Can cloud computing be secure? Six ways to reduce risk and protect data

October 17th, 2013 | Edited by | software

Oct
17

As traditional perimeters disappear, organisations need to adopt new measures to ensure data and devices are safe in the cloud.

One observation about those clouds – they were constantly morphing. They had no fixed edge as they billowed and blew across the sky.
That lack of an edge that clearly defines the cloud environment your organisation may be considering sending your data to can make it seemingly difficult to protect. In fact, security is cited in numerous studies as the number one inhibitor to cloud adoption.
Think about possible points of entry for an attacker in a cloud environment. A customer uses an insecure mobile phone to access your network … you can be attacked. A contractor on your network uses a web application that has an embedded vulnerability, a back door that is not protected … you can be attacked. A database administrator at the cloud provider shares a password with someone … your data can be breached. These represent just some of the scenarios that keep the chief information security officer awake at night.
Securing the security perimeter of the traditional data centre was made relatively straightforward with the help of firewalls and intrusion detection systems. When we traded terminals for PCs, anti-virus software helped keep those devices safe.
With employees, customers, business partners, suppliers and contractors increasingly accessing corporate applications and data with mobile devices from the cloud, protecting the edge of the network is no longer enough. As the traditional perimeter disappears, here are six things to do to help ensure security in the cloud.

cloud_security_password_610

1. Know who’s accessing what
People within your organisation who are privileged users, – such as database administrators and employees with access to highly valuable intellectual property – should receive a higher level of scrutiny, receive training on securely handling data, and stronger access control.

2. Limit data access based on user context
Change the level of access to data in the cloud depending on where the user is and what device they are using. For example, a doctor at the hospital during regular working hours may have full access to patient records. When she’s using her mobile phone from the neighborhood coffee shop, she has to go through additional sign-on steps and has more limited access to the data.

3. Take a risk-based approach to securing assets used in the cloud
Identify databases with highly sensitive or valuable data and provide extra protection, encryption and monitoring around them.

4. Extend security to the device
Ensure that corporate data is isolated from personal data on the mobile device. Install a patch management agent on the device so that it is always running the latest level of software. Scan mobile applications to check for vulnerabilities.

5. Add intelligence to network protection
The network still needs to be protected – never more so than in the cloud. Network protection devices need to have the ability to provide extra control with analytics and insight into which users are accessing what content and applications.

6. Build in the ability to see through the cloud
Security devices, such as those validating user IDs and passwords, capture security data to create the audit trail needed for regulatory compliance and forensic investigation. The trick is to find meaningful signals about a potential attack or security risk in the sea of data points.

Adding a layer of advanced analytics – a security intelligence layer – brings all of this security data together to provide real-time visibility into the both the data centre and the cloud infrastructure.

In the same way that clouds in the sky have an ever-evolving perimeter, so does cloud computing. Security is an important factor in cloud deployments and by building in the security capabilities described in these six steps, organisations can better manage and protect people, data and their devices in the cloud.

Java called favorite target for hack attacks this year

October 15th, 2013 | Edited by | software

Oct
15

Java was the most targeted development platform for exploit attacks during the first half of the year, and attacks have increasingly shifted to zero-day vulnerabilities, according to F-Secure’s new threat report.
“Of the top five most targeted vulnerabilities, four are found in the Java development, either the Runtime Environment (JRE) or the browser plug-in,” according to the report, based on information about attacks detected through F-Secure’s sensors and telemetry systems. The company notes that it’s not surprising Java is an appealing target since “next to the Windows operating system (also a popular target for exploits), Java is probably the second most ubiquitous program in an organization’s IT setup.”
Analysis of attacks shows the top five exploited vulnerabilities accounting for 95 percent of all attacks, with the U.S. the geographic location most targeted. F-Secure estimates 78 out of every 1000 users in the U.S. saw a detection identifying an exploit of a specific vulnerability in the last six months. Germany also saw a fairly high number of attacks with about 60 out of 1000 users hit within the same time frame.
“Unfortunately, removing either the runtime or plug-in may not be a feasible option for companies that use Java in business-critical instances,” the F-Secure report points out. Defense and mitigation strategies might involve something more complicated than uninstalling a program, such as “some combination of tweaking Java’s security settings, configuring web browser settings to minimize unwanted applet execution (or installing other third-party plug-ins to do so) and monitoring network traffic.”
F-Secure says 70 percent of the exploit-related attacks are carried out by means of five kits: BlackHole, SweetOrange, Crimeboss, Styx, and Cool. All of these remain under active development.
Another security threat to be reckoned with in the first half of 2013: Mac malware. F-Secure reports it saw the “first Mac malware signed with a valid Apple Developer ID,” an ominous event because this allowed the malware to bypass Apple’s first line of defense. After independent researcher Jacob Appelbaum identified the malware, Apple was swift in revoking the misused developer ID attributed to “Rajinder Kumar” (hence this malware has been dubbed “Kumar in the Mac”).
While this is noteworthy, malware targeting Android continued to dominate mobile threats in the first half of the year, according to the report. Of interest is the discovery of Android malware dubbed Stels, which is designed for distribution via spam e-mails and a bot that uses Twitter to update its command-and-control server addresses.

Java hackers

Bitcoin draws cybercrooks
The rise of Bitcoin as a crypto-based computer-based digital currency is also luring the online criminal underworld as a money-making option, F-secure says.
Bitcoin is not linked to any existing currency, but it does have value based on what people think it’s worth for use in instant transactions, notes Mikko Hypponen, chief research officer at F-Secure Labs. “Today, there are massively large networks of computers mining Bitcoins and other competing crypto currencies (such as Litecoin),” Hypponen says in the report. Because at least six members of the peer-to-peer network have to confirm Bitcoin transactions before they go through, the Bitcoin system rewards users participating in this needed mining with Bitcoins.
“The basic idea behind mining is easy enough: if you have powerful computers, you can make money,” Hypponen says, but adds, “unfortunately, those computers don’t have to be your computers.”
In analyzing malware, F-Secure has found that infected computers taken over by cybercrimals can also be commandeered to make Bitcoins, and that’s what has happened in some instances.
There has been a rise in the first half of the year in several types of malware targeting Bitcoin, and a botnet based on the ZeroAccess family of malware includes a powerful rootkit to hide its presence. F-Secure has spotted a large ZeroAccess botnet operator running a Bitcoin mining operation with various plug-ins on infected PCs. “We estimate them to be make over $50,000 a day by mining Bitcoins on infected computers,” Hypponen says. “If such operations are already happening today, it’s easy to see that mining botnets will become very popular for online criminals in the future.”

LG announces curved screen phones to launch in 2014

October 12th, 2013 | Edited by | hardware

Oct
12

LG has announced it is to start mass-production of what it calls the “world’s first flexible OLED [organic light-emitting diode] panel for smartphones”.
The South Korean firm said it hoped to start selling the first handsets to feature the tech next year.
The news comes weeks after Samsung made a similar announcement.
Samsung said it intended to launch its first product – a special edition of the Galaxy Note 3 – later this month.
Both companies already use the technology to offer curved OLED television sets.
Although the displays used in the TVs are in theory “flexible”, they are mounted in fixed shells so they cannot be bent or otherwise re-shaped by the owner.
A press release from LG’s display division indicated its handset screen would curve from top-to-bottom rather than side-to-side, the design Samsung described in a recent patent.

LG-Display-5-inch-flexible-OLED-prototype-sid-2013

It said the advantage of using the tech was that the panel was “bendable and unbreakable”.
“The new display is vertically concave from top to bottom with a radius of 700mm [28in], opening up a world of design innovations in the smartphone market,” LG added.
“What’s more, it is also the world’s lightest, weighing a mere 7.2g [0.25oz] even with a 6in screen, the largest among current smartphone OLED displays.”
One industry watcher was not convinced the product, as described, would have much appeal.
“I think LG is doing this to show it is innovative, to do something different and to stand out from the rest of the bar-style screen devices that we have at the moment,” said David McQueen, a mobile device expert at tech consultants Informa.
“But I don’t think consumers are going to be that interested by a slightly curved design.
“However, we do think there will be interest if flexible screens are used to offer different form factors.
“For example a device that you snap round your wrist or a traditional shaped smartphone whose screen wraps around the sides onto a bit of the back so that the edges become touchscreen rather than hard buttons.”

OTT Versus IPTV

October 10th, 2013 | Edited by | software

Oct
10

There are countless debates between the pro-IPTV gurus and the uber-OTT crowds. Which viewer experience will win? How quickly? How much money is at stake? And who will be the biggest loser? OSP® magazine went looking for a definitive answer and found less than definitive information.
For those not intimately familiar with the landscape, here is the crux of the argument: Quite simply, the over-the-top (OTT) proponents say it should be all about the viewers. Viewers should be able to access the content they desire and watch it whenever and wherever they want on the device they choose.
The IPTV-ers ask why providers who deliver the bandwidth to stream that content should be saddled with the cost of upgrading their networks to handle the huge bandwidth demands of OTT video. Even worse, they say, is the defection principle: The more viewers crave this OTT-everywhere, the more they may consider dropping their cable or Internet Protocol Television (IPTV) subscriptions altogether.
When OSP® magazine tried to determine a position to take, we reviewed forecasts from both camps:

Forecasts Claiming OTT Will Oust IPTV
• Informa Telecoms and Media expect worldwide viewers of OTT television services delivered to the living room TV to outnumber IPTV services worldwide by 2013.
• Informa forecasts that by 2015, 380 million people globally will view online video via connected devices such as TVs, games consoles or set-top boxes from the likes of Apple and Google. That will be more than double the number of IPTV subscribers.
• The gap between OTT TV and IPTV will likely be even more pronounced by 2015 in some markets, such as the UK, where there are already more OTT TV viewers. By 2015, only 3.6mn people are likely to be watching managed IPTV in the UK, while 27mn will be watching online video on the TV.
• Research and Markets projects OTT revenue to rise to nearly $3 billion in 2014.

Forecasts Purporting That IPTV Will Dominate OTT
• The Broadband World Forum recently shared research that puts the total number of IPTV subscribers worldwide at nearly 45.4mn by the end of 2010, with over 11.5mn added in the 12-month period.
• Europe held on to its position as Number One region for IPTV subscribers, but the growth rate was lower in comparison to other markets, mostly due to maturing IPTV territories such as France and Belgium. Asia showed strong growth last year with over 50% for the year, and is described as being the one to watch to overtake Europe in 2011 with the largest IPTV subscriber base. In addition, the Middle East and Africa region had the strongest percentage growth (despite starting with a low overall number of subscribers) at 63.5%.
• A second research firm, SNL Kagan, estimates that worldwide IPTV subscriptions were 46.2 million at the end of 2010. (This is .8M more than the forecast above.) According to that firm, 6.9 million IPTV consumers are in the U.S. This would be around 15% of the global 46.2 million in IPTV subscriptions. The firm estimates there will be 59.7 million by 2013. That figure could give IPTV an 8.3 percent share of all pay-TV households worldwide.
• A new survey from Pyramid Research said IPTV service revenue increased 45% between 2009 and 2010 to reach $11.8 billion. Over the next 5 years, the firm expects IPTV service revenue to increase at a CAGR of 25% with revenue reaching $36.3 billion by 2015. This will represent 15% of total pay-TV revenue in 2015, compared with 6% today.

OTTvsIPTV_0611

Quality of Experience Makes or Breaks Either
HOW providers get the largest piece of this very profitable pie has everything to do with execution. Both IPTV and OTT video showcases each and every OSP wart. There are still far too many unresolved problems in the legacy/FTTC/FTTN and even the FTTH network that can make or break the customers’ Quality of Experience (QoE). Thankfully, standards organizations are working on that very thing.
Recently, the Alliance for Telecommunications Industry Solutions (ATIS) IPTV Interoperability Forum (IIF) completed an important update to its standard on Quality of Service (QoS) Metrics for Linear IPTV (ATIS-0800008).
In close collaboration with the Video Services Forum (VSF), the IIF implemented several updates to expand and improve its previous work on linear IPTV metrics, most notably in the area of content quality, which was particularly under-standardized in the past. To address this need, the IIF and VSF worked together to define an initial set of IPTV-related content quality metrics for both video and audio in order to address the increasing requirements for measurements related to QoE.
For example, new video metrics included in the ATIS-0800008 revision include Frame Loss Length, I/P/B-Slice/Frame Losses, or Motion Activity. New audio metrics include Audio Dropouts, Loudness, Dial norm and Program Reference Level. These metrics will be instrumental in allowing IPTV service vendors to get a better understanding of possible quality issues with their video streams.
Other noteworthy additions to ATIS-0800008 include defining metrics availability and reliability for different protocol stacks and encryption levels, adding metrics for Multicast Listener Discover (MLD) Join Latency and MLD Leave Latency to accommodate IPv6, and improving the definitions of previously-established metrics.
“QoE is essential for providers to be competitive in the broadband services marketplace,” adds VSF President Richard Friedel. “The metrics developed as part of this joint work will not only enable test equipment vendors to provide a well-defined common set of QoE metrics, but they will also allow IPTV service providers to deliver better service by understanding quality issues with their video streams.”

Could It Be That Both IPTV and OTT Will Win?
Quite clearly, the devil is in the details when it comes to HOW well providers meet their delivery objectives. But they better hurry and get the user experience right. We are all aware that end users are not patient. And shockingly (not!), they want their pay services delivered right the first time. One messy evening filled with jitter and delay could cause a customer to become a loud defector.
What’s the solution? It has everything to do with how communications providers, vendors, and the industry as a whole choose to approach the challenge. Undoubtedly, the winners will be the ones who take action to leverage OTT opportunities — as well as deliver quality to their IPTV pay subscribers.
So does it matter that neither IPTV nor OTT may be the clear winner? We say no. The only winners will be those who leverage and capitalize on both.

Source: www.atis.org

Samsung Event 2013: Everything we expect Samsung to announce at ‘Unpacked’ event

October 8th, 2013 | Edited by | hardware

Oct
08

Months after revealing the Galaxy S4, which turned out to be another global sales smash for the surging Apple competitor, Samsung is surely hoping that its new gadgets will make a similar splash in the market. What does the Korean tech behemoth have in store? Here’s what we’re expecting (and make sure to follow @YahooTech on Twitter for all the latest).

The Galaxy Note III
For this Unpacked event, we hope Samsung brought a huge suitcase.
We’re definitely expecting a third edition of the Galaxy Note, the so-called “phablet” that pushed the boundaries of smartphone screen size when it was first introduced in 2011. Leaks indicate that the Galaxy Note III will be even larger than its predecessor, with a 5.7 inch display (compared to a 5.5 inch display on the Note II, and a 5.3 inch display on the original Note).

Samsung-Galaxy-Note-3-Preview

There are also rumors that the Note III will include a fingerprint sensor, to enhance security both for locking and unlocking the device, and perhaps for more secure “tap-to-pay” payments via NFC. Apple has also been rumored to include a fingerprint sensor on its upcoming iPhone, to be announced on September 10; and though smartphones have shipped with fingerprint scanners and sensors before — predominantly in Japan — the Galaxy Note III would be the first mainstream American phone to ship with one, should the rumors be true.
A tweet from noted tech leaker @evleaks, meanwhile, allegedly reveals even more about the phone’s hardware and software: Per an alleged screenshot of the phone’s Setting screen from @evleaks, the Galaxy Note III will run the brand new Android 4.3 operating system, making it one of, if not the, first smartphones to ship with the latest version of Android. Evleaks also indicates that the Note 3 will sports a 2.3 Ghz quad-core processor and a 2.5 GB of RAM.
And, finally, one accessory we fully expect the Note III to ship with: a stylus. Each of the first two Galaxy Notes have included a stylus, or “S Pen,” and we don’t expect the Note III to be any different than its predecessors in that respect.

The Galaxy Gear Smartwatch
Reports are also leading us to believe that the world’s largest smartphone maker is likely to introduce a smartwatch at tomorrow’s event. In fact, Samsung’s purported wrist watch device may be even be packing some impressive, smartphone-like guts.
According to information obtained by AmongTech, Samsung’s smartwatch, reportedly named the Galaxy Gear, will pack a 1.5Ghz dual-core processor, a 2.5” touchscreen watch face and a 4 MegaPixel 720p front-facing camera. It’s believed that the Gear will also be running a version of Android Jellybean, designed to run some Android apps, and come equipped with an accelerometer and Bluetooth 4.0 capabilities.
Though Samsung’s eventual addition of a smartwatch to its line of devices was expected, an unveiling on Tuesday means that Apple’s Korean rival may end up beating them to market. Reports earlier this year have pinned Apple to the development of an iWatch, also believed to be a smartwatch device.
One reported Galaxy Gear that turned out to be little more than a dream: a flexible, wrap around-type screen. In an interview with The Korea Times last month, Samsung Mobile’s executive vice president Lee Young-Hee revealed that the Gear “won’t have a flexible display.” Maybe next year’s model.

Page 25 of 29« First...1020...2324252627...Last »