This is the second full week using the Thermal Take Black V2 gaming mouse infused with Synaptic's IronVault optical fingerprint reader, and it's been a mostly great experience, when it comes to the fingerprint reader that is.
To be fair, the particular mouse that it's embedded in isn't quite my cup of tea, but that isn't what's being evaluated here, aside from the positioning of the sensor itself. So let's get that little hiccup out of the way from the beginning. The mouse just isn't quite comfortable for my hand and everyone has their own preferences when it comes to their HID's, but let's move on to the important bits.
The sensor itself has proven to be an accurate and surprisingly useful device. Enrolling your fingerprints is as easy as with any other capacitive sensor you might be used to (read: iPhone or any mobile phone for that matter). Just follow the instructions on the application that interfaces, and you're in business, able to use that stored fingerprint to be the basis for logging in to websites. It's almost magical, and much more so than when it was first introduced to the greater consumer by Apple.
Passwords are sometimes the first and last defense for your precious data. We probably mostly try to make them complex and full of symbols, numbers and non-words. But as it turns out, a lot of people still have easy to remember, and easy to hack passwords.
The top 25 passwords have been compiled by a company called SplashData to help show how insecure and unserious so many happen to be about password security. The list for 2015 is both surprising and also very sad. Despite the increase in security breaches and the ready availability of rainbow tables and brute force password lists, simple passwords still seem to persist.
So if you use one of the passwords listed above, you might want to consider changing it. Or you'll be extra vulnerable. And it also might be prudent to start using a password manager
While there have been some reports of infrastructure and facilities being hacked around the globe in recent years, experts have claimed and continue to state that Australia is a 'sitting duck' in a cyber warfare sense, being an easy target for a small team of experienced hackers.
Professor Greg Austin told the recent international conference on cyber security in Canberra that Australia is "badly lagging" on hacker protection, expanding to say that "As of 1 January 2016, Australia had not embraced the idea of 'information dominance' (largely a cyber space strategy), preferring a less enthusiastic embrace of the revolution in military affairs [RMA] by having a doctrine on 'information activities' shaped largely on the old-fashioned concept of political influencing through propaganda, psychological operations, or disinformation."
While Australia has begun some preparations for hacker threat, Austin explained that it has been a slow turn of events, explaining further issues in the fact that "Australia has also been reluctant to acknowledge the US doctrine of 'prompt global strike', a cyber-enabled military strategy."
Securing your PC has always been a priority, and a challenge for Intel, especially in the enterprise sector. But vPro, a small co-processor that helps to secure your system in a variety of different novel ways, is a little long in the tooth even though it's still very relevant. So Intel is innovating on their vPro architecture by adding new functionality and making it a much better and more sophisticated in the wake of more refined attack methods.
Intel Authenticate is their new hardware-enhanced multi-factor authentication solution that'll make use of the existing vPro processor to authenticate users. It's able to verify your identity by using a combination of three things; something you have, which is a security token or even a smartphone or an app on that phone, something you know, such as a pin or password, and something you are, biometrics.
How does it work? In the hardware is a certificate that's completely separated logically and physically from the rest of the system, so this certificate is theoretically very secure and can't be spoofed. You're information is stored with that certificate and compared against it. It's actually a very good solution, and this hardware-assisted MFA is a step in the right direction. And with Synaptics making finger-print sensors easier to integrate into systems, and smartphone authentication apps becoming so ubiquitous, it's a natural evolution.
While many health, education and public utility infrastructure facilities are still running Windows XP, recent reports have come to light that Melbourne has experienced some malware issues, sending its Aussie IT team into a fixing frenzy.
The unnamed virus disabled a pathology department in a major health network just yesterday, meaning that all workers had to operate in manual mode, processing blood tissue and urine samples without technological help. The Royal Melbourne Hospital was the target of this attack, with the IT staff on hand quickly working on and implementing a solution to their issues. This infection also came with a warning to all staff - told to withhold from logging into personal accounts such as banking or emails for the time being.
While the effectiveness and capabilities of the malware have not been made public, iTnews reported that it did contain a keylogger.
CES 2016 - If you're worried about someone whipping out a bobby pin and Fallout 4-style breaking into your luggage, Dog & Bone are now offering its LockSmart Travel product, a TSA approved, keyless, Bluetooth connected luggage padlock and app.
The app is compatible with Apple iOS and Google Android operated phones, functioning as a keyless and trackable way to keep your belongings safe. Access can be granted to additional smartphones by the owner, hopefully removing a flat battery issue. There isn't any override system as far as we know right now, so what's worrying is that you could be stuck in a foreign country with a flat phone, locked bag and the charger nestled safely within your locked baggage - unable to be taken out and used.
Set for availability in early 2016, the lock contains 128-bit encryption and will cost artound $100.
The Tor Project is getting its very own bug bounty program to help keep the wild onion nice and fresh in the face of increasing threats.
The new bug bounty program was announced at their State of the Onion address that occurred at the annual Chaos Communication Congress security conference that's held in Germany. It's part of the Tor's continuing commitment to privacy and the realization that the more talented people that get their hands in the code-base, the better. "We are grateful to the people who have looked over our code over the years, but the only way to continue to improve is to get more people involved." Nick Mathewson, the co-founder and chief architect of the Tor Project said.
They've teamed up with the Open Technology Fund to help fund the all the the good citizens that help the project.
Samsung has just introduced a new three-layered approach to security for their SmartTV ecosystem to better secure any stored information, such as account details, payment details or any data being sent between it and the Internet.
This comes right after Samsung announced that they'd move more towards making their SmartTV's more of a hub for all of your IoT connected devices throughout your house. With that much data flowing between their TV's and being able to control your security system, lights and more, it's definitely a good idea to at least have a little encryption. Thankfully they're doing more than just a healthy dose of AES 256. Because of that centralized nature, security is important, Samsung said that "Protecting consumers' personal information is of the utmost importance to Samsung, both in terms of the company's values and what's needed for the continued growth and success of the IoT ecosystem."
GAIA works in three ways. First it separates the main operating system, the Tizen OS, from a secure space that can house all the important and personal bits of information and core services that's logically segmented in memory. This'll work in a similar way to how ARM's TrustZone and Intel's TXT works. The second piece is a built-in anti-malware service that can scan incoming and outgoing data, it'll also encrypt all traffic to and from the TV. The third part is much the same as the first, segmenting the OS in memory so that even if there is malware, it won't be able to touch the actual personal information.
One of AVG's Chrome addons, Web TuneUP had a security hole that your could drive a tank into, something that could potentially let websites with malicious code in their CSS take control of your PC, though only in a trivial manner.
The exploit was originally found by Google, who reported it to AVG to have fixed. The initial fix wasn't quite good enough, so they just pushed out a new fix that seems to solve the issue. That being said, it still seems to be vulnerable to XSS attacks, though that should be fixed soon as well.
One generally thinks that antivirus companies are a bit more scrupulous and careful when designing their applications, but this mistake, and a mostly glaring one, calls to question the type of quality control and examination goes on before things go live. But it's best to fly without any addons, because all addons can potentially be security risks. Browse safe!
It looks like some enterprising business people approached the Raspberry Pi Foundation with an odd business proposal, to pre-install their malware on the Raspberry Pi mini-computer.
Amazing. This person seems to be very sincerely offering us money to install malware on your machines. pic.twitter.com/1soL0MIc5Z— Raspberry Pi (@Raspberry_Pi) December 23, 2015
In an email to the Foundation, a company, whose name was obviously redacted, was asking them to make available an exe file for installation (which wouldn't run on Linux anyway) in exchange for a sum of money for the amount of installations they detect.
This kind of tactic is surprising given the sheer audacity of asking a well-known organization, that prides itself on the many security applications of its minuscule box, outright to cheat its customers. It goes without saying that the Raspberry Pi Foundation didn't go along with their idea. It's even more hilarious that these peddlers of malware didn't seem to understand the platform being run on those devices. Maybe they'll ask Microsoft or Apple next?