Many organisations are struggling to keep pace with the changing face of security threats, according to a poll conducted by F5 Networks at Infosecurity Europe 2013 in London.Only 10% of security professionals polled said they could describe accurately how DNS reflection attacks work, just weeks after a spat between web hosting company Cyberbunker and anti-spam website Spamhaus led to some of the biggest distributed denial-of-service(DDoS) attacks to date.DNS reflection or amplification is a type of distributed denial of service (DDoS) attack that takes advantage of the fact that a small DNS query can generate a much larger response.When combined with source address spoofing, an attacker can direct a large volume of network traffic to a target system by initiating relatively small DNS queries.The poll found that only 11% would be completely confident that the day-to-day operations of their business would not be disrupted, should they be hit by such an attack.Many respondents reported feeling vulnerable due to the host of modern threats from cyber criminals, hacktivists and hackers.Some 87% claimed that it is more difficult than ever to secure their business from the threat of cyber attacks, with almost one in four citing the BYOD trend as the major factor.Others referenced the increasing complexity of threats (20%) and the change to espionage and political motives (14%) as the number one factor in increasing the difficulty in protecting businesses.The poll revealed other concerns around protecting infrastructure and applications, with 83% of respondents saying they were less than fully confident that their organisation has consistent security and availability policies across their entire IT infrastructure.“Both the scale and the method of the Spamhaus attacks should have acted as a wake-up call, but the research suggests that many security professionals would still struggle to deal effectively with the new breed of DDoS attacks, and fear the potential impact on their organisation,” said Joakim Sundberg, security solution architect at F5.Some 85% acknowledged the risk of wiping personal as well as company data when safeguarding a corporate mobile device following a theft.“As organisations continue to move their applications to the cloud as a way to increase infrastructure agility and reduce costs, it is vital that they close off any back doors to would-be attackers,” he said.According to Sundberg, conventional firewalls are failing in the face of increasingly complex internet threats.More intelligence has to be built into the corporate network to ensure their security can handle the newest threats, he said.“This includes being able to configure and automate security seamlessly to ensure the entire IT environment is protected, regardless of the mix of on-premise, cloud or hybrid infrastructures,”
We first heard rumors about a possible comeback of the Start menu button in Windows 8.1 last week, but now sources speaking to The Verge have confirmed that this will indeed be the case, only it’s probably not what most detractors were hoping for. The newly reintroduced button will reportedly sit on the traditional bottom left corner, and will look near-identical to the existing Windows flag used in the Charm bar, but clicking on it will simply bring up the tile-based Start screen rather than the old Start menu.There are already several quick ways to get back to the Start screen from the desktop. Users can just press the Windows key on their keyboard, or hover their mouse over the lower left corner of the screen until a Start screen thumbnail shows, and then click. So while there’s nothing new here functionality-wise, Microsoft apparently hopes to appease at least some of the criticism by adding a shortcut users might be more familiarized with.To be fair, you can already do everything the Start menu allowed with the redesigned Start screen -- searching, opening recent files, quickly launching apps, jumping to the control panel and so on. But those who have been criticizing the change have an issue with having to jump back and forth between Modern UI and the desktop to do these things.Another noteworthy change expected to arrive with the upcoming “Blue” update is the addition of a boot to desktop option. So far only hints of this have appeared on internal builds, and there’s currently no toggle to enable it through the operating system’s UI, but Microsoft is apparently working on how to add this feature -- News sources confirms this feature might be limited to Pro and Enterprise Windows 8 SKUs only.
While the imminent arrival of next-gen USB andThunderbolt interfaces is no longer fresh news, ComputerWorld brings to attention one potentially revolutionary detail: the next iteration of USB will deliver enough juice to effectively power any device without the aid of unsightly wall-warts.To do this, USB 3.0's move from 5Gbps to 10Gbps will be accompanied by significant bump (pdf) in power delivery -- 100 watts instead of just 10 watts. With that kind of juice, everything from full-size external hard drives to displays -- and even laptops -- could all fall within the purview of USB's new-found bus power.That's an enormous improvement over today's limitations where small devices like external HDDs, cell phones and tablets can push power draw limits.One example shown at Intel's Developer Forum was of a Lenovo laptop, a LCD monitor and other peripherals all simultaneously being powered by a USB SuperSpeed hub.To help make certain things are safe and standardized, USB 3.0 is expected to have five different power profiles (pdf):
While convenience is an obvious benefit of increasing the power output for USB, there is one less conspicuous bonus: greener electronics. Billions of power adapters for portable electronics are chucked into the trash each year. USB's pending upgrade stands to reduce that number by a significant margin.
- Profile 1: 5V @ 2.0A
- Profile 2: 5V @ 2.0A or 12v @1.5A
- Profile 3: 5V @ 2.0A, 12V @ 3A
- Profile 4: 5V @ 2.0A, 12V or 20V at 3A
- Profile 5 : 5V @ 2.0A, 12V or 20V at 5A
"When people don't see stuff on Google, they think no one can find it. That's not true."That's according to John Matherly, creator of Shodan, the scariest search engine on the Internet.
Shodan runs 24/7 and collects information on about 500 million connected devices and services each month.
It's stunning what can be found with a simple search on Shodan. Countless traffic lights, security cameras, home automation devices and heating systems are connected to the Internet and easy to spot.
Shodan searchers have found control systems for a water park, a gas station, a hotel wine cooler and a crematorium. Cybersecurity researchers have even located command and control systems for nuclear power plants and a particle-accelerating cyclotron by using Shodan.
What's really noteworthy about Shodan's ability to find all of this -- and what makes Shodan so scary -- is that very few of those devices have any kind of security built into them.
"It's a massive security failure," said HD Moore, chief security officer of Rapid 7, who operates a private version of a Shodan-like database for his own research purposes.
A quick search for "default password" reveals countless printers, servers and system control devices that use "admin" as their user name and "1234" as their password. Many more connected systems require no credentials at all -- all you need is a Web browser to connect to them.
In a talk given at last year's Defcon cybersecurity conference, independent security penetration tester Dan Tentler demonstrated how he used Shodan to find control systems for evaporative coolers, pressurized water heaters, and garage doors.
He found a car wash that could be turned on and off and a hockey rink in Denmark that could be defrosted with a click of a button. A city's entire traffic control system was connected to the Internet and could be put into "test mode" with a single command entry. And he also found a control system for a hydroelectric plant in France with two turbines generating 3 megawatts each.
Scary stuff, if it got into the wrong hands.
"You could really do some serious damage with this," Tentler said, in an understatement.
So why are all these devices connected with few safeguards? Some things that are designed to be connected to the Internet, such as door locks that can be controlled with your iPhone, are generally believed to be hard to find. Security is an afterthought.
A bigger issue is that many of these devices shouldn't even be online at all. Companies will often buy systems that can enable them to control, say, a heating system with a computer. How do they connect the computer to the heating system? Rather than connect them directly, many IT departments just plug them both into a Web server, inadvertently sharing them with the rest of the world.
"Of course there's no security on these things," said Matherly, "They don't belong on the Internet in the first place."
The good news is that Shodan is almost exclusively used for good.
Matherly, who completed Shodan more than three years ago as a pet project, has limited searches to just 10 results without an account, and 50 with an account. If you want to see everything Shodan has to offer, Matherly requires more information about what you're hoping to achieve -- and a payment.
Penetration testers, security professionals, academic researchers and law enforcement agencies are the primary users of Shodan. Bad actors may use it as a starting point, Matherly admits. But he added that cybercriminals typically have access to botnets -- large collections of infected computers -- that are able to achieve the same task without detection.
To date, most cyberattacks have focused on stealing money and intellectual property. Bad guys haven't yet tried to do harm by blowing up a building or killing the traffic lights in a city.
Security professionals are hoping to avoid that scenario by spotting these unsecured, connected devices and services using Shodan, and alerting those operating them that they're vulnerable. In the meantime, there are too many terrifying things connected to the Internet with no security to speak of just waiting to be attacked.
Deeming Windows 9 'too good to release,' Microsoft execs shelve follow-up to Windows 8 and proceed to Windows 10
"The Windows 9 internal beta was a phenomenal success," said Microsoft PR rep Cheryl Tunt. "I mean, it blew Windows 8 out of the water, and as we all know, Windows 8 is nigh flawless. After discussion at the C level, Microsoft has decided it will not mess with success and will leave Windows 9 exactly as it is. As such, work is now getting under way on Windows 10, which should see a public release."
Details about Windows 9 are sketchy, but according to internal Microsoft communications obtained by InfoWorld, the OS was fast, intuitive, bug-free, and equally adept with both the Windows Desktop and Metro-style interfaces. "And who would've thought to put the Start button there?!? Genius!" marveled one engineer, though it's unclear where "there" is exactly.
Another engineer likened the OS to the Nintendo Entertainment System's Power Glove accessory, saying, "It's that good a melding of man and machine."
One email chain riffed extensively on how Windows 9 is like the sitcom "Seinfeld" in that it's "about nothing," but also because "there was that one episode where Kramer got the deli meat slicer, and he said he had cut slices of meat so thin, he couldn't even see them. Well, Windows 9 is so transparent, you won't even know it's there. Hell, I'm not even sure I used it!"
"Hey guys, if all this is true, then we can't release this [OS] to the public," one HR manager who had been CC'd on the emails declared. "We have to keep this internal and advertise it as a perk. You know: 'Come work for Microsoft, and you get to use Windows 9!'"
The decision to jump to Windows 10 was announced during an all-company meeting by Microsoft CEO Steve Ballmer, who took the stage in front of a banner reading "Mission Accomplished."
"You guys who make Windows are the backbone of this company!" an exuberant Ballmer claimed. "You've really outdone yourselves here. This is exactly the kind of perfection so synonymous with the Microsoft brand that we can't see fit to have it exist anywhere but within Microsoft. It's simply too good to be released. Now, onward with Windows 10! By the way, this meeting counts as your lunch break."
There was at least one beta tester who wasn't quite so dazzled. "Yeah, I tried out Windows 9," he told InfoWorld on condition of anonymity. "I dunno ... it's pretty good, I guess. It's not at all what they're talking about, though -- the engineers might be delirious from lack of sleep. I'm pretty sure the real reason we aren't going to sell it is because it's actually OS X."
Please note: This is an April Fools' joke.