Security / Opinions

Google's YouTube Kids video site reportedly rife with sleaze

I don't believe in censorship, and I think it's the responsibility of parents to keep their kids away from inappropriate content on the Web. However, if a service is specifically aimed at children and marketed as a safe offering for them, that's exactly what it should be. YouTube Kids, on the other hand, is loaded with content that children should never see, according to the Campaign for Commercial Free Childhood and the Center for Digital Democracy, two consumer protection groups.

Written by Bill Snyder20 May 15 23:24

Data held hostage; backups to the rescue

Last year, I wrote about a ransomware infection that encrypted the hard drive of one of my company's employees. In that situation, a live, in-person scammer called the employee, claiming to be from "technical support," and tricked the employee into visiting a website that infected his computer. As with a similar situation I wrote about in 2012, the infection came from an advertisement on the front page of a major news service's website. The website runs rotating ads, one of which was compromised and hit the victim with a drive-by malware infection (without any intervention by or even the knowledge of the victim). I thought that because the infection was on the victim's personal computer, not on my company's network, we were pretty safe. I thought that if it had been on my network, the attempt probably would have failed, or would at least have been detected right away.

Written by By J.F. Rice19 May 15 23:08

Who's flying the plane? The latest reason to never ignore security holes

Some things are just so predictable. A retailer is told about a mobile security hole and dismisses it, saying it could never happen in real life -- and then it happens. A manufacturer of passenger jets ridicules the risk posed by a wireless security hole in its aircraft, saying defensive mechanisms wouldn't let it happen -- and then it happens.

Written by Evan Schuman19 May 15 19:09

Europe's war against U.S. tech is wrongheaded

What do Facebook, Apple, Google, Amazon and Netflix have in common? In addition to being U.S. tech giants, they're in the crosshairs of European regulators and may face big fines and stiff rules reining in the way they operate on the continent.

Written by Preston Gralla14 May 15 04:12

How to read The New York Times for free online

The New York Times Web paywall lets you read up to 10 free articles a month online. If you want more, you have to pay for a digital subscription.

Written by James A. Martin14 May 15 01:45

Taking our breach response plan for a test-drive

One thing that we security managers can be sure of is this: There is no guarantee that our company will not suffer a security breach. In fact, the odds are increasing all the time, helped along by the proliferation of mobile devices, companies' heavy use of software as a service and the consumerization of IT. And let's face it: Creating a culture that fosters innovation and attracts talent exacts a cost in defensibility.

Written by By Mathias Thurman12 May 15 07:08

Awareness lessons from the Sony hack

As more information is disclosed from the Sony hack, it demonstrates that awareness concerns go well beyond phishing.

Written by Ira Winkler07 May 15 04:42

New IFTTT 'recipes' help you do more with Amazon Echo

The initial novelty of Amazon's Echo smart home device quickly wore thin, and I find myself using it less and less. However, the "Siri with a speaker" gadget, which is still available only by invitation (or via eBay), just got a bit more useful, thanks to new integration with IFTTT.

Written by James A. Martin07 May 15 01:04

Digital Dumpster diving: A trashcan that reports on what you throw away

Every now and then, a product comes along that is either genius-level brilliant or celestially clueless. To get the CC award, product designers must force themselves to not only ignore the bad ways the product could be used or to naively believe that minimal safeguards would prevent them. For your consideration: the GeniCan, which scans and otherwise figures out almost everything you are throwing away or recycling and wirelessly transmits that data back to the mother ship.

Written by Evan Schuman05 May 15 19:09

Florida (mad)man inserts NFC chip in hand for Android 'biohack'

Something tells me Florida-based, U.S. Navy Petty Officer Seth Wahle is a bit of a character. Wahle, who is also an engineer at APA Wireless, tells that he paid an "unlicensed amateur" $40 to insert a small NFC chip housed in a glass capsule into his hand, between his thumb and forefinger, in an attempt to "biohack" -- when electronics designed for hacking are embedded in the body -- and control Android phones.

Written by Al Sacco01 May 15 01:29

To get more secure, first figure out where you want to go

It's always a good idea to point the car in the right direction before pressing the gas pedal, right? Why is it, then, that so many people lose sight of that simple concept?

Written by By Kenneth van Wyk29 April 15 05:40

The Irari rules for declaring a cyberattack ‘sophisticated'

Organizations hit by a cyberattack have reason to call the attack "sophisticated." But calling an attack sophisticated doesn't make it sophisticated. We have put our heads together and come up with some rules for determining whether an attack is sophisticated, and we have put our names together (Ira and Ari) to give these rules a name: the Irari rules. If any of the following conditions occur, the attack is not sophisticated:

Written by By Ira Winkler and Araceli Treu Gomes23 April 15 01:24

Discovering a blind eye to vulnerabilities

Last week, I was horrified to discover a problem with my vulnerability scanner. The product I use relies on a user account to connect to our Microsoft Windows servers and workstations to check them for vulnerable versions of software, and that user account had never been configured properly. As a result, the scanner has been blind to a lot of vulnerabilities. And this has been going on for a long time.

Written by By J.F. Rice13 April 15 23:47

With greater visibility comes increased response

I mentioned in a previous article that we are using a "loaner" Palo Alto Networks firewall, with all the bells and whistles. Our testing led to all sorts of interesting discoveries, and I certainly hope that the executive staff will agree that the increased visibility makes this sort of new-generation firewall well worth the investment.

Written by By Mathias Thurman09 April 15 23:51

Three lies about Google Glass

Google Executive Chairman Eric Schmidt shocked everyone last week by telling The Wall Street Journal that Google isn't killing Google Glass.

Written by Mike Elgan06 April 15 05:04

Research says online password meters are unreliable

By now, you've probably been lectured about the importance of using strong passwords by your company's IT department, technology-savvy friends and any number of tech writers. You get it, so I won't repeat the lecture. However, the passwords you think are strong might not be.

Written by Bill Snyder31 March 15 06:47

Where's the data?

It's a time-honored tradition: U.S. businesses find ways to skirt inconvenient or expensive laws by moving operations to other countries. Thus we have had U.S. corporations operating overseas to exploit child labor, run sweatshops or avoid taxes and rigorous health and safety inspections. Now the U.S. government says something similar is happening in regards to email.

Written by Evan Schuman18 March 15 01:56

Market Place