Posts tagged Security

SEO poisoning campaign ensares several thousand websites, security expert finds – SC Magazine


SC Magazine
SEO poisoning campaign ensares several thousand websites, security expert finds
SC Magazine
The attack method, called SEO poisoning, was observed by Jay Wind, an Arlington, Va.-based webmaster who manages several non-profit and business sites. In September, he first stumbled across the issue after seeing numerous GoDaddy domains being …

View full post on SEO – Google News

Box Matches Dropbox With New Security Partnerships

Cloud storage and file-sharing company Box announced Box Trust, an initiative that includes a partnership with several computer security companies and the launch of an application designed for enterprise customers.

The Tuesday announcement, of which there were whisperings last week, comes days after competitor Dropbox unleashed its new Dropbox for Business API, also in partnership with several companies, also aimed at increasing the security of its cloud.

The Box Trust consists of 19 different companies, including Splunk, Symantec, and OpenDNS. The partnerships come with the goal of each company making Box more secure and therefore attractive to more corporate customers.

See also: Box And Dropbox Are Going To War Over Corporate Data Security

“Our partnership with the security ecosystem is incredibly important to the successful delivery of Box into the enterprise, and our work here is just beginning,” wrote Box CEO Aaron Levie in a blog post about Box Trust.

Each of the partners brings something different to the table.

“We are excited to be a founding partner in the Box Trust security initiative to bring our Data Loss Prevention (DLP) technology to Box customers,” said Chandra Rangan, vice president, product marketing, Symantec, in a Box press release. “With data in the cloud quickly becoming ubiquitous, we share a common mission and responsibility to make access, sharing and collaboration within and across organizations safe and secure.”

A more tangible representation of this new emphasis on cloud security comes in the form of a new mobile app for iOS and Android, Box for Enterprise Mobility Management. The app is designed for Box Enterprise users, and allows businesses greater control over their mobile cloud use. Box for EMM can be wiped remotely. 

View full post on ReadWrite

Box And Dropbox Are Going To War Over Corporate Data Security

On Wednesday, Dropbox plans to unveil a new API (see our API explainer) intended to let large corporate clients tie third-party security tools into Dropbox ‘s cloud storage. Next week, its rival Box plans its own security announcement aimed at helping employees at big organization collaborate and manage their cloud-based information in a secure way.

It’s the latest skirmish between the leading independent providers of cloud storage. Dropbox, which claims more than 300 million users, dominates among consumers. But it has struggled in its attempts to take on Box, which focused on big-company customers from its inception. (Both companies face additional competition from increasingly cheap Google and Microsoft cloud-storage services.)

See also: Dropbox For Teams Isn’t Ready To Take On Box

Dropbox first debuted its business service, then known as Dropbox for Teams, in 2011. In early 2013 it launched a more serious foray into the corporate world with its renamed Dropbox for Business service. Its most recent upgrades to that service added security features and made it much easier for users to keep business and personal files separate on Dropbox, but still fell short on collaboration features and the use of third-party corporate-grade apps.

See also: All Your Files Are Belong To Dropbox

The new API—dubbed, naturally, the Dropbox for Business API—goes part of the way toward closing that gap. It already offers more than 20 enterprise integrations, many with a heavy emphasis on security, according to Dropbox.

The new API is launching with several integrated corporate applications related to security—for instance, ones that cover legal functions such as electronic discovery and “legal hold,” data loss prevention, management of digital rights for copyrighted material, identity management and so on.

Box says it will fire back next week with an announcement detailing new ways companies can secure their cloud data. Tellingly, Box plans to emphasize secure-collaboration features, an area where Dropbox for Business has traditionally been weak.

The new API is unlikely to affect present Dropbox for Business pricing, which is $15 per user with a minimum of five users. Some current Dropbox for Business customers include News Corp, Spotify, Under Armour, and the Massachusetts Institute of Technology. 

Lead photo by Rupert Ganzer

View full post on ReadWrite

Google Enhances User Security With Release Of Devices And Activity Dashboard by @mattsouthern

In today’s multi-device world there’s no doubt that you have accessed your Google account on a number of different devices, maybe some you don’t even use anymore. For example, maybe you recently sold your smartphone in order to upgrade to a new one. Or perhaps a phone or tablet of yours was recently lost or stolen. Those old devices may still be able to access your Google account. Now there’s a tool that will help you manage which devices have access to your Google account and revoke access to any devices you no longer use. A new security dashboard released […]

The post Google Enhances User Security With Release Of Devices And Activity Dashboard by @mattsouthern appeared first on Search Engine Journal.

View full post on Search Engine Journal

WordPress Releases Critical Security Update, Immediate Update Recommended by @mattsouthern

WordPress announced today that it has released a critical security update for all previous version, and encourages everyone to update their sites immediately. If your site supports automatic background updates, expected to be updated to WordPress 4.0.1 within the next few hours, if you haven’t been updated already. Those of you who are running WordPress 3.9.2, 3.8.4, or 3.7.4, will be updated to 3.9.3, 3.8.5, or 3.7.5 in order to keep your site secure. Version 3.9.2, and earlier versions of WordPress, were found to be affected by a critical cross-site scripting vulnerability, which leaves sites open to anonymous attackers. This […]

The post WordPress Releases Critical Security Update, Immediate Update Recommended by @mattsouthern appeared first on Search Engine Journal.

View full post on Search Engine Journal

WhatsApp Rolls Out Biggest Security Measure Ever

Whatsapp locked down its popular messaging service Tuesday, encrypting the communications of its millions of users to protect against prying eyes. 

“I do think this is the largest deployment of end-to-end encryption ever,” Open Whisper Systems CTO Moxie Marlinspike told Wired. His organization, a nonprofit focused on user security, makes the Textsecure open-source privacy software used by Whatsapp for its large-scale cryptographic anti-snooping measure.  

See also: The Facebook Effect: WhatsApp Is Well On Its Way To A Billion Users

End-to-end encryption refers to an especially secure measure in which messages are not decrypted until they land on the recipient’s device. A far more common approach would be to encrypt messages when they travel between the user’s device and the text messaging app’s server, which amounts to just half of the message’s total journey. iMessage is reportedly the only other service that uses end-to-end encryption, and Apple’s approach seemingly becomes useless when users back up to iCloud

Currently, Whatsapp only uses end-to-end encryption for Android devices, and only for one-to-one texts. Photos, videos or group messages are not included. The company plans to cover iOS as well, though an exact date hasn’t been disclosed. 

See also: Try, Try Again: The Incredible Story of WhatsApp’s Tenacious Founders

The move follows announcements by Apple and Google, who both pledge to encrypt iPhone and Android data by default. 

Whatsapp’s new approach lines up with what founder Jan Koum has long desired—a chat system too secure for powerful governments to snoop on. Raised in Ukraine, Koum frequently and publicly denounced attempts to extract surveillance data from Whatsapp. 

“I grew up in a society where everything you did was eavesdropped on, recorded, snitched on,” Koum told Wired UK. “Nobody should have the right to eavesdrop, or you become a totalitarian state—the kind of state I escaped as a kid to come to this country where you have democracy and freedom of speech. Our goal is to protect it.”

View full post on ReadWrite

K5, The Autonomous Security Robot, Is Now On The Beat

Working as a security guard can be a dangerous and thankless job. Now Knightscope wants robots to do it for us.

The Mountain View, Calif., startup has been building and testing a robot model known as the K5 for this purpose since 2013, MIT Technology Review reports. Now the robot fleet is advanced enough to patrol Microsoft’s Silicon Valley campus.

See also: R2-D2? Dalek? Actually, It’s A Pre-Cog Robocop

At five feet tall and 300 pounds, the K5 is an ambulatory robot with semi-human proportions. Sleek and smooth, it is supposed to look friendly from a distance, but intimidating close up. It doesn’t carry weapons and it can’t hurt people, but it will beep ominously if you try to detain it while sending an alert to a remote monitoring center. (Early models still have a serious vulnerability—push them over and they can’t get up without assistance.)

On the other hand, the K5 can also be a friendly presence. If you need help, you can press a button on the top of the robot’s head to summon a human operator.

“This takes away the monotonous and sometimes dangerous work, and leaves the strategic work to law enforcement or private security, depending on the application,” Knightscope cofounder and vice president of sales and marketing Stacy Stephens told MIT. (Translation: Low-wage security guards, you’re out of a job. K5 will now escort you from the premises.)

See also: China Doubles Down On Robotics

The robots use Wi-Fi to communicate with one another and with human operators. They include four high-definition cameras on either side of the robot, a license plate recognition camera, four microphones, and a weather sensor.

Stephens did not disclose how much the K5 will cost, but noted that potential customers include security companies, office buildings, and schools. 

Photo of the K5 via KnightScope

View full post on ReadWrite

Google SEO Update And Security Breach Create Trouble For eBay – Seeking Alpha (registration)


Econsultancy
Google SEO Update And Security Breach Create Trouble For eBay
Seeking Alpha (registration)
With growth rates of 11% and 9% in the first two quarters of the year, the company had been performing fairly well until Q3 2014 when earnings fell by 6%. One of the major reasons for this decline was the fact that Google made substantial changes to
Penguin Update 3.0 – Everything a link builder needs to knowQueryClick (blog)
Cliff Diving With Panda, Penguin, and Pirate: Now What?Search Engine Watch

all 12 news articles »

View full post on SEO – Google News

New Security Flaws Render Shellshock Patch Ineffective

Your system is still vulnerable to the Shellshock bug, even if you’ve patched it. Security researchers have found new flaws in bash, rendering previous patches ineffective.

See also: How To Detect And Patch This Big, Bad Unix Bash Shellshock Bug

The bash shell is an omnipresent command-line interpreter used by default in Unix and Linux, and by extension, Apple’s OS X software. The shell itself is decades old, and it turns out the bug has been present for the last 22 years without detection.

Linux stewardship company Red Hat released a series of fixes to patch up the eight or so versions of bash that were vulnerable. On Friday, Red Hat released a second round of patches to resolve newly discovered security flaws, and those discoveries keep coming.

See also: The Bash Bug Makes Every Mac Vulnerable; Here’s How To Patch It

Google security researcher Michal “lcamtuf” Zalewski has been tweeting as he uncovers increasingly serious vulnerabilities in the bash shell. He recommends Red Hat security researcher Florian Weimer’s still-unofficial patch.

At the moment, the only people who need to worry about patching the Shellshock bug right away are system administrators and people with who have tweaked the advanced Unix settings on machines running OS X or Linux.

“The vast majority of OS X users are not at risk to recently reported bash vulnerabilities,” Apple said.

Photo via Shutterstock

View full post on ReadWrite

Apple To Increase iCloud Security Following Celebrity Photo Theft

Apple CEO Tim Cook

Apple said it will introduce more security alerts and better educate consumers about why and how to use iCloud in the wake of an iCloud breach in which hackers obtained personal and revealing pictures of female celebrities and posted them online.

CEO Tim Cook told the Wall Street Journal that the company will start alerting people through email and mobile push notifications when anyone tries to change a password on an Apple account, restore iCloud data to a device that isn’t yet registered with the account, or when a new device logs into iCloud.

See Also: How Apple Made Its Users Vulnerable To iCloud Theft

Cook also gave more information on what it originally said was a “highly targeted attack,” describing the way hackers correctly guessed the celebrities’ security question answers. 

Apart from beefing up security measures, Cook said the company needs to do a better job of providing information to consumers—it’s not just the tech that needs a boost. 

“When I step back from this terrible scenario that happened and say what more could we have done, I think about the awareness piece,” he told the newspaper. “I think we have a responsibility to ratchet that up. That’s not really an engineering thing.”

Cook said Apple will begin using push notifications to alert users within the next two weeks.

Lead image by Valery Marchive 

View full post on ReadWrite

Go to Top
Copyright © 1992-2015, DC2NET All rights reserved