Posts tagged Security
[Video] An IT Security Guy Walks Into the Room …
Feb 8th
The biggest geeks in all of technology work in IT security. Sorry front-end mobile developers, cloud gurus, data center managers and do-it-yourself robot builders. Enterprise IT security is run by geeks that love to play cat and mouse with a good botnet, argue over the merits of Blue Coat versus AnchorFree and have a panic button programmed on their highly encrypted smartphones that goes straight to Symantec’s headquarters. These are the geek’s geek.
In honor of yesterday’s Safer Internet Day, we present a tribute to the IT security folks that keep most of us running during the day and from drowning in a sea of spam and malware. We know the “$#!& people say” meme is a little played out but feel mostly because there have been some really mediocre entries into the genre recently. The video below is sure to leave you giggling if you belong to the geeky group of IT security experts. Check it out.
Sponsor
Passwords. Damn those passwords. Why do people always come up with generic, terrible passwords to really important documents and accounts? Passwords are an IT security gurus nightmare because many people have generic, easily cracked, keys or do something profoundly idiotic like keep all their passwords on a sticky note next to their PCs.
A reminder to denizens of the Web: it is suggested you change your passwords at least twice a year. Or, you might end up like these guys:
The team over at Gazzang, a company that specializes in data and application security for the cloud, sent over this video on “$#!& IT Security Guys Say.” Knowing a lot about security professionals, this entry is spot on. Watch it below and let us know what you think in the comments.
View full post on ReadWriteWeb
Google Bouncer Security Tool Fights Android Malware
Feb 7th
Google said that since security system Bouncer has been operating, malware levels on the Android Market have gone down. The company noted that over the second half of 2011, malicious downloads had decreased by 40 percent.
View full post on Search Engine Watch – Latest
Google Plus Promotes Network and New Security Features to Young Teens and Parents
Jan 27th
On Thursday afternoon, Google+ announced that the rapidly growing social network is now available to teens ages 13 and up. Although minors can sign up for and use Google+, the social network also introduced new privacy and security changes designed to protect underage users. Bradley Horowitz, Google’s VP of products, said the following of the [...]
Follow SEJ on Twitter @sejournal
View full post on Search Engine Journal
[Infographic] Security Concerns Surround Mobile Payments and Coupons
Jan 26th
Legal firm Loeb & Loeb is full of thinkers. Its clients and attorneys know that the world is a fluid place and the technology sector dynamic and ever-changing. As part of its “Media MindShare” series, Loeb & Loeb has turned its attention to the digital marketplace to study what the dominant issues will be in 2012.
One of those issues is mobile commerce. That includes mobile payments and coupons as well as the security issues that inevitably will accompany the mobile commerce vertical. Are people really prepared to pay with their phones? What is holding them back? Check out the infographic from Loeb & Loeb below.
Sponsor
The infographic points out data reported by eMarketer that 35.6 million mobile phone users will use mobile coupons by 2013. But not all people are comfortable with mobile coupons. Nearly 52% of consumers are “not likely to use” mobile coupons, a study from Opus Research points out. This is due to in part to security worries people have over handing a cashier their phone and in other part due to concerns over the validity of the offers. Some people are outright embarrassed.
Another problem is the notion of data breaches. We have seen it many times with credit cards. Take the restaurant example. A waiter brings you your check. Without thinking, you pop your credit card into the book and the waiter comes back to swipe it at a terminal in back. But maybe that waiter is up to no good and has his own credit card reader in his pocket. He swipes the card through the restaurant’s POS terminal and then again on the reader in his pocket. He then has the card number and can do what he wants with it.
This has been a problem in Europe, though steps have been taken to eliminate the practice. As a former chef, I have seen waiter co-workers of mine get fired and arrested for the same practice. It happens.
Now, think about replacing the credit card with your smartphone. Are you really comfortable handing over a device that can contain very sensitive information over to a stranger, even if that person is standing right in front of you and not taking the device out of sight? To a certain extent, this is an irrational fear. The new era of mobile payments will likely mean that your phone never leaves your hand. POS systems set up with NFC or the ability for a cashier to scan your phone with a QR card reader means that you should never be handing your device over to anybody. Yet, the research says that people have security fears and that is a valid concern.
Check out the infographic below and let us know what your concerns are in the mobile payments space in the comments.
View full post on ReadWriteWeb
Google Launches QR Code-Based Login Security Measure
Jan 16th
Google has released a new way to securely log into Google accounts on public computers. Using a smartphone, scan the QR code generated at accounts.google.com/sesame. The Google login prompt will appear on your phone, and logging in there will log you into a session on the desktop.
This prevents the user from having to type sensitive login credentials into a public machine, which could be compromised with keylogging software. The new QR code feature is an alternative to Google’s 2-step verification. This generates a unique short code on your mobile, which you must input for each desktop login, using the presence of your phone as a form of identification.
Sponsor
Adoption of QR codes is a slow-growing oddity. The last study we saw indicated that 5% of U.S. adults have scanned the 2D bar codes with their smartphones. QR codes allow us to put hyperlinks anywhere in the real world. We’ve seen some neat use cases, such as a project to put QR links to Wikipedia entries on their corresponding real-world places. But most of the current use of QR codes is in pretty mundane marketing campaigns, and lots of people find them inscrutable.
Google’s use of QR codes as a security feature is much more compelling than a Cheetos ad. Android users can use Google Goggles, and iOS users can use the free Google Search app. If you choose to use sesame to log in to your Google account, PC World has some great security tips.
If you’re logging in on a computer using public Wi-Fi, it’s safer to use the cellular data network on your phone, so packet sniffers can’t catch the whole exchange. Also, make sure the site on the desktop uses a secure HTTPS connection from the real google.com domain, or else you’re on the wrong site, and you shouldn’t enter your account information.
Once again, the QR-based login is available at accounts.google.com/sesame.
View full post on ReadWriteWeb
Cartoon: Ways to Improve Cloud Security
Jan 15th
We continue our series of cartoons from Cloudville, that mythical but somewhat familiar place where the laws of IT don’t quite seem to apply. This week we take another look at cloud security, and it reminds me of Doc Searls buzzword generator that you can find here if you want even more humor in your life.
Sponsor
(click to enlarge)
SHI Cloud CLOUDVILLE Cartoon by Dave Blazek is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License. Based on a work at blog.shicloud.com.
View full post on ReadWriteWeb
White House Strangles SOPA, Citing Censorship, Security Concerns
Jan 14th
In a statement on behalf of the Obama administration this morning, a trio of senior officials including the nation’s Chief Technology Officer made clear that any anti-piracy legislation passing the President’s desk would not create risks of censorship, nor would it condone any alterations to the Internet’s domain name system that could invite security dangers.
The statement, which lists all three anti-piracy bills currently under discussion – the PROTECT-IP and OPEN bills in the Senate, and the SOPA bill in the House – is a loud warning shot indicating the President’s lack of support, and likely veto, of any legislation that requires tampering with the structure of the Internet to enable enforcement.
Sponsor
The statement was issued just after 8:00 am ET, and was signed by Office of Management and Budget IP Enforcement Coordinator Victoria Espinel, U.S. Chief Technology Officer Aneesh Chopra, and National Security Staff Cybersecurity Coordinator Howard Schmidt. It comes in response to two online petitions created on the Whitehouse.gov Web site urging the President to veto SOPA “and any other future bills that threaten to diminish the free flow of information.”
The statement, in its entirety, reads as follows:
Thanks for taking the time to sign this petition. Both your words and actions illustrate the importance of maintaining an open and democratic Internet.
Right now, Congress is debating a few pieces of legislation concerning the very real issue of online piracy, including the Stop Online Piracy Act (SOPA), the PROTECT IP Act, and the Online Protection and Digital ENforcement Act (OPEN). We want to take this opportunity to tell you what the Administration will support–and what we will not support. Any effective legislation should reflect a wide range of stakeholders, including everyone from content creators to the engineers that build and maintain the infrastructure of the Internet.
While we believe that online piracy by foreign websites is a serious problem that requires a serious legislative response, we will not support legislation that reduces freedom of expression, increases cybersecurity risk, or undermines the dynamic, innovative global Internet.
Any effort to combat online piracy must guard against the risk of online censorship of lawful activity and must not inhibit innovation by our dynamic businesses large and small. Across the globe, the openness of the Internet is increasingly central to innovation in business, government, and society and it must be protected. To minimize this risk, new legislation must be narrowly targeted only at sites beyond the reach of current U.S. law, cover activity clearly prohibited under existing U.S. laws, and be effectively tailored, with strong due process and focused on criminal activity. Any provision covering Internet intermediaries such as online advertising networks, payment processors, or search engines must be transparent and designed to prevent overly broad private rights of action that could encourage unjustified litigation that could discourage startup businesses and innovative firms from growing.
We must avoid creating new cybersecurity risks or disrupting the underlying architecture of the Internet. Proposed laws must not tamper with the technical architecture of the Internet through manipulation of the Domain Name System (DNS), a foundation of Internet security. Our analysis of the DNS filtering provisions in some proposed legislation suggests that they pose a real risk to cybersecurity and yet leave contraband goods and services accessible online. We must avoid legislation that drives users to dangerous, unreliable DNS servers and puts next-generation security policies, such as the deployment of DNSSEC, at risk.
Let us be clear–online piracy is a real problem that harms the American economy, threatens jobs for significant numbers of middle class workers and hurts some of our nation’s most creative and innovative companies and entrepreneurs. It harms everyone from struggling artists to production crews, and from startup social media companies to large movie studios. While we are strongly committed to the vigorous enforcement of intellectual property rights, existing tools are not strong enough to root out the worst online pirates beyond our borders. That is why the Administration calls on all sides to work together to pass sound legislation this year that provides prosecutors and rights holders new legal tools to combat online piracy originating beyond U.S. borders while staying true to the principles outlined above in this response. We should never let criminals hide behind a hollow embrace of legitimate American values.
This is not just a matter for legislation. We expect and encourage all private parties, including both content creators and Internet platform providers working together, to adopt voluntary measures and best practices to reduce online piracy.
So, rather than just look at how legislation can be stopped, ask yourself: Where do we go from here? Don’t limit your opinion to what’s the wrong thing to do, ask yourself what’s right. Already, many members of Congress are asking for public input around the issue. We are paying close attention to those opportunities, as well as to public input to the Administration. The organizer of this petition and a random sample of the signers will be invited to a conference call to discuss this issue further with Administration officials and soon after that, we will host an online event to get more input and answer your questions. Details on that will follow in the coming days.
Washington needs to hear your best ideas about how to clamp down on rogue websites and other criminals who make money off the creative efforts of American artists and rights holders. We should all be committed to working with all interested constituencies to develop new legal tools to protect global intellectual property rights without jeopardizing the openness of the Internet. Our hope is that you will bring enthusiasm and know-how to this important challenge.
Moving forward, we will continue to work with Congress on a bipartisan basis on legislation that provides new tools needed in the global fight against piracy and counterfeiting, while vigorously defending an open Internet based on the values of free expression, privacy, security and innovation. Again, thank you for taking the time to participate in this important process. We hope you’ll continue to be part of it.
The statement indicates outright support for the position put forth by the petitioners, and suggests it would be their recommendation to the President as well that anti-piracy legislation in its current form should be vetoed.
That President Obama himself has not made a statement is probably intended to help him preserve his official position as against online piracy. However, this recommendation will very likely be heeded, and this move may slow, if not halt, any legislative activity on this matter for the remainder of this term in the Senate. In the House, which remains under Republican control, the SOPA bill (minus the court order provision that constituted its main enforcement provision) may still be voted on, but the chances of it facing reconciliation with a Senate version of the same bill are now extremely minimal.
An imminent show of dissent from the Administration against current anti-piracy legislation would likely have been the trigger for Sen. Patrick Leahy’s (D – Vt.) decision Thursday to remove the court order provision from his PROTECT-IP bill. That led to Rep. Lamar Smith’s decision Friday to remove the corresponding provision from his SOPA bill.
View full post on ReadWriteWeb
OpenDNS Adds Encrypted Security Today
Dec 6th
OpenDNS announced a technology preview today for Macs running their DNS services called DNSCrypt. Think of this as doing for the DNS protocol what HTTPS does for the Web protocols. Like its mainline service, it is freely available, and Windows and Linux versions are promised for next year. You can download the code here for the Mac OS. They will eventually post all of their code on GitHub for public scrutiny.
Sponsor
DNSCrypt solves one critical flaw in the DNS process: the ability to snoop as a “man in the middle” of a conversation between two computers, because it encrypts all DNS traffic between your computer and the Internet. This is a real concern, and there have been several exploits lately that took advantage of DNS requests, because the vast majority of them are issued in the clear. (Just like most emails.)
The version of DNSCrypt that is available is a “preview” meaning that it could have problems in daily use. We haven’t yet tried it.
DNSCrypt isn’t the only game in town, and for years an effort called DNSSEC has been trying to take hold for increased DNS security. DNSSEC solves a larger problem: not only does it provided an encrypted channel, but also adds authentication and a chain of trust to ensure that the expected DNS record hasn’t been tampered with. They can be used together. Sadly, few sites have implemented it to date.
“In theory, the user can just run their own DNS server on their own machine with DNSSEC enabled, and be protected,” says Paul Mockapetris, the inventor of DNS and now the chief scientist with Nominum, a DNS supplier. “But in practice, a variety of last mile, performance, and code readiness issues deter all but die-hard end users from doing so.” Mockapetris says that DNSCrypt “probably doesn’t add much for the enterprise user who is sitting at his desk, but could be huge for an enterprise user who is using an open hotspot in some random wine bar in a foreign country or an ancient WiFi system in some hotel that lets one guest see another guest’s traffic.” Given the number of hotels that I have stayed at that have open networks, I would say this is a real issue. (See my suggestion here for closing your file shares when you travel.)
“It would have been better to have the DNSSEC designers bite the bullet and insist on and design for end-to-end DNSSEC, but until then DNSCrypt is an idea whose time has come,” he says.
View full post on ReadWriteWeb
Search In Pics: Android Wedding, Yahoo Security & Google Clouds
Nov 18th
In this week’s Search In Pictures, here are the latest images culled from the web, showing what people eat at the search engine companies, how they play, who they meet, where they speak, what toys they have, and more. Yahoo Security Trucks: Matt Cutts Answering Questions At PubCon: Google…
Please visit Search Engine Land for the full article.
View full post on Search Engine Land: News & Info About SEO, PPC, SEM, Search Engines & Search Marketing
