Home Tags Posts tagged with "security"

security

2009

Start of this week paved way to unearthing a major security breach  at the very core  of the internet. Globally known as ‘Heartbleed’, it may have been divulging users’ personal information and passwords to hackers and other eavesdroppers for the past couple of years. Major websites such as Instagram, Pinterest, USMagazine.com, NASA, and Creative Commons together with many other web services that are using OpenSSL for encryption were badly influenced by this security flaw last Monday.

Catastrophic is the right word. On the scale of 1 to 10, this is an 11

This bug was discovered by a team of security engineers (Riku, Antti and Matti) at Codenomicon and Neel Mehta of Google Security, who first reported it to the OpenSSL team. According to Computer Security Expert  Bruce Schneier ”‘catastrophic’ is the right word. On the scale of 1 to 10, this is an 11.” The severity of the flaw has demanded its own webspace at HeartBleed.com, which states:

‘The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs). The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.’

So you better change your passwords of OpenSSL used websites right now right now , if you have not done already.

Since Heartbleed bug was revealed, a Fixed OpenSSL has been released and now it has to be deployed by Operating system vendors and distribution, appliance vendors, independent software vendors and notify their users. Service providers and users have to install the fix as it becomes available for the operating systems, networked appliances and software they use. Reports suggests that over half a million widely trusted websites are vulnerable to Heartbleed bug.  Mashable has compiled a list of global websites and services that were influenced by this breech. So if you have an account in major services such as Facebook, Instagram, Google, Tumblr, Pinterest and Yahoo, you better change your password right now, if you have not done already.

2019

‘G-Data’ rings a bell, doesn’t it? If you are into IT and are conscious about your online presence, you know what G-Data is. G-Data being the pioneers in the Security Software Industry since 1987, having its presence globally for around 25 years now, was officially launched in Sri Lanka last Tuesday (21st Jan 2014) in a grand scale at Hotel Galadari, Colombo. Its German origin brings to us that quality assurance we all look for in BMWs (which we must admit, we see too much on Colombo roads lately).

Enoviz, a 25 year old Lankan based company is the Official Retail Partners for G-Data in Sri Lanka and Maldives. Director of Finance at Enoviz started off the event with her speech. We were entertained with a set of drummers in between speeches during the event.

1609595_729708267039180_989791761_n

We were made aware of the system requirements to run G-Data, which most probably needs very low requirements. It could run in a P4 machine as well and uses a Dual Scanning method which won’t let your PC or workstation slow down as many assume. They say this Dual Scanning System uses a hybrid scan engine which doesn’t slows it down, but boosts the PC up which is rather unique. Another unique feature about this product is that this does not have relationship or need for compliance with any USA based secret agencies such as CIA or the NSA since its origin is Germany.

64189_729708523705821_346577363_n 1555387_729708363705837_1964661778_n

 

Anuradha, Managing Director of Enoviz seemed excited about this launch because a big company such as G-Data partnering up with them re-emphasis the faith that is present of the company in the market today, he said.

The product itself would be available in the market by the end of January to be purchased locally and the enterprise edition will arrive soon too.

Catch our Live Blog about the Launch, here.

Facebook Photo Album, https://www.facebook.com/media/set/?set=a.729707297039277

3357

Dell_Logo


Savvy and Stunning:  New Dell Latitude Ultrabooks and Laptops Offer World’s Best Security and Manageability Combined with Seductive Design

  • Dell unveils Latitude 7000 Series, a sleek line of business-class Ultrabooks for elite mobility
  • New Latitude 5000 Series laptops offer organizations of all sizes best-in-class security and manageability
  • New Latitude 3000 Series offers reliable, affordable essential business computing
  • Durable, portfolio-wide touch display options at every price opens Windows 8 for business

 

Dell recently unveiled the newest additions to its secure, manageable and reliable line of commercial PCs: the Latitude 7000 Series Ultrabooks, Latitude 5000 Series and Latitude 3000 Series laptops. With this new suite, Dell balances sophisticated design, quality construction and uncompromised durability to offer businesses of all sizes a wide variety of solutions. The Latitude 7000, 5000, and 3000 Series are available with touch display options, leading the way for business touch devices that enable better interaction with customers, enhanced student engagement, improved patient care, and collaboration amongst knowledge workers.

 

“These exciting new additions to the Latitude line provide our commercial customers what they’ve been asking for by bringing touch capability to the workspace at desirable price points,” said Lackshmindra Fernando, country manager, Dell Sri Lanka. “The new Latitude 7000 Series builds on the success of the award-winning XPS and Latitude 6430u to redefine the corporate laptop, complete with security, manageability, reliability and beautiful design. And with the Latitude 5000 and 3000 Series, we’ve addressed the needs of today’s dynamic workforce by enabling easy entry into business-class computing.”

Most Secure and Most Manageable with Outstanding Reliability

 Dell offers the world’s most secure commercial laptops and the Latitude 12 and 14 7000 Series are the world’s most secure Ultrabooks, with best-in-class Dell Data Protection solutions, comprehensive encryption with Dell Data Protection| Encryption and advanced authentication and leading-edge malware prevention with Dell Data Protection| Protected Workspace. Engineered to help save IT time and money, Dell offers the industry’s most manageable commercial PCs with exclusive Intel vPro extensions for remote BIOS management and hard drive wipe, even when systems are powered off, paired with Dell automated tools and utilities for easily deploying, monitoring and updating systems.

Dell’s passion for reliability is epitomized by the Latitude commercial PC family. Each Latitude Ultrabook and laptop is crafted using the best materials: brushed aluminum, reinforced magnesium alloy, strong steel hinges, woven carbon fiber, durable powder-coated underside, spill-resistant keyboards and LCD seals. Additionally, all Dell touch-enabled displays offer optimal viewing experiences, touch sensitivity, brightness and durability. The Latitude 7000, 5000 and 3000 Series touch displays offer Corning® Gorilla® Glass NBT™ for up to 10 times higher scratch resistance1 compared to soda lime glass which is the predominant material used in laptop screens throughout the industry. Latitude laptops also come armed with StrikeZone™ shock absorbers, Fast Response Free-Fall sensors and rubber hard drive isolation. For the previous three product generations, the Latitude family has outperformed its competition in third-party durability testing, known as MIL-STD 810G.

New Latitude 7000, 5000, and 3000 Series: Secure, Manageable, Reliable…and Beautiful

The sleek and powerful Latitude 7000 Series are the most secure and manageable Ultrabooks, with outstanding reliability, and epitomize mobility at its finest with business-class style. Touted as the Ultrabook to be loved by IT professionals and end-users alike, and powered by Intel ultra-low voltage processors, these thin, light and beautiful Ultrabooks completely redefine the corporate laptop.

The Dell Latitude 7000 Series Ultrabooks are:

–      Made to move, with the 12-inch model starting at just 20 millimeters thin and 1.3 kilograms (2.99 pounds)2

–      Easy for IT to manage with exceptional integrated management capabilities including Dell-unique Intel vPro extensions and automated tools that plug into Microsoft System Center and Dell KACE

–      The world’s most secure Ultrabooks with best-in-class endpoint security solutions that include comprehensive encryption, advanced authentication and leading-edge malware protection from a single source, and featuring the highest level of FIPS 140-2 (level 3) certification for system disk encryption

–      Designed for reliability, passing rigorous third-party durability testing and crafted with premium materials such as aluminum, a Tri-metal chassis and Corning Gorilla Glass NBT for scratch and damage resistance and optimal brightness

–      The only corporate Ultrabook designed to be backwards compatible with existing (E-) Latitude docks

 

Complementing the Dell Latitude 7000 Series Ultrabooks are the new Latitude 5000 and 3000 Series laptops, designed to help businesses of all sizes adopt secure, manageable and reliable notebooks. The Latitude 14 and Latitude 15 5000 Series are designed to meet most workforce needs with 14.1-inch or 15.6-inch display options and other key features, such as:

–      Reliable mobile productivity with up to Intel Core i7 ultra low voltage processors for extended battery life, a discrete graphics option for more processing power and a higher quality visual experience, and SSD or Performance Solid State Hybrid Drive options

–      Corning Gorilla Glass NBT on the touch displays for scratch and damage resistance and optimal brightness

–      Mobile broadband, Bluetooth and Wireless LAN options for mobility and connectivity virtually anywhere, and an HD webcam and microphone array for efficient, anywhere collaboration

–      Compatible with Latitude E-family docking designed to connect seamlessly with award-winning Dell monitors, wireless keyboard and  andard,ss keyboard, mouse an d award-winning monitorstionality and includ mouse

 

The Latitude 3000 Series is Dell’s newest line of entry-level commercial laptops for education and small business customers. The Latitude 14 and 15 3000 Series laptops offer:

–      Durable and reliable chassis that have undergone Highly Accelerated Life Testing, including hinge testing, keyboards and shocks

–      4th Generation Intel Core processors with Turbo Mode for fast data processing

–      Business class discrete graphics with up to 2GB3 video memory for more processing power and a higher quality visual experience

–      Thin (21 to 25mm) and light (starting at 4.3lbs / 2.0kg)2 design for great mobility

–      Choice of 14-inch and 15.6-inchAnti-Glare LCD for comfortable visualization and optional touch displays

–      Integrated microphone and HD Webcam for remote collaboration and interaction

 

1617

SECURITY EXPERTS ALERTED YAHOO’S SECURITY TEAM TO VULNERABILITIES THAT COULD COMPROMISE ANY @YAHOO.COM EMAIL ACCOUNT. IN RETURN, THEY GOT $12.50 TO SPEND AT THE COMPANY STORE.

Let’s say you’re dying to get your hands on that Yahoo-branded iPad cover from the company’s store (we won’t ask you why). Here’s a cool way to get $12.50 off your purchase:

  1. Find a security bug in a Yahoo website.
  2. Report it to Yahoo.
  3. Receive a promo code for $12.50 off anything in Yahoo’s company store.
  4. Feel all warm and fuzzy inside.

This is exactly what happened to the security experts at the Geneva-based firm High-Tech Bridge recently (we’re pretty sure they were not feeling warm and fuzzy). After reporting three cross-site scripting (XSS) vulnerabilities to Yahoo’s security team that could compromise any @yahoo.com email account by having a logged-in Yahoo user click on a specially crafted link, they got a thank-you email from Yahoo, and a handsome reward of $12.50 to use on the company’s online store where you can buy Yahoo-branded socks, t-shirts, and other things.

High-Tech Bridge CEO Ilia Kolochenko says: “Yahoo should probably revise their relations with security researchers. Paying several dollars per vulnerability is a bad joke and won’t motivate people to report security vulnerabilities to them, especially when such vulnerabilities can be easily sold on the black market for a much higher price.”

Facebook, as a point of comparison, recently offered a hacker $12,500 for finding a way to delete anyone’s Facebook photos with the right know-how. Google offers up to $20,000 for reporting security vulnerabilities. Microsoft? A cool $100,000.

 

Source : http://www.fastcompany.com/3019001/i-discovered-a-glitch-in-yahoos-security-and-all-i-got-was-this-lousy-t-shirt

CEO Jeff Weiner wants his company to play a role in “professional identity.” That has implications for Microsoft and Salesforce.

At a tech conference in San Francisco Monday, LinkedIn CEO Jeff Weiner dropped tantalizing hints about the future direction of his company.

He dismissed the notion that the professional network, once known primarily as a site for recruiters and jobseekers, would challenge Microsoft and Salesforce head-on in the market for collaboration tools.

Weiner did say, though, that LinkedIn would show “a greater emphasis on professional identity” and noted that his company is “building tools that let us”—LinkedIn’s own employees—”get more value from our own platform.”

A Détente With Microsoft And Salesforce

Today, LinkedIn is designed for public sharing, and the network has grown enormously by emphasizing the sharing of work-related content.

But Weiner has been talking about the potential for LinkedIn to build tools for internal collaboration since at least 2011. Last year, he revealed that LinkedIn had built such tools—broadly similar to Microsoft’s Yammer or Salesforce’s Chatter, from the way he described them—for its own employees’ use.

So let’s assume those tools will be slow to come—or may simply be armaments held in reserve, to keep Microsoft and Salesforce from trying to venture onto LinkedIn’s turf of public professional identity. (It’s easy to imagine parts of a workforce’s Yammer or Chatter activity getting intentionally published to users outside a company, and thus becoming public representations of an employee’s work persona, in competition with LinkedIn’s profiles.)

A Security Badge For The Web

Barring that, what could LinkedIn do?

As Weiner said at Disrupt, LinkedIn already has the pieces he’s describing. The technological piece that carries LinkedIn’s professional identities across the Internet is a product called Sign In With LinkedIn. Not unlike Facebook Login, this piece of software lets users sign in with a LinkedIn account, rather than create a new account for every website that comes along.

While far less visible than Facebook or Google’s identity efforts, Sign In With LinkedIn has been gaining traction, particularly with recruiting sites, where it’s a natural fit, and business-to-business sites. More mainstream media sites like Business Insider have also included it in their login options.

But it would be far more interesting if LinkedIn started courting the burgeoning sector of Web-based productivity tools.

One big flaw of Yammer and Chatter is that they are designed around company domain names. Inviting anyone who doesn’t have an email that looks like @yourcompany.com is awkward at best in Yammer and impossible in Chatter.

That doesn’t match the new world of work. As Weiner noted, “Jobs are increasingly fragmented.” Some are full-time, some are part-time, some are contract or freelance work. LinkedIn, which maps professional connections inside and outside the walls of a company, could be particularly well suited for authenticating workers in this post-Coase-ian world.

A Host Of Apps For A New World Of Work

It’s not even necessary for LinkedIn to build these apps itself. It could simply be the identity layer that undergirds them. For private sharing, it could identify users—badge them in, as it were, to the virtual buildings where most work happens these days. For public sharing, it could pipe relevant updates to LinkedIn users’ feeds, as apps do on Facebook and Twitter.

To be clear, these are the merest hints we’ve gleaned from Weiner’s comments at Disrupt and over the years. But it’s clear that he’s thinking about what to do with the enormous asset of some 250 million members’ professional identities. The biggest opportunity isn’t in LinkedIn’s app. It’s in an army of LinkedIn apps.

Source : http://readwrite.com/2013/09/10/linkedin-ceo-jeff-weiner-techcrunch-disrupt#awesm=~oh6zTgBUcO7fBx

2835

Social media has without a doubt revolutionised today’s interactive and communication methods, allowing individuals, companies and other institutions to transfer information rapidly and more effectively. In this way, websites such as Facebook and Twitter have become highly interactive platforms for the majority of the urban and suburban population around the world. However, social media is not without its adverse effects as no website in the world is free of security loopholes. Facebook, Twitter and other social media websites are no exception.
Social media has already entered the IT security landscape, causing concerns not only among individual users, but also among the corporate community where cyber security in the interaction and exchange of data is absolutely vital. But social media networks being inherently public spaces render more than 1.7 billion social media users vulnerable to malicious content, malware and viruses.
Once information is posted or shared on a social networking site, the data is no longer private. In this way, individuals, as well as the companies/institutions they work for, are exposed to cyber predators who may exploit data to different and adverse ends.
Prohibiting the access of social networking sites like Facebook, Twitter, and LinkedIn is no longer realistic. Blocking suspicious content and application control is now becoming inefficient in the face of modern advancements. If one channel is blocked, users may find many other channels through which they can access social media. Hence, one feels the need for a more robust and effective security mechanism to ward off potential harmful content in cyberspace.
Websites such as Facebook offer private security options to protect one’s pictures, posts, information, manage tagging etc. Many who use social media exercise a great deal of caution when it comes to private security. This is reflected in posts they share, sometimes cautioning others of security threats that could emerge from the social media space such as theft of pictures and other personal information.
But what about external threats, i.e. malicious content? Social media has little or no in-built security systems to protect one’s profile from malicious content. This is where ESET’s Social Media Scanner comes into play. It is an application that is designed to protect one’s profile and its contents from malware distributed through social networking sites. The social media scanner monitors new social media content (for example, wall postings containing links or unknown ‘friend requests’ on Facebook) and looks for malicious codes.
ESET’s social media scanner works primarily by monitoring personal social media accounts. At the same time, it can also be used to test the safety of content posted to accounts of a user’s ‘friends’. When a malicious code is discovered by the ESET social media scanner, the user will be alerted by a message from the scanner or by email. Additionally, the ESET Social Media Scanner can be configured to block malicious content by automatically posting a comment that warns to avoid media that has been found to contain a malicious code.
Another important feature of the application is that it covers all components of a social networking site i.e., timeline, newsfeed and even private messages against cyber threats. It also scans the account for threats even when the user is not logged into Facebook.
The social media scanner is a timely need, said Shihan Annon, Director of DCS International Ltd., the parent company of ESET in Sri Lanka. “As cautious as social media users are of violations of ‘privacy’ on social media, they also have to be aware of the threat posed by malicious content. The ESET Social Media Scanner is something that can allay their fears. Whether you are ‘online’ or ‘offline’, it will always protect your profile,” he says.
Social networking has become an important aspect of cyberspace over the past few years and it certainly plays an important role in the day-to-day lives of people. With this growing trend, social media users also have to realise the importance of adopting robust measures that secure IT systems and data from malicious content roaming the cyber space. The ESET Social Media Scanner is a product that takes the concept of ‘social media security’ to the next level.

Source: DailyFT

1555

LG, global leader in electronic technology, and the first to produce innovative new products, is set to introduce the world’s first smartphone with embedded fingerprint scanner for online security at your fingertips.
Passwords are easy to crack and difficult to remember. Just think how easy it would be to scan a fingerprint, for example, to check your Gmail account or authorise an online payment? This, thanks to LG, will be a reality very soon, probably as early as next month.
Meanwhile, a group of 24 internet companies, dubbed the Fast Identity Online (Fido) Alliance, is pushing for doing away with passwords to counter rising global e-commerce fraud. These global scams cost companies in North America alone more than US$ 3.5 billion last year.
Fido, which PayPal and Google are part of, believes that fingerprinting of biometrics is an effective solution to the global problem. Formed only last July, it is intent on paving the way for consumers to use their fingerprints, instead of passwords, to access online shopping, banking or payment portals.
In fingerprint scanning, the embedded scanner in smartphones is activated and users are prompted for their fingerprints when they go online to make purchases or change personal details. Fingerprints cannot be forged, and therefore, this system would present absolute online security.
Since LG introduced their Optimus L-Series, a range of innovative stellar smartphone handsets, and the mind-blowing Optimus 4X HD – the pride and joy of LG, the company has had record sales which have boosted them to be one of the first three largest smartphone manufacturers in the world. Smartphones are essentially mini computers.
You can watch the latest movies, watch TV shows, listen to your favourite music, browse the internet with a touch of your finger, and even if you don’t understand how to use a computer, you can swipe down important notes from a business phone call, take gorgeous lifelike pictures and record high definition videos.
Abans, the agent for LG in Sri Lanka, say that they hope to launch the new LG smartphone with fingerprint scanning in the third quarter of this year.

Source : DailyFT

1788

Kaspersky Lab recently launched their latest domestic security program Kaspersky anti-virus 2014 and the Kaspersky Internet Security 2014. The new security softwares are said to carry the latest drivers and said to host brand new features to ensure the highest level of security for users PC and their digital and cyber valuables.
Avian Technologies (PVT) Ltd which hails the position of sole authorized Kaspersky lab products distributor for Sri Lanka expressed that they are very excited to launch the new Kaspersky retail version 2014.
Ranil Francisco and Buddika Liyanage the directors of Avian Technologies said that we believe that the product features are carefully incorporated to serve the current threats and looking beyond to the future of cybercrimes.
They also mentioned that they are confident that together with their partners they can protect the digital world safeguarding the interest of every home user.
About 200,000 new malware samples emerge everyday according to the cloud-based Kaspersky Security Network and compared to just 125,000 a year ago. Cybercriminals makes millions of dollars by using malware and sophisticated Trojans, and pulling out online bank heists and scams.
The price of poor quality protection against these cyber threats is not merely a daily bombardment of spam emails, or sluggish performance from a virus-ridden PC the cost hit regular users squarely in their wallets.
According to the Kaspersky Security Network, at least 7.5 million Kaspersky Lab customers worldwide were targeted by phishing attacks between April 2012 and May 2013. These scams are conducted through emails which are carefully crafted to look legitimate and attempts to steal online banking details and many more financial security data.
According to a survey conducted on the consumers my B2B International in June 2013 a 62% of internet users has experienced at least one attack in their cyber activities during the last 12 months.
Sadly even after the fraud was identified a 41% of the users were not able to get their money back. According to various industry sources, approximately 700 million people around the globe regularly uses online banking and Kaspersky is offering them the most needed and sophisticated internet security software to help protect their privacy and confidentiality in online financial dealings.
The new version of Kaspersky retail products, like their highly regarded predecessors were specially developed with that requirement in mind.
Avian Technologies have been the sole authorized Kaspersky partner in Sri Lanka since 2007 and has helped in giving hand to Kaspersky to establish solidity within Sri Lanka and was greatly appreciated by Kaspersky.
Avian has earned a very high reputation and has obtained the recognition in the industry as an emerging organization who offers extremely competitive post and pre sales targeting to offer the best products and service.

Source : Daily News