LocalCause

Information Technology Services

Category: IT Management (page 1 of 4)

12 Important Facts About the Internet of Things (IoT)

The Internet of Things (IoT), is the internetworking of physical devices, vehicles (also referred to as “connected devices” and “smart devices“), buildings and other items—embedded with electronics, software, sensors, actuators, and network connectivity that enable these objects to collect and exchange data. In 2013 the Global Standards Initiative on Internet of Things (IoT-GSI) defined the IoT as “the infrastructure of the information society.”  The IoT allows objects to be sensed and/or controlled remotely across existing network infrastructure, creating opportunities for more direct integration of the physical world into computer-based systems, and resulting in improved efficiency, accuracy and economic benefit. When IoT is augmented with sensors and actuators, the technology becomes an instance of the more general class of cyber-physical systems, which also encompasses technologies such as smart grids,smart homes, intelligent transportation and smart cities. Each thing is uniquely identifiable through its embedded computing system but is able to interoperate within the existing Internet infrastructure. Experts estimate that the IoT will consist of almost 50 billion objects by 2020.

12 Facts IoT

click to enlarge

Internet of things – Wikipedia, the free encyclopedia

The internet of things ( IoT), is the internetworking of physical devices, vehicles (also referred to as ” connected devices” and ” smart devices”), buildings and other items- embedded with electronics, software, sensors, actuators, and network connectivity that enable these objects to collect and exchange data.

Someone Is Learning How to Take Down the Internet

First, a little background. If you want to take a network off the Internet, the easiest way to do it is with a distributed denial-of-service attack (DDoS). Like the name says, this is an attack designed to prevent legitimate users from getting to the site. There are subtleties, but basically it means blasting so much data at the site that it’s overwhelmed. These attacks are not new: hackers do this to sites they don’t like, and criminals have done it as a method of extortion. There is an entire industry, with an arsenal of technologies, devoted to DDoS defense. But largely it’s a matter of bandwidth. If the attacker has a bigger fire hose of data than the defender has, the attacker wins.

Recently, some of the major companies that provide the basic infrastructure that makes the Internet work have seen an increase in DDoS attacks against them. Moreover, they have seen a certain profile of attacks. These attacks are significantly larger than the ones they’re used to seeing. They last longer. They’re more sophisticated. And they look like probing. One week, the attack would start at a particular level of attack and slowly ramp up before stopping. The next week, it would start at that higher point and continue. And so on, along those lines, as if the attacker were looking for the exact point of failure.

The attacks are also configured in such a way as to see what the company’s total defenses are. There are many different ways to launch a DDoS attacks. The more attack vectors you employ simultaneously, the more different defenses the defender has to counter with. These companies are seeing more attacks using three or four different vectors. This means that the companies have to use everything they’ve got to defend themselves. They can’t hold anything back. They’re forced to demonstrate their defense capabilities for the attacker.

Someone Is Learning How to Take Down the Internet

Over the past year or two, someone has been probing the defenses of the companies that run critical pieces of the Internet. These probes take the form of precisely calibrated attacks designed to determine exactly how well these companies can defend themselves, and what would be required to take them down.

Microsoft keeps making news on the privacy front, and not in a good way.

The company keeps defending data-gathering features that some people don’t want instead of just making them optional.

Microsoft has been called to task for the practice by privacy advocate the Electronic Frontier Foundation. A blog post by EFF staffer Amul Kalia criticizes the company not just for collecting information for Cortana, but also for collecting telemetry data. Kalia writes: “A significant issue is the telemetry data the company receives. While Microsoft insists that it aggregates and anonymizes this data, it hasn’t explained just how it does so. Microsoft also won’t say how long this data is retained, instead providing only general timeframes. Worse yet, unless you’re an enterprise user, no matter what, you have to share at least some of this telemetry data with Microsoft and there’s no way to opt-out of it.”

Microsoft’s tin ear for privacy

Microsoft keeps making news on the privacy front, and not in a good way. Much has been made of the way Cortana in Windows 10 may invade your privacy by collecting data such as the words you speak and the keys you strike.

USB Kill 2.0

The lesson here is simple enough. If a device has an exposed USB port — such as a copy machine or even an airline entertainment system — it can be used and abused, not just by a hacker or malicious actor, but also electrical attacks.

“Any public facing USB port should be considered an attack vector,” says the company. “In data security, these ports are often locked down to prevent exfiltration of data, or infiltration of malware, but are very often unprotected against electrical attack.”

Good news! Now you can buy a laptop-destroying USB stick

For just a few bucks, you can pick up a USB stick that destroys almost anything that it’s plugged into. Laptops, PCs, televisions, photo booths — you name it. Once a proof-of-concept, the pocket-sized USB stick now fits in any security tester’s repertoire of tools and hacks, says the Hong Kong-based company that developed it.

Symantec’s Vulnerabilities Are as Bad as it Gets

Symantec. As Bad As It Gets.THIS WEEK, GOOGLE security researcher Tavis Ormandy announced that he’d found numerous critical vulnerabilities in Symantec’s entire suite of anti-virus products. That’s 17 Symantec enterprise products in all, and eight Norton consumer and small-business products. The worst thing about Symantec’s woes? They’re just the latest in a long string of serious vulnerabilities uncovered in security software.

Some of these products cannot be automatically updated, and administrators must take immediate action to protect their networks. Symantec has published advisories for customers, available here.

Some of Symantec’s flaws are basic, and should have been caught by the company during code development and review. But others are far more serious, and would allow an attacker to gain remote-code execution on a machine, a hacker’s dream. One particularly devastating flaw could be exploited with a worm. Just by “emailing a file to a victim or sending them a link to an exploit … the victim does not need to open the file or interact with it in anyway,” Ormandy wrote in a blog post Tuesday, further noting that such an attack could “easily compromise an entire enterprise fleet.”

It gets worse. The flaw exists in an unpacker Symantec uses to examine compressed executable files it thinks might be malicious. So the vulnerability would let attackers subvert the unpacker to take control of a victim’s machine. Essentially, a core component Symantec uses to detect malware could be used by intruders to aid their assault.

“These vulnerabilities are as bad as it gets,” Ormandy wrote. He would know.

Read the rest at WIRED

Ransomware: Pay Up or Else

Ransomwarevia Transparency News

Public-sector problems with ransomware have been at a low simmer for a while, with 35 state and local governments reporting problems in 2014, according to the Multi-State Information Sharing and Analysis Center, an organization that tracks cybersecurity issues for states and localities. But in 2015, the FBI warned that the problem is on the rise — growing 114 percent in 2014 — and said that unlocking the files is so difficult that the agency often suggests just paying the ransom.

In June 2014, an officer with the Durham, N.H., Police Department opened what she thought was a digital fax attached to an email about an investigation she was working on. Instead, it was a type of malicious software that infected files throughout the entire police department’s network of computers. By the next morning, the entire system was in serious trouble.

The tactics of each type of ransomware vary, but all follow the same theme: make the victim believe there’s no option but to pay. The most common way it happens is through an email attachment that looks like an invoice, bill or delivery. Sometimes it’s just a matter of clicking on what appears to be a legitimate advertisement on a website. Once the software launches, it quickly encrypts computer files, making them inaccessible. Victims then receive a message on their computer screen, telling them their files have been encrypted and that they must buy an electronic PIN number to enter into a box on the screen. The amount varies but is usually between $300 and $700. Rather than try to extort large sums of money from only a few victims, hackers have found more success expanding the number of people and organizations they target and asking them to pay modest ransoms.

There’s also a psychological aspect to ransomware that increases its success rate. “When people see the ransomware notice on their work PC, they panic,” said Rahul Kashyap, chief security architect at Bromium Labs, a security firm. “They think it’s their fault for triggering the attack, so they pay.”

Learn more

Windows 10 is spying on almost everything you do – here’s how to opt out

Windows-10_Product-Family[1]

Windows 10 is amazing. Windows 10 is fantastic. Windows 10 is glorious. Windows 10 is faster, smoother and more user-friendly than any Windows operating system that has come before it. Windows 10 is everything Windows 8 should have been, addressing nearly all of the major problems users had with Microsoft’s previous-generation platform in one fell swoop.

But there’s something you should know: As you read this article from your newly upgraded PC, Windows 10 is also spying on nearly everything you do.

Windows support lifecycle

lifecycleEnd of support refers to the date when Microsoft no longer provides automatic fixes, updates, or online technical assistance. This is the time to make sure you have the latest available update or service pack installed. Without Microsoft support, you will no longer receive security updates that can help protect your PC from harmful viruses, spyware, and other malicious software that can steal your personal information. For more information go to Microsoft Support Lifecycle .

 

Client operating systems Latest update or service pack End of mainstream support End of extended support

Windows XP

April 14, 2009

Windows Vista

April 10, 2012

April 11, 2017

Windows 7 *

January 13, 2015

January 14, 2020

Windows 8

January 9, 2018

January 10, 2023

* Support for Windows 7 RTM without service packs ended on April 9, 2013. Be sure to install Windows 7 Service Pack 1 today to continue to receive support and updates.

Two weeks on, Superfish debacle still causing pain for some Lenovo customers

Assurances on the demise of the dangerous adware are (somewhat) exaggerated.
Assurances on the demise of the dangerous adware are (somewhat) exaggerated.

Via Slashdot

Ars Technica reports that weeks after Lenovo said it would stop selling computers with Superfish adware installed, it’s still there for many purchasers of the company’s laptops. From the article:

Based on the experience of Ars readers Chai Trakulthai and Laura Buddine, Lenovo overstated both assurances. The pair recently examined a $550 Lenovo G510 notebook purchased by a neighbor, and their experience wasn’t consistent with two of Lenovo’s talking points. First, the PC was ordered in early February more than four weeks after Lenovo said it stopped bundling Superfish, and yet when the notebook arrived in late February it came pre-installed with the adware and the secure sockets layer certificate that poses such a threat.

“Lenovo may be saying they haven’t installed Superfish since December, but the problem is that they are still shipping out systems with Superfish installed,” Buddine said. “The Windows build had a date of December. They apparently aren’t sorry enough to re-image the computers they have in stock to remove the problem and they’re still shipping new computers with Superfish installed.”

Supply chains are long, and hand-work is expensive, so this might not surprise anyone. Less forgivable, though is this finding, of the software provided to purge machines of the adware: “Lenovo’s software didn’t begin to live up to its promise of removing all Superfish-related data. Based on its own self-generated report, the tool left behind the Superfish application itself. A scan using the Malwarebytes antivirus program found the Superfish remnants VisualDiscovery.exe, SuperfishCert.dll, and a VisualDiscovery registry setting.”

Note to Lenovo

angry_shark_by_racoonwolf-d5punvg[1]If you’re wondering if you might be affected by the Superfish adware, there a couple of websites where you can check to see if the malware is installed. One of them is here. Let’s hope you don’t have it, because it looks like even removing the Superfish software doesn’t address the core security problem. PC World has some instructions on what to do if you need to go Superfishing to fix the issue.

Lenovo’s Response to Its Dangerous Adware Is Astonishingly Clueless | WIRED

Lenovo says that the Superfish adware it preinstalled on laptop computers isn’t a security problem. That’s not true. And guess what? It breaks Slack too.

Older posts

© 2017 LocalCause

Theme by Anders NorenUp ↑

Loading...