You are likely well aware by now that, come April 8, Microsoft will officially drop support for its dated Windows XP. Considering that the operating system will celebrate its 13th birthday this year, the company's decision is hardly surprising. Users have had plenty of time to plan for this moment, and move to newer, better versions of Windows.
Yes, there are still many Windows XP users, as the operating system's market share tops nearly 30 percent, far more than the newer Windows 8.x branch, combined. As a result, the extent of the public support cutoff is huge, even effecting security companies which have declared their commitment to supporting Windows XP past its due date. In a blog post, Avast details potential issues users might encounter starting next month.
Nothing on the internet is safe these days. Even point-of-sale systems in stores we regularly shop in can be accessed and stolen from -- witness Target to name only one recent high profile example. However, when it comes to computers, some users see Apple as more secure. While that may be a result of simply being less targeted, there is also nothing that the company can do to protect people from themselves.
Security firm Netcraft, which boasts customers that include British Telecom, Microsoft and Cisco, has detailed a sneaky new attack. EA, the popular game maker, has had one of its servers compromised so it can host phishing attacks that target Apple IDs.
Relying on passwords alone to keep your Internet accounts safe can get you in a lot of trouble. They may be comfortable to use, but hackers can easily bypass or crack them. Or, even worse in my opinion, steal personal information without you even knowing. A recommended method for minimizing such risks is to enable two-factor authentication.
Two-factor authentication is an added security layer that requires you to use a password and a security code, in order to log in. It is a feature available in the account's settings that is usually not enabled by default. The security code can be delivered via SMS, email or a dedicated app. I have it turned on for every Internet account that supports it.
Enterprises worldwide are expected to spend $500 billion in 2014 to deal with issues caused by malware in pirated software. Consumers are set to spend $25 billion and waste 1.2 billion hours on security threats and fixes.
And so it begins. The price war in the cloud. There are few tech companies that would not like you to store all of your files in the cloud, and there are several big names vying for attention. The obvious contenders for the crown are Microsoft with SkyDrive (sorry, OneDrive), Dropbox and Google Drive -- of course there are plenty of others, but these are the names that trip readily off the tongue. As computer users we have become increasingly comfortable with the idea of storing files online; in fact we almost demand it. If an app or service does not offer cloud storage, there are instant complaints about the lack of between device syncing.
But cloud storage does come at a cost. On the face of it, online storage is available free of charge. All of the big names -- and many of the smaller ones -- provide gigabytes, in varying quantities, of space gratis. But for cloud storage to be truly useful, everything needs to be stored there. The 5GB of free space from one provider is not to be sniffed at, but 5GB disappears very quickly. Opt to store all of your photos online, for instance, and the gigabytes will very quickly be eaten up.
The recommended practice for passwords and credentials is to avoid using them in more than one place, and make them extremely difficult to crack. It sounds easy, at first glance. But, as we sign up for an increasing number of accounts, it can prove to be quite a chore to keep track of them all. Ten accounts, for instance, means ten usernames and ten passwords, all distinct.
For this reason, users who wish to store sensitive login information, and have quick access to it, rely on password managers. Such tools are available on all major platforms. They are easy to use and, if needed, can generate more secure passwords than we can come up with (certainly more secure that users' favorites, "123456", "password" or, like it will stop hackers more than the first one, "12345678"). One such offering is oneSafe for Windows Phone. It was just made available as a trial in Store, so let us take a look at it.
Another week means a fresh batch of security concerns. In Europe, users were warned of the dangers of connecting to public wifi hotspots, while a new report found that cybercriminals are becoming increasingly sophisticated in their techniques. Ian was on hand with advice for anyone trying to tackle or avoid viruses.
I will pull no punches here. It’s plain and simple to explain -- just days after Malaysian Airlines flight 370 went missing, with whereabouts and outcome still unknown, the pack of wolves began to attack. Emails arrived at BetaNews desks advertising corporate solutions to family grief. Are they mad?
Do the families of missing people really worry about the lost password to Facebook or Twitter? This sort of ambulance chasing, as it was long ago named, should have died with the era in which the phrase was coined.
We are spied upon. Someone, somewhere, knows what you have been doing online. It might be your snooping friend taking a look at your browsing history, or it might be that weird looking guy on the next table in the coffee shop watching your every click. It might be advertisers using cookies, or it could be your own government. This is now just about expected; it is part and parcel of using the internet. In some parts of the world, access to the internet is not only monitored, but also restricted and controlled. But it didn’t used to be like this, and it needn't stay like this.
In some regions the idea of mass spying is a relatively recent concept. The activities of the NSA, GCHQ and other government organizations are something only the most recent generation of internet users is "used" to -- for the rest us, it is at best an unpleasant sea change, and at worst just the tip of the iceberg. As it was revealed that governments were not only spying on citizens' online activities but also getting other companies involved by requiring them to hand over user data, big names such as Microsoft, Google, and Apple were falling over themselves to appear to be going out of their way to reveal everything they could about the demands made of them. It was the PR machine in action, trying to make the best of a very, very bad situation.
I admit to being utterly, utterly puzzled why some people and businesses choose to keep using Windows XP in 2014. Maybe they have not received the memo it is nearly 13 years old, and terribly outdated. If the operating system was a living being, it would be called a dinosaur. And we are not seeing those alive and kicking in living rooms, offices and ATMs, are we?
I am not going to pull out the security card and trump it as a reason to upgrade. We all know this argument does not resonate with Windows XP users. Instead, they should be looking at the real benefits an upgrade, to let's say Windows 7 or Windows 8.1, will do for them and at what could happen if they choose not to abandon the sinking ship. This is a strategy Microsoft has adopted in a new please-upgrade-from-XP-we-really-want-you-to infographic, aimed at the UK Government.
The Android version of WhatsApp, the cross-platform messaging tool recently snapped up for $19 billion by Facebook, contains a security flaw that means its chat database could be accessed by any app and uploaded to a web server without user knowledge or intervention. It's not clear whether this vulnerability has yet been exploited, but a proof-of-concept attack by Bas Bosschert (consultant, sysadmin and entrepreneur) shows that it is not only possible, but also incredibly simple. To cut to the chase, the answer to the question posed by Bas' brother, "is it possible to upload and read the WhatsApp chats from another Android application?", is "yes, that is possible".
In order for an "attack" to be successful, a user must have granted the app access to the SD card. As Bas points out, "since [a] majority of the people allow everything on their Android device, this is not much of a problem" for an attacker to overcome. Assuming this setting has been enabled, there really is very little work to be done. With a webserver at hand, it is quite easy to create an app that seeks out WhatsApp's database and uploads it ready for perusal.
Any Internet related provider, whether it be a Telecom Carrier, Internet, Multi-Service or Cloud Provider (ISP/MSP/CSP) or Hosting/Co-Lo Provider are unwilling accomplices to DDoS attacks and other cyber threats that transit, terminate or originate on their networks. Service providers and their customers are inseparably linked by the challenges DDoS attacks present.
As attacks have grown in size, frequency and sophistication in recent years the demands to ensure service availability and service security from customers have risen in unison. Corero has responded to this challenge with the launch of the SmartWall Threat Defense System (TDS). I spoke to Ashley Stephenson, CEO, Corero Network Security, about the new product.
Antivirus products have steadily evolved over the years but a number of obsolete myths still persist.
For example, many people still believe that AV software can detect only what it knows, uses only static signatures and offers little or no protection. A new report from NSS Labs looks at the history of antivirus software and how it has, and continues to, evolve to meet new threats. It concludes that whilst endpoint protection is still essential it has evolved beyond simple antivirus programs.
The 2014 South by Southwest festival is in full swing. It's a combination of tech, music and film rolled into one Texas-sized good time. While it all sounds like a fun-house, there is a serious note to some of the discussions. AVG was part of a forum on connected cars, taking a look at the data collected and what happens to it.
It's not all doom and gloom -- nobody showed a hack that will let the perpetrator literally take over your car. But who controls the data being collected by said vehicle is certainly a security concern. The security company's Judith Bitterli spoke during the meeting and then put her thoughts together in a quick post.
The dominant theme at this year’s RSA Conference in San Francisco was actionable security intelligence, a term which can mean different things to different people. For example, do bad IP addresses, DNS fast fluxing information, and geolocation constitute security intelligence? Additionally, do malware campaigns and adversary tracking count as security intelligence?
The answer is yes for both questions, but it is important to note that these are not the only high-level indicators that can be considered security intelligence. The key challenge is understanding how to "apply" security intelligence in such a way that it is actionable. The following may be considered provocative and even go against the grain of opinion in Silicon Valley: In most approaches to security, there is too much emphasis on the adversary and not enough on understanding the attack surface.