Sign up for our Technology Newsletter 
Passwords Continue As The Weakest Link
Comments Off on Passwords Continue As The Weakest Link
Passwords aren’t the only failure point in many recent widely publicized intrusions by hackers.
But passwords played a part in the perfect storm of users, service providers and technology failures that can result in epic network disasters. Password-based security mechanisms — which can be cracked, reset and socially engineered — no longer suffice in the era of cloud computing.
The problem is this: The more complex a password is, the harder it is to guess and the more secure it is. But the more complex a password is, the more likely it is to be written down or otherwise stored in an easily accessible location, and therefore the less secure it is. And the killer corollary: If a password is stolen, its relative simplicity or complexity becomes irrelevant.
Password security is the common cold of our technological age, a persistent problem that we can’t seem to solve. The technologies that promised to reduce our dependence on passwords — biometrics, smart cards, key fobs, tokens — have all thus far fallen short in terms of cost, reliability or other attributes. And yet, as ongoing news reports about password breaches show, password management is now more important than ever.
All of which makes password management a nightmare for IT shops. “IT faces competing interests,” says Forrester analyst Eve Maler. “They want to be compliant and secure, but they also want to be fast and expedient when it comes to synchronizing user accounts.”
Will Foxcomm Invade The US?
Foxconn Technology Group is weighing whether or not to expand its existing manufacturing operations in the U.S., in a move that could be linked with Apple’s plan to bring back Mac manufacturing to the country.
Foxconn made the statement last Friday after Apple CEO Tim Cook said in interviews with NBC and Businessweek that Apple would manufacture one of its Mac lines in the U.S. by the end of next year.
“So we’ll literally invest over $100 million,” Cook said. “This doesn’t mean that Apple will do it ourselves, but we’ll be working with people, and we’ll be investing our money.”
Analysts said Foxconn could be involved. The Taiwan-based firm is a major supplier for Apple, helping to build its iPhone and iPad. But much of that manufacturing is done in China, where Foxconn employs 1.2 million workers and labor costs are lower.
Without elaborating, Foxconn said it was considering the expansion in order to meet the needs of it customers, and to “leverage the high-value engineering talent” available in the U.S. market.
It’s unclear what kind of manufacturing operations the company already has in the U.S. An expansion in the nation, however, would face challenges, said Amy Teng, an analyst with research firm Gartner.
“From the financial perspective, I don’t see any advantage in why they (Foxconn) would assemble there, unless this is part of Apple’s plan,” she said. Labor costs in the U.S. are higher and it will be harder for the company to recruit U.S. workers for menial factory jobs, when compared to China.
Is Google Going Wireless?
November 26, 2012 by admin
Filed under Smartphones
Comments Off on Is Google Going Wireless?
They already sells phones and tablets, provides a wealth of online services and has been laying high-speed fiber to people’s homes. Now Google is apparently weighing the possibility of a wireless network service as well.
Google has been in talks with satellite TV provider Dish Network over a possible partnership to build out a wireless service that would rival those from carriers such as AT&T and Sprint, the Wall Street Journal reported late last week.
The talks are at an early stage and could amount to nothing, and Google is just one of many companies Dish is talking to, according to the Journal, which cited anonymous sources. But it raises the prospect that Google might expand its business in a new direction.
Dish has been buying spectrum that could support a wireless service, although it still needs regulatory approval to set one up. In an interview with the Journal Thursday, CEO Charlie Ergen said the partners Dish is talking to include companies that don’t currently have a wireless business.
Google declined to comment on the report, the newspaper said.
Kaspersky Finds New Malware
Kaspersky Lab has discovered three Flame spyware related malware threats that it said use “sophisticated encryption methods”.
Kaspersky claims that it uncovered the three new hostile programs while analysing a number of Command and Control (C&C) servers used by Flame’s creators.
“Sophisticated encryption methods were utilised so that no one, but the attackers, could obtain the data uploaded from infected machines,” the firm’s statement read.
“The analysis of the scripts used to handle data transmissions to the victims revealed four communication protocols, and only one of them was compatible with Flame.
“It means that at least three other types of malware used these Command and Control servers. There is enough evidence to prove that at least one Flame-related malware is operating in the wild.”
The discovery of the three programs indicates that Flame’s Command and Control platform was being developed in 2006, four years earlier than first thought.
Flame was originally uncovered in May targeting Iranian computer systems. The malware drew widespread concerns within the security industry regarding its advanced espionage capabilities.
The full scale of Flame and its overarching implications remain unknown, despite the ongoing joint research campaign being mounted by Kaspersky, IMPACT, CERT-Bund/BSI and Symantec.
“It was problematic for us to estimate the amount of data stolen by Flame, even after the analysis of its Command and Control servers,” said Kaspersky’s chief security expert, Alexander Gostev.
Following the discovery of the three new related programs, Kaspersky’s chief malware expert Vitaly Kamluk told The INQUIRER that Flame is not the only one in this big family.
“There are others and they aren’t just other known malwares such as Stuxnet, Gauss or Duqu,” he said. “They stay in the shadows and no one has published anything about them yet. Others were probably used for different campaigns.”
Kamluk added that it is “very possible” there are more than the three listed in Kaspersky’s report.
“They started building RedProtocol, yet another ‘language’ for unknown malware. No known client types are using that one, which means that there is even more malware out there,” he added.
Google Acquires Instagram’s Rival
September 24, 2012 by admin
Filed under Around The Net
Comments Off on Google Acquires Instagram’s Rival
Google Inc said it purchased Instagram rival Nik Software, which makes award-winning photo editing application Snapseed, for an undisclosed amount.
Google and Facebook Inc are locked in a battle for social network followers that has increasingly shifted to mobile applications, such as photo editing.
While not as famous as Instagram, available for free on Apple’s mobile devices, Snapseed has won a following for its editing prowess among photographers, despite a $4.99 price tag.
Nik Software says Snapseed has more than 9 million users while Instagram says it has more than 100 million.
“We want to help our users create photos they absolutely love, and in our experience Nik does this better than anyone,” Vic Gundotra, Google’s senior vice president, engineering, said on a Google+ post.
Facebook this year bought Instagram, which made an app for users to add filters and effects to pictures taken on their smartphones, for a cool $1 billion.
“Google’s playing chase up in social,” BGC Partners analyst Colin Gillis said. “It’s yet another tuck in they have done, trying to boost their Google+ offering.”
Snapseed won Apple Inc’s “iPad App Of The Year” award in 2011 for its multitouch photo editing interface.
“We’ve always aspired to share our passion for photography with everyone, and with Google’s support we hope to be able to help many millions more people create awesome pictures,” Nik Software said on its Website.
Google’s Gundotra also said that Google+ had hit over 400 million users this week and had just crossed 100 million
Does 4G Pose A Security Threat?
Could 4G Networks give way for more high-risk mobile security implications; Symantec is warning of such a wave of threats.
“We could see a move to the sort of threats that we already see on the wireless and fixed connected network,” John said. “Malware that you usually have on fixed networks, like botnets.
“There aren’t many botnets on mobile devices because the bandwidth’s not there to support it, once you go on to 4G [hackers] could start infecting systems.”
To ensure that enterprises avoid these these security threats, John advised that businesses need to be on their toes more than ever, look closely at everything that’s coming into the network, and not trust anything.
“Companies need to make sure that where traditionally it’s been a firewall with a perimeter with everything in a timeline environment,” John said. “What they need to look at is ‘what are my employees doing’, ‘what information is being shared’ and ‘how do we ensure our information is being protected no matter where it may be’, whether its mobile device, across networks or sitting in a cloud service.”
“This is a change we are going through, but 4G is going to push the need for that change even more so,” she added.
According to John, 4G will also be detrimental to businesses in the way it will add a greater burden for them to ensure that cloud services and mobility – what she calls “two of the biggest security challenges for enterprises and their employees” – are up to scratch.
ID Theft Projected To Cost $21B
August 16, 2012 by admin
Filed under Around The Net
Comments Off on ID Theft Projected To Cost $21B
A new audit of the Internal Revenue Service (IRS) has discovered that the agency paid refunds to criminals who filed fraudalent tax returns, in some cases on behalf of people who had died, according to the Treasury Inspector General for Tax Administration (TIGTA), which is part of the U.S. Treasury.
The IRS stands to lose as much as US$21 billion in revenue over the next five years due to identity theft, according to TIGTA’s audit, dated July 19 but publicized on Thursday.
TIGTA noted that the IRS did not agree with the $21 billion figure, but wrote that the figure does include estimated savings from new fraud control filters. Without new controls, TIGTA estimated losses of $26 billion.
Part of problem is that the IRS is not gathering enough data about fraud trends, such as how a return was filed, income information from W-2 forms, the amount of refunds and where those refunds were sent, TIGTA said.
“We found that $8.1 million in potentially fraudulent tax refunds involved tax returns filed from one of five addresses,” the audit said.
The IRS said it detected 938,664 fake tax returns during the 2011 processing year, which would have cost $6.5 billion. While TIGTA said the figure was “substantial,” it believes the IRS doesn’t know how many identity thieves are filing bogus returns and how much money is lost.
The IRS has implemented new fraud detection measures, but TIGTA found that institutional procedures were undermining those efforts. For example, taxpayers can begin filing returns in mid-January, but third parties that have information linked to those tax returns do not have to file until March 31.
The IRS is contacting some taxpayers to verify their identity. That simple measure stopped the issuance of $1.3 billion in potentially fraudulent tax returns as of April 19, TIGTA said.
Dell’s Cloud Plans Falls Behind Schedule
Comments Off on Dell’s Cloud Plans Falls Behind Schedule
Dell announced an aggressive schedule last year to roll out cloud-based application services, but it appears that the schedule was a little too aggressive.
Dell said last August that it planned to launch an online analytics service in the first half of this year for small and midsized businesses, but that service isn’t due now until early next year, a Dell executive said.
“Like a lot of development projects, it can take a bit longer than you think,” Paulette Altmaier, general manager of Dell’s Cloud Business Applications group, said in an interview Thursday.
Dell also said it would launch a platform-as-a-service offering this year based on Microsoft’s Azure platform. On Friday, a Dell spokeswoman said the company no longer has a delivery date for that service.
The delays are a setback for Dell, which is trying to reduce its dependence on PCs and build more profitable businesses in services and software. But a lot of companies are moving slowly to the cloud, so the hold-up isn’t a disaster, said Peter Ffoulkes, an industry analyst with 451 Research Group.
“The move to the cloud is not a fast journey and for most people it is still largely a future. I would not expect a quarter or two to make a big difference in practical terms,” he said.
Dell has also made a string of software acquisitions in the past year that might be causing it to rethink its software-as-a-service strategy. It updated press and analysts on its software plans Thursday.
When it does arrive, the analytics service will offer “cross-app” analytics, meaning customers will be able to import data from one or more applications to a data warehouse that Dell will host for them online, and then perform analysis on that data.
Good Technology Updates Security
July 25, 2012 by admin
Filed under Uncategorized
Comments Off on Good Technology Updates Security
Good Technology today announced two updates to its mobile security software products across IOS, Android and Windows Phone devices.
Powering mobile security for major enterprises such as Barclays, Sainsbury’s and LOCOG, Good Technology claims the releases are the first of a kind for the industry and address security threats linked to the bring your own device (BYOD) procedures being used in most big companies.
The first update announced by the firm is the addition of what it calls “Appkinetics” to its Good Dynamics line, which aims to solve the problem of secure private corporate data leakage.
“Good’s patented AppKinetics technology builds on the company’s proven ‘containerization’ security model to enable business apps from Good, its Good Dynamics partner independent software vendors (ISV), and internal enterprise developers,” the firm said in a statement.
“This is to securely exchange information within and between applications and create seamless multi-app workflows without compromising security or employees’ privacy and personal experience.”
The firm’s second update is the addition of eight new partnered apps to its Good Dynamics ecosystem covering the areas of business intelligence, collaboration, document editing, document printing, file storage/content management, remote desktop management and mobile application development platforms (MADPs).
This update allows developers to integrate the Good Dynamics technology into apps so that companies can create secure end-to-end workflows of protected, mobile applications to drive business processes.
Good Technology’s EMEA GM Andy Jacques explained, “If you download the standard consumer document editing application you can copy and paste from that from that app into another app.”
He continued, “If you were to open a piece of corporate mission critical data you can copy and paste that and put it onto Hotmail for example.”
Skype Confirms Glitch
July 23, 2012 by admin
Filed under Around The Net
Comments Off on Skype Confirms Glitch
Skype, a division of Microsoft, confirmed on Monday that a bug in its software has led to instant messages being shared with unintended parties.
The company said it will provide an update to fix the problem in “the next few days.”
According to user reports, the unintended recipients have been connected to just one of the two users who exchanging messages. The problem could have harmful consequences. For example, two co-workers using Skype to exchange IMs (instant messages) could, as a result of the problem, share the message with another contact in one user’s address book — potentially a third co-worker being unfavorably described in their IM exchange.
According to Skype, the problem only arises in “rare circumstances.”
The issue first came to light last week in Skype’s user forums. It seems to stem from the update issued by the voice, video and text messaging service in June.