TweakTown NewsRefine News by Category:
Securing your PC has always been a priority, and a challenge for Intel, especially in the enterprise sector. But vPro, a small co-processor that helps to secure your system in a variety of different novel ways, is a little long in the tooth even though it's still very relevant. So Intel is innovating on their vPro architecture by adding new functionality and making it a much better and more sophisticated in the wake of more refined attack methods.
Intel Authenticate is their new hardware-enhanced multi-factor authentication solution that'll make use of the existing vPro processor to authenticate users. It's able to verify your identity by using a combination of three things; something you have, which is a security token or even a smartphone or an app on that phone, something you know, such as a pin or password, and something you are, biometrics.
How does it work? In the hardware is a certificate that's completely separated logically and physically from the rest of the system, so this certificate is theoretically very secure and can't be spoofed. You're information is stored with that certificate and compared against it. It's actually a very good solution, and this hardware-assisted MFA is a step in the right direction. And with Synaptics making finger-print sensors easier to integrate into systems, and smartphone authentication apps becoming so ubiquitous, it's a natural evolution.
While many health, education and public utility infrastructure facilities are still running Windows XP, recent reports have come to light that Melbourne has experienced some malware issues, sending its Aussie IT team into a fixing frenzy.
The unnamed virus disabled a pathology department in a major health network just yesterday, meaning that all workers had to operate in manual mode, processing blood tissue and urine samples without technological help. The Royal Melbourne Hospital was the target of this attack, with the IT staff on hand quickly working on and implementing a solution to their issues. This infection also came with a warning to all staff - told to withhold from logging into personal accounts such as banking or emails for the time being.
While the effectiveness and capabilities of the malware have not been made public, iTnews reported that it did contain a keylogger.
CES 2016 - If you're worried about someone whipping out a bobby pin and Fallout 4-style breaking into your luggage, Dog & Bone are now offering its LockSmart Travel product, a TSA approved, keyless, Bluetooth connected luggage padlock and app.
The app is compatible with Apple iOS and Google Android operated phones, functioning as a keyless and trackable way to keep your belongings safe. Access can be granted to additional smartphones by the owner, hopefully removing a flat battery issue. There isn't any override system as far as we know right now, so what's worrying is that you could be stuck in a foreign country with a flat phone, locked bag and the charger nestled safely within your locked baggage - unable to be taken out and used.
Set for availability in early 2016, the lock contains 128-bit encryption and will cost artound $100.
The Tor Project is getting its very own bug bounty program to help keep the wild onion nice and fresh in the face of increasing threats.
The new bug bounty program was announced at their State of the Onion address that occurred at the annual Chaos Communication Congress security conference that's held in Germany. It's part of the Tor's continuing commitment to privacy and the realization that the more talented people that get their hands in the code-base, the better. "We are grateful to the people who have looked over our code over the years, but the only way to continue to improve is to get more people involved." Nick Mathewson, the co-founder and chief architect of the Tor Project said.
They've teamed up with the Open Technology Fund to help fund the all the the good citizens that help the project.
Samsung has just introduced a new three-layered approach to security for their SmartTV ecosystem to better secure any stored information, such as account details, payment details or any data being sent between it and the Internet.
This comes right after Samsung announced that they'd move more towards making their SmartTV's more of a hub for all of your IoT connected devices throughout your house. With that much data flowing between their TV's and being able to control your security system, lights and more, it's definitely a good idea to at least have a little encryption. Thankfully they're doing more than just a healthy dose of AES 256. Because of that centralized nature, security is important, Samsung said that "Protecting consumers' personal information is of the utmost importance to Samsung, both in terms of the company's values and what's needed for the continued growth and success of the IoT ecosystem."
GAIA works in three ways. First it separates the main operating system, the Tizen OS, from a secure space that can house all the important and personal bits of information and core services that's logically segmented in memory. This'll work in a similar way to how ARM's TrustZone and Intel's TXT works. The second piece is a built-in anti-malware service that can scan incoming and outgoing data, it'll also encrypt all traffic to and from the TV. The third part is much the same as the first, segmenting the OS in memory so that even if there is malware, it won't be able to touch the actual personal information.
One of AVG's Chrome addons, Web TuneUP had a security hole that your could drive a tank into, something that could potentially let websites with malicious code in their CSS take control of your PC, though only in a trivial manner.
The exploit was originally found by Google, who reported it to AVG to have fixed. The initial fix wasn't quite good enough, so they just pushed out a new fix that seems to solve the issue. That being said, it still seems to be vulnerable to XSS attacks, though that should be fixed soon as well.
One generally thinks that antivirus companies are a bit more scrupulous and careful when designing their applications, but this mistake, and a mostly glaring one, calls to question the type of quality control and examination goes on before things go live. But it's best to fly without any addons, because all addons can potentially be security risks. Browse safe!
It looks like some enterprising business people approached the Raspberry Pi Foundation with an odd business proposal, to pre-install their malware on the Raspberry Pi mini-computer.
Amazing. This person seems to be very sincerely offering us money to install malware on your machines. pic.twitter.com/1soL0MIc5Z— Raspberry Pi (@Raspberry_Pi) December 23, 2015
In an email to the Foundation, a company, whose name was obviously redacted, was asking them to make available an exe file for installation (which wouldn't run on Linux anyway) in exchange for a sum of money for the amount of installations they detect.
This kind of tactic is surprising given the sheer audacity of asking a well-known organization, that prides itself on the many security applications of its minuscule box, outright to cheat its customers. It goes without saying that the Raspberry Pi Foundation didn't go along with their idea. It's even more hilarious that these peddlers of malware didn't seem to understand the platform being run on those devices. Maybe they'll ask Microsoft or Apple next?
The Hyatt chain of hotels just yesterday found malware running on their systems that operate the payment processing for their hotels.
In their statement they said that they've launched a full-scale investigation and are cooperating with some of the leading cyber-security experts in order to get the issues resolved. In the meantime, if you happen to have stayed at a Hyatt owned hotel within the past six months, be sure to keep an eye out on your bank accounts just in case something suspicious happens to show up.
How does one get malware onto a payment processing system? It's not terribly hard but there are best practices in place to make sure that it's difficult to do. Segmenting the network used and keeping it separate from other networks used for browsing the web, making sure that a proper IDS is in place to detect weird activity and limiting any IP addresses that actually access those systems processing card data to those on a whitelist. But those don't make it impossible, just harder and more likely to scare away all but the most seasoned and prepared of individuals.
In an effort to bolster account security, tech giant Google has confirmed that it's testing a new login system that doesn't require passwords.
Google is currently testing a new authentication method that could pave the way to password-free accounts in the near future. Google's method is very much like Yahoo's Account Key logins, which uses smartphone push notifications instead of manual passwords to log into Google accounts. The company's new sans password login method with a small batch of users, and one Reddit user has shared a few details on the new system.
According to an early access tester, the new method is pretty simple and is very much like linking a smartphone to a Roku to use a remote, or tethering a phone to an Xbox One to use Smartglass. Once your phone is linked and authorized to login to your Google account, the app sends a code that's shown on both screens, and users must type the same code to link the devices. Once that's done, users are logged in and can freely use their accounts. Basically Google's new method hinges on syncing, meaning you'll be matching digital pairs rather than typing in a per-session password.
While we wrote that relatively small 'Western Nations' such as Australia are under possible infrastructure hacker threat due to low-security measures, news has come to light that a New York dam was infiltrated by Iranian hackers back in 2013.
With the dam being located no more than 20 miles from New York City, this Iranian hack likely came around thanks to Leon Panetta, ex-Defense Secretary, calling out Iran's hacking prowess in October 2012, putting Governments on high alert for possible hacker threats. With this hack taking place and being kept under the covers until recently, it's just one example of how infrastructure infiltration is a very real threat.
This classified dam is one of the very few public accounts of infrastructure control loss, with all major suppliers of electricity, sewage, water and more all linked to the internet.