September 08, 2016

John McAfee’s company could spoil the party for Intel’s new venture

John McAfee states in the filing that he entered in 1991 into an agreement with McAfee Associates to transfer certain assets to it in exchange of stock and a promissory note, but at no point did he “assign the rights to his personal name, via assignment of trademark or otherwise, or agree to restrict his right to do business using his own name.” At the time of the agreement, John McAfee had not filed for or registered the trademark to “John McAfee” or “McAfee” or any other variation of the name, according to the filing. ... But none refer to John McAfee, who claims that Intel "never consulted, requested or otherwise obtained the permission of McAfee to use his last name as part of Defendants’ Marks on its products," according to the filing.


The Next Successful Hack May Be Your Fault

By a careful design and timing of the message, it should be possible to make virtually any person to click on a link, as any person will be curious about something, or interested in some topic, or find themselves in a life situation that fits the message content and context. Expecting from the users error-free decision making under these circumstances seems to be highly unrealistic, even if they are provided with effective awareness training. It's easy to become pessimistic about cybersecurity in the face of such behavior by advanced internet users who are well aware of the threat. Ordinary users, just because they are curious or easily distracted, appear to be the most vulnerable element in any computer system, and they are the one that cannot be fixed. As Benenson wrote, "human traits such as curiosity will remain exploitable forever, as humans cannot be patched against these exploits.


As strong as your weakest link: A look at application vulnerability

When it comes to patching and updating software vulnerabilities, operating systems and web browsers seem to get all the love. But in reality, vulnerabilities in those two types of software usually account for a minority of the publicly disclosed vulnerabilities published in the National Vulnerability Database (NVD), the U.S. government’s repository of standards-based vulnerability management data. Where are the rest of the vulnerabilities? The majority are in applications (i.e. software that doesn’t ship as part of operating systems or browsers), and unless you’re spending time protecting those too, your application layer could be a big chink in your IT armor. CIOs, CISOs and their security teams need to focus on assessing and patching known vulnerabilities in all business apps, or they could in fact be missing the bulk of the vulnerabilities that exist in their environments.


IoT for Logistics in India – One of the Largest Upcoming Domains

At the first level, the biggest contribution that IoT has is to monitor assets and focus on avoiding predictable delays. For instance a connected truck will throw up the information on the diminishing engine oil or an over exerted clutch in advance – averting either an accident or an unprecedented delay – thus enabling greater transit predictability. This connected asset will also enable organisations to achieve greater asset utilization. Fleet management can also extend to public services management tracking peak and lean times, to and fro destinations, optimizing the number of vehicles available basis the traffic flow, optimizing the available routes to minimize on road time, minimize fuel consumption, thus impacting better bottom lines.


Top EU court hedges on question of hyperlinking legality in Playboy case

The ruling concerned Dutch website GeenStijl, accused by Playboy of linking to an Australian website that published, without the magazine's permission, a photoshoot it had commissioned with Dutch TV personality Britt Dekker. Playboy's lawyers wrote to GeenStijl asking it to remove the link, but it refused -- and published a new link to another website hosting the photos without permission when they were removed from the Australian site. When the pictures disappeared from that site too, GeenStijl allowed its forum users to link to the photos on other sites. Playboy took its accusation that GeenStijl infringed its copyright all the way to the Supreme Court of the Netherlands, which in turn called on the CJEU to rule on a number of legal questions.


Encrypting the Internet of Things

"We're talking about some very constrained devices, 8-bit processors [with] little memory, low speed, low power," says cryptographer and IT security author Bruce Schneier. He sees the lightweight cryptography project as important because "a lot of the algorithms we have just aren't suitable for these constrained environments. ... We want good algorithms for constrained devices." NIST plans to create a portfolio of lightweight primitives through an open process, in which submitters describe physical, performance and security characteristics of these algorithms. NIST used a similar process to develop its portfolio of block cipher modes of operations. A block cipher mode is an algorithm that provides an information service, such as confidentiality or authentication.


Half of network management systems vulnerable to injection attacks

Getting access to a network management system gives an attacker a current map of the company's environment, without risking detection by running their own scans. To take advantage of one of these vulnerabilities, an attacker could physically enter an organization's facility and connect a small device, such as a Raspberri Pi, to the network. Or an attacker who already has access to a networked device through some other kind of attack could use this vulnerability to escalate their privileges, Heiland said. The products were Spiceworks Desktop, Ipswitch WhatsUp Gold, Castle Rock SNMPc, ManageEngine OpUtils, CloudView NMS, Opmantek NMIS, Opsview Monitor, Netikus EventSentry, and Opmantek NMIS. All nine vendors have been notified and have released patches to their products, said Heiland.


New tech can help catch spearphishing attacks

"We look at the IP address of the sending domain, the age of the domain, the DNS servers that are being used, all those elements," he said. The average cost of a spear phishing attack is $1.6 million, according to a survey released earlier this year by security firm Cloudmark and research firm Vanson Bourne, and 73 percent of respondents said that spearphishing was a significant threat. Over the past 12 months, 27 percent of organizations received a targeted spearphishing attack, according to a report released today by Osterman Research. And 11 percent of organizations were successfully tricked. "That's a little sobering," said Tim Helming, director of product management at DomainTools, the company that sponsored the research.


Smart Wearables Hold Productivity Potential In Enterprises

Specifically, enterprises such as manufacturing and science labs are starting to use smart eyewear in limited settings, said Jitesh Ubrani, a senior research analyst for IDC, and the coauthor of the Sept. 6 report. Ubrani told InformationWeek that IT is still trying to find where these types of devices fit within the larger enterprise. "Right now we're in the very early stages of how this benefits [enterprises]," Ubrani said in a phone interview. "We're talking about very small pilot programs and not mass deployments, at least not yet. If businesses are not in pilots this year, they may be considering them for next year." In addition to the few pilot programs, the number of offerings for enterprise-ready equipment is slim.



Quote for the day:


"Leaders should use sweet and soft words in case they need to eat those words sometime in the future." -- @GPackwood