I don't believe in censorship, and I think it's the responsibility of parents to keep their kids away from inappropriate content on the Web. However, if a service is specifically aimed at children and marketed as a safe offering for them, that's exactly what it should be. YouTube Kids, on the other hand, is loaded with content that children should never see, according to the Campaign for Commercial Free Childhood and the Center for Digital Democracy, two consumer protection groups.
Security / Opinions
Last year, I wrote about a ransomware infection that encrypted the hard drive of one of my company's employees. In that situation, a live, in-person scammer called the employee, claiming to be from "technical support," and tricked the employee into visiting a website that infected his computer. As with a similar situation I wrote about in 2012, the infection came from an advertisement on the front page of a major news service's website. The website runs rotating ads, one of which was compromised and hit the victim with a drive-by malware infection (without any intervention by or even the knowledge of the victim). I thought that because the infection was on the victim's personal computer, not on my company's network, we were pretty safe. I thought that if it had been on my network, the attempt probably would have failed, or would at least have been detected right away.
Some things are just so predictable. A retailer is told about a mobile security hole and dismisses it, saying it could never happen in real life -- and then it happens. A manufacturer of passenger jets ridicules the risk posed by a wireless security hole in its aircraft, saying defensive mechanisms wouldn't let it happen -- and then it happens.
What do Facebook, Apple, Google, Amazon and Netflix have in common? In addition to being U.S. tech giants, they're in the crosshairs of European regulators and may face big fines and stiff rules reining in the way they operate on the continent.
The feedback from our last article, in which we laid out what we call the Irari Rules for classifying a cyberattack as "sophisticated," was overwhelmingly positive. Nonetheless, a few people we respect disagreed with us. Ironically, examining why they disagreed demonstrates why the Irari Rules are relevant.
The New York Times Web paywall lets you read up to 10 free articles a month online. If you want more, you have to pay for a digital subscription.
One thing that we security managers can be sure of is this: There is no guarantee that our company will not suffer a security breach. In fact, the odds are increasing all the time, helped along by the proliferation of mobile devices, companies' heavy use of software as a service and the consumerization of IT. And let's face it: Creating a culture that fosters innovation and attracts talent exacts a cost in defensibility.
Microsoft is set to upend a 12-year practice of providing security patches on the same day each month to everyone. Or not.
As more information is disclosed from the Sony hack, it demonstrates that awareness concerns go well beyond phishing.
The initial novelty of Amazon's Echo smart home device quickly wore thin, and I find myself using it less and less. However, the "Siri with a speaker" gadget, which is still available only by invitation (or via eBay), just got a bit more useful, thanks to new integration with IFTTT.
Every now and then, a product comes along that is either genius-level brilliant or celestially clueless. To get the CC award, product designers must force themselves to not only ignore the bad ways the product could be used or to naively believe that minimal safeguards would prevent them. For your consideration: the GeniCan, which scans and otherwise figures out almost everything you are throwing away or recycling and wirelessly transmits that data back to the mother ship.
Something tells me Florida-based, U.S. Navy Petty Officer Seth Wahle is a bit of a character. Wahle, who is also an engineer at APA Wireless, tells Forbes.com that he paid an "unlicensed amateur" $40 to insert a small NFC chip housed in a glass capsule into his hand, between his thumb and forefinger, in an attempt to "biohack" -- when electronics designed for hacking are embedded in the body -- and control Android phones.
It's always a good idea to point the car in the right direction before pressing the gas pedal, right? Why is it, then, that so many people lose sight of that simple concept?
Organizations hit by a cyberattack have reason to call the attack "sophisticated." But calling an attack sophisticated doesn't make it sophisticated. We have put our heads together and come up with some rules for determining whether an attack is sophisticated, and we have put our names together (Ira and Ari) to give these rules a name: the Irari rules. If any of the following conditions occur, the attack is not sophisticated:
Sony is reliving the nightmare that its hacked databases gave rise to late last year, now that Wikileaks has thoughtfully published all of the leaked documents in a searchable database. Really, they are the most courteous hoodlums ever.
Last week, I was horrified to discover a problem with my vulnerability scanner. The product I use relies on a user account to connect to our Microsoft Windows servers and workstations to check them for vulnerable versions of software, and that user account had never been configured properly. As a result, the scanner has been blind to a lot of vulnerabilities. And this has been going on for a long time.
I mentioned in a previous article that we are using a "loaner" Palo Alto Networks firewall, with all the bells and whistles. Our testing led to all sorts of interesting discoveries, and I certainly hope that the executive staff will agree that the increased visibility makes this sort of new-generation firewall well worth the investment.
Google Executive Chairman Eric Schmidt shocked everyone last week by telling The Wall Street Journal that Google isn't killing Google Glass.
By now, you've probably been lectured about the importance of using strong passwords by your company's IT department, technology-savvy friends and any number of tech writers. You get it, so I won't repeat the lecture. However, the passwords you think are strong might not be.
It's a time-honored tradition: U.S. businesses find ways to skirt inconvenient or expensive laws by moving operations to other countries. Thus we have had U.S. corporations operating overseas to exploit child labor, run sweatshops or avoid taxes and rigorous health and safety inspections. Now the U.S. government says something similar is happening in regards to email.
- Prevent – Detect – Mitigate. Advanced Threat Protection a multi layered approach to Security – Videos, Demos, Whitepapers.
- Check out the NEW f5 Resource centre | New content, infographics, white papers and research
- AusCERT2015 | st-5th June 2015 | Hear from Brian Krebs, Eva Galperin and Bruce Schneier - New registration packages
- Transition to the Agile Data Centre. Partnering with innovators to drive business and IT forward.
- Raiders change strip to support cancer research
- Chromebook sales up 27 per cent to 7.3 million units: Gartner
- Federal Government foreshadows changes to spectrum pricing and allocation
- Seventy per cent of Australian small businesses predict growth in year ahead
- OWASP releases new security standards for app developers
- Woolworths customer leader, Jess Gill, departs, following CMO out the door
- The old billboard gets the flick as digital OOH advertising takes over
- Ad tech vendors offer new capabilities for customer targeting
- Markets to Metrics: The changing role of the CMO
- How Tesco's loyalty card transformed customer data tracking