security

Samsung printer hack could let the wrong ones in

Source: http://www.engadget.com/2012/11/29/samsung-printer-hack-could-let-the-wrong-ones-in/

Samsung printer hack could let the wrong ones in

Typically, when we think of hacks, our minds conjure images of compromised security systems, personal computers or server farms, but printers? According to Neil Smith, a researcher from the US Computer Emergency Readiness Team, unauthorized access to those devices could be a very real threat — if you happen to own a Samsung model. Discovered and submitted to the agency this past Monday, the exploit unearthed by Smith takes advantage of an “SNMP backdoor” : an internet protocol that allows for remote network administrative control without authentication. The vulnerability — which would give hackers access to data sent to the printer, as well as control over it (think: ceaseless printing!) — affects most units released before November of this year. For its part, Samsung’s promised a patch will be forthcoming. But, in the meantime, if you want to avoid exposing any personal data or the possibility of a seemingly possessed printer, it’s best you steer clear of rogue WiFi connections.

Filed under: , ,

Comments

Source: ZDNet

Tags: , , , , , , , , , , , , , , , , , ,

Thursday, November 29th, 2012 news No Comments

Here’s A Disastrous Stat For Microsoft (MSFT, AAPL)

Source: http://www.businessinsider.com/heres-a-disasterous-stat-for-microsoft-2012-11

Steve Ballmer

USA Today reports that software security firm Avast surveyed 140,000 of its users, and came up with this stat:

About one-third of Windows 7, Windows Vista and Windows XP users who are ready to buy a new personal computer say they intend to switch to an Apple product.

Obviously that’s very bad news for Microsoft as it rolls out Windows 8/RT.

Daring Fireball’s John Gruber says its great news for Apple:

Historically, the single biggest problem Apple faced in the PC market is that most consumers never even considered buying an Apple computer. If this number of potential switchers is even close to true, Mac and iPad sales are going to continue to grow.

Please follow SAI on Twitter and Facebook.

Join the conversation about this story »



Tags: , , , , , , , , , , , , , , , , , ,

Friday, November 16th, 2012 news No Comments

How Crypto Keys Can Be Stolen Across the Cloud

Source: http://gizmodo.com/5958778/how-crypto-keys-can-be-stolen-across-the-cloud

How Crypto Keys Can Be Stolen Across the CloudMost people are happy to give their neighbours a spare house key in case of emergencies, but you probably wouldn’t want to give them your digital passwords. Now security researchers have shown that you may not have a choice, at least when it comes to cloud computing.

Cloud servers let users run simulations of an ordinary computer, called virtual machines (VMs), on remote hardware. A VM performs exactly as an ordinary computer would, but because it is entirely software-based, many of them can run on a single hardware base. Yinqian Zhang of the University of North Carolina, Chapel Hill, and colleagues have discovered that it is possible for one VM to steal cryptographic keys – used to keep your data secure – from another running on the same physical hardware, potentially putting cloud-computing users at risk.

The attack exploits the fact that both VMs share the same hardware cache, a memory component that stores data for use by the computer’s processor. The attacking VM fills the cache in such a way that the target VM, which is processing a cryptographic key, is likely to overwrite some of the attacker’s data. By looking at which parts of the cache are changed, the attacking VM can learn something about the key in use.

Zhang and team did not test the attack in the cloud for real, but used hardware similar to that employed by Amazon’s cloud service to try stealing a decryption key. They were able to reconstruct a 4096-bit key in just a few hours, as reported in a paper presented at the Computer and Communications Security conference in Raleigh, North Carolina, last month.

This attack won’t apply in all situations, as an attacker would have to establish a VM on the same hardware as yours, which isn’t always possible. What’s more, an attack would not work on hardware running more than two VMs. Still, those looking to use cloud services for high-security applications may want to reconsider.

Image by David Malan/Getty


How Crypto Keys Can Be Stolen Across the CloudNew Scientist reports, explores and interprets the results of human endeavour set in the context of society and culture, providing comprehensive coverage of science and technology news.

Tags: , , , , , , , , , , , , , , , , , , ,

Thursday, November 8th, 2012 news No Comments

I Really Want a Credit Card with a LCD Screen and Touchscreen Keypad

Source: http://gizmodo.com/5958721/i-really-want-a-credit-card-with-a-lcd-screen-and-touchscreen-keypad

I Really Want a Credit Card with a LCD Screen and Touchscreen KeypadYou can have your black card and your credit card carved out of adamantium (just kidding, I would really like that), the only credit card I want is MasterCard’s Display Card. MasterCard has been testing the card that comes with a LCD and touchscreen keypad, for some time and has now introduced it in Singapore. They say the added tech is for security: users can generate a one-time password as an authentication security measure.

Here’s MasterCard:

At present, banking institutions that necessitate a higher level of security for their online banking services require the use of a separate authentication token or device. The innovative 2-in-1 device, which combines the functionality of a standard payment card with a state-of-the-art security token, currently reflects the customer’s OTP. In future, this card could incorporate additional functionalities and be able to indicate other real time information such as available credit balance, loyalty or reward points, recent transactions, and other interactive information.

I’m in the camp of throwing a LCD screen and touchscreen keypad on as much things as you can. I don’t even really care about the security function, I just like staring at screens. [Mastercard via CNET]

Tags: , , , , , , , , , , , , , , , , , ,

Wednesday, November 7th, 2012 news No Comments

Mastercard previewing smartphone web payment system with in-person security strength

Source: http://www.engadget.com/2012/11/07/mastercard-previewing-smartphone-internet-payment-system/

Mastercard previewing EMV internet smartphone payment system with NFCstrength security

Mastercard is already a big fish in the still tiny NFC contactless payment pond, and now it wants to take that same technology to a veritable ocean — internet sales. The plastic purveyor is tag-teaming with ING in the Netherlands for PayPass-based smartphone internet payments that would have a “comparable level of security” to bricks and mortar purchases — by transmitting an EMV-compliant cryptogram or QR code to merchants. That would theoretically make online shopping less risky, and the system would also allow coupons and vouchers to be applied, giving a “similar user experience in both the physical and digital world.” The Dutch trial has already started and will continue until early 2013, but there’s no word if new users can still jump in — check the PR after the break to read the tea leaves for yourself.

Continue reading Mastercard previewing smartphone web payment system with in-person security strength

Filed under: , , ,

Mastercard previewing smartphone web payment system with in-person security strength originally appeared on Engadget on Wed, 07 Nov 2012 10:03:00 EDT. Please see our terms for use of feeds.

Permalink   |   | Email this | Comments

Tags: , , , , , , , , , , , , , , , , ,

Wednesday, November 7th, 2012 news No Comments

Mastercard previewing smartphone web payment system with in-person security strength

Source: http://www.engadget.com/2012/11/07/mastercard-previewing-smartphone-internet-payment-system/

Mastercard previewing EMV internet smartphone payment system with NFCstrength security

Mastercard is already a big fish in the still tiny NFC contactless payment pond, and now it wants to take that same technology to a veritable ocean — internet sales. The plastic purveyor is tag-teaming with ING in the Netherlands for PayPass-based smartphone internet payments that would have a “comparable level of security” to bricks and mortar purchases — by transmitting an EMV-compliant cryptogram or QR code to merchants. That would theoretically make online shopping less risky, and the system would also allow coupons and vouchers to be applied, giving a “similar user experience in both the physical and digital world.” The Dutch trial has already started and will continue until early 2013, but there’s no word if new users can still jump in — check the PR after the break to read the tea leaves for yourself.

Continue reading Mastercard previewing smartphone web payment system with in-person security strength

Filed under: , , ,

Mastercard previewing smartphone web payment system with in-person security strength originally appeared on Engadget on Wed, 07 Nov 2012 10:03:00 EDT. Please see our terms for use of feeds.

Permalink   |   | Email this | Comments

Tags: , , , , , , , , , , , , , , , , ,

Wednesday, November 7th, 2012 news No Comments

Some Guy Bought the Data of 1.1 Million Facebook Users for Just 5 Bucks

Source: http://gizmodo.com/5955086/some-guy-bought-the-data-of-11-million-facebook-users-for-just-5-bucks

Some Guy Bought the Data of 1.1 Million Facebook Users for Just 5 BucksBogomil Shopov, a Bulgarian blogger and digital rights activist, bought 1.1 million Facebook names, user IDs and e-mails for the ridiculously low price of 5 dollars. Yes, for a price of a Subway footlong, Shopov was able to get his hands on your personal data from Facebook. What a deal!

Luckily, Shopov isn’t out to spam people or anything. Instead, he wants to use this as an example of how terribly lax Facebook can be with its security. How did those names and e-mail addresses become available in the first place? Facebook apps. Forbes says:

According to the seller of the information, a Gigbucks user with the handle “mertem,” the data was collected from Facebook applications.”The information in this list has been collected through our Facebook apps and consists only of active Facebook users, mostly from the US, Canada, UK and Europe,” reads the Gigbucks post. “Whether you are offering a Facebook, Twitter, social media related or otherwise a general product or service, this list has a great potential for you.”

The personal data of Facebook users isn’t just from people who keep their profile public, Shopov said he found e-mail addresses that were private and hidden too. Facebook is currently looking into the breach of user data but they haven’t yet come to a resolution. We are at their mercy. [Forbes]

Tags: , , , , , , , , , , , , , , , , , ,

Friday, October 26th, 2012 news No Comments

Google Plans To Kill Its Popular Postini Spam Filtering Service (GOOG, MSFT)

Source: http://www.businessinsider.com/google-plans-to-kill-its-popular-postini-spam-filtering-service-2012-8

Larry Page

Google will soon be turning off its popular spam filtering and e-mail archiving product, Postini. It will shift Postini users to Google Apps.

At last count, Google had over 26 million Postini users, many of them at enterprises. They use this cloud service to filter e-mail for viruses and spam. Postini currently works with Microsoft Exchange and Lotus Notes, so Gmail isn’t required.

Starting this fall, Google will be telling customers that they have to switch.

Apps is Google’s cloud office suite that includes email, calendars and documents. Google has integrated Postini’s security features into Apps. Google promises that Postini customers who sign on for Apps will still be able to use it with Exchange and Lotus Notes. Naturally, they’ll also get Gmail thrown into the mix.

If customers don’t want Apps, “your Postini service will terminate at your contract end date,” Google says.

The first set of customers that will be asked to switch are those renewal dates of November 1, 2012. Customers with renewal dates between mid-August and October 31, 2012 will get a chance to keep the service a little while longer, until Google makes the full transition sometime in 2013. Google hasn’t announced exactly when that will happen.

This is a pretty good way to grab enterpris! e custom ers for Google Apps, instead of letting them move to Microsoft’s competing Office 365. Microsoft has vowed to really push Office 365 in the coming months to compete with Google Apps.

Don’t miss: The 20 Most Valuable Enterprise Tech Companies In The World

Please follow SAI: Enterprise on Twitter and Facebook.

Join the conversation about this story »



Tags: , , , , , , , , , , , , , , , , , ,

Tuesday, August 21st, 2012 news No Comments

Twitter Has A Big Problem With Fake User Accounts

Source: http://www.businessinsider.com/twitter-has-a-big-problem-with-fake-user-accounts-2012-8

using twitter

Everyone knows there’s a sordid industry around selling Twitter followers.

But on Friday, Jason Ding, a researcher from security vendor Barracuda Networks, quantified how bad the problem is for Twitter and how these guys fly under the radar. 

For 75 days, Ding investigated the fake Twitter account business. He and his team fired up three Twitter accounts and then bought 20,000 or 70,000 Twitter followers for each.

Here’s what they discovered:

  • 20 eBay sellers and 58 websites sell Twitter followers, mostly fake accounts.
  • On average, these accounts follow 1,799 other Twitter accounts.
  • It costs about $18 per 1,000 followers.
  • Those selling the fake accounts can earn as much as $800/day.
  • They sell retweets, too. They charge between $2.50 and $55 per 1,000 retweets.
  • Those who buy fake Twitter followers had on average 48,885 followers.

Twitter suspends accounts it knows to be fake. But it’s pretty easy to fool Twitter, Ding’s research shows.

We asked Twitter to comment on the fake account problem in general and this research in particularly and will update the story when we here back.

Please follow SAI on Twitter and Facebook.

Join the conversation about this story »

Tags: , , , , , , , , , , , , , , , , , ,

Monday, August 6th, 2012 news No Comments

A Bird-Man Crashed The Trophy Ceremony At The U.S. Open

Source: http://www.businessinsider.com/video-heres-a-bird-man-crashing-the-trophy-ceremony-at-the-us-open-2012-6

We have seen hundreds of fans crash major sporting events. But this might be the first time that a fan jumped in front of the cameras during a trophy presentation and started making sounds like a bird call before being ushered away by security.

Here is the video (via NBC Sports) and the subsequent zingers from both US Open champion Webb Simpson and Bob Costas…

 

Please follow Sports Page on Twitter and Facebook.

Join the conversation about this story »

Tags: , , , , , , , , , , , , , , , , , , ,

Monday, June 18th, 2012 news No Comments

Dr. Augustine Fou is Digital Consigliere to marketing executives, advising them on digital strategy and Unified Marketing(tm). Dr Fou has over 17 years of in-the-trenches, hands-on experience, which enables him to provide objective, in-depth assessments of their current marketing programs and recommendations for improving business impact and ROI using digital insights.

Augustine Fou portrait
http://twitter.com/acfou
Send Tips: tips@go-digital.net
Digital Strategy Consulting
Dr. Augustine Fou LinkedIn Bio
Digital Marketing Slideshares
The Grand Unified Theory of Marketing