Today Dropbox Pro users gain access to a raft of new features including automatically expiring shared links, password-protected sharing, and adjustable permissions. In recent times, Dropbox has moved away from being just a simple cloud storage platform into a cloud-based collaboration tool. Password-protected files sharing is the first line of security that's now available, but it has been bolstered by the ability to have the share automatically stop after a set period. This is something that is particularly useful for sensitive data, and is a helpful addition to the manual disabling of a shared link -- a set-it-and-forget-it option.
Catching up with other file collaborative tools, Dropbox Pro now also takes into account the fact that you might want to share files with others without giving them the option to edit those files. The new ability to add view-only permissions to files and folders has this covered so it is possible to share sensitive files without worrying about them being changed. For anyone using Dropbox on mobile devices, there is always the fear of losing a handset; a new remote wipe feature takes care of this.
It's a fact that most software has bugs of some sort when it gets released. More significant are fundamental flaws in the design, yet whilst bugs generally get fixed, design flaws are often overlooked.
In an effort to address this professionals organization IEEE is bringing together leading figures from Google, HP, Twitter and Cigital to form a Center for Secure Design group with the aim of tackling serious design flaws in software.
A new survey sponsored by HP's TippingPoint network security arm looks at the main information security concerns of modern enterprises.
It reveals that 69 percent of IT professionals have to deal with phishing attacks at least once a week, with customer and financial data the main targets. The survey also finds that seven out of 10 attacks originating from inside the network come from a malware infected machine.
As you're almost certainly aware if you're a PlayStation owner, this weekend saw an attack mounted on the PlayStation Network which took it down for a large chunk of time.
But PSN wasn't the only gaming service to get bombarded by DDoS (distributed denial of service) attacks this weekend, and indeed, other attacks are continuing right now -- courtesy of the so-called Lizard Squad, a "hacktivist" group which is enjoying its time in the media limelight. (Though note that another hacker from Anonymous claimed responsibility for the PSN attack, so it's unclear exactly what went on in that case.)
The effects of Edward Snowden's revelations about the activities of the NSA continue to be felt. Internet users are now familiar with the idea that what they do online is possibly (probably?) being monitored in one way or another. Some users have taken to the likes of Tor in a bid to increase security and anonymity, but there has also been a more interesting side-effect. Figures released by "nonpartisan fact tank" the Pew Research Center suggests that a "spiral of silence" has developed as Americans start to censor themselves online.
The research group conducted a survey of more than 1,800 people in the middle of last year and found that while most people (86 percent) were quite happy to talk about state surveillance in person, less than half (41 percent) were willing to do so on Twitter (itself involved in censorship). This self-censorship is an interesting repercussion of the NSA's activities, and it seems that social network users have been hardest hit:
In California, a bill has been passed that will require smartphone manufacturers to include a kill switch in their handsets. The bill states that "any smartphone, as defined, that is manufactured on or after July 1, 2015, and sold in California after that date, include a technological solution at the time of sale, which may consist of software, hardware, or both software and hardware, that, once initiated and successfully communicated to the smartphone, can render inoperable the essential features, as defined, of the smartphone to an unauthorized user when the smartphone is not in the possession of an authorized user". It's a lengthy description, but it means the kill switch that many people have been asking for for so long is becoming a reality in another state.
This is not the first time a kill switch bill has been passed -- Minnesota did something similar back in May. The SB 926, Leno Smartphones bill in California is rather more far-reaching and comes partly in response to the statistic that between 30 and 40 percent of robberies in major US cities are smartphone robberies. Once activated, the kill switch will prevent a phone from being registered on a wireless network, and cannot be bypassed even with a hard reset. In the event of theft, a user will also be able to remotely wipe their device to protect any private information they may have stored on it.
Embracing the digital revolution is unavoidable for businesses. It has brought great advantages with it too, such as anytime, anywhere communications and the storage of vital and personal information for use in our work and personal lives. It has also provided greater flexibility in where and how we work and communicate, making things much easier for us.
However, it is important to acknowledge security aspects when evaluating mobility policies in particular. Cyber attacks are on the increase and will continue in their complexity and frequency. We hear about serious breaches on a daily basis. This can range from password leaks or mobile phone hacks to international scale bugs. I often find that in the corporate world, many recognize the threats but fail to implement any strategy, let alone take tangible action. The good news is that there are steps that can be taken by businesses to drastically improve mobile security.
Security holes and vulnerabilities are to be expected, but not enough is being done to patch holes quickly enough. This is the conclusion of Heimdal Security who conducted analysis of software vulnerabilities. The security firm found that while security problems are on the increase, companies are failing to keep pace and issues remain unaddressed for too long. It's something that hackers are taking advantage of, and user data is being left at great risk. Heimdal Security found that between 60 and 90 percent of attacks from hackers take advantage of this fact.
A number of key culprits are singled out for particular attention -- names that will be familiar to most: Oracle Java Runtime environment, Adobe Acrobat Reader, Adobe Flash Player, and Apple QuickTime. The biggest offender, by quite some margin, is Java Runtime environment, blighted by 48 vulnerabilities in 2012, a staggering 180 in 2013, and 90 so far in 2014. According to CVE Details, the average severity rating for all of the vulnerabilities found in each of the four products. Using the CVSS (Computer vulnerability severity system), which rates issue severity on a 1 to 10 scale, the average rating is 7.8 for Java -- and that's the best of the bunch. Adobe's two products were rated 9.2.
BitTorrent Sync has gone from alpha to beta to full release. Along the way it has become one of the best and most secure sync apps, with security largely because of its decentralized nature. Now the service is getting a major update that adds even more features to the platform.
BitTorrent is introducing large file sharing, allowing something like an entire folder full of photos to be shared with a group of friends and family. With the new work-flow that has been built for version 1.4, customers don't need to set up an account. "There's two ways to send a link, via email or copying it to your clipboard (so you can send using any communications tool of your choice)", Erik Pounds, vice president of product management, explains.
Following on from Edward Snowden's revelations about the NSA's activity there have been increasing concerns about just how secure our data is, particularly if it's stored in the cloud. Indeed it's reckoned that the cloud industry faces losing billions of dollars in revenue to privacy concerns.
Yet some experts believe that storing data in the cloud is still safer than keeping it in-house. We spoke to Orlando Scott-Cowley, evangelist, strategist and technologist of email management specialist Mimecast to find out why.
Automobile companies are being targeted by a new malware threat that is spreading like wildfire across Europe and stealing a wealth of sensitive information.
Symantec reports that the spam campaign, known as Infostealer.Retgate or Carbon Grabber, is aggressively targeting automobile companies with malware that steals encrypted information such as user names and passwords.
For anyone looking to stay anonymous online, Tor seems like an obvious option. At the same time, it could lull users into a false sense of security -- after all, this is a network that was, at least in the past, funded by the military and US government -- and conspiracy theories abound that Tor is nothing more than a honey trap to catch the kind of people who have a need for anonymity because of their nefarious activities. The network has evolved over the years and now agencies such as the NSA in the US and GCHQ in the UK are actively seeking out vulnerabilities so they can crack the network. But the relationships are actually far more complex than that.
According to Andrew Lewman, chief of operations at Tor, the same agencies that are trying to break Tor are also posting tips anonymously about the vulnerabilities that have been found -- giving a chance for them to be patched. Talking to the BBC Lewman said:
If you're an Android user you may already have been tempted to don your tin hat and descend to your bunker following today's earlier story about app hacking. Prepare to settle in for a long seige then as new research reveals that many of the most popular Android apps have SSL vulnerabilities that leave them open to man in the middle (MITM) attacks aimed at stealing personal information.
According to threat protection specialist FireEye a significant proportion of apps allow an attacker to intercept data exchanged between the Android device and a remote server.
While the claims of Android malware may be a bit overblown, it does exist and has to be a consideration for customers. That fact has brought about an abundance of software designed to combat the perceived problem.
Now Sophos is jumping into the market with an updated version of its offering, but for the moment this latest version is in a testing phase. The company is calling on Android users to begin beta testing the new offering, and the security firm is adding an incentive in the form of prizes for people willing to step up.
The internet has become as ubiquitous as air. You’re connected at home via Wi-Fi, then you go out and stop by a cafe to grab a quick morning coffee and check your Facebook, then you come to the office, get all serious and send business mail to your colleagues. The internet gives us great freedom. But with that freedom comes great dangers and great responsibility -- you are responsible for protecting yourself on the web.
Every time you indulge into any sort of online activity, your data can be easily monitored and checked. The websites you visit receive your IP address, location, browser and operating system, screen resolution, ISP and more. You can check on what information you give away at stayinvisible.com. I have nothing against sharing this data when I do simple browsing. I am like Dutch windows without curtains -- doing nothing wrong, peep in whenever you want, I have nothing to hide.