TweakTown NewsRefine News by Category:
The state of Iowa plans to release an app so residents with smartphones will be able to show their driver's licenses in a digital format - but the technology has a number of critics. Drivers won't be required to go digital, and it's unknown how the digital driver's license can be used on multiple phones.
There is concern of potential snooping when a citizen turns over his or her phone to an officer, but app designers are mulling over a locking feature that password-protects the phone from being accidentally unlocked.
"Not just anybody can download [the app]," said Mark Lowe, Department of Transportation director, told ABC News. "We need to know that after we have vetted you, you're the person accessing the app. A thumb print or fingerprint or facial recognition or voice or iris image. We have to change this static thing in your pocket to something that is live."
AirWatch's on-premise mobile device management solution has recently received a major update - patching a flaw that enabled users who manage MDM solutions in multi-tenant environments to access other users data and information.
The patch was issued this week, closing the 'information disclosure hole' in its services. iTnews reported that the published security advisory VMSA-2014-0014 addressed the issue, with them claiming this was due to "AirWatch On-Premise having direct object reference vulnerabilities which could allow a manager of an MDM deployment in a multi-tenant environment to see organisational information and statistics of other tenants."
The British government plans to launch an investigation when one of the country's air traffic control centers caused chaos for air traffic heading into and leaving London on Friday. The computer problems were resolved after a 35-minute shutdown, but had a major impact on air flights, with delays and cancellations throughout the UK and other major European airports.
It would appear the Nation Air Traffic Services (NATS) air traffic management company suffered some type of computer system issue, leading to the problem.
"We are working hard to look after our customers who have been affected," according to a statement released by British Airlines. "While the system is slowly recovering, we anticipate the knock-on effects to take some time to resolve."
Google Android-powered smartwatches communicating with smartphones via Bluetooth can be compromised by brute-force attacks so cybercriminals can snoop, according to the BitDefender cybersecurity software company.
It wouldn't take more than an open source sniffing tool and at least a little cybersecurity knowledge to successfully breach Android smartwatches. Communications can be read in plaintext after the sniffing tool picks out 6-digit pin codes that are currently used to obfuscate data.
"There is no custom-built took," said Liviu Arsene, Bitdefender senior e-threat analyst, in a statement to SCMagazine.com. "Anyone with little knowledge of security can pull this off. It's all about looking in the right place."
The FBI is still unsure what hacker group successfully compromised Sony Pictures Entertainment, but said 90 percent of companies would likely fall victim to the same tactics. FBI officials also have reportedly met with Sony employees to explain how to protect themselves due to personal information being stolen as part of the breach.
"[T]he malware that was used would have gotten past 90 percent of the Net defenses that are out there today in private industry and [would have been] likely to challenge even state government," said Joe Demarest, assistant director of the FBIU cyberdivision, at a Senate Banking Committee hearing.
Sony is working with Mandiant, a cybersecurity forensics company, and CEO Kevin Mandia confirmed that this type of attack would be difficult to prepare for. The Guardians of Peace took credit for the attack, with purported GOP members emailing the media additional details of the breach.
Sony has been accused of launching distributed denial of service (DDoS) attacks against websites hosting its stolen content, using Amazon Web Service as a launch pad, according to unnamed sources speaking with Re/code. It would seem extremely unlikely - and easily identifiable - if Sony decided to use AWS to launch any form of DDoS attacks, with network monitoring company CloudFlare suggesting Sony didn't launch any counter-attacks.
Amazon sent the following statement to TweakTown:
"AWS employs a number of automated detection and mitigation techniques to prevent the misuse of our services. In cases where the misuse is not detected and stopped by the automated measures, we take manual action as soon as we become aware of any misuse. Our terms are clear about this. The activity being reported is not currently happening on AWS."
Not surprisingly, launching a full-blown counter-attack is illegal, with Jennifer Stisa Granic, director of Civil Liberties at the Stanford Center for Internet and Society providing ZDNet with the following statement: "It's illegal for companies to counter-attack. That line will be fuzzy depending on the tech used, but the law is clear, no unauthorized access except for lawfully authorized government activity."
Sony is still reeling from its major cyberattack and brutal data breach, now deciding to use the Amazon Web Services (AWS) to allegedly launch distributed denial of service (DDoS) attacks against websites. Movie studios have tried to counter piracy hubs by flooding them with fake files - and launch cyberattacks against them - with varying levels of success.
"The AWS acceptable usage policy explicitly prohibits initiating denial of service attacks from their service; it's unlikely that Amazon would let this activity continue," said Tim Erlin, Tripwire director of security and risk. "Taking the step to 'hack back' against perceived legitimate targets, based on their own assessment of guilt, presents a myriad of potential legal problems."
If these accusations are true, trying to launch attacks against websites hosting stolen Sony movies isn't the best idea.
The fight against Internet piracy will lead to increased pressure on public schools, libraries and ISPs offering Wi-Fi service, as copyright holders and the government try to limit access to pirated material. The Australian government is currently amending its Copyright Act that will force ISPs to blacklist overseas-based websites found to be hosting pirated music, movies, and other copyrighted material.
The Australian Communications and Media Authority will receive registration of the new unique code, and force ISPs to carry out "reasonable steps" that puts increased burden on their shoulders. However, critics want safeguards put in place to ensure copyright holders don't abuse the new system - and prevent covert censorship efforts.
"The code will not include any sanctions to be imposed by ISPs on their customers - we believe that the copyright holders are the appropriate party to take any enforcement action against persistent infringers," said John Stanton, Communications Alliance chief. "But we are optimistic that the sending of notices by ISPs to consumers whose service has apparently been used for improper file-sharing will be a powerful signal."
Major technology companies want to hire hackers to help identify potential software vulnerabilities before products are released - and real cybercriminals are able to exploit any problems. The "bug bounties" program is being embraced by Facebook, Mozilla, Google and other major Silicon Valley companies, providing thousands of dollars to help identify bugs.
"The trajectory we're on now is completely unsustainable," said Vikram Phatek, NSS Labs CEO, when discussing the current cybersecurity landscape. "There will not be a person in the country who will not have a compromised computer if this goes on. We are ripe for having a major catastrophe."
Despite some resistance from companies weary of paying outside sources to identify security flaws, trying to prevent cybersecurity data breaches will remain a major effort. However, compromising widely used software is a lucrative effort for cybercriminals, with more money seemingly available on the black market.
The United States is increasing its shift towards chip-and-PIN technology to meet an October 2015 deadline, but the transition has been far from easy for many businesses. It turns out 69 percent of SMBs doubt they will be able to meet the late 2015 deadline, with confusion about the technology. In fact, 26 percent of survey respondents from SMBs couldn't identify what an EMV (Europay, MasterCard and Visa) terminal is, according to Software Advice report.
The EMV technology also will prove to be rather confusing for consumers, as 88 percent of US consumers have never made a purchase at an EMV terminal.
"EMV technology is coming to the U.S., but it won't be a smooth transition," said Daniel Humphries, Software Advice IT security researcher, in a statement. "Large firms may be aware of the liability shift and what it requires, but our data shows that only a small percentage of SMBs are prepared. However, there is still plenty of time for SMBs to prepare for the chip-and-pin changeover, and take matters into their own hands. This even represents a golden opportunity for merchants to make their businesses more secure from fraud."