Christian Science Monitor Passcode
Award-winning technology reporter and writer with about 25 years of experience in IT journalism. Most recently worked as a Senior Editor with Computerworld U.S. Member of Computerworld’s editorial staff for 20+ years. Work has appeared in Christian Science Monitor, Computerworld, InformationWeek, eWEEK, Dark Reading, Tech Target/Information Security Magazine, Tech Beacon, Security Intelligence, The Economic Times. Specializes in editorial writing and technology content development related to information security and privacy topics, big data, business intelligence, data analytics, mobile and wireless, Internet of Things (IoT), wearable computing, consumerization of IT and BYOD. Experienced panel moderator and host of executive roundtable discussions.
Christian Science Monitor Passcode
An unprecedented and alarming attack on the internet's core infrastructure shutdown much of the web Friday in another sign of the growing sophistication of malicious cyberattacks. -Twitter wasn't working and neither was Netflix. Spotify was down, too. And anyone visiting Amazon, PayPal, or Reddit probably encountered trouble on the web.
Criminal hackers have shown they can take over connected home devices and turn them into zombie networks that carry out debilitating online attacks. -As millions of ordinary home products connect to the internet, malicious hackers are finding new ways of exploiting security weaknesses in connected digital video recorders, cameras, and refrigerators.
In the first installment in an occasional series about ethical hackers, Passcode profiles one of India's most successful freelance cybersecurity researchers known for finding - and helping fix - serious flaws in Facebook. -Anand Prakash is one of the tens of thousands of young Indians who have flocked here in the past several years chasing their fortunes in this city's teeming tech industry.
After an unprecedented online assault took down cybersecurity journalist Brian Krebs's influential cybersecurity blog, he was able to return to the web because of a new service that protects journalists and activists from online censorship. -When cybersecurity journalist Brian Krebs exposes internet crime rings or digital fraudsters, retaliation often follows.
Recent cyberattacks on state voter databases and the Democratic National Committee are raising fresh concerns that hackers could manipulate the upcoming presidential election. In Washington on Tuesday, Rep. Barry Loudermilk (R) of Georgia said, "Rightly, we should be concerned about the integrity of our election system," during a congressional hearing in which lawmakers quizzed officials about the potential flaws at US polls.
After an unknown group released a cache of hacking tools from the National Security Agency earlier this week, some of the biggest tech companies in the world are scrambling to patch their systems and software to protect themselves and customers from attacks. The leak came from the anonymous group calling itself the Shadow Brokers.
Microsoft engineers appear to have inadvertently released software files that are intended to unlock the security protections built into many of the company's phones and tablets. The files could allow attackers so much access to protected systems that the researchers who discovered them dubbed the files "golden keys" for access to millions of the tech giant's products.
As a computer programmer for Monsanto Co., Jiunn-Ren Chen developed algorithms and wrote programs that gave him access to the agriculture giant's confidential trade secrets and proprietary information. But last month, after Mr. Chen left the company, Monsanto sued its former employee for allegedly abusing his access to steal 52 files containing sensitive company data.
The increasing difficulty to hide on the Web isn't just bad news for people seeking anonymity for illicit activities. Digital rights advocates see these developments as having a chilling effect on potential whistleblowers or stifling opposition movements in places like China and Iran or on American activists who may have good reasons to keep their pursuits secret.
Dark Reading
Attacks against smart home products, medical devices, SCADA systems, and other newly network-enabled systems signal the beginning of a new wave of attacks against the IoT. Recent distributed denial-of-service (DDoS) attacks involving the use of thousands of compromised digital video recorders and IP cameras have highlighted the looming security threat posed by the Internet of Things (IoT).
In less than 20 months, all US companies doing business in the EU will face new consumer privacy requirements. Here's how to prepare for them. In less than 20 months, all companies handling personal data belonging to residents of the European Union will be expected to comply with a new set of privacy requirements under the EU General Data Protection Regulation (GDPR).
Concerns about the fragility of US electronic voting systems to cyberattacks go back to 2002 when the Help America Vote Act was passed mandating the replacement of lever-based machines and punchcards with more modern voting equipment.
Security researchers at enSilo have demonstrated a new way for attackers to inject malicious code into practically any Windows system in a manner that is undetectable to existing anti-malware tools. The method, which enSilo calls "AtomBombing," takes advantage of an underlying mechanism in the Windows operating system called atom tables.
A recent decision by the US Copyright Office to temporarily remove certain restrictions in the Digital Millennium Copyright Act (DMCA) paves the way for security researchers to look for vulnerabilities in connected cars and medical devices without fear of legal repercussions. The Copyright Office on Oct.
Threat actors appear to have broken new ground with an attack on the UK's Tesco Bank where they managed to steal money from more than 20,000 accounts at nearly the same time in automated fashion.
EWEEK
Google's early disclosure of a Windows kernel-level zero-day bug potentially endangers customers, said Microsoft officials. Microsoft rebuked Google for releasing details of a security flaw in the Windows kernel for which a patch is not yet available. Microsoft officials said that Google's disclosure potentially endangers customers and that they believe in coordinated vulnerability disclosures.
The European Commission's concerns are not based on market realities, the company argues. Google this week once again formally rejected charges in the European Union that the manner in which it displays results on Google Shopping harms rival comparison-shopping sites.
As computing becomes universally available, the Google Assistant will give users an intelligent way of interacting with them, CEO Sundar Pichai says. The Google Assistant, formally released this week amid a slew of hardware offerings, is central to Google CEO Sundar Pichai's effort to align the company with what he sees as an epochal shift from mobile-centric to AI-centric computing.
A policy change eliminates a provision that Google would not combine data from the DoubleClick database with personally identifiable information gathered from Gmail and other Google accounts. Google has dropped its long-standing policy of keeping data about people's internet browsing habits separate from personally identifiable information about them obtained from Gmail and other Google log-in accounts.
The cloud business, along with sales of digital content via the Play store, accounted for more than 10 percent of the Google segment's $22.3 billion in Q3 revenues. Google parent Alphabet's better-than-expected third-quarter results show that while the company continues to rely heavily on advertising dollars, some of its other businesses-most notably its cloud unit-have begun contributing meaningfully to the top line.
Sites that have enabled the protocol are seeing substantial gains, Google says on the first anniversary of the AMP launch. Google this week said that substantial progress has been made with the open-source Accelerated Mobile Pages (AMP) initiative in the one year since it launched last October.
Tech Target/Information Security Magazine
It's the middle of the holiday season and your servers and network are running at full capacity when you notice a domain controller suddenly acting weirdly. Soon, users start complaining about errors in accessing resources. Someone wants to know why users are getting locked out of their accounts.
Like many companies, Fenwick & West LLP's IT services are delivered through a hybrid of on-premises, software-as-a-service and cloud infrastructure. The situation has significantly expanded the scope of the security challenges faced by the Silicon Valley law firm and has forced it to implement new technologies to fill in gaps where legacy security tools are no longer effective.
On-premises data loss prevention strategies alone are no longer sufficient to protect enterprise data against inadvertent or malicious exposure. As more workers upload, store and share corporate data in private and public cloud environments, organizations have to confront the realities of protecting data that users access from anywhere at any time through a mix of sanctioned and unapproved devices on services with varying degrees of security.
White Papers
computerworld features (more below)
U.S. Army photo by Spc. Samuel Hyer A crystal-clear denouement of U.S readiness to combat threats in cyberspace came at a hearing held March 10 by the U.S. House Committee on Homeland Security. After about an hour of listening to testimony from five witnesses representing government and the private sector, committee chairman Rep. Bennie Thompson (D-Miss.)
It's August 2020. A powerful and rising China wants to bring the city-state of Singapore into its fold as it has with Hong Kong, Macau and Taipei. Its first physical attacks against Singaporean assets are still weeks away.
Exactly twenty years ago today I started at Computerworld. To say the industry has changed in truly remarkable ways since then is something of an understatement. Consider: Digital Equipment Corp, Sun Microsystems and Data General were leading hardware manufactures. Compaq was the fastest growing PC vendor. Google didn't exist.
Photo: Arne Halvorsen, CC A New Mexico jury recently awarded Shawn Carpenter $4.3 million in a wrongful termination lawsuit against his former employer Sandia National Laboratories. The former network intrusion detection analyst was fired in January 2005 after he shared information relating to an internal network compromise with the FBI and the U.S. Army.
By Jaikumar Vijayan | Posted 2015-01-05 Email Print Nest Labs' smart thermostats and smoke detectors can now interact with home automation products from more than a dozen vendors. Google's ambitions of becoming a key player in the home automation market appear to be taking shape with products from its subsidiary Nest Labs now able to interact with smart home products from more than a dozen vendors.
(Click image for larger view and slideshow.) The US Department of Homeland Security confirmed on Wednesday that it is investigating about two dozen cases of reported cyber security flaws in medical devices from various vendors.
Badly written, insecure software products are hurting people and costing businesses and individuals billions of dollars every year, says David Rice , in his new book Geekonomics: The Real Cost of Insecure Software (Addison-Wesley Professional, 2007).
InformationWeek
SAN FRANCISO -- Dan Kaminsky looks like he could really use some rest. "Long day?" I ask him. He shrugs. It's been a long several days, weeks, and months, he says as we trudge our way to a table in the south foyer of San Francisco's Moscone Center to talk about White Ops, a company he helped found.
By Jaikumar Vijayan | Posted 2015-01-09 Email Print Lack of unique applications and modest improvements in functionality mean users are in no rush to upgrade to Android 5.0 Lollipop, analyst says. Figures released by Google this week showing barely anyone using its new Android Lollipop mobile operating system even six weeks after its release is likely an embarrassment for the company.
By Jaikumar Vijayan | Posted 2015-01-07 Email Print In a Piper Jaffray survey, fewer CIOs cited Google as their preferred cloud vendor for 2015, compared to 2014. But a majority of its existing customers plan on spending more this year on its services.
eweek
computerworld features
By Jaikumar Vijayan | Posted 2015-01-08 Email Print Yet, with more than 75 percent share in December, Google still dominates search. Microsoft's Bing is a distant second, followed by Yahoo. Google's share of the U.S.
computerworld opinion
By Jaikumar Vijayan | Posted 2014-12-30 Email Print The company's reluctance to abide by China's laws likely contributed to the situation, China's Global Times says. State-run Chinese newspaper the Global Times Tuesday said that Google may be at least partly to blame for a Gmail service outage in the country for the past several days.
(Click image for larger view and slideshow.) The reliability of modern data mining and analytics approaches in predicting the progression of deadly diseases is being fully tested by the Ebola outbreak in West Africa. [Flexible enough for Ebola: EHRs Must Find Zebras Among The Horses.]
(Click image for larger view and slideshow.) The sophisticated electronic components that are making modern cars safer, greener, and smarter are also making them dangerously vulnerable to cyberattacks. Dealing with the threat will require automakers to think beyond typical preventive security measures such as encryption, strong authentication, and system segmentation, the National Highway Traffic Safety Administration (NHTSA) said in a report this week.
Department of Energy has released a set of voluntary privacy recommendations for smart grid owners, operators, and third parties; industry stakeholders have until October 14 to comment on draft. (Click image for larger view and slideshow.) The US Department of Energy (DoE) is betting on a voluntary set of standards to guide privacy practices within the smart grid industry.
By Jaikumar Vijayan | Posted 2015-01-12 Email Print The Supreme Court asked the U.S. Solicitor General for the administration's position on the copyrightability of application programming interfaces. The Supreme Court has asked U.S. Solicitor General Donald Verrilli for the government's opinion in a closely watched dispute between Google and Oracle over whether copyright protections should extend to application programming interfaces (APIs).
Image credit: Don Hankins https://www.flickr.com/photos/23905174@N00/ SAN FRANCISCO -- In the battle between enterprises and malicious hackers, the bad guys are clearly winning, judging by the sheer number of people and exhibitors at the RSA security conference going on here this week. With an estimated 30,000 attendees and more than 400 exhibitors, RSA 2014 is the biggest event since its launch as a conference for cryptographers in 1991.
As a fast-growing online retailer of shoes and other apparel, Zappos.com is a power player when it comes to using social media such as Facebook and Twitter to engage with existing and potential customers. Zappos CEO Tony Hsieh has nearly 1.3 million followers on Twitter, and the company's official Facebook page has almost 21,000 fans.
An abundance of low-cost labor and a reputation for high-quality work will, for the next several years, continue to make India one of the top outsourcing destinations for U.S. companies looking to cut IT development and maintenance costs. But a lack of industry-specific consulting skills and market presence in the U.S.
Photo: Thierry Ehrmann, CC WikiLeaks' continued posting of classified U.S. Department of State cables, and the whistleblower Web site's revelation that it will soon post sensitive internal documents from a major U.S. bank, has stoked data security concerns among governments and large businesses around the world.
Q&As
Photo: Tobias Vemmenby, CC In a major victory for the Recording Industry Association of America (RIAA), a federal jury one week ago fined Boston University student Joel Tenenbaum $675,000 for illegally downloading and distributing 30 copyrighted songs. Tenenbaum's case is only the second RIAA music piracy lawsuit to go to trial.
A U.S. appeals court has once again rejected Google's argument that it did not break federal wiretap laws when collecting user data from unencrypted wireless networks for its Street View program. In a ruling this week, the U.S.
Google's Transparency Reports, released every six months, are interesting not just for what they reveal about government requests for Internet user data, but also for what they do not reveal. Transparency reports are basically a biannual compilation of requests Google receives from governments around the world for Internet user data.
photo credit: Enjoy Surveillance via photopin cc A major tussle is emerging in the debate over how government agencies can gather and use information posted publicly on social networks like Facebook and Twitter. The U.S. Department of Homeland Security, the FBI and other agencies contend that social media monitoring is a vital part of their efforts to keep abreast of events that that could pose threats to national security and public safety.
A New York Times report on Friday about the U.S government's extensive involvement in the Stuxnet attacks against Iran is sure to trigger a sharp increase in state sponsored cyber attacks against American businesses and critical infrastructure targets, security experts warn.
Edward Snowden remains a polarizing figure in the U.S. on the one-year anniversary of the first published story based on his leaks about the National Security Agency's (NSA) surveillance practices. Many people, especially younger Americans, see the former NSA contractor as a patriot for having the guts to expose what they perceive as illegal surveillance practices by the world's most powerful spy agency.
Photo: Arbyreed, CC Last week's disclosure of a sophisticated malware program targeting control system software from Siemens AG has renewed long-standing concerns about whether the U.S power grid can withstand targeted cyberattacks. The malware program, called Stuxnet, is designed to exploit a Windows Zero Day flaw to find and steal industrial data from Supervisory Control And Data Acquisition (SCADA) systems running Siemens' Simatic WinCC or PCS 7 software.
Photo: Clive Darra, CC. Microsoft Corp.'s massive security update yesterday marked the completion of the sixth year of the company's move to a monthly patch release schedule. Since moving to a monthly schedule in October 2003, Microsoft has released about 400 security bulletins based on an informal count of releases in its bulletin archives.
Convicted hacker Albert Gonzalez, who is currently serving a 20-year prison sentence after pleading guilty to the massive hacks at TJX, Heartland and numerous retailers, now claims that he thought he was authorized and directed by the government to carry out the illegal activities.
Smart thermostat maker Nest Labs plans to soon start sharing some customer data with Google, its corporate parent, and that means the search engine giant will have to address users' privacy concerns as it expands into the home automation market.
Cloud Computing
Image Credit: Google Google chairman Eric Schmidt's concern for citizen privacy following reports that the National Security Agency (NSA) may have broken into the company's data streams is ironic considering the Internet giant's own spotty record on privacy.
Like it or not, private drones are coming to U.S. airspace. The only question is how soon that happens. With companies like Amazon.com and Google advancing plans to use small unmanned aerial vehicles for commercial purposes, pressure is mounting on the Federal Aviation Administration (FAA) to quickly release rules governing private drone use.
A growing tendency by business units and workgroups to sign up for cloud services without any involvement from their IT organization creates serious risks for enterprises. The risks from shadow cloud services include issues with data security, transaction integrity, business continuity and regulatory compliance, technology consulting firm PricewaterhouseCoopers (PwC) warned last week.
RSA may well have earned much of the criticism being heaped upon it for allegedly enabling a backdoor in one of its encryption technologies under a contract with the National Security Agency. But singling out the company for reproach deflects attention from the role that other technology vendors may have had in enabling the NSA's data collection activities.
The leaking of classified documents detailing the data collection activities of the U.S. National Security Agency earlier this year reignited some long-standing concerns about the vulnerability of enterprise data stored in the cloud.
Blogs
When Google Inc. launches its cloud computing services for federal government agencies next year, one of its biggest challenges will be to overcome concerns related to data privacy and security in cloud environments. Earlier this week, Google said that it was planning on offering cloud services such as Google Apps to federal agencies starting in 2010.
The U.S. commercial drone industry is still struggling to get off the ground more than two years after President Obama signed into law a bill that permits the civilian use of unmanned aerial vehicles (UAV) over the country's airspace.
drone technology
computerworld News Analysis
The U.S. government's decision Monday to formally indict five members of the Chinese military on criminal hacking charges marks a significant escalation of what until now has been largely a war of words between officials of both countries. Many see the indictments as long overdue. U.S.
Data breaches
Sony's apparent difficulty in figuring out the extent of the damage from the recent intrusion into its PlayStation Network, while frustrating for those affected by it, is not too surprising given the bag of tricks that hackers employ to hide their tracks.
Amazon's nascent plan to use unmanned drones to deliver packages to customers has already raised strong privacy concerns that could ultimately nip it in the bud. CEO Jeff Bezos' disclosure that a drone delivery service dubbed Amazon Prime Air could be delivering packages by 2015 has already prompted some lawmakers to call on Congress to implement new restrictions and rules surrounding the use of such private drones.
The recent data breaches at Target and Neiman Marcus have once again shown that compliance with the Payment Card Industry Data Security Standard (PCI DSS) is no guarantee against an intrusion. What's unclear is whether the problem lies in the standard itself, or the manner in which it is implemented and assessed.
data analytics/big data
Internet of Things
photo credit: hanspetermeyer.ca via photopin cc Business groups in a growing number of companies appear to be plowing ahead on data analytics projects with little input or help from their own IT organizations. Rather than leveraging in-house IT skills and technology, many business groups are using their own data and department-level analysts to cobble together analytics strategies, according to a survey by IDC.
Migrating U.S. payment systems to the Europay MasterCard Visa (EMV) smartcard standard could take significantly longer than envisioned and offer fewer security benefits than what's being touted by proponents of the technology. In the weeks following the massive data breach at Target, the EMV standard has received considerable attention from stakeholders in the payment industry and from lawmakers.
Picture credit: Gary Sauer-Thompson https://www.flickr.com/photos/sauer-thompson/ In an Internet of Things world, smart buildings with Web-enabled technologies for managing heat, lighting, ventilation, elevators and other systems pose a more immediate security risk for enterprises than consumer technologies. The increasing focus on making buildings more energy efficient, secure and responsive to changing conditions is resulting in a plethora of Web-enabled technologies.
A coalition of retail industry trade groups this week called for the creation of an open tokenization standard for protecting credit and debit card data from theft and misuse. The call stems from concerns over an effort by credit card companies to develop a method for tokenization that many in the retail sector fear would be too proprietary in nature.
Hadoop and MapReduce have long been mainstays of the big data movement, but some companies now need new and faster ways to extract business value from massive -- and constantly growing -- datasets. While many large organizations are still turning to the open source Hadoop big data framework, its creator, Google, and others have already moved on to newer technologies.
About two years ago, CareFirst BlueCross BlueShield implemented a self-service business intelligence platform to aggregate and analyze vast amounts of data from multiple repositories scattered throughout the company. The technology, from Palo Alto, Calif.-based QlikTech, was brought in as a supplement to a project management product from CA Technologies.
Analyst firm Gartner expects the Internet of Things (IoT) to drive a convergence of IT, physical and industrial control security practices over the next several years. Much of the convergence will result from the sheer heterogeneity and number of devices that will become Internet-enabled by 2020.
Photo by Mike DMJE: https://www.flickr.com/photos/dmje/ Most enterprise security organizations are unlikely to have a spamming refrigerator on top of their list of things to worry about. But news earlier this year that an Internet-connected fridge was co-opted into a botnet that sent spam to tens of thousands of Internet users is sure to have piqued the interest of at least a few.
hackers/hacking
The suicide of Internet activist and pioneer Aaron Swartz has focused attention on what some activists say is the overzealous use of the federal Computer Fraud and Abuse Act (CFAA) anti-hacking statute. Swartz, 26, hanged himself last Friday, apparently over concerns stemming for the prospect of spending up to 35 years in prison on hacking-related charges.
Some financial services companies are looking to migrate their ATM fleets from Windows to Linux in a bid to have better control over hardware and software upgrade cycles. Pushing them in that direction apparently is Microsoft's decision to end support for Windows XP on April 8, said David Tente, executive director, USA, of the ATM Industry Association (ATMIA).
copyright/piracy/payment systems
The massive $1.9 million fine imposed by a federal jury yesterday in the retrial of a Minnesota woman accused of pirating 24 songs may could end up hurting the Recording Industry Association of America's anti-piracy campaign more than anything else, a leading copyright lawyer said.
Seldom has a piece of proposed Internet legislation evoked as much as outcry and debate as the Stop Online Piracy Act. Over the last few weeks, hundreds of consumer and technology groups, industry associations, trade unions, free speech groups, security experts, academics and Web companies have ranged themselves on both sides of the debate.