Information Security News
Source: ForeScout Technologies
Continuous Monitoring and Mitigation -- the New InfoSec Frontier. Source: ForeScout Technologies. Companies have amassed an arsenal of security tools to enable a defense-in-depth strategy. Best practices dictate the use of SIEM, VA, encryption ...
Netgear router admin hole is WIDE OPEN, but DON'T you dare go in, warns ...
Netgear router admin hole is WIDE OPEN, but DON'T you dare go in, warns infosec bod. Networking kit-makers: C'mon, it won't happen if you secure your network. By John Leyden, 25th October 2013. 16 ...
by Jon Brodkin
Google today announced that reCAPTCHAs served up to humans are finally readable without the need to squint your eyes or bang your keyboard in frustration after typing the wrong sequence of letters five times in a row. Who can even read those things, amirite?
Google has figured out how to tell if you're a human or a bot, and if you're human you get an easy CAPTCHA. We've asked Google why a CAPTCHA would be necessary at all if the company already knows you're human, but we haven't received an answer yet. Anyway, Google reCAPTCHA Product Manager Vinay Shet writes in a blog post:
The updated system uses advanced risk analysis techniques, actively considering the user’s entire engagement with the CAPTCHA—before, during and after they interact with it. That means that today the distorted letters serve less as a test of humanity and more as a medium of engagement to elicit a broad range of cues that characterize humans and bots.
As part of this, we’ve recently released an update that creates different classes of CAPTCHAs for different kinds of users. This multi-faceted approach allows us to determine whether a potential user is actually a human or not, and serve our legitimate users CAPTCHAs that most of them will find easy to solve. Bots, on the other hand, will see CAPTCHAs that are considerably more difficult and designed to stop them from getting through.
reCAPTCHA was developed at Carnegie Mellon University and acquired by Google in 2009. In addition to protecting websites from robots, the text typed in by humans helps digitize the text of books.
by Dan Goodin
The Electronic Frontier Foundation, security expert Bruce Schneier, and 23 others have called on antivirus providers around the world to protect their users against malware spawned by the National Security Agency and other groups that carry out government surveillance.
The move comes amid revelations that the NSA has a wide-ranging menu of software exploits at its disposal that have been used to identify users of the Tor anonymity service, track iPhone users, and monitor the communications of surveillance targets. Schneier has said that the NSA only relies on these methods when analysts have a high degree of confidence that the malware won't be noticed. That means detection by AV programs could make the difference between such attacks succeeding, failing, or being used at all.
"As a manufacturer of antivirus software, your company has a vital position in providing security and maintaining the trust of internet users as they engage in sensitive activities such as electronic banking," the 25 signatories wrote in an open letter sent on Thursday to AV companies. "Consequently, there should be no doubt that your company's software provides the security needed to maintain this trust."
by Doudoune Moncler Pas Cher
Mozilla has released Lightbeam, a Firefox add-on that aims to help people understand and visualize the data tracking that occurs online.
Lightbeam is the second iteration of an experimental add-on called Collusion, which was a personal project launched by Mozilla software developer Atul Varma. The browser extension creates a real-time graph of all of the tracking cookies being deposited on your browser as you move from site to site. It can distinguish between behavioral tracking cookies and non-behavioral ones. The idea is that users can better understand which sites are using the same behaviorally targeted advertisements (ahem, Criteo).
The tool aims to highlight both the first- and third-party companies that people interact with as they travel across the Web. It shows a map of the websites you visit and highlights the third parties that are also active on those pages. It will analyze the relationships between various first- and third-party sites that are stored in your online data.
by louis vuitton outlet
Posted by InfoSec News on Oct 25http://www.networkworld.com/news/2013/102513-phpnet-compromised-and-used-to-275241.html
Posted by InfoSec News on Oct 25Just a quick note.
Posted by InfoSec News on Oct 25http://www.wildcat.arizona.edu/article/2013/10/james-e-rogers-college-of-law-ups-security-after-hacker-breaching
Posted by InfoSec News on Oct 25http://selil.com/archives/4553
Posted by InfoSec News on Oct 25http://www.indianexpress.com/news/cyber-security-expert-suspects-inside-job/1186908/
Posted by InfoSec News on Oct 25http://www.haftofthespear.com/sam-and-his-not-so-crazy-ramblings/
Posted by InfoSec News on Oct 25http://www.theregister.co.uk/2013/10/24/will_cops_raid_cupertino_to_seize_apples_princess_hacker/