Broadening the Scope of Mobile Security

Most enterprises, when addressing mobile security, focus on securing applications, such as the devices' operating systems, or preventing the installation of malware. But the cybersecurity experts at the National Institute of Standards and Technology say organizations should take a much broader approach to ensuring mobile security.

Referring to the need to address the risks posed by cellular networks and other elements of the mobile infrastructure, NIST Cybersecurity Engineer Joshua Franklin says: "There is this whole other side of a mobile device that has its own complex hardware, firmware, software and network protocols that need to be addressed." Franklin co-authored the recently released draft report, Assessing Threats to Mobile Devices & Infrastructure: the Mobile Threat Catalogue.

Official: Cloud computing is now mainstream

Cloud computing is so mainstream these days that maybe it should just be called “computing”. That’s what an IDC survey of 6,100 organisations in 31 countries, released today, indicates, with 68 per cent of respondents using public, private or hybrid cloud in their IT mix. This is a 60 per cent jump from 42 per cent of respondents doing cloud in 2015.

IDC reckons that just three per cent of the organisations have deploying cloud-optimised strategies resulting in "superior business outcomes".

And of this select “cloud-advanced” bunch, Ninety-five per cent have built a hybrid infrastructure that uses “multiple private and public clouds based on economics, location and governance policies”.

Gamification of the aviation sector

Restructuring IT systems in the aviation sector requires cross-disciplinary collaboration between experts from different organisations and countries. This isn't easy. Can help be found in the world of computer games?

The use of games mechanics for purposes other than pure entertainment is called gamification. In recent years the method has been used in different settings to boost user involvement and motivation linked to a variety of activities.
"In its simplest form this may just be hype, such as awarding points for things like filling out your time sheet before the weekend," says SINTEF researcher Erlend Andreas Gjære. "But our focus is on quite a different track," he says.
Together with researchers from Italy and Germany, Gjære and his colleagues at SINTEF are going to find out how aspects of games technology can be applied in a context somewhat out of the ordinary. Specifically – how to achieve the best possible adaptive solutions to changes in information security, safety, economics and organisation in the aviation sector.

GERMANY PLANS FACIAL RECOGNITION AT AIRPORTS AND TRAIN STATIONS

Germany is planning to introduce facial recognition software to cameras at transport hubs as part of new anti-terrorism measures, the country’s interior minister has announced.

Thomas de Maiziere told German newspaper Bild am Sonntag that the technology would be able to identify suspects following two attacks by Islamist militants in the past month.

“I would like to use this kind of facial recognition technology in video cameras at airports and train stations,” de Maiziere told the paper. “Then, if a suspect appears and is recognized it will show up in the system.”

Try Newsweek for only $1.25 per week

De Maiziere also suggested other security measures were being considered, adding: “We will have to get used to increased security measures, such as longer queues, stricter checks or personal entry cards. This is tedious, uncomfortable and costs time but I don’t think it’s a limitation of personal freedom.”

German Chancellor Angela Merkel has been under increased political pressure to introduce stricter measures since the recent attacks, however, privacy advocates have criticized proposals for increased surveillance.

A spokesperson for Germany’s Green Party told DPA news agency that the plan was “half-baked.”

Read More@ http://www.newsweek.com/germany-plans-facial-recognition-airports-train-stations-security-attack-492740

Data Center SDN: Comparing VMware NSX, Cisco ACI, and Open SDN Options

The data center network layer is the engine that manages some of the most important business data points you have. Applications, users, specific services, and even entire business segments are all tied to network capabilities and delivery architectures. And with all the growth around cloud, virtualization, and the digital workspace, the network layer has become even more imporant.

Most of all, we’re seeing more intelligence and integration taking place at the network layer. The biggest evolution in networking includes integration with other services, the integration of cloud, and network virtualization. Let’s pause there and take a brief look at that last concept.

The Future Of Situational Awareness

The Defense Advanced Research Projects Agency, or DARPA, has kicked off its Squad X Core Technologies program in a bid to try and improve soldiers and Marines situational awareness in treacherous and degraded environments.  Major Christopher Orlowski, DARPA program manager for Squad X, says the program aims to augment troops physical senses via acoustic and visual senses.

DARPA has therefore awarded phase-one contracts to nine defense companies: Helios Remote Sensor Systems, Kitware, Leidos, Lockheed Martin, Raytheon, Scientific Systems Company Inc., Six3 Systems, Inc., SoarTech and SRI International, according to Hackread.

Each of the nine companies are meant to work in one of the four research areas which include precision engagement, non-kinetic engagement, squad sensing and squad autonomy.

In precision engagement, DARPA is looking for guided munitions capabilities that could be fired from current weapons platforms, Orlowski explained. In non-kinetic engagement, the agency is looking for technology that is able to ‘disrupt enemy command and control, communications and use of unmanned assets at a squad-relevant operational pace’. Squad sensing wise means technology that can sense and detect potential threats 1 km away. Squad sensing was focused on primarily identifying humans and unmanned systems within the environment and then determining whether or not those were threats.

Read More@ http://i-hls.com/2016/05/the-future-of-situational-awareness/

Can IT keep up with big data?

Though IT and its functions and responsibilities have changed over the years, there's one area that remains consistent: IT primarily focuses on major enterprise applications and on large machines—whether they are mainframes or super servers.

When IT deals with big data, the primary arena for it is, once again, large servers that are parallel processing in a Hadoop environment. Thankfully for the company at large, IT also focuses on reliability, security, governance, failover, and performance of data and apps—because if it didn't, there would be nobody else internally to do the job that is required. Within this environment, IT's job is most heavily focused on the structured transactions that come in daily from order, manufacturing, purchasing, service, and administrative systems that keep the enterprise running. In this environment, analytics, unstructured data and smaller servers in end user departments are still secondary.

Is Hadoop losing its spark?

A 2015 survey by Gartner Inc. revealed that only 18 percent of respondents expressed their desire to either try out or adopt Hadoop in the next few years. However, this report is not the only one which suggested that Hadoop’s star is fading.

Newer big data frameworks such as Spark have started to gain momentum and, according to the Apache Software foundation, companies are running Spark on clusters of thousands of nodes, which the biggest cluster encompassing nearly 8,000 nodes. Although many people rushed into writing Hadoop’s obituary, market research firm MarketAnalysis.com announced in its June 2015 report that the Hadoop market was projected to grow at an annual rate of 58 percent, surpassing $1 billion by the year 2020.

Is the internet becoming less secure?

There’s been no shortage of scandals surrounding internet security within recent months. A seemingly endless stream of websites appear to be hacked, with companies such as vTech, Ashley Madison and TalkTalk, to give a few high-profile examples, having their databases compromised.

These security breaches have been detrimental to the image of these companies. TalkTalk was perhaps hit the hardest, with 101,000 customers leaving on the back of the hacking scandal.

How The 'Internet of Things' Impacts Security

The range and number of “things” connected to the internet is truly astounding, including security cameras, ovens, alarm systems, baby monitors and cars. They’re are all going online, so they can be remotely monitored and controlled over the internet. But many have security or privacy holes. Here’s what to look for to keep yourself safe online.

Internet of Things (IoT) devices typically incorporate sensors, switches and logging capabilities that collect and transmit data across the internet.

Tackling Data Theft With Managed Security Services

While organizations across the world have begun to appreciate the criticality of data security, the cost and sophistication of data breaches have increased simultaneously, posing a serious threat to governments and businesses alike. The situation becomes even more dire if companies lack the required security talent to deal with such cyber menaces.

Bringing better security to BYOD

For most of us, our mobile and personal devices have become extensions of our lives and even bodies. Most of us carry our smartphones with us all the time, and when we can’t find them, we feel lost.

We are essentially always on, always connected to the Internet. This notion of anytime, anywhere access has extended not only to our personal lives but also our professional.

SEE ALSO: How to run a WQHD monitor at 2,560 x 1,440 via HDMI on an Intel HD3000, HD4000

In the name of employee productivity, Bring Your Own Device (BYOD) policies have become widespread and blurred the lines between our personal and corporate lives. Employees bringing their personal devices into work-related activities and communications both inside and outside of regular working hours have become the norm practice.

Companies must embrace BYOD strategically

Research shows that the Bring Your Own Device (BYOD) trend is not only here to stay, but will, in fact, grow in significance in next few years. Human Capital Management and HR experts at CRS Technologies believe that businesses ought to conduct a thorough cost and needs analysis before applying a strategy.

The company refers to Gartner studies on this evolving trend, specifically the prediction that almost four in ten (40%) organisations will rely exclusively on BYOD by 2016.

“Meaning they will no longer provide devices to employees. Additionally, eighty five percent of businesses will have some kind of BYOD program in place by 2020,” says James McKerrell, CEO of CRS Technologies.

Against this background of fast growing significance and relevance to the market, it is to be expected that companies will be eager to formulate and apply a BYOD strategy as a matter of urgency.

But it is more advisable for business decision makers to take a step back, consider a number of factors and measure these against core business requirements – irrespective of how attractive the proposition to reduce company investment in devices and lower costs is to financial directors, says McKerrell.

Be wary
Key considerations include data privacy and security, compatibility, and tech leasing. As McKerrell explains if employees are allowed to use their own mobile devices at work there is a need to implement a robust BYOD security policy.

“This policy should clearly state the company’s position and governance policy to ensure network security is not breached. Privacy can be compromised on both sides. Just one stolen phone can send an entire organisation into crisis. Things like remote deletion of data and access points come to the fore,” he says.

Expert: Mobile security to be focus in 2016

As mobile use continues to expand, security in the mobile space is becoming more important. Here is how one expert believes mobile and security will change in 2016.

iOS security will take center stage
"[Expect] more iOS kernel exploits and jailbreaks for iOS 9.2 and 9.3. We believe a vulnerability similar to Stagefright will emerge on iOS, proving no OS is safe from motivated attackers. We'll also see another Airdrop-esque attack, which will allow hackers to send and install malware on any device within range," said Zuk Avraham, Founder, Chairman & CTO, Zimperium.

Android devices will continue to have late updates

"Despite all of the criticism and pressure Android received this year following our discovery of the Stagefright vulnerability, many Android devices still aren't likely to receive timely updates in 2016. Hackers will continue to target Android and we expect more exploits to take advantage of the shared address space ASLR weakness to gain system privileges. Given the further adoption of SELinux, kernel exploits will also become more important for rooting," said Avraham.

More security breech headlines

"This is due to participation in bug bounty programs, which provide compensation and recognition to hackers who discover and report vulnerabilities in a company's security infrastructure. As companies realize the value of these programs and build the internal acumen to digest the results, more organizations will formalize these programs. Legislative changes will also push researchers toward public disclosure," said Avraham.

Read More: http://www.bizreport.com/2015/12/expert-mobile-security-to-be-focus-in-2016.html

Managed Security Services Prove Their Worth

The world of cybersecurity changes every day. New threats enter the security landscape, and organizations leverage new and better tools to deal with these threats. At the same time, business users travel around the world, carrying notebooks, tablets and smartphones that contain sensitive information. How can enterprises continue to secure data in such a dynamic environment?

Cloud-based security solutions — known as Security as a Service, delivered by managed security service providers — fill this gap. Cloud-based security offerings provide organizations with the flexibility to respond to an increasingly diverse spectrum of attacks. Once considered fringe products, Security as a Service offerings now play a critical role in building strong defenses.

The Benefits of Security as a Service

Security as a Service providers offer several key benefits that simply aren’t found in traditional on-premises offerings. Cloud-based products are often scalable, affordable options that offer state-of-the-art security controls with only a fraction of the administrative burden needed to support on-premises systems.

Cloud providers design their service offerings with scalability in mind. The hundreds or thousands of customers they serve simultaneously demand highly scalable solutions that easily accommodate both predictable and unpredictable spikes in usage. If an organization’s website sees a sudden spike in demand — perhaps with the arrival of a seasonal peak or because of media coverage — an on-premises solution may not cope with that demand without a time-consuming and expensive hardware upgrade. Cloud security offerings can automatically scale to meet changing needs.

Read More: http://www.biztechmagazine.com/article/2015/11/managed-security-services-prove-their-worth

Docker Doubles Down on Security With Nautilus, Hardware Encryption

BARCELONA, Spain—As Docker container adoption grows, so too does the need for robust security. Today at the DockerCon EU conference here, Docker announced several new security-focused efforts, building on existing security that Docker has been pushing this year.
During the opening two-hour general keynote session, Docker founder Solomon Hykes emphasized that developers do care about security, but it's important that security is actually usable.

"You can give developers the most secure tools in the world, but if the tools get in the way, they won't use it and the result is unusable security, which is really not security at all," Hykes said. "By providing usable security tools, we can move the needle on improving security for everyone."
Docker's foray into security tools got its first big push in August, when Docker Content Trust debuted alongside the Docker 1.8.0 release. Docker Content Trust makes use of the open-source Notary project, which aims to enable secure updating by way of authenticated and signed application images.

Part of the Content Trust approach relies on encryption keys, which are now being hardened further. Hykes announced new experimental support for hardware encryption with Yubico USB keys. Going a step further, Hykes and Docker actually gave all attendees of the DockerCon EU keynote their own key.

In an interview with eWEEK, Nathan McCauley, director of security at Docker, explained that the Yubico technology is all about hardware encryption and not so much about two-factor authentication. Yubico builds USB keys that are compliant with the FIDO Alliance Universal Second Factor (U2F) specification. The Yubico key Docker uses is a hardware-encrypted token that never reveals the private root encryption key that is used to sign an application image.
The hardware encryption support is currently in the experimental branch of Docker, and it could land in the Docker 1.10 release later this year or early 2016, according to McCauley.

Read More: http://www.eweek.com/security/docker-doubles-down-on-security-with-nautilus-hardware-encryption.html

5 mobile security flaws you should know

Windows Phone, Android, iOS — no operating system is completely bulletproof from security problems.

Mobile devices can be a scary thing to think about after major security vulnerability emerged in July in Android, called the Stagefright bug — which lets cyber criminals hack a smartphone simply by sending a text message.

A Stagefright 2.0, which allowed a hacker to gain control of a smartphone via an MP3 or MP4 video, sprang up in October before Samsung, Google, LG and other tech giants enforced monthly security smartphone security updates following the original bug, according to the Guardian.

Apple devices can also be susceptible to security problems.

A hacking team received $1 million from startup company Zerodium after the group discovered an unknown, or zero-day, vulnerability in iOS.

But such risks are not limited to just smartphones.

"I think they're in the spotlight right now because they can do so many things, and carry so much information and interfaces," said Jan Volzke, Vice President of Reputation Services at Whitepages, a contact information and identity verification company.

Here's a quick list of top mobile security flaws you should know:

Clicking on links or opening a suspicious email enables hackers to collect and access sensitive information, such as Social Security numbers and SMS messages.

They can even steal credit card numbers and online banking transactions directly and install spyware on a device to access personal data.

Experts at the Alcatel-Lucent's Motive Security Labs confirmed a rapid increase of mobile device infections, with a 25% spike in 2014, compared with 20% in 2013, according to the Motive Security Labs H2 2014 Malware Report.

Read More: http://www.nydailynews.com/news/national/5-mobile-security-flaws-article-1.2451562

ANZ launches Android mobile wallet across the Tasman

ANZ Bank NZ has released a contactless payments service for Android smartphones with a zero liability protection against fraudulent debit and credit transactions.

Called goMoney Wallet, the new application is integrated into the bank's existing Android app, which allows customers to check balances, transfer money and make payments. It will be available from tomorrow.

ANZ Australia also intends to launch a mobile wallet early next year, a bank spokesperson told iTnews.

The Australian version will take a different approach to the Kiwi mobile wallet, however, and will operate as a standalone application that is not integrated with goMoney.

ANZ Australia launched the ePOS iPhone-based solution for merchants to accept credit card payments in 2010.

Liz Maguire, the bank's NZ head of digital channels and transformation, said the driver for developing the mobile wallet came from customers.

"A mobile wallet was the number one request from ANZ goMoney customers when they were surveyed this year," Maguire said.

She said the mobile wallet uses host card emulation technology via NFC supported on newer devices running Google's Android operating system, and at merchants with contactless payments terminals.

Payments can only be performed within two centimetres of the terminal and with the phone active and providing confirmation, as a precaution against accidental transactions.

ANZ said the goMoney app uses "high-grade encryption and sophisticated fraud monitoring systems". Card details are sent encrypted via NFC to the terminal, and the system meets Visa's security certification requirements, the bank said.

Read More: http://www.itnews.com.au/news/anz-launches-android-mobile-wallet-across-the-tasman-412740

The security risks of IoT devices

The Internet of Things (IoT) isn’t a new concept, but it has gained momentum especially within the last year, as more and more connected devices have come to market. While connecting everything brings added convenience to our everyday lives, it’s crucial to understand what we may be compromising from a security perspective, and importantly, which devices could pose a threat either now or in the future.

With so many connected devices we decided to take a look at those that have made the headlines so far this year. Cars, for instance, have only recently become connected, although they have long been computerized. However, with poor Internet security expertise some manufacturers are being caught out.

In April, Cyber security experts Charlie Miller and Chris Valasek revealed a software flaw that allowed them to take control of a Jeep Cherokee on the move -- all from a laptop computer at home. Hacking into the Jeep’s electronics through the entertainment system, they were able to change the vehicle’s speed, alter its braking capability, and manipulate the radio and windscreen wipers. The two described the hack as "fairly easy" and "a weekend project".

A few months later, news broke that researchers had hacked a Tesla Model S, once again via the car’s entertainment system. Although it took closer to a year to pull this hack off, the researchers were able to apply the hand brake, lock and unlock the car, and control the touch screen displays. Tesla quickly developed a fix, which has been sent to all of the affected vehicles.

Hacked vehicles are an obvious cause for concern, but the hazards presented by apparently innocuous devices such as the "smart fridge" or "connected toaster" also warrant equal consideration. The thought of a hacker gaining control of your refrigerator may be less daunting than them taking control of your steering wheel on the motorway, but these products can act as a gateway to much more sensitive information.

Read More: http://betanews.com/2015/11/30/the-security-risks-of-iot-devices/

Britain has declared war on Internet security

For the past two and a half years, many have hoped that the mass surveillance programs revealed by U.S. National Security Agency whistleblower Edward Snowden would inspire serious reform of Western intelligence agencies, nudging the post-9/11 national security pendulum back in the direction of privacy and civil liberties. Unfortunately, the opposite is occurring.

With few exceptions, the past year has seen governments around the world double down on intrusive mass surveillance. Unprecedented and draconian new laws crafted in the name of fighting crime and terrorism have emerged in France, Australia and many other countries. Last month the U.S. Senate passed the Cybersecurity Information Sharing Act, a deceptively named bill that has nothing to do with security and everything to do with having companies give more of their customers’ data to U.S. government agencies. And last week, U.K. Home Secretary Theresa May presented a long-awaited draft of the new Investigatory Powers Bill, a collection of sweeping reforms that would give more powers to British police and spy agencies, including the Government Communications Headquarters (GCHQ), the NSA’s close ally and longtime collaborator.

The U.K. draft law is a nightmarish cocktail of bad ideas from both sides of the pond — an authoritarian wish list that goes beyond even the NSA’s powers. Rather than roll back its most indefensible abuses, the text makes clear that the British government intends to retroactively legitimize the most invasive and legally dubious surveillance activities that Snowden exposed. As Snowden put it, the bill is an attempt “to fit the law around the spying, rather than making spying fit the law.” If successful, it will have dire consequences in the U.K., the U.S. and beyond.

Read More: http://america.aljazeera.com/opinions/2015/11/britain-has-declared-war-on-internet-security.html