Welcome!

PHP Authors: Liz McMillan, Carmen Gonzalez, Hovhannes Avoyan, Lori MacVittie, Trevor Parsons

Blog Feed Post

CTO Security Report

Anonymous

Anonymous (Photo credit: Schuilr)

3 Million Iranian Bank Accounts Disclosed

Iranian ATM’s are dispensing PIN and Password changes instead of money this week following the public disclosure of three million bank account details by an Iranian security researcher.  While the disclosure of these accounts is unfortunate, what is more troubling is the process that led to this disclosure.  A year ago Khosrow Zarefarid warned the CEO’s of the banks in Iran that a banking flaw could expose their customers.  Even after submitting accounts found using the technique he warned them about, he received no response.  Seeing no other course of action, the researcher disclosed the accounts in a bid to bring the situation to light.  Such “grey-hat” actions often happen when security is not taken seriously at organizations such as banks, and the ensuing fiasco could have easily been avoided with proper communication and effort on behalf of Iranian banks.

Read More: http://www.zdnet.com/blog/security/3-million-bank-accounts-hacked-in-iran/11577

F1 Racing Sites Attacked by Anonymous

Elements of the Anonymous collective are currently targeting F1 racing Federation websites in an effort to disrupt and publicise a campaign against the F1 race being held in Bahrain.  This effort comes as the F1 race is being held in Bahrain despite well-documented human rights abuses in that country.  At the time of writing, f1-racers.net had been defaced and elements within Anonymous were still planning to increase the level of disruption.  The Formula One federation is aware of the attempts by Anonymous to disrupt its activities.

Defaced Site: http://f1-racers.net/

 

Anonymous Starts Their Own Pastebin Lookalike

Fed up with Pastebin’s promises to moderate and censor posts containing sensitive information such as passwords, bank accounts, and addresses, Anonymous members have struck out on their own.  The result is a pastebin clone which is hosted by an organization sympathetic to Anonymous, the People’s Liberation Front.  This new paste site does not have information on what is contained in the paste because every paste is encrypted with AES 256 and requires a symmetric key to decrypt inside of the browser.  This key is contained with the URL generated for the post when it is uploaded to the server.  The advantage is that posts cannot be read by the hosting provider, since they have stated that they disable all connection logging.  Expect to see more members of Anonymous to switch to this new service, which will make Anonymous movements somewhat harder to track — you need to have the URL with the key in order to read the paste, and cannot track trending posts with the service.

Read More: http://www.peoplesliberationfront.net/anonpaste/index.php?0bb850fa017e85f1#SRccDhThvKyQ5+o4Sm3xineTXfDReG76Q01x2yaWik0

 

15 Year old Boy Hacks >250 Companies

A 15-year-old Austrian boy was discovered to be the culpit behind the web-based attacks on the web presences of over 250 companies.  The boy, using attack software, techniques, and anonymization services and programs he found on the internet, mounted a successful campaign in order to win the favor and attention of his hacker peers and garner points on a hacker scoreboard.  Within a short period of time the young hacker was attacking as much as 3 websites a day on average.  With website/web service security being rather lax in most organizations and applications the news of the age of the attacker is perhaps more of a surprise than the number of targets he successfully breached.

Read More: http://www.zdnet.com/blog/security/15-year-old-arrested-for-hacking-259-companies/11585?tag=mantle_skin;content

 

New Android Hacking Concept Emerges

A side-channel attack on login PINs utilizing the gyroscopic sensors inside of Android phones has been developed by security researchers.  The attack analyses the slight movements and shifts of the phone as its screen is pressed in order to determine where on the screen the user has pressed.  The application runs in the backround and waits for the user to input their pin and unlock the phone for use and does not require any permissions in order to run due to the way sensor permissions are granted in Android platforms.

This attack is unlikely to be very lucrative for normal attackers though — it requires that the user play a game in order for the application to learn how the specific user holds and uses the specific type of phone on which it runs.  The payoff could be significant though:  Besides being able to sniff PIN logins to the phone, the application can sniff phonepad entries and possibly steal credit card numbers and phone numbers through this method.

Read More: http://www.v3.co.uk/v3-uk/news/2168301/taplogger-android-trojan-cracks-touchscreen-passwords-handset-movements

 

Encryption for Google Docs from Cipherdocs

One of the drawbacks to using the Google cloud of internet applications is the lack of proper document confidentiality.  Sure, the service lets you grant or revoke permissions to different users via their email address, but what if that user’s email is compromised?  What if Google Docs were compromised in some way?  Your documents would be open for all to see.  A new startup has been bootstrapped with a way to fill this security gap — Cipherdocs.

Cipherdocs has created a plugin for the popular internet browser Mozilla Firefox which allows users to have encryption on-the-fly for Google documents.  It even has a keyring available for using Encrypted Google Docs across multiple computers, and only requires that Java be installed along with the Firefox browser and the plugin itself.  It is currently free and can be downloaded from http://www.cipherdocs.com/

Read More: http://www.cipherdocs.com/cipherdocsinstallation.pdf

Read the original blog entry...

More Stories By Bob Gourley

Bob Gourley writes on enterprise IT. He is a founder of Crucial Point and publisher of CTOvision.com

IoT & Smart Cities Stories
Dion Hinchcliffe is an internationally recognized digital expert, bestselling book author, frequent keynote speaker, analyst, futurist, and transformation expert based in Washington, DC. He is currently Chief Strategy Officer at the industry-leading digital strategy and online community solutions firm, 7Summits.
Digital Transformation is much more than a buzzword. The radical shift to digital mechanisms for almost every process is evident across all industries and verticals. This is often especially true in financial services, where the legacy environment is many times unable to keep up with the rapidly shifting demands of the consumer. The constant pressure to provide complete, omnichannel delivery of customer-facing solutions to meet both regulatory and customer demands is putting enormous pressure on...
IoT is rapidly becoming mainstream as more and more investments are made into the platforms and technology. As this movement continues to expand and gain momentum it creates a massive wall of noise that can be difficult to sift through. Unfortunately, this inevitably makes IoT less approachable for people to get started with and can hamper efforts to integrate this key technology into your own portfolio. There are so many connected products already in place today with many hundreds more on the h...
The standardization of container runtimes and images has sparked the creation of an almost overwhelming number of new open source projects that build on and otherwise work with these specifications. Of course, there's Kubernetes, which orchestrates and manages collections of containers. It was one of the first and best-known examples of projects that make containers truly useful for production use. However, more recently, the container ecosystem has truly exploded. A service mesh like Istio addr...
Digital Transformation: Preparing Cloud & IoT Security for the Age of Artificial Intelligence. As automation and artificial intelligence (AI) power solution development and delivery, many businesses need to build backend cloud capabilities. Well-poised organizations, marketing smart devices with AI and BlockChain capabilities prepare to refine compliance and regulatory capabilities in 2018. Volumes of health, financial, technical and privacy data, along with tightening compliance requirements by...
Charles Araujo is an industry analyst, internationally recognized authority on the Digital Enterprise and author of The Quantum Age of IT: Why Everything You Know About IT is About to Change. As Principal Analyst with Intellyx, he writes, speaks and advises organizations on how to navigate through this time of disruption. He is also the founder of The Institute for Digital Transformation and a sought after keynote speaker. He has been a regular contributor to both InformationWeek and CIO Insight...
Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life settlement products to hedge funds and investment banks. After, he co-founded a revenue cycle management company where he learned about Bitcoin and eventually Ethereal. Andrew's role at ConsenSys Enterprise is a mul...
To Really Work for Enterprises, MultiCloud Adoption Requires Far Better and Inclusive Cloud Monitoring and Cost Management … But How? Overwhelmingly, even as enterprises have adopted cloud computing and are expanding to multi-cloud computing, IT leaders remain concerned about how to monitor, manage and control costs across hybrid and multi-cloud deployments. It’s clear that traditional IT monitoring and management approaches, designed after all for on-premises data centers, are falling short in ...
In his general session at 19th Cloud Expo, Manish Dixit, VP of Product and Engineering at Dice, discussed how Dice leverages data insights and tools to help both tech professionals and recruiters better understand how skills relate to each other and which skills are in high demand using interactive visualizations and salary indicator tools to maximize earning potential. Manish Dixit is VP of Product and Engineering at Dice. As the leader of the Product, Engineering and Data Sciences team at D...
Dynatrace is an application performance management software company with products for the information technology departments and digital business owners of medium and large businesses. Building the Future of Monitoring with Artificial Intelligence. Today we can collect lots and lots of performance data. We build beautiful dashboards and even have fancy query languages to access and transform the data. Still performance data is a secret language only a couple of people understand. The more busine...