portfolio-cond – Page 58

Password complexity rules more annoying, less effective than lengthy ones

Few Internet frustrations are so familiar as the password restriction . After creating a few (dozen) logins for all our Web presences, the use of symbols, mixed cases, and numbers seems less like a security measure and more like a torture device when it comes to remembering a complex password on a little-used site. But at least that variety of characters keeps you safe, right? As it turns out, there is some contrary research that supports both how frustrating these restrictions are and suggests it’s possible that the positive effect of complexity rules on security may not be as great as long length requirements. Let’s preface this with a reminder: the conventional wisdom is that complexity trumps length every time, and this notion is overwhelmingly true. Every security expert will tell you that “Supercalifragilistic” is less secure than “gj7B!!!bhrdc.” Few password creation schemes will render any password uncrackable, but in general, length does less to guard against crackability than complexity. A password is not immune from cracking simply by virtue of being long—44,991 passwords recovered from a dump of LinkedIn hashes last year were 16 characters or more. The research we describe below refers specifically to the effects of restrictions placed by administrators on password construction on their crackability. By no means does it suggest that a long password is, by default, more secure than a complex one. Read 13 remaining paragraphs | Comments

Continue reading here:
Password complexity rules more annoying, less effective than lengthy ones

Attackers sign malware using crypto certificate stolen from Opera Software

Alan Cleaver Hackers penetrated network servers belonging to Opera Software, stole at least one digital certificate, and then used it to distribute malware that incorrectly appeared to be published by the browser maker. The attack was uncovered, halted, and contained on June 19, according to a short advisory that Opera published Wednesday morning. While administrators have cleaned the system and have yet to find any evidence of any user data being compromised, the breach still had some troubling consequences. “The attackers were able to obtain at least one old and expired Opera code signing certificate, which they have used to sign some malware,” Wednesday’s advisory stated. “This has allowed them to distribute malicious software which incorrectly appears to have been published by Opera Software or appears to be the Opera browser. It is possible that a few thousand Windows users, who were using Opera between June 19 from 1.00 and 1.36 UTC , may automatically have received and installed the malicious software.” Read 3 remaining paragraphs | Comments

Original post:
Attackers sign malware using crypto certificate stolen from Opera Software

Vast majority of malware attacks spawned from legit sites

Google The vast majority of sites that push malware on their visitors are legitimate online services that have been hacked as opposed to those hosted by attackers for the purposes of distributing malicious software, Google security researchers said Tuesday. The data, included for the first time as part of the safe browsing section of Google’s regular transparency report, further challenges the myth that malware attacks happen only on disreputable sites, such as those that peddle porn, illicit software (“warez”), and similar content. For instance, on June 9 only 3,891 of the sites Google blocked as part of its Safe Browsing program were dedicated malware sites, while the remaining 39,247 sites that were filtered offered legitimate services that had been compromised. In all, Google blocks about 10,000 sites per day as part of the program, which is designed to help people using Firefox, Chrome, and other participating browsers to steer clear of phishing scams and drive-by malware attacks. The program is also designed to inform webmasters of infections hitting their site and to take steps to fix the problems. In all, the Safe Browsing program helps protect about 1 billion people per day. Read 2 remaining paragraphs | Comments

View article:
Vast majority of malware attacks spawned from legit sites

Stow it no more: FAA easing ban on electronics during takeoff, landing

The words “please stow all electronic devices” may soon disappear from the scripts of flight attendants. The Federal Aviation Administration (FAA) is poised to lift its ban on the use of electronic devices aboard airline flights at elevations under 10,000 feet. It would also allow the use of e-readers, iPods, tablets, and phones in “airplane” mode even during take-offs and landings. The Wall Street Journal reports that the FAA is circulating a draft set of recommendations from an advisory panel that recommends relaxing the bans. Cell phone calls during flight would still be banned. T he report acknowledges that technology has changed dramatically since the FAA originally placed the ban on electronic devices during takeoff and landing back in the 1960s, when there were valid concerns about interference to aircraft communications from personal radios and other electronics. The panel also admitted that having airlines each evaluate the safety of individual electronic devices before allowing them to be left on at low altitude “has become untenable.” Passengers are widely ignoring the ban already, and the FAA advisory panel’s report cited research that showed a third of airline passengers had “accidentally” left a device turned on for entire flights at least once. An FAA spokeswoman sent a statement to the Wall Street Journal that said that the FAA “recognizes consumers are intensely interested in the use of personal electronics aboard aircraft. That is why we tasked a government-industry group to examine the safety issues and the feasibility of changing the current restrictions. At the group’s request, the FAA has granted the two-month extension to complete the additional work necessary for the safety assessment.” Read on Ars Technica | Comments

View article:
Stow it no more: FAA easing ban on electronics during takeoff, landing

Apple unveils OS X 10.9, “Mavericks”

Apple today unveiled OS X 10.9 at its Worldwide Developers Conference (WWDC), showing off the first major revision of the Mac’s operating system since last year’s Mountain Lion . Apple has apparently run out of cat names and is now naming releases after places in California, where OS X is developed. The new OS X is thus named ” Mavericks .” Developers are being given a preview version of Mavericks today. It will be available to the general public in the fall. New features include tabs in the Finder, allowing multiple Finder windows to be drawn together in tabs. Apple is bringing tagging to documents—any tags you add to a document will appear in the Finder sidebar and in iCloud. Multiple tags can be added to each document, and these tags will allow new search capabilities. Mavericks will make life easier for users who have multiple monitors. Menus will be spread across the different displays, and users will be able to take a window full-screen on one display without disturbing the desktop on another display. HDTVs connected to Apple TV boxes can also act as displays. Mission Control has been “super charged for multiple displays,” Apple said, making it easier to drag apps and windows from one monitor to another. Read 12 remaining paragraphs | Comments

Chinese supercomputer destroys speed record and will get much faster

Lights on the Tianhe-2 supercomputer change color depending on the power load. Jack Dongarra A Chinese supercomputer known as Tianhe-2 has been measured at speeds of 30.65 petaflops, or 74 percent faster than the current holder of the world’s-fastest-supercomputer title. The speed is remarkable partly because the Intel-based Tianhe-2 (also known as Milkyway-2) wasn’t even running at full capacity during testing. A five-hour Linpack test using 14,336 out of 16,000 compute nodes, or 90 percent of the machine, clocked in at the aforementioned 30.65 petaflops. (A petaflop is one quadrillion floating point operations per second, or a million billion.) Linpack benchmarks are used to rank the Top 500 supercomputers in the world . The Top 500 list’s current champion is Titan, a US system that hit 17.59 petaflops. Tianhe-2 achieved 1.935 gigaflops per watt, which is slightly less efficient than Titan’s 2.143 gigaflops per watt. Tianhe-2’s numbers were revealed this week in a paper by University of Tennessee professor Jack Dongarra, who created the Linpack benchmarks and helps compile the bi-annual Top 500 list. Dongarra’s paper doesn’t say whether Tianhe-2’s Linpack measurement was officially submitted for inclusion in the Top 500 list. Ars has asked him if the measurement will put Tianhe-2 on top when the next list is released, but we haven’t heard back yet. In any case, the new Top 500 rankings will be unveiled on June 17. Read 4 remaining paragraphs | Comments

See the article here:
Chinese supercomputer destroys speed record and will get much faster

More than 360,000 Apache websites imperiled by critical Plesk vulnerability

Wikimedia Hundreds of thousands of websites could be endangered by publicly available attack code exploiting a critical vulnerability in the Plesk control panel . This particular vulnerability gives hackers control of the server it runs on according to security researchers. The code-execution vulnerability affects default versions 8.6, 9.0, 9.2, 9.3, and 9.5.4 of Plesk running on the Linux and FreeBSD operating systems, a configuration used by more than 360,000 websites . Plesk running on Windows and other types of Unix haven’t been tested to see if those configurations are vulnerable as well. The exploit code was released Wednesday on the Full-Disclosure mailing list by “kingcope,” a pseudonymous security researcher who has frequented the forum for years. He has a proven track record for developing reliable exploits. “This vulnerability has a high severity rating,” kingcope wrote in an e-mail to Ars. “An attacker can use this exploit to get a command line shell remotely with the privileges of the configured Apache user.” Read 7 remaining paragraphs | Comments

See more here:
More than 360,000 Apache websites imperiled by critical Plesk vulnerability

Espionage malware infects raft of governments, industries around the world

Kaspersky Lab Security researchers have blown the whistle on a computer-espionage campaign that over the past eight years has successfully compromised more than 350 high-profile targets in 40 countries. “NetTraveler,” named after a string included in an early version of the malware, has targeted a number of industries and organizations, according to a blog post published Tuesday by researchers from antivirus provider Kaspersky Lab. Targets include oil industry companies, scientific research centers and institutes, universities, private companies, governments and governmental institutions, embassies, military contractors and Tibetan/Uyghur activists. Most recently, the group behind NetTraveler has focused most of its efforts on obtaining data concerning space exploration, nanotechnology, energy production, nuclear power, lasers, medicine, and communications. “Based on collected intelligence, we estimate the group size to about 50 individuals, most of which speak Chinese natively and have working knowledge of the English language,” the researchers wrote. “NetTraveler is designed to steal sensitive data as well as log keystrokes, and retrieve file system listings and various Office of PDF documents.” Read 3 remaining paragraphs | Comments

See the article here:
Espionage malware infects raft of governments, industries around the world

Apple issues OS X 10.8.4 update, includes iMessage and FaceTime fixes

OS X 10.8.4 comes with a long list of fixes. Andrew Cunningham After several weeks of beta testing, Apple has released OS X version 10.8.4 for all Macs running Mountain Lion. The update fixes a long list of minor issues and some security bugs as the OS nears its first birthday. Those hoping for major changes to OS X will have to wait until Apple’s Worldwide Developer Conference (WWDC) next week, at which Apple is widely expected to show off Mountain Lion’s successor. Quite a few of 10.8.4’s fixes are aimed at businesses. There are fixes that will help Calendar work better with Microsoft Exchange servers, compatibility and speed improvements to OS X’s Active Directory integration, improvements to compatibility with “certain enterprise Wi-Fi networks,” and fixes to issues with the SMB and NFS network sharing protocols. As ever, Apple is annoyingly nonspecific about the exact problems these updates solve, but network administrators with OS X clients may find something to like about the new update. Other squashed bugs will be of more interest to consumers. For example, there’s an iMessage fix that will prevent out-of-order messages, a fix for a FaceTime issue that would prevent calls to international numbers, and an update to Safari (now at version 6.0.5) that “improves stability for some websites with chat features and games.” Read 1 remaining paragraphs | Comments

More:
Apple issues OS X 10.8.4 update, includes iMessage and FaceTime fixes

Internet Explorer 10 takes chunks out of IE9, Windows 8 closes on Vista

Net Market Share One wonders what the browser market would look like if Microsoft had enabled automatic updates before. Though the overall positions in the market were little changed in May, one thing is clear: Internet Explorer 10’s uptake is fast, in a way that no older version of the browser has ever been. Net Market Share Net Market Share Internet Explorer was up slightly, picking up 0.18 points for a 55.99 percent share of the desktop market. Firefox had stronger growth, up 0.33 points to 20.63 percent. Chrome was the month’s big loser, dropping 0.61 points to 15.74 percent—its lowest share since August 2011. Safari was marginally up, adding 0.08 points to reach an all-time high of 5.46 percent. Opera ended the month up 0.04 percent points, at 1.77 percent. Read 8 remaining paragraphs | Comments

See the original post:
Internet Explorer 10 takes chunks out of IE9, Windows 8 closes on Vista

Ken May

Tag: portfolio-cond