Saturday, May 18, 2024
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

Networking

ComputerWorld Independent 

Blockchain can help secure medical devices, improve patient privacy

admin , ,

Credit to Author: Tim Greene| Date: Mon, 27 Mar 2017 11:20:00 -0700

BOSTON — Blockchain can help secure medical devices and improve patient privacy, but the key is proper implementation, according to a top security pro at Partners Healthcare.

The downsides would include mistrust of the technology because of blockchain’s potential performance problems, and its association with ransomware and use as payment for illegal items on the Dark Web, Partners’ Deputy CISO Esmond Kane told the SecureWorld audience last week in Boston.

On the other hand, the decentralized, encrypted public ledger could have a wealth of applications in healthcare, Kane says. These include streamlining the resolution of insurance claims, management of internet of things medical devices and providing granular privacy settings for personal medical data.

To read this article in full or to leave a comment, please click here

Read more
ComputerWorld Independent 

Cisco issues critical warning after CIA WikiLeaks dump bares IOS security weakness

admin , ,

Credit to Author: Michael Cooney| Date: Tue, 21 Mar 2017 08:50:00 -0700

A vulnerability in Cisco’s widely deployed IOS software that was disclosed in the recent WikiLeaks dump of CIA exploits has triggered the company to release a critical warning for its Catalyst networking customers.

+More on Cisco Security on Network World: Cisco security advisory dump finds 20 warnings, 2 critical+

The vulnerability — which could let an attacker cause a reload of an affected device or remotely execute code and take over a device — affects more than 300 models of Cisco Catalyst switches from the model 2350-48TD-S Switch to the Cisco SM-X Layer 2/3 EtherSwitch Service Module.

To read this article in full or to leave a comment, please click here

Read more
ComputerWorld Independent 

The ultimate guide to strategic tech partners

admin , , , , ,

Credit to Author: Bob Violino| Date: Mon, 20 Mar 2017 03:38:00 -0700

The IT vendor landscape is constantly in flux, with mergers, acquisitions, new technology developments and the growth of the cloud having a huge impact on which companies might be the most strategic partners for organizations looking to enhance their technology infrastructure.

To read this article in full or to leave a comment, please click here

(Insider Story)

Read more
ComputerWorld Independent 

Unpatched vulnerability puts Ubiquiti networking products at risk

admin , ,

Credit to Author: Lucian Constantin| Date: Thu, 16 Mar 2017 13:34:00 -0700

An unpatched command injection vulnerability could allow hackers to take over enterprise networking products from Ubiquiti Networks.

The vulnerability was discovered by researchers from SEC Consult and allows authenticated users to inject arbitrary commands into the web-based administration interface of affected devices. These commands would be executed on the underlying operating system as root, the highest privileged account.

Because it requires authentication, the vulnerability’s impact is somewhat reduced, but it can still be exploited remotely through cross-site request forgery (CSRF). This is an attack technique that involves forcing a user’s browser to send unauthorized requests to specifically crafted URLs in the background when they visit attacker-controlled websites.

To read this article in full or to leave a comment, please click here

Read more
ComputerWorld Independent 

FCC halts data security rules

admin , , ,

Credit to Author: John Ribeiro| Date: Thu, 02 Mar 2017 03:59:00 -0800

The U.S. Federal Communications Commission has halted new rules that would require high-speed internet providers to take ‘reasonable’ steps to protect customer data.

In a 2-1 vote that went along party lines, the FCC voted Wednesday to stay temporarily one part of privacy rules passed in October that would give consumers the right to decide how their data is used and shared by broadband providers.

The rules include the requirement that internet service providers should obtain “opt-in” consent from consumers to use and share sensitive information such as geolocation and web browsing history, and also give customers the option to opt out from the sharing of non-sensitive information such as email addresses or service tier information.

To read this article in full or to leave a comment, please click here

Read more
ComputerWorld Independent 

This tool can help you discover Cisco Smart Install protocol abuse

admin ,

Credit to Author: Lucian Constantin| Date: Tue, 28 Feb 2017 09:01:00 -0800

For the past few weeks attackers have been probing networks for switches that can potentially be hijacked using the Cisco Smart Install (SMI) protocol. Researchers from Cisco’s Talos team have now released a tool that allows network owners to discover devices that might be vulnerable to such attacks.

The Cisco SMI protocol is used for so-called zero-touch deployment of new devices, primarily access layer switches running Cisco IOS or IOS XE software. The protocol allows newly installed switches to automatically download their configuration via SMI from an existing switch or router configured as an integrated branch director (IBD).

The director can copy the client’s startup-config file or replace it with a custom one, can load a particular IOS image on the client and can execute high-privilege configuration mode commands on it. Because the SMI protocol does not support any authorization or authentication mechanism by default, attackers can potentially hijack SMI-enabled devices.

To read this article in full or to leave a comment, please click here

Read more
ComputerWorld Independent 

SK Telecom pushes for interoperable quantum crypto systems

admin , , , ,

Credit to Author: Martyn Williams| Date: Mon, 27 Feb 2017 10:34:00 -0800

SK Telecom and Nokia have developed a prototype quantum cryptography system that combines the South Korean company’s quantum key server with an encryption device from Nokia.

The system, shown Monday at Mobile World Congress in Barcelona, was put together to demonstrate interoperability between the two vendors and comes as SK Telecom kicks off a push to get telecom carriers and equipment vendors working together on next-generation quantum-secured networks.

Quantum cryptography involves the transmission of encryption keys across fiber optic networks. It relies on the principles of quantum mechanics to detect if an eavesdropper has viewed a key en route.

To read this article in full or to leave a comment, please click here

Read more
ComputerWorld Independent 

Amid cyberattacks, ISPs try to clean up the internet

admin , , ,

Credit to Author: Michael Kan| Date: Thu, 23 Feb 2017 06:26:00 -0800

If your computer’s been hacked, Dale Drew might know something about that.

Drew is chief security officer at Level 3 Communications, a major internet backbone provider that’s routinely on the lookout for cyberattacks on the network level. The company has linked more than 150 million IP addresses to malicious activity worldwide.

That means all of those IP addresses have computers behind them that are probably involved in distributed denial-of-service attacks, email spam, or breaches of company servers, Drew said.

Hackers have managed to hijack those computers to “cause harm to the internet,” but the owners don’t always know that, Drew said. 

To read this article in full or to leave a comment, please click here

Read more