By Colin Daileda2014-01-01 18:30:39 UTC With the departure of New York City Mayor Michael Bloomberg, the city's tech industry loses its most powerful public persona. Replacing him is Bill de Blasio, the former city public advocate who campaigned with a platform that appealed to the everyman, and someone Silicon Alley has greeted with cautious optimism. The new mayor has a robust tech sector plan on paper—one with a big focus on building more of a pipeline between local universities and startup jobs—and he's become something of a crusader for broadband throughout the big apple. But unlike his predecessor, he is unlikely to put the growth of New York City's tech scene at the top of his priority list. He's also expressed some concern over how to regulate companies such as Uber, the taxi-finding app, that disrupt traditional businesses in the city, and he seems unlikely to fill the role of chief digital officer, a position Bloomberg created partly to liaison between Silicon … [Read more...] about How Will New York City’s Tech Industry Fare Under Mayor de Blasio?
New york city administrative code
The government wants to access information from digital devices in emergencies and legal investigations. It can’t do that right now because some services (like WhatsApp) and some devices (like iPhones) are encrypted.While terrorists may still be using burner phones, law enforcement officials are in possession of an overwhelming number of devices involved in criminal investigations that they can’t access due to encryption. Naturally, investigators turned to the device and software manufacturers for help, and they’ve been petitioning for help breaking into these devices for quite a while.But after the 2013 NSA surveillance leaks by Edward Snowden, people’s trust in the government shattered. Companies like Apple and Google began to include device encryption by default in their smartphones. App makers like the folks behind WhatsApp also added encryption to their products. Although the government wasn’t thrilled with the … [Read more...] about A new bill will force companies to place a backdoor in their devices to undermine their own encryption
Last week, the online security world was set back on its heels when leading cybersecurity firms revealed the existence of Flame, new malware with a level of sophistication substantially beyond other worms, trojans, and viruses. While most malware relies on a small set of exploits and tries to target users’ personal information or set up an infected machine as a spam-sending zombie, Flame is like an entire malware suite. It’s composed of an unknown number of plug-in modules that its operators can choose to deploy for everything from scanning a user’s machine and monitoring their network activity to taking screenshots, recording audio, logging keystrokes, and even reaching out to nearby mobile devices using Bluetooth. Like Stuxnet and Duqu before it, Flame seems to be a legitimate cyberweapon — and, once again, the target seems to be Iran.Security experts will be working a long time to fully analyze Flame, but new details are emerging that reveal just how … [Read more...] about Sophisticated Flame virus takes malware to a new level, now what?
If you're inclined to make resolutions this time of year and you're concerned about your online and offline security, here are some suggestions that can keep you safer in the days ahead.At the top of the list: You should vow to change the passwords to your important accounts on a frequent basis."To ensure your personal information online is secure, it's a good practice to regularly change your password," JD Sherry, vice president of technology and solutions at Trend Micro, told TechNewsWorld. "With cyberattacks becoming more prevalent, hackers can more easily gain your password and the information within your personal emails, messages and social media."Using the same password for many websites is also something you should vow to avoid in 2014. If you don't resolve to do that, there's always the chance that someone will do it for you, as Facebook did when a breach of Adobe showed the same passwords were used for both systems in some cases."You can't always count on someone like Facebook … [Read more...] about SPOTLIGHT ON SECURITY New Year’s Resolutions: Be More Secure in 2014
New York Mayor Bill de Blasio on Wednesday announced his computer learning initiative, requiring that every student in the city's public schools be exposed to computer literacy training at every grade level within 10 years.The program will cost some US$81 million over the next decade. The mayor expects to receive at least half of that from private sources, including the initiative's founding partners, the Solomon Wilson Family Foundation, the Robin Hood Foundation and the AOL Charitable Foundation."Just like reading, writing and arithmetic, computer science is an essential skill," the mayor said.One of the program's goals is to ensure that students gain the computer literacy they'll need for the 21st Century. New York City is now the largest school district in the U.S. with a program to offer computer science to every student, de Blasio said.The computer classes are one part of a set of reforms dubbed "Equity and Excellence: Every Student, Every Day.""This is a good step forward by … [Read more...] about NYC Schools to Teach Kids to Code
Up to now, the malware program CryptoLocker has been king of the ransomware roost, but PowerLocker (formerly PrisonLocker) may present a new challenge."It has some interesting countermeasures to thwart researchers," Harry Sverdlove, CTO of Bit9, told TechNewsWorld.Among those countermeasures are the ability to determine if it's running on a virtual machine -- and if so, to alter its behavior. Researchers will run questionable programs on virtual systems to avoid infecting a networked box."We don't know what that behavior would be, but presumably it would be to act benign," Sverdlove said.PowerLocker also has sandbox detection. Software sandboxes are used to isolate an app's behavior and prevent it from spreading any nastiness it may contain.One way to thwart ransomware is to maintain a good backup regimen, so if one data set gets involuntarily encrypted, a backup set can be used to restore it. PowerLocker's authors appear to have thought of that angle, too."It can scan removable … [Read more...] about SPOTLIGHT ON SECURITY PowerLocker Takes Ransomware to a New Level
As the volume and sophistication of cyberattacks increase, system defenders in the trenches are losing confidence in their ability to protect their organizations' information assets, suggests a survey released last week by Websense and the Ponemon Institute.The survey of almost 5,000 global IT security pros found that more than half of them (57 percent) felt their organizations were unprotected from sophisticated cyberattacks and nearly two-thirds of them (63 percent) doubted they could stop the exfiltration of confidential information from their systems."These findings are eye-opening," Jeff Debrosse, director of security labs at Websense, told TechNewsWorld.Although the organizations participating in the survey had security systems in place to fight threats, the security pros didn't have a lot of faith in their effectiveness. More than two-thirds of them (69 percent) said cyberthreats were falling through the cracks in their systems."That speaks volumes for where their confidence … [Read more...] about SPOTLIGHT ON SECURITY Security Pros Struggle With Cyberthreat Angst
It was a little over a year ago that the Heartbleed bug shocked the Internet with its potential for mischief. Now another flaw in open source code has sent network administrators into damage control mode.The bug, called "Venom" for "Virtualized Environment Neglected Operations Manipulation," allows an intruder to jump out of a virtual machine and execute malicious code on its host. Virtual machines are widely used in data centers, so it has the potential to cause widespread mischief."Exploitation of the Venom vulnerability can expose access to corporate intellectual property, in addition to sensitive and personally identifiable information, potentially impacting the thousands of organizations and millions of end users that rely on affected [virtual machines] for the allocation of shared computing resources, as well as connectivity, storage, security and privacy," reads a post on the CrowdStrike website. Venom was discovered by Jason Geffner, CrowdStrike senior security … [Read more...] about SPOTLIGHT ON SECURITY Venom Less Toxic Than Heartbleed
Security pros weren't very kind to mobile applications last week. A number of firms knocked apps produced for the smartphone market for all kinds of risky behaviors that could lead to trouble not only for mobile device owners, but also for their employers.While Android has been a poster child for misbehaving apps in the past, competitor Apple's apps aren't as pristine as is commonly believed, suggests a report from Appthority.Ninety-one percent of the top 400 free and paid iOS apps exhibited risky behaviors, compared to 83 percent of the top 400 paid and free Android apps, according to its Winter 2014 App Reputation Report."I think a lot of folks have a false sense of security because they focus on malware and that usually means Android," said Domingo Guerra, president and cofounder of Appthority."But what we've seen is that security includes privacy, data loss and vulnerabilities," he told TechNewsWorld. "From that perspective, iOS and Android are comparable in terms of … [Read more...] about SPOTLIGHT ON SECURITY Security Firms Scour Mobile Apps
As if the discovery of the Heartbleed flaw weren't enough woe for OpenSSL, more than half a dozen additional defects have been discovered in the code used to protect communication on the Web.Among them is one dubbed "Cupid" by its discoverers. The flaw can be used to compromise enterprise networks.Like Heartbleed, Cupid uses a malicious heartbeat packet to compromise a TLS connection. TLS, or Transport Layer Security, is used to secure communications on the Internet.However, in Cupid's case, that TLS connection is being made over EAP, which is used to establish a WiFi connection. EAP, or Extensible Authentication Protocol, is an authentication framework used on WiFi networks and for point-to-point connections such as virtual private networks, or VPNs."Cupid is heartbleed in different clothing," Kevin Bocek, vice president of product marketing at Venafi, told TechNewsWorld. Because Cupid can be used to attack VPN connections, it can be very dangerous to the enterprise, according to … [Read more...] about SPOTLIGHT ON SECURITY Cupid Fires Arrow at OpenSSL’s Heart