reavey said that Redmond posed a challenge to the researcher community and asked them to shift their focus from solely identifying and reporting individual vulnerabilities to investing in new lines of defensive research that could mitigate entire classes of attacks.
Download Defense Added To Chrome Browser
Comments Off on Download Defense Added To Chrome Browser
Google has updated Chrome to version 12, adding a new feature that warns users when they’ve downloaded files from dangerous Web sites.
New to Chrome 12 is a tool that flags questionable files pulled from the Web. Chrome now shows an alert when users download some file types from sites that are on the Safe Browsing API (application programming interface) blacklist, which Google maintains.
The messages reads: “This file is malicious. Are you sure you want to continue?” If they wish, users can ignore the warning and install the file on their system’s hard drive.
“This warning will be displayed for any download URL that matches the latest list of malicious websites published by the Safe Browsing API,” said Google last April when it debuted the feature in an earlier edition of Chrome.
Safe Browsing already identifies suspicious or unsafe sites, then adds them to a blacklist. Chrome, Mozilla’s Firefox and Apple’s Safari all tap into Safe Browsing to warn users of risky sites before they actually visit them.
Google SEARCH Goes SSL
Google is finally taking privacy seriously to a degree by offering its users a secure form of searching while using Google Search. Moving forward users will have the opportunity to enable SSL (Secure Socket Layer) for added security. Be advised, the service will only cover the Google search and clicks made through Google to other non-secured sites will be visible.
Microsoft Delivers Massive Security Updates
Comments Off on Microsoft Delivers Massive Security Updates
Microsoft today patched a whopping 64 vulnerabilities in Windows, Office, Internet Explorer (IE), and other software, including 30 bugs in the Windows kernel device driver and one in IE that was exploited at the Pwn2Own hacking contest last month.
The company also delivered a long-discussed “backport” to Office 2003 and Office 2007 that brings one of the newer security features in Office 2010 to the older editions.
The 17 updates, which Microsoft dubs “bulletins,” tied a record set late last year, but easily beat the October 2010 mark for the total number of flaws they fixed. Altogether, today’s updates patched 64 vulnerabilities, 15 more than in October and 24 more than in the former second-place collection of December 2010.
Nine of the 17 bulletins were pegged “critical,” Microsoft’s highest threat ranking, while the remainder were marked “important,” the next-most-serious label.
Microsoft and virtually every security expert pegged several updates that users should download and install immediately.
“There are three we think are top priorities,” said Jerry Bryant, group manager with the Microsoft Security Response Center (MSRC), in an interview earlier today. Bryant tagged MS11-018, MS11-019 and MS11-020 as the ASAP updates.
Google Employees May Get Xoom Tablets
March 4, 2011 by admin
Filed under Around The Net
Comments Off on Google Employees May Get Xoom Tablets
Google employees may be getting new tablets, Motorola’s CEO said earlier in the week.
Speaking at a Morgan Stanley conference, Motorola CEO Sanjay Jha said it’s clear that his company’s focus on enterprise is paying off in that it is having conversations with companies wishing to buy tens of thousands of tablets. Motorola last week began offering its Xoom tablet, the first to run the Honeycomb version of Android, which was developed specifically for tablet devices.
When asked why those enterprises are choosing to go with an Android tablet rather than Apple’s iPad, Jha joked: “One of them is Google so I think I understand why that is.” Google may be more inclined to buy tablets running its own Android software rather than a device from competitor Apple. Read More…