Posts tagged Security

Obama To Propose National Data Security Policy

If your credit card or personal data is compromised, it should be the law for companies to let you know. On Monday, President Obama will call for legislation to make it happen.

The Personal Data Notification and Protection Act would ensure that American companies quickly and succinctly inform customers about data breaches according to an established national standard for dealing with just that. The President will call for companies to inform consumers within a deadline of 30 days, White House officials said Sunday.

See also: Box And Dropbox Are Going To War Over Corporate Data Security

The President’s speech, which is scheduled for Monday at the Federal Trade Commission, will also propose the Student Data Privacy Act, which would prevent technology companies from selling the data they collect from schools as teachers increasingly utilize laptops, tablets, and software for their curriculums.

Currently, an uneven range of state laws are in place to protect people from technological data breaches and privacy overreach, something the President is expect to say is insufficient where a consistent national standard could address citizen’s concerns.

“As cybersecurity threats and identity theft continue to rise, recent polls show that nine in 10 Americans feel they have in some way lost control of their personal information—and that can lead to less interaction with technology, less innovation and a less productive economy,” said a White House briefing document on the proposed legislation.

Photo via  Everett Collection / Shutterstock

View full post on ReadWrite

UK Is Ready For Apple Pay, But Security Remains A Concern

Apple Pay is set to travel across the pond to the United Kingdom in the first half of 2015. However, the Telegraph reports that one of the UK’s biggest banks is concerned about “the amount of personal and financial information Apple wants to collect about its customers.”

The bank’s objection goes against Apple executive Eddy Cue’s insistence that “we are not in the business of collecting your data,” as he announced at the keynote in September. Cue explained that during and after an Apple Pay transaction, “Apple doesn’t know what you bought, where you bought it, or how much you paid for it.”

Of course, it wouldn’t be the first time Apple has given reason for users to be concerned about security. In September, a major photo theft revealed vulnerabilities in Apple’s iCloud security.

See also: Apple To Increase iCloud Security Following Celebrity Photo Theft

The UK bank may be stalling, but the Telegraph reports that sources say “no major bank will want to miss out on Apple Pay,” given the amount of success it has had in the United States. Even if consumers still have cold feet, companies certainly do not. As of mid December, Apple Pay supported 90% of U.S. credit cards in terms of purchase volume.

Screenshot of Apple Pay via September Apple keynote

View full post on ReadWrite

SEO poisoning campaign ensares several thousand websites, security expert finds – SC Magazine


SC Magazine
SEO poisoning campaign ensares several thousand websites, security expert finds
SC Magazine
The attack method, called SEO poisoning, was observed by Jay Wind, an Arlington, Va.-based webmaster who manages several non-profit and business sites. In September, he first stumbled across the issue after seeing numerous GoDaddy domains being …

View full post on SEO – Google News

Box Matches Dropbox With New Security Partnerships

Cloud storage and file-sharing company Box announced Box Trust, an initiative that includes a partnership with several computer security companies and the launch of an application designed for enterprise customers.

The Tuesday announcement, of which there were whisperings last week, comes days after competitor Dropbox unleashed its new Dropbox for Business API, also in partnership with several companies, also aimed at increasing the security of its cloud.

The Box Trust consists of 19 different companies, including Splunk, Symantec, and OpenDNS. The partnerships come with the goal of each company making Box more secure and therefore attractive to more corporate customers.

See also: Box And Dropbox Are Going To War Over Corporate Data Security

“Our partnership with the security ecosystem is incredibly important to the successful delivery of Box into the enterprise, and our work here is just beginning,” wrote Box CEO Aaron Levie in a blog post about Box Trust.

Each of the partners brings something different to the table.

“We are excited to be a founding partner in the Box Trust security initiative to bring our Data Loss Prevention (DLP) technology to Box customers,” said Chandra Rangan, vice president, product marketing, Symantec, in a Box press release. “With data in the cloud quickly becoming ubiquitous, we share a common mission and responsibility to make access, sharing and collaboration within and across organizations safe and secure.”

A more tangible representation of this new emphasis on cloud security comes in the form of a new mobile app for iOS and Android, Box for Enterprise Mobility Management. The app is designed for Box Enterprise users, and allows businesses greater control over their mobile cloud use. Box for EMM can be wiped remotely. 

View full post on ReadWrite

Box And Dropbox Are Going To War Over Corporate Data Security

On Wednesday, Dropbox plans to unveil a new API (see our API explainer) intended to let large corporate clients tie third-party security tools into Dropbox ‘s cloud storage. Next week, its rival Box plans its own security announcement aimed at helping employees at big organization collaborate and manage their cloud-based information in a secure way.

It’s the latest skirmish between the leading independent providers of cloud storage. Dropbox, which claims more than 300 million users, dominates among consumers. But it has struggled in its attempts to take on Box, which focused on big-company customers from its inception. (Both companies face additional competition from increasingly cheap Google and Microsoft cloud-storage services.)

See also: Dropbox For Teams Isn’t Ready To Take On Box

Dropbox first debuted its business service, then known as Dropbox for Teams, in 2011. In early 2013 it launched a more serious foray into the corporate world with its renamed Dropbox for Business service. Its most recent upgrades to that service added security features and made it much easier for users to keep business and personal files separate on Dropbox, but still fell short on collaboration features and the use of third-party corporate-grade apps.

See also: All Your Files Are Belong To Dropbox

The new API—dubbed, naturally, the Dropbox for Business API—goes part of the way toward closing that gap. It already offers more than 20 enterprise integrations, many with a heavy emphasis on security, according to Dropbox.

The new API is launching with several integrated corporate applications related to security—for instance, ones that cover legal functions such as electronic discovery and “legal hold,” data loss prevention, management of digital rights for copyrighted material, identity management and so on.

Box says it will fire back next week with an announcement detailing new ways companies can secure their cloud data. Tellingly, Box plans to emphasize secure-collaboration features, an area where Dropbox for Business has traditionally been weak.

The new API is unlikely to affect present Dropbox for Business pricing, which is $15 per user with a minimum of five users. Some current Dropbox for Business customers include News Corp, Spotify, Under Armour, and the Massachusetts Institute of Technology. 

Lead photo by Rupert Ganzer

View full post on ReadWrite

Google Enhances User Security With Release Of Devices And Activity Dashboard by @mattsouthern

In today’s multi-device world there’s no doubt that you have accessed your Google account on a number of different devices, maybe some you don’t even use anymore. For example, maybe you recently sold your smartphone in order to upgrade to a new one. Or perhaps a phone or tablet of yours was recently lost or stolen. Those old devices may still be able to access your Google account. Now there’s a tool that will help you manage which devices have access to your Google account and revoke access to any devices you no longer use. A new security dashboard released […]

The post Google Enhances User Security With Release Of Devices And Activity Dashboard by @mattsouthern appeared first on Search Engine Journal.

View full post on Search Engine Journal

WordPress Releases Critical Security Update, Immediate Update Recommended by @mattsouthern

WordPress announced today that it has released a critical security update for all previous version, and encourages everyone to update their sites immediately. If your site supports automatic background updates, expected to be updated to WordPress 4.0.1 within the next few hours, if you haven’t been updated already. Those of you who are running WordPress 3.9.2, 3.8.4, or 3.7.4, will be updated to 3.9.3, 3.8.5, or 3.7.5 in order to keep your site secure. Version 3.9.2, and earlier versions of WordPress, were found to be affected by a critical cross-site scripting vulnerability, which leaves sites open to anonymous attackers. This […]

The post WordPress Releases Critical Security Update, Immediate Update Recommended by @mattsouthern appeared first on Search Engine Journal.

View full post on Search Engine Journal

WhatsApp Rolls Out Biggest Security Measure Ever

Whatsapp locked down its popular messaging service Tuesday, encrypting the communications of its millions of users to protect against prying eyes. 

“I do think this is the largest deployment of end-to-end encryption ever,” Open Whisper Systems CTO Moxie Marlinspike told Wired. His organization, a nonprofit focused on user security, makes the Textsecure open-source privacy software used by Whatsapp for its large-scale cryptographic anti-snooping measure.  

See also: The Facebook Effect: WhatsApp Is Well On Its Way To A Billion Users

End-to-end encryption refers to an especially secure measure in which messages are not decrypted until they land on the recipient’s device. A far more common approach would be to encrypt messages when they travel between the user’s device and the text messaging app’s server, which amounts to just half of the message’s total journey. iMessage is reportedly the only other service that uses end-to-end encryption, and Apple’s approach seemingly becomes useless when users back up to iCloud

Currently, Whatsapp only uses end-to-end encryption for Android devices, and only for one-to-one texts. Photos, videos or group messages are not included. The company plans to cover iOS as well, though an exact date hasn’t been disclosed. 

See also: Try, Try Again: The Incredible Story of WhatsApp’s Tenacious Founders

The move follows announcements by Apple and Google, who both pledge to encrypt iPhone and Android data by default. 

Whatsapp’s new approach lines up with what founder Jan Koum has long desired—a chat system too secure for powerful governments to snoop on. Raised in Ukraine, Koum frequently and publicly denounced attempts to extract surveillance data from Whatsapp. 

“I grew up in a society where everything you did was eavesdropped on, recorded, snitched on,” Koum told Wired UK. “Nobody should have the right to eavesdrop, or you become a totalitarian state—the kind of state I escaped as a kid to come to this country where you have democracy and freedom of speech. Our goal is to protect it.”

View full post on ReadWrite

K5, The Autonomous Security Robot, Is Now On The Beat

Working as a security guard can be a dangerous and thankless job. Now Knightscope wants robots to do it for us.

The Mountain View, Calif., startup has been building and testing a robot model known as the K5 for this purpose since 2013, MIT Technology Review reports. Now the robot fleet is advanced enough to patrol Microsoft’s Silicon Valley campus.

See also: R2-D2? Dalek? Actually, It’s A Pre-Cog Robocop

At five feet tall and 300 pounds, the K5 is an ambulatory robot with semi-human proportions. Sleek and smooth, it is supposed to look friendly from a distance, but intimidating close up. It doesn’t carry weapons and it can’t hurt people, but it will beep ominously if you try to detain it while sending an alert to a remote monitoring center. (Early models still have a serious vulnerability—push them over and they can’t get up without assistance.)

On the other hand, the K5 can also be a friendly presence. If you need help, you can press a button on the top of the robot’s head to summon a human operator.

“This takes away the monotonous and sometimes dangerous work, and leaves the strategic work to law enforcement or private security, depending on the application,” Knightscope cofounder and vice president of sales and marketing Stacy Stephens told MIT. (Translation: Low-wage security guards, you’re out of a job. K5 will now escort you from the premises.)

See also: China Doubles Down On Robotics

The robots use Wi-Fi to communicate with one another and with human operators. They include four high-definition cameras on either side of the robot, a license plate recognition camera, four microphones, and a weather sensor.

Stephens did not disclose how much the K5 will cost, but noted that potential customers include security companies, office buildings, and schools. 

Photo of the K5 via KnightScope

View full post on ReadWrite

Google SEO Update And Security Breach Create Trouble For eBay – Seeking Alpha (registration)


Econsultancy
Google SEO Update And Security Breach Create Trouble For eBay
Seeking Alpha (registration)
With growth rates of 11% and 9% in the first two quarters of the year, the company had been performing fairly well until Q3 2014 when earnings fell by 6%. One of the major reasons for this decline was the fact that Google made substantial changes to
Penguin Update 3.0 – Everything a link builder needs to knowQueryClick (blog)
Cliff Diving With Panda, Penguin, and Pirate: Now What?Search Engine Watch

all 12 news articles »

View full post on SEO – Google News

Go to Top
Copyright © 1992-2015, DC2NET All rights reserved