Terminturbo-Webinar: Kundenterminvereinbarung ohne Kloß im Hals
Seminar bei der NMG Akademie
Terminturbo-Webinar: Kundenterminvereinbarung ohne Kloß im Hals
Die Neue Mediengesellschaft Ulm (NMG), zu der auch die com! professional gehört, startet mit der NMG Akademie einen eigenen Anbieter für Fort- und Weiterbildung. Ein Seminar im November: Terminturbo-Webinar: Kundenterminvereinbarung ohne Kloß im Hals.
Kaspersky Lab launches transparency initiative to win back trust after spying claims
After months of taking intense heat after the U.S. government claimed Kaspersky Lab’s antivirus software was used for spying, the Russian security firm pushed back by announcing the launch of its Global Transparency Initiative.
To win back customer trust, the company’s source code will undergo independent review by Q1 2018. Threat detection rules and software updates will also be audited. Although the outside reviewers are not named, Kaspersky told Reuters “they would have strong software security credentials and be able to conduct technical audits, source code reviews and vulnerability assessments.”
Hi! We’re evaluating contractors for independent code review. Will communicate this publicly when ready
Kaspersky’s new transparency initiative doesn’t stop there. The company also plans to open “transparency centers” in the U.S., Europe and Asia where government stakeholders and customers can “access reviews on the company’s code, software updates and threat detection rules.”
“We want to show how we’re completely open and transparent,” said Eugene Kaspersky, CEO of Kaspersky Lab. “We’ve nothing to hide. And I believe that with these actions we’ll be able to overcome mistrust and support our commitment to protecting people in any country on our planet.”
Kaspersky’s Global Transparency Initiative
According to the press release, the “initial stage” of Kaspersky’s Global Transparency Initiative will include:
The start of an independent review of the company’s source code by Q1 2018, with similar reviews of the company’s software updates and threat detection rules to follow.
The commencement of an independent assessment of (i) the company’s secure development lifecycle processes, and (ii) its software and supply chain risk mitigation strategies by Q1 2018.
The development of additional controls to govern the company’s data processing practices in coordination with an independent party that can attest to the company’s compliance with said controls by Q1 2018.
The formation of three Transparency Centers globally, with plans to establish the first one in 2018, to address any security issues together with customers, trusted partners and government stakeholders. The centers will serve as a facility for trusted partners to access reviews on the company’s code, software updates, and threat detection rules, along with other activities. The Transparency Centers will open in Asia, Europe and the U.S. by 2020.
The increase of bug bounty awards up to $100,000 for the most severe vulnerabilities found under the company’s Coordinated Vulnerability Disclosure program, to further incentivize independent security researchers to supplement our vulnerability detection and mitigation efforts, by the end of 2017.
With the announcement of this new initiative, Kaspersky said, “Trust is essential in cybersecurity.” But the company “recognizes that trust is not a given; it must be repeatedly earned through an ongoing commitment to transparency and accountability.”
Various security professionals are weighing in with their opinions on whether the transparency initiative will be enough for Kaspersky to win back trust. Former NSA director Michael Hayden told Reuters that Kaspersky’s action is “a dramatic step forward, but not necessarily sufficient.”
Microsoft Drops Lawsuit as U.S. Govt Limits Use of Gag Orders
Microsoft is dropping a lawsuit against the US government after the Department of Justice issued new rules limiting the use of secrecy orders that prevent firms from telling customers law enforcement has accessed their data.
The tech giant sued the government in April last year, but declared victory Monday and said it was ending its case after the DOJ announced it would revise its rules.
Brad Smith, Microsoft’s chief legal officer, said the company had achieved “an unequivocal win for our customers” that protected the constitutional rights of US citizens.
“Until now, the government routinely sought and obtained orders requiring email providers to not tell our customers when the government takes their personal email or records,” he wrote in a blog post.
“Sometimes these orders don’t include a fixed end date, effectively prohibiting us forever from telling our customers that the government has obtained their data.”
Smith acknowledged that secrecy orders were sometimes required for legitimate reasons — such as protecting individuals at risk from harm or ensuring an investigation was not thwarted.
But, he added, at the time the lawsuit was filed, “the government appeared to be overusing secrecy orders in a routine fashion – even where the specific facts didn’t support them”.
“When we filed our case we explained that in an 18-month period, 2,576 of the legal demands we received from the U.S. government included an obligation of secrecy, and 68 percent of these appeared to be indefinite demands for secrecy,” he said.
But in a memo issued last week, Deputy Attorney General Rod Rosenstein said any such gag order “should have an appropriate factual basis” and “should extend only as long as necessary to satisfy the government’s interest”.
While lauding the DOJ’s decision, Microsoft repeated its call on US Congress to amend the 1986 Electronic Communications Privacy Act that regulates government access to contemporary electronic communications.
It comes as the US Supreme Court last week announced it would hear a separate privacy case that pits the Trump administration against Microsoft.
The case examines whether US law enforcement should be allowed to access evidence held on servers overseas during an investigation.
It comes after Microsoft refused to hand over emails during a US drug trafficking investigation on the basis the police’s warrant did not extend to Ireland, where the messages were stored.
The number one challenge identified by Federal agencies in migrating to the cloud is expanding security measures and policies to cover cloud environments. To date, confidence is hard to find. Only 35% of Federal IT leaders believe that the security of their existing private cloud environments is excellent, and this drops to 21% for public cloud. They have similar concerns for the security of data that has to move between physical and virtual environments.
via Fortinet Blog | Latest Posts http://ift.tt/2qUUvsW
It’s a standard science trivia question: Who discovered the structure of DNA? With the basic concepts of molecular biology now taught at a fairly detailed level in grade school, and with DNA being so easy to isolate that it makes a good demonstration project for school or home, everyone knows the names of Watson and Crick. But not many people know the story behind one of the greatest scientific achievements of the 20th century, or the name of the scientist without whose data Watson and Crick were working blind: Rosalind Franklin.
Born in London in 1920, Rosalind Elsie Franklin was the second child and first girl of a prominent and wealthy banking family. According to her aunt, even at the age of six she showed “alarmingly clever” tendencies, excelling at memory games and performing arithmetic for fun. She was impeccably educated and encouraged in her academic pursuits by her family, her father being a sort of amateur scientist who taught electricity and magnetism at a men’s college. He even bought a woodworking bench and tools, so that his children might learn a useful trade. Rosalind was the primary user of the tools, learning skills that would eventually serve her well in science.
Starting at Newnham College, the women’s college at the University of Cambridge, just as the world was falling apart in 1938, Rosalind excelled at chemistry. Determined to do her part for the war effort, Rosalind signed on to the British Coal Utilisation Research Association (BCURA) in 1942. She would make valuable discoveries about the microscopic structure of coal which would lead to improvements in gas mask designs, important to both the military and civilians, with memories of the horrors of chemical warfare still fresh from the Great War.
After the war, Rosalind spent several years in Paris, studying X-ray crystallography under Jacques Mering. The fact that crystalline substances diffract X-rays into patterns characteristic of their structure was long known, and by this time all the low-hanging fruit of naturally crystalline materials like metals, or easily crystallized organic substances, had pretty much been played out.
The interesting problems in X-ray crystallography were turning to biologically important molecules, like penicillin, hemoglobin, and insulin. These would prove to be much tougher nuts to crack because they were vastly more complex than a lump of carbon and therefore much harder to crystallize. It was such amorphous substances that Mering worked on with Franklin, and as her skills as a crystallographer grew under his guidance, so did her reputation.
Rosalind left her beloved Paris in 1950 when she was offered a fellowship at King’s College in London. Originally assigned to use X-ray diffraction to study proteins, the director of her unit, John Randall, quickly switched her to work on nucleic acids. Both proteins and nucleic acids, like DNA and RNA, had proven difficult to analyze with X-ray diffraction, and Rosalind’s skills were sought to bolster the unit’s existing crystallography group.
Rosalind would quickly learn how badly things can go when communications break down. Rosalind arrived to find less than adequate facilities at King’s. The college had suffered greatly during the Blitz, with a bomb crater in the courtyard that still needed to be navigated around. Maurice Wilkins, who had already started work on DNA crystallography at King’s, was somehow under the impression that Franklin would be his assistant. He had been on sabbatical when Franklin arrived and was distressed to learn that she had taken over his lab, having not only rebuilt the X-ray camera but also started advising his former doctoral student, Raymond Gosling. This was what the director wanted, but Randall had never communicated that to Wilkins. Understandably upset and obviously upstaged by the far more skilled Franklin, this set the stage for the academic intrigue that was to come.
If Randall’s poor management style was like gasoline poured on a pile of brush, the spark that lit it off was James Watson. Arriving at the Cavendish in 1952, the brash American wunderkind was intent on figuring out the structure of DNA. He was certain that physical model building was the way to accomplish this; after all, it had worked for Linus Pauling in working out the structure of alpha helices in proteins. Along with Francis Crick, Watson had accurate scale models of all the components of DNA — the sugar deoxyribose, the phosphate groups, and the bases adenine, guanine, cytosine, and thymidine — built out of wire and sheet metal by the Cavendish machine shop.
Try as they might, Watson and Crick couldn’t come up with a structure for DNA that made sense. At one point they even invited Franklin and Gosling over from King’s to look that their model; Rosalind, who by this point had determined crystallographically that there were two forms of DNA, the A-form and the B-form, knew in an instant that their model was wrong, and told them so in no uncertain terms. The Cavendish director, Lawrence Bragg, was humiliated and told Crick and Watson not to build any more models of DNA.
Without official support, Watson and Crick struggled in their work on the structure of DNA. It was during this time that they became aware of the existence of the now famous Photograph 51. Photo 51 was the best X-ray image yet produced by Franklin and Gosling of the B-form of DNA, which is the most biologically relevant form and the hardest to crystallize. How the photo got into the hands of Maurice Wilkins isn’t clear — Gosling himself says it could have been him or it could have been Rosalind. However it got to him, Wilkins took Photo 51 to the Cavendish and showed it to Watson and Crick.
A glance at the excellent image, with the characteristic X shape of a helix, was all that the model builders needed to see where their model had gone wrong. The spacing of the spots on the photo gave them the critical parameters they needed to complete their model. The structure of the molecule of life had been solved.
Whether Rosalind ever knew about the subterfuge or if she would have cared isn’t known. Watson and Crick didn’t directly acknowledge Franklin’s data in their 1953 paper, instead referring to their “stimulating discussions.” Rosalind, unhappy with the less than collegial environment at King’s, accepted a senior research position at Birkbeck College just before their paper was published. She continued X-ray diffraction work on nucleic acids; she and Gosling published the structure of the A-form of DNA later that year, and she made major contributions toward understanding the structure of RNA. She also set about using X-ray diffraction to study the structure of even more complicated structures — viruses — and managed to elucidate the structure of tobacco mosaic virus and many other plant viruses.
Sadly, Rosalind would never get to see the fruits of her work. She died of ovarian cancer in 1958, a few months shy of her 38th birthday. She was engaged and remarkably productive right up until the end, publishing papers and continuing work on the structure of poliovirus. She didn’t live to see Watson, Crick, and Wilkins win the Nobel Prize in 1962, but her closest friends — including Crick and his wife — agree that her only regret was leaving so much work unfinished.
IDG Contributor Network: 3 scary tech spooks and how to protect yourself
Several years ago, my parents traveled to California from Arizona and rented an apartment through a real-estate agency to stay for the whole summer. The rental application, it turned out, was in paper form. They had to include their driver’s license number, social security number, and other pieces of very personal information in order to complete the application. For people like me and you, that would be an instant red flag. But for people who are 70+ years old, they don’t think that they shouldn’t trust this method of applying for a rental home.
Sure enough, my parents soon found out their identity had been stolen by people on the other side of the world. Their information was being used to apply for credit cards and make expenditures and it was a long road to try to repair damage and re-secure their information.
This true tale shows how no user is safe from cyberattack, no matter their background or expertise—or connections to others with expertise. Security online begins with a basic understanding of how you’re at risk as well as protecting personal identity the same way you would company data. At Experts-Exchange we’ve been telling tales of scary tech experiences and how we solved them, to broaden the community understanding of these issues. It got me thinking about the scariest tech spooks I’ve dealt with in my personal life.
As mentioned in the above story, identity theft happens, and it’s happened to those close to me. Chances are it’s happened to people close to you, as well. In the recent Equifax breach, the number of people affected by the hack equals almost every individual with a credit report—that could mean you.
Breach of identity occurs because of a lack of appropriate education across all age groups. In the case of my parents, I began to wonder how the elderly are informed about these scams. There are always news stories on the nightly news or popping up in news feeds and email blasts, but are older folks listening to them?
The same can be send of the younger age groups, like millennials, who grew up in a time of public oversharing. They may not realize that with each public post announcing a birthday, disclosing personal information like the car they drive or where they live, they become a prime—and easy—target for digital identity theft.
Solution: Be careful what you share online and with whom. Make yourself take notice of secure websites and servers and sign up for a well-known newsletter or news alert to stay up to date with these topics and new threats. Sign up for free alerts from groups like Credit Karma who can notify you of unauthorized credit checks or unusual activity with your personal information. And remember: if it feels like a scam, it probably is.
Tech spook 2: passwords and PINs
Recently, I listed an item for sale on Craigslist. I entered into a conversation with someone who seemed interested in purchasing my wares, at least until they sent me the message that read, “Yes, please transfer money. What is your account number?” Not even a subtle trick, but it happened nonetheless.
This scammer was trying to gain access to my accounts, and it’s a trap many first-time or unsuspecting Craigslist vendors probably fall victim to. This problem is easily avoidable by never entering into a digital financial transaction with a party you do not know, by non-secure or non-reputable means.
This approach is not always direct and overt. Sometimes your passwords and PINs can be hacked, especially on unsecured wireless networks as we learned last week with the Krack Attack that enables hackers to “eavesdrop” on your data and activity in situations where you’re used to feeling safe—connected to WiFi.
Solution: Make sure to protect your banking passwords and PINs by keeping them off accessible devices, use VPNs or secure networks when transferring money or sharing personal information. Set up notifications from your bank or credit card. Many institutions allow you to specify notifications according to dollar amount spent, ATM withdrawals, and when transactions are online and not in person. That way you instantly know when fraudulent activity takes place.
Tech spook 3: phone scams
When you get a call from a local number, what do you usually do? If you said, “answer it”, you’d be correct. After all it could be a doctor’s office, your child’s school, or a business contact whose number you don’t have saved. But, if you’re like me, you’ve been leery by this of late because the local number often turns out to be a part of the Google phone scam. In this scam, when you answer, you’re asked to enter a 2-digit pin or sometimes answer “Yes” so that they get your voice recorded and can use it in identity theft purchases.
Sometimes phone scammers also use your phone number when calling others for malicious purposes, called “spoofing.” This proves that as consumers we’re giving our phone numbers to way too many services, companies, and people. This can blacklist for your phone, as well, which can be bad if you use your personal number for business.
Solution: Even if you like to talk on the phone, be careful when answering a call from an unknown number. The Federal Trade Commission even provides great advice and insight into phone scams for awareness when you’re on a call as well as how to protect yourself from repeat offenses. To secure your phone number from any spoofing attempts, practice common sense when asked to give out your phone number. If it’s not necessary to sign up for a new account or something of that sort, then it isn’t necessary to part with that information.
This article is published as part of the IDG Contributor Network. Want to Join?
Britain’s financial watchdog on Tuesday said it was investigating a massive hack of the US consumer credit rating service Equifax that affected potentially almost 700,000 British customers.
In a short statement, the Financial Conduct Authority said “it is investigating the circumstances surrounding a cybersecurity incident that led to the loss of UK customer data held by Equifax Ltd on the servers of its US parent”.
The hack between May and July resulted in the theft of personal information from around 145 million US customers and led to the resignation of Equifax chief executive Richard Smith.
Smith blamed a combination of human and technical error for the serious breach.
One-Third of Industrial Networks Connected to Internet: Study
Many industrial and critical infrastructure systems are connected to the Internet, and the operational technology (OT) networks of some organizations have already been compromised, according to a new study from industrial security firm CyberX.
What makes the CyberX study interesting is the fact that it’s not based on a survey. Instead, the company used data obtained after passively monitoring traffic from 375 OT networks over the past 18 months. The organizations whose networks have been analyzed are from a variety of sectors – including manufacturing, energy and utilities, oil and gas, and pharmaceuticals and chemicals – in the United States, Europe and the Asia-Pacific region.
Organizations have often downplayed the risks associated with the presence of vulnerable industrial control systems (ICS) on their networks, claiming that devices are isolated, or air-gapped, and cannot be accessed remotely from the Internet.
However, CyberX’s study revealed that roughly one-third of organizations had industrial networks connected to the public Web. These systems are often accessible remotely for convenience, including for remote management, performing software updates, and even web browsing and email from the OT network.
More than 80% of industrial sites are running a remote management protocol such as RDP, VNC or SSH, allowing attackers on the OT network to remotely access and control other devices on the network via standard administration tools. Misconfigured wireless access points (WAPs) can also be leveraged as an attack vector, and one in five of the analyzed companies had at least one WAP.
CyberX also found that 76% of analyzed industrial sites have machines running obsolete versions of Windows, such as Windows 2000 and Windows XP, on their OT networks. Both Windows devices and industrial systems such as programmable logic controllers (PLCs) had vulnerabilities in 28% of cases.
Furthermore, many organizations haven’t made sure that strong authentication mechanisms are in place. In nearly 60% of cases, CyberX has seen plaintext passwords crossing the network, allowing man-in-the-middle (MitM) attackers to obtain valuable information.
The analysis shows that Modbus is the most widely used industrial protocol (58%), followed by Ethernet IP (28%), Siemens’ S7, OPC, OSIsoft PI and MMS.
Researchers also found that almost half of industrial sites did not have even basic antivirus protection on Windows endpoints.
“We’ve heard from customers that adding AV software to endpoints such as HMI workstations can sometimes void the warranty provided by their OT vendors. Vendors are concerned that the overhead of AV scanning software will impact the performance or reliability of their workstations,” CyberX said in its report. “Nevertheless, lack of AV protection increases the risk of having known malware on these systems — such as Conficker, WannaCry, and NotPetya — without even knowing about it.”
As a matter of fact, CyberX did see malware in 10% of the analyzed OT networks. The security firm has observed Conficker infections, which is one of the most widespread pieces of malware and it has been known to infect even critical infrastructure organizations. CyberX told SecurityWeek that it also noticed some threats that exhibited behavior consistent with the EternalBlue exploit, which has been used by both the WannaCry ransomware and the NotPetya wiper.
The data shows little difference between the security scores of various industries – there is only a +/- 5% variation from the median score of 61% across the analyzed sectors.
Eduard Kovacs is an international correspondent for SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
Jelmer de Hen, Nikolas Hagelstein, Daniel Sloof, Tobias Liebig, Georg Ringer, Dmitry Dulepov and Helmut Hummel, Maxime Verroye, Marc Bastian Heinrichs, Steffen Kamper, Ernesto Baschny, Tim Lochm&amp;amp;uuml;ller, Sascha Kettler, Lars Houmark, Franz G.
Typo3 Typo3 4.4
Typo3 Typo3 4.3.3
Typo3 Typo3 4.3.2
Typo3 Typo3 4.3.1
Typo3 Typo3 4.3
Typo3 Typo3 4.2.12
Typo3 Typo3 4.2.11
Typo3 Typo3 4.2.10
Typo3 Typo3 4.2.9
Typo3 Typo3 4.2.6
Typo3 Typo3 4.2.4
Typo3 Typo3 4.2.3
Typo3 Typo3 4.2.2
Typo3 Typo3 4.2.1
Typo3 Typo3 4.2
Typo3 Typo3 4.1.13
Typo3 Typo3 4.1.12
Typo3 Typo3 4.1.10
Typo3 Typo3 4.1.8
Typo3 Typo3 4.1.7
Typo3 Typo3 4.1.6
Typo3 Typo3 4.1.4
Typo3 Typo3 4.1
Typo3 Typo3 4.3.0beta1
Typo3 Typo3 4.1beta
Typo3 Typo3 4.1 RC1
Debian Linux 5.0 sparc
Debian Linux 5.0 s/390
Debian Linux 5.0 powerpc
Debian Linux 5.0 mipsel
Debian Linux 5.0 mips
Debian Linux 5.0 m68k
Debian Linux 5.0 ia-64
Debian Linux 5.0 ia-32
Debian Linux 5.0 hppa
Debian Linux 5.0 armel
Debian Linux 5.0 arm
Debian Linux 5.0 amd64
Debian Linux 5.0 alpha
Debian Linux 5.0
Typo3 Typo3 4.4.1
Typo3 Typo3 4.1.14
Typo3 Typo3 4.3.4
Typo3 Typo3 4.2.13
via SecurityFocus Vulnerabilities http://ift.tt/Y0pFEv