ComputerWorld – Page 164 – Computer Security Articles

Credit to Author: Darlene Storm| Date: Wed, 03 May 2017 07:15:00 -0700

Despite the USA Freedom Act of 2015, the NSA collected 151 million records of Americans’ phone calls last year, even though it had obtained warrants from the FISA court to spy on only 42 people suspected of having ties to terrorism. The NSA also complied with requests from government officials to reveal the identities of 1,934 U.S. persons ensnared in the foreign surveillance.

The annual report, issued by the Office of the Director of National Intelligence, provides the first assessment of the effectiveness of the 2015 USA Freedom Act which was meant to limit dragnet surveillance of millions of Americans’ phone records. In 2016, 151,230,968 was the total estimated number of Americans’ call details records, meaning metadata about calls such as the number of the caller and recipient as well as the duration and time of the call, which the NSA received from providers and then stored in NSA repositories.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

May 3, 2017 admin

Security Sessions: Why CSOs should care about machine learning

In the latest episode of Security Sessions, CSO Editor-in-Chief Joan Goodchild speaks via Skype with Michael A. Davis, the CTO of behavioral analytics company CounterTack. The two discuss why machine learning is so important to CSOs and CISOs, even if they themselves are not particularly investing in such technology for their own security systems.

ComputerWorld Independent

May 3, 2017 admin

The Internet of messy things

Credit to Author: Steven J. Vaughan-Nichols| Date: Wed, 03 May 2017 04:00:00 -0700

In the beginning, devices on the internet were fun. My favorite was the Carnegie-Mellon’s Computer Science Department Coke Machine. Starting in the 1970s, you could “ping” it to see if it had sodas ready and if they were cold yet. It was good, silly fun. Now everything except the cat* is hooked to the internet, and that’s not so funny at all.

Oh, sure, some internet of things (IoT) devices are enjoyable and useful. I have an Amazon Echo in my bedroom and a Google Home in my kitchen. I use them every day. But I’m aware of their privacy problems. You should be too.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

May 2, 2017 admin

IDG Contributor Network: Using defense-in-depth to prevent self-inflicted cybersecurity wounds

Credit to Author: Robert C. Covington| Date: Tue, 02 May 2017 07:32:00 -0700

This past week, I encountered an all too common situation — a user gets a targeted phishing attempt. Despite a strong training program, the user opens the attachment and gets infected with ransomware.

For many organizations, this would have resulted in a disaster. Ransomware would have encrypted files on any servers, and the organization would have been forced to either restore the files from a backup, assuming they had them, or to hold their nose and pay a ransom.

The news was better, however, for the organization I mentioned above.

Fortunately, the premise of their security planning was that someone would eventually shoot them in the foot. With a security plan that assumed this, they had a depth of layered controls to help. While their anti-virus software did not prevent the infection, it did recognize and send an alert about it, after the fact. In the meantime, their web filtering appliances and their DNS service provider, recognizing the call from the infected PC to a command and control server to get an encryption key, blocked access. Since the ransomware client never got the key, it did not encrypt any files. The blocking of command and control access provided the extra time needed to get the PC pulled out of service and repaired.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

May 2, 2017 admin

Vulnerability hits Intel enterprise PCs going back 10 years

Credit to Author: Michael Kan| Date: Tue, 02 May 2017 03:34:00 -0700

Intel is reporting a firmware vulnerability that could let attackers take over remote management functions on computers built over nearly the past decade.

The vulnerability, disclosed on Monday, affects features in Intel firmware that are designed for enterprise IT management.

Enterprises using Intel Active Management Technology, Intel Small Business Technology and Intel Standard Manageability on their systems should patch them as soon as possible, the company says.

The vulnerable firmware features can be found in some current Core processors and all the way back to Intel’s first-generation Core, called Nehalem, which shipped in 2008. They’re part of versions 6.0 through 11.6 of Intel’s manageability firmware.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

May 1, 2017 admin

'May the Fourth' remind users to choose a stronger password

Credit to Author: Matt Hamblen| Date: Mon, 01 May 2017 10:35:00 -0700

May 4 is coming up and has been designated as World Password Day to remind enterprise workers and consumers everywhere to use strong, updated passwords to protect cybersecurity.

The date was picked to align with one of the silliest puns yet: “May the Fourth Be with You” — also known as Star Wars Day. (Get it?) Well, maybe when Thursday, May 4 rolls around, it will still be a reminder for end-users to choose a stronger password and redouble security steps.

Security firm BullGuard cited recent studies showing that 90% of all passwords are vulnerable to attack in seconds. Also, 10,000 common passwords like “qwerty” or “12345678” allow access to 98% of all accounts, BullGuard said. Amazingly, 21% of online users rely on passwords that are 10 years old, the company said.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

May 1, 2017 admin

Career Watch: Be wary of IT employment contracts

Credit to Author: Jamie Eckle| Date: Mon, 01 May 2017 03:30:00 -0700

Q&A: Attorney Jeffrey Scolaro

Jeffrey Scolaro, an attorney at Daley Mohan Groble PC in Chicago and a member of Legal Services Link, answers questions about employment contracts.

Are employment contracts for IT workers negotiable, or are they one-size-fits-all? The axiom that “everything is negotiable” should be where all IT professionals begin their assessment of proposed employment contracts. However, the IT industry in particular can be especially rigid in its collective enforcement of employment agreements.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

April 30, 2017 admin

NSA ends surveillance tactic that pulled in citizens' emails, texts

Credit to Author: Michael Kan| Date: Sun, 30 Apr 2017 07:01:00 -0700

The U.S. National Security Agency will no longer sift through emails, texts and other internet communications that mention targets of surveillance.

The change, which the NSA announced on Friday, stops a controversial tactic that critics said violated U.S. citizens’ privacy rights.

The practice involved flagging communications where a foreign surveillance target was mentioned, even if that target wasn’t involved in the conversation. Friday’s announcement means the NSA will stop collecting this data.

“Instead, this surveillance will now be limited to only those communications that are directly ‘to’ or ‘from’ a foreign intelligence target,” the NSA said in a statement.

To read this article in full or to leave a comment, please click here