As an example of transformative change that is now underway, Joshipura pointed to the telecom industry. “For the past 137 years, we saw proprietary solutions,” he said. “But in the past several years, disaggregation has arrived, where hardware is separated from software. If you are a hardware engineer you build things like software developers do, with APIs and reusable modules. In the telecom industry, all of this is helping to scale networking deployments in brand new, automated ways.”
Telstra will offer enterprise-grade managed security services from SOCs in Melbourne and Sydney
The telco’s director of security solutions, Neil Campbell, said the new SOCs and Telstra’s new platform are part of “reimagining” how managed security services are delivered, particularly in the context of the vast quantities of data enterprises find themselves grappling with thanks to developments such as the Internet of Things.
Using open source offers “the ability to be master of your own destiny when it comes to features and timelines,” he added, allowing the telco to be flexible in order to meet its clients’ requirements as well as adapt to an evolving market.
Another reason for using open source is that “by contributing to the open source community we put the tools in the hands of users who might otherwise not be able to afford an enterprise-grade SIEM platform or for their own reasons would never outsource and are looking for some flexibility in-house,” Campbell said.
We have found that the damage that could be caused by law enforcement exceptional access requirements would be even greater today than it would have been 20 years ago. In the wake of the growing economic and social cost of the fundamental insecurity of today’s Internet environment, any proposals that alter the security dynamics online should be approached with caution. Exceptional access would force Internet system developers to reverse “forward secrecy” design practices that seek to minimize the impact on user privacy when systems are breached. The complexity of today’s Internet environment, with millions of apps and globally connected services, means that new law enforcement requirements are likely to introduce unanticipated, hard to detect security flaws. Beyond these and other technical vulnerabilities, the prospect of globally deployed exceptional access systems raises difficult problems about how such an environment would be governed and how to ensure that such systems would respect human rights and the rule of law.
CERN has recently published a paper which outlines the establishment of the European Open Science Cloud that will enable digital science by introducing IT as a Service to the public research sector in Europe.
The success of new energy projects relies on one crucial skill: the ability to derive insights from massive amounts of rapidly changing data. That’s why utilities and energy companies are adopting analytics to meet the rising demand for renewable energy from more sophisticated customers.
The Union of South American Nations, Unasur will celebrate this Friday its eighth anniversary with the official opening of the South American Defense School (Esude) created to instruct on defense and security issues, both at civil and military level, following ‘the principles of a regional strategic vision’.
Today’s tale of apocalyptic internet near-misses comes from software developer Kamil Hismatullin, who discovered a security flaw in YouTube that allowed him to delete any video he wanted—or all of them, if he so desired. Fortunately, he did not so desire (although he apparently had some thoughts about doing a number on Justin Bieber’s channel), and instead he reported the bug to Google and collected a $5000 reward.
My team and I at QCRI have just completed a detailed analysis of the 13,200+ tweets posted from one hour before the attacks began until two hours into the attack. The purpose of this study, which will be launched at CrisisMappers 2013 in Nairobi tomorrow, is to make sense of the Big (Crisis) Data generated during the first hours of the siege. A summary of our results are displayed below. The full results of our analysis and discussion of findings are available as a GoogleDoc and also PDF. The purpose of this public GoogleDoc is to solicit comments on our methodology so as to inform the next phase of our research. Indeed, our aim is to categorize and study the entire Westgate dataset in the coming months (730,000+ tweets). In the meantime, sincere appreciation go to my outstanding QCRI Research Assistants, Ms. Brittany Card and Ms. Justine MacKinnon for their hard work on the coding and analysis of the 13,200+ tweets. Our study builds on this preliminary review.
The following 7 figures summarize the main findings of our study. These are discussed in more detail in the GoogleDoc/PDF.
Figure 1: Who Authored the Most Tweets?
Figure 2: Frequency of Tweets by Eyewitnesses Over Time?
If an Android device (phone or tablet) has ever logged on to a particular Wi-Fi network, then Google probably knows the Wi-Fi password. Considering how many Android devices there are, it is likely that Google can access most Wi-Fi passwords worldwide.
Recently IDC reported that 187 million Android phones were shipped in the second quarter of this year. That multiplies out to 748 million phones in 2013, a figure that does not include Android tablets.
Many (probably most) of these Android phones and tablets are phoning home to Google, backing up Wi-Fi passwords along with other assorted settings. And, although they have never said so directly, it is obvious that Google can read the passwords.
IBM is a respected technology company and it appears that hardly anything can bad can be said about them. There comes a time when every company must admit they have a fault in their product and IBM must step up to the plate this time. The news comes to us from Secunia, a Web site that monitors technology security, in the warning, “Security Advisory SA54460-IBM Content Analytics With Enterprise Search Multiple Vulnerabilities.”The warning is labeled as moderately critical and should worry organizations that use the software to manage their data. The bug messes with cross site scripting, manipulates data, exposes sensitive information, and a DoS.
Here is the official description:
“IBM has acknowledged a weakness and multiple vulnerabilities in IBM Content Analytics with Enterprise Search, which can be exploited by malicious people to disclose certain sensitive information, conduct cross-site scripting attacks, manipulate certain data, and cause a DoS (Denial of Service).”
Ouch! IBM must not be happy about this, but at least they discovered the problem and Content Analytics users can expect a patch at some point. Hate to bring up Microsoft at this venture, but whenever a big company has a problem I can’t help but think about how Microsoft never has a product launch without some issues. IBM is reliable and hopefully they will not go down the same path as Windows 8.
What this post is about: Society’s collective intelligence needs to be able to see clearly what’s going on and take action about it. Both NSA surveillance and corporate suppression of activism interfere with that vital dynamic. This post clarifies what’s going on in these dynamics and suggests strategies to counter them and increase society’s collective intelligence.
Any healthy living system will try to weed out challenges that threaten its functioning. That’s what immune systems do: they preserve business-as-usual in a body.
But this natural maintenance activity of a system can be counterproductive:
(a) when changing circumstances demand adaptive responses, when the system NEEDS to change its business-as-usual – and
(b) when the system has been parasitized by something that is using it for the parasite’s own purposes at the larger system’s expense.
Mobile security startup Bluebox Security has unearthed a vulnerability in Android’s security model which it says means that the nearly 900 million Android phones released in the past four years could be exploited, or some 99% of Android devices. The vulnerability has apparently been around since Android v1.6 (Donut), and was disclosed by the firm to Google back in February. The Samsung Galaxy S4 has already apparently been patched.
It’s likely that Google is working on a patch for the vulnerability. We’ve reached out to the company for comment and will update this story with any response.
Bluebox intends to detail the flaw at the Black Hat USA conference at the end of this month but in the meanwhile it’s written a blog delving into some detail. The vulnerability apparently allows a hacker to turn a legitimate app into a malicious Trojan by modifying APK code without breaking the app’s cryptographic signature. Bluebox says the flaw exploits discrepancies in how Android apps are cryptographically verified and installed. Specifically it allows a hacker to change an app’s code, leaving its cryptographic signature unchanged — thereby tricking Android into believing the app itself is unchanged, and allowing the hacker to wreak their merry havoc.