Sign up for our Technology Newsletter 
Twitter To Revive Tweets
January 11, 2016 by admin
Filed under Around The Net
Comments Off on Twitter To Revive Tweets
Right on the heels of the first U.S. presidential primaries and caucuses, a popular archive of sometimes-misguided or embarrassing tweets that have been deleted by politicians and their staff has been resurrected by Twitter.
Politwoops had been a popular social media destination for political junkies and others looking to unearth social media gaffes by politicians.
But in a move widely lambasted by open-government advocates, Twitter effectively shuttered Politwoops last summer when it revoked access to its interface by the government accountability watchdog, the Sunlight Foundation, that had developed the tool and had been publishing the tweets.
On Thursday, Twitter said it had reached a deal with Sunlight and another organization, the Open State Foundation, to restore the tool.
“Politwoops is an important tool for holding our public officials, including candidates and elected or appointed public officials, accountable for the statements they make, and we’re glad that we’ve been able to reach an agreement with Twitter to bring it back online both in the U.S. and internationally,” said Jenn Topper, communications director for The Sunlight Foundation.
While the announcement was a victory for government-transparency advocates, it could prove to be a setback for politicians hoping to avoid the social media rumpus that can accompany an ill-timed tweet or misconstrued online musing.
The deal comes as the clock ticks closer to the first vote casting in the 2016 U.S. presidential campaign. The Iowa caucuses will take place on Feb. 1, followed by the first primary in New Hampshire on Feb. 9.
Source-http://www.thegurureview.net/aroundnet-category/twitter-to-revived-archived-deleted-tweets-of-politicians.html
Was WordPress Compromised Again?
The service set up by WordPress to better support WordPress has failed users by suffering a security breach and behaving just like the rest of the internet.
WordPress, and its themes, are often shone with the dark light of the security vulnerability, but we do not hear of WP Engine often. Regardless of that, it seems to do good business and is reaching out to those that it does business with to tell them what went wrong and what they need to do about it.
A reasonable amount of threat mitigation is required, and if you are affected by the issue you are going to have to change your password – again, and probably keep a cautious eye on the comings and goings of your email and financial accounts.
“At WP Engine we are committed to providing robust security. We are writing today to let you know that we learned of an exposure involving some of our customers’ credentials. Out of an abundance of caution, we are proactively taking security measures across our entire customer base,” says the firm in an urgent missive on its web pages.
“We have begun an investigation, however there is immediate action we are taking. Additionally, there is action that requires your immediate attention.”
That action, is probably to panic in the short term, and then to change your password and cancel out any instances of its re-use across the internet. You know the drill, this is a daily thing right. Judging by the WordPress statement we are in the early days of internal investigation.
“While we have no evidence that the information was used inappropriately, as a precaution, we are invalidating the following five passwords associated with your WP Engine account,” explains WordPress as it reveals the sale of its – actually, your, problem. “This means you will need to reset each of them.”
Have fun with that.
Courtesy-TheInq
Dyreza Trojan Targeting Windows 10
An infectious banking trojan has been updated so that it supports financial mayhem on the freshly baked Windows 10 operating system and supporting Microsoft Edge browser.
Microsoft reckons that Windows 10 is installed on over 100 million machines, and this suggests prime picking for people who deploy banking trojans, not to mention the fact that most people will still be getting used to the software and its services and features.
The newest edition to the Windows 10 spectrum is a variant of the Zeus banking malware known as Dyreza. It is related to Dyre, a threat that we reported on earlier this year.
The warning at the time was that as many as one in 20 online banking users could be exposed to the threat, and things look as bad this time around. Heimdal Security said in a blog post that the malware has been strengthened in scale and capability.
“The info-stealer malware now includes support for Windows 10. This new variant can also hook to Microsoft Edge to collect data and then send it to malicious servers,” said the post.
“Moreover, the new Dyreza variant kills a series of processes linked to endpoint security software in order to make its infiltration in the system faster and more effective.”
The threat already has a footprint, and the people behind it have increased it. Heimdal said that, once Dyreza is done with your bank account, it will move you into position on a botnet. The firm estimates that this botnet is currently 80,000-strong.
“By adding support for Windows 10, the Dyreza malware creators have cleared their way to growing the number of infected PCs in their botnet. This financial trojan doesn’t only drain the infected computers of valuable data, it binds them into botnets,” said Heimdal.
Source- http://www.thegurureview.net/computing-category/dyreza-trojan-appears-to-be-targeting-windows-10.html
Is The Shifu Trojan Wreaking Havoc In Japan?
Comments Off on Is The Shifu Trojan Wreaking Havoc In Japan?
Security research has found a banking trojan called Shifu that is going after Japanese financial firms in a big way.
Shifu is described as “masterful” by IBM X-Force, and is named after the Japanese word for thief, according to the firm. It is also the Chinese word for skilled person, or tutor.
X-Force said in a blog post that the malware has been active since the early summer, and comprises a number of known tools like Dyre, Zeus and Dridex. It has been put together by people who know what they are doing, and sounds like a significant problem for the 20 institutions it is targeting.
“The Shifu trojan may be a new beast, but its inner workings are not entirely unfamiliar. The malware relies on a few tried-and-true trojan mechanisms from other infamous crimeware codes,” said the IBM researchers.
“It appears that Shifu’s internal makeup was composed by savvy developers who are quite familiar with other banking malware, dressing Shifu with selected features from the more nefarious of the bunch.”
The Shifu package offers a range of attack features as well as clean-up tools to cover its tracks. It reads like a Now that’s what I call … recent attacks compilation CD, and has some oldies but baddies.
“Shifu wipes the local System Restore point on infected machines in a similar way to the Conficker worm, which was popular in 2009,” added the firm as one example.
The package can wreak havoc on companies and their users. If we had a bucket of damp sand we would pour it all over Shifu and stamp on it.
“This trojan steals a large variety of information that victims use for authentication purposes. For example, it keylogs passwords, grabs credentials that users key into HTTP form data, steals private certificates and scrapes external authentication tokens used by some banking applications,” said IBM.
“These elements enable Shifu’s operators to use confidential user credentials and take over bank accounts held with a large variety of financial service providers.
“Shifu’s developers could be Russian speakers or native to countries in the former Soviet Union. It is also possible that the actual authors are obfuscating their true origin, throwing researchers off by implicating an allegedly common source of cybercrime.”
Source-http://www.thegurureview.net/computing-category/is-the-shifu-trojan-wreaking-havoc-in-japan.html
Dropbox Beefs Up Security
August 25, 2015 by admin
Filed under Around The Net
Comments Off on Dropbox Beefs Up Security
Two-factor authentication is widely regarded as a best practice for security in the online world, but Dropbox has announced a new feature that’s designed to make it even more secure.
Whereas two-step verification most commonly involves the user’s phone for the second authentication method, Dropbox’s new U2F support adds a new means of authenticating the user via Universal 2nd Factor (U2F) security keys instead.
What that means is that users can now use a USB key as an additional means to prove who they are.
“This is a very good advancement and adds extra security over mobile notifications for two-factor authentication,” said Rich Mogull, Securosis CEO.
“Basically, you can’t trick a user into typing in credentials,” Mogull explained. “The attacker has to compromise the exact machine the user is on.”
For most users, phone-based, two-factor authentication is “totally fine,” he said. “But this is a better option in high-security environments and is a good example of where the FIDO standard is headed.”
Security keys provide stronger defense against credential-theft attacks like phishing, Dropbox said.
“Even if you’re using two-step verification with your phone, some sophisticated attackers can still use fake Dropbox websites to lure you into entering your password and verification code,” the company explained in a blog post. “They can then use this information to access your account.”
Security keys, on the other hand, use cryptographic communication and will only work when the user is signing in to the legitimate Dropbox website.
Dropbox users who want to use the new feature will need a security key that follows the FIDO Alliance’s Universal 2nd Factor (U2F) standard. That U2F key can then be set up with the user’s Dropbox account along with any other U2F-enabled services, such as Google.
Can Oracle Make Money Off Android?
Database outfit Oracle’s moves to try and copyright APIs appear to be part of an attempt for Oracle to make money on Android.
Oracle has asked a U.S. judge for permission to update its copyright lawsuit against Google to include the Android which it claims contains its Java APIs.
Oracle sued Google five years ago and is seeking roughly $1 billion in copyright claims if it manages to convince a court that its APIs are in Android it could up the damages by several billions.
Oracle wrote in a letter to Judge William Alsup on Wednesday that the record of the first trial does not reflect any of these developments in the market, including Google’s dramatically enhanced market position in search engine advertising and the overall financial results from its continuing and expanded infringement.
Last month, the US Supreme Court upheld an appeals court’s ruling that allows Oracle to seek licensing fees for the use of some of the Java language. Google had said it should use Java APIs without paying a fee.
Will Cortana Impact Windows 10 Battery Life?
Comments Off on Will Cortana Impact Windows 10 Battery Life?
It is just over a month until Microsoft introduces Windows 10, and as you should know by now, Cortana is one of the key elements of the new OS.
Cortana always listens in order to hear its name and be a smart digital assistant. This is Microsoft answer to Siri and Google Now that is making its way to Windows 10.
Unfortunately, this will affect your notebook battery life. We have spoken with a few industry sources and we can definitely confirm that Windows 10 with enabled Cortana will have an impact on the battery life. We are testing this as we speak to check how big the impact is.
We don’t know how significant the battery life decrease will be, but the good thing is that you will be able to switch Cortana off in case you don’t need it. We heard that many new Toshiba notebooks will come with a dedicated Cortana button, as this is the easiest way to save battery life. Cortana on Toshiba won’t listen until you press the button.
It would be smart if Microsoft would come up with Cortana enable / disable keyboard shortcut. Win + Q will enable Cortana news while Win + S will bring you directly to the Cortana search engine.
Windows 10 seems to be a logical upgrade for anyone who has Windows 8.1 on their notebooks and misses the options from Windows 7, and some familiar UI elements. We use Windows 8.1 on some devices, while most of our computers still have Windows 7 and nothing more. Microsoft DirectX 12 will force us to Windows 10 but from what awe can tell from Preview release, the upgrade to Windows 10 from with 7 seems like quite seamless and logical step.
Just make sure to be aware that your notebook battery life might suffer because of Cortana. Have in mind that this “talk to your PC and expect a smart answer” option can be disabled.
Cisco Warns Of Bug In Virtual App
Cisco has warned of a default Secure Shell vulnerability in three of its virtual applications.
The flaw could allow attackers to decrypt traffic exchanged in the services, and has been detailed in a Cisco security advisory.
It affects Cisco’s Web Security Virtual Appliance (SMAv), Email Security Virtual Appliance and Security Management Virtual Appliance, which are already commercially available.
Cisco said that it “is not aware of any public announcements or malicious use of the vulnerabilities”, but warned that attackers who got hold of the private keys could decrypt communications with a man-in-the-middle attack.
The default private encryption keys were preinstalled on all three of the products, a move which is considered bad security practice.
“Successfully exploiting this vulnerability on Cisco SMAv allows an attacker to decrypt communication toward SMAv, impersonate SMAv, and send altered data to a configured content appliance,” the advisory said.
“An attacker can exploit this vulnerability on a communication link toward any content security appliance that was ever managed by any SMAv.”
Cisco has released a patch which deletes the preinstalled SSH keys and explains how customers can correct the problem.
The Cisco-sa-20150625-ironport SSH Keys Vulnerability Fix comes as part of several product upgrades, and must be manually installed from a command line interface.
Cisco’s advisory said that the patch is not required for physical hardware appliances, or for virtual appliance downloads or upgrades after 25 June.
Cisco revealed details of a new point of sale attack earlier this year that could part firms from money and customers from personal data.
The threat, called PoSeidon by the Cisco team, came at a time when eyes were on security breaches at firms like Target.
Cisco said in a blog post that PoSeidon is a threat that has the ability to breach machines and scrape them for credit card information.
LinkedIn Acquires Startup Refresh
April 16, 2015 by admin
Filed under Around The Net
Comments Off on LinkedIn Acquires Startup Refresh
In a move that could produce even more automated suggestions and tips for LinkedIn users, the professional network has purchased California startup Refresh, the maker of an app that gathers news and insights about participants in meetings.
Launched three years ago, Refresh is designed to be a “digital briefing book” that can call up online information related to people that users are scheduled to meet. The information can be anything from blog posts, news articles or Facebook posts to personal notes or favorite sports teams.
The Refresh mobile and desktop app is aimed at helping people relate to one another more quickly, but it can also be used to refresh one’s memory when running into acquaintances unexpectedly.
The details of the deal were not disclosed. Refresh has stopped taking on new users and its app will shut down April 15.
“Refresh has surfaced insights associated with hundreds of millions of meetings, and has been central to countless connections and closed deals,” co-founder Bhavin Shah wrote on the Refresh blog in announcing the deal.
LinkedIn already has an app called Connected that was somewhat of a rival to Refresh. It can log the people users have met and offer updates and information about interests shared with “connections,” which are acquaintances in the LinkedIn lingo. It’s unclear whether Refresh features will be added to Connected or the LinkedIn website itself.
“Our team will focus its efforts on providing LinkedIn members with more insights to help them better do their jobs,” Shah wrote.
Can Android AT Work Entice The Enterprise?
March 9, 2015 by admin
Filed under Around The Net
Comments Off on Can Android AT Work Entice The Enterprise?
Google Inc rolled out an initiative to make smartphones running its Android software more appealing to corporations, a move that could help extend the Internet technology giant reach into workplaces.
Google said on its official blog that its Android for Work program will provide improved security and management features for corporations that want to give their employees Android smartphones. Smartphones supported by the new initiative will be able to keep an employee’s work and personal apps separate, and a special Android for Work app will allow businesses to oversee key tools such as email, calendar and contacts.
Google said it is partnering with more than two dozen companies including Blackberry Ltd, Citrix Systems Inc, Box Inc.
Google’s Android software is the world’s most popular mobile operating system, but many corporations, which have significant security and device management requirements, give their employees smartphones made by Blackberry or Apple Inc.