Welcome!

Server Monitoring Authors: Yeshim Deniz, Liz McMillan, Pat Romanski, Carmen Gonzalez, Ken Schwaber

Blog Feed Post

CTO Security Report

Anonymous

Anonymous (Photo credit: Schuilr)

3 Million Iranian Bank Accounts Disclosed

Iranian ATM’s are dispensing PIN and Password changes instead of money this week following the public disclosure of three million bank account details by an Iranian security researcher.  While the disclosure of these accounts is unfortunate, what is more troubling is the process that led to this disclosure.  A year ago Khosrow Zarefarid warned the CEO’s of the banks in Iran that a banking flaw could expose their customers.  Even after submitting accounts found using the technique he warned them about, he received no response.  Seeing no other course of action, the researcher disclosed the accounts in a bid to bring the situation to light.  Such “grey-hat” actions often happen when security is not taken seriously at organizations such as banks, and the ensuing fiasco could have easily been avoided with proper communication and effort on behalf of Iranian banks.

Read More: http://www.zdnet.com/blog/security/3-million-bank-accounts-hacked-in-iran/11577

F1 Racing Sites Attacked by Anonymous

Elements of the Anonymous collective are currently targeting F1 racing Federation websites in an effort to disrupt and publicise a campaign against the F1 race being held in Bahrain.  This effort comes as the F1 race is being held in Bahrain despite well-documented human rights abuses in that country.  At the time of writing, f1-racers.net had been defaced and elements within Anonymous were still planning to increase the level of disruption.  The Formula One federation is aware of the attempts by Anonymous to disrupt its activities.

Defaced Site: http://f1-racers.net/

 

Anonymous Starts Their Own Pastebin Lookalike

Fed up with Pastebin’s promises to moderate and censor posts containing sensitive information such as passwords, bank accounts, and addresses, Anonymous members have struck out on their own.  The result is a pastebin clone which is hosted by an organization sympathetic to Anonymous, the People’s Liberation Front.  This new paste site does not have information on what is contained in the paste because every paste is encrypted with AES 256 and requires a symmetric key to decrypt inside of the browser.  This key is contained with the URL generated for the post when it is uploaded to the server.  The advantage is that posts cannot be read by the hosting provider, since they have stated that they disable all connection logging.  Expect to see more members of Anonymous to switch to this new service, which will make Anonymous movements somewhat harder to track — you need to have the URL with the key in order to read the paste, and cannot track trending posts with the service.

Read More: http://www.peoplesliberationfront.net/anonpaste/index.php?0bb850fa017e85f1#SRccDhThvKyQ5+o4Sm3xineTXfDReG76Q01x2yaWik0

 

15 Year old Boy Hacks >250 Companies

A 15-year-old Austrian boy was discovered to be the culpit behind the web-based attacks on the web presences of over 250 companies.  The boy, using attack software, techniques, and anonymization services and programs he found on the internet, mounted a successful campaign in order to win the favor and attention of his hacker peers and garner points on a hacker scoreboard.  Within a short period of time the young hacker was attacking as much as 3 websites a day on average.  With website/web service security being rather lax in most organizations and applications the news of the age of the attacker is perhaps more of a surprise than the number of targets he successfully breached.

Read More: http://www.zdnet.com/blog/security/15-year-old-arrested-for-hacking-259-companies/11585?tag=mantle_skin;content

 

New Android Hacking Concept Emerges

A side-channel attack on login PINs utilizing the gyroscopic sensors inside of Android phones has been developed by security researchers.  The attack analyses the slight movements and shifts of the phone as its screen is pressed in order to determine where on the screen the user has pressed.  The application runs in the backround and waits for the user to input their pin and unlock the phone for use and does not require any permissions in order to run due to the way sensor permissions are granted in Android platforms.

This attack is unlikely to be very lucrative for normal attackers though — it requires that the user play a game in order for the application to learn how the specific user holds and uses the specific type of phone on which it runs.  The payoff could be significant though:  Besides being able to sniff PIN logins to the phone, the application can sniff phonepad entries and possibly steal credit card numbers and phone numbers through this method.

Read More: http://www.v3.co.uk/v3-uk/news/2168301/taplogger-android-trojan-cracks-touchscreen-passwords-handset-movements

 

Encryption for Google Docs from Cipherdocs

One of the drawbacks to using the Google cloud of internet applications is the lack of proper document confidentiality.  Sure, the service lets you grant or revoke permissions to different users via their email address, but what if that user’s email is compromised?  What if Google Docs were compromised in some way?  Your documents would be open for all to see.  A new startup has been bootstrapped with a way to fill this security gap — Cipherdocs.

Cipherdocs has created a plugin for the popular internet browser Mozilla Firefox which allows users to have encryption on-the-fly for Google documents.  It even has a keyring available for using Encrypted Google Docs across multiple computers, and only requires that Java be installed along with the Firefox browser and the plugin itself.  It is currently free and can be downloaded from http://www.cipherdocs.com/

Read More: http://www.cipherdocs.com/cipherdocsinstallation.pdf

Read the original blog entry...

More Stories By Bob Gourley

Bob Gourley writes on enterprise IT. He is a founder of Crucial Point and publisher of CTOvision.com

IoT & Smart Cities Stories
A valuable conference experience generates new contacts, sales leads, potential strategic partners and potential investors; helps gather competitive intelligence and even provides inspiration for new products and services. Conference Guru works with conference organizers to pass great deals to great conferences, helping you discover new conferences and increase your return on investment.
Poor data quality and analytics drive down business value. In fact, Gartner estimated that the average financial impact of poor data quality on organizations is $9.7 million per year. But bad data is much more than a cost center. By eroding trust in information, analytics and the business decisions based on these, it is a serious impediment to digital transformation.
We are seeing a major migration of enterprises applications to the cloud. As cloud and business use of real time applications accelerate, legacy networks are no longer able to architecturally support cloud adoption and deliver the performance and security required by highly distributed enterprises. These outdated solutions have become more costly and complicated to implement, install, manage, and maintain.SD-WAN offers unlimited capabilities for accessing the benefits of the cloud and Internet. ...
Business professionals no longer wonder if they'll migrate to the cloud; it's now a matter of when. The cloud environment has proved to be a major force in transitioning to an agile business model that enables quick decisions and fast implementation that solidify customer relationships. And when the cloud is combined with the power of cognitive computing, it drives innovation and transformation that achieves astounding competitive advantage.
SYS-CON Events announced today that Silicon India has been named “Media Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Published in Silicon Valley, Silicon India magazine is the premiere platform for CIOs to discuss their innovative enterprise solutions and allows IT vendors to learn about new solutions that can help grow their business.
DXWorldEXPO LLC announced today that "IoT Now" was named media sponsor of CloudEXPO | DXWorldEXPO 2018 New York, which will take place on November 11-13, 2018 in New York City, NY. IoT Now explores the evolving opportunities and challenges facing CSPs, and it passes on some lessons learned from those who have taken the first steps in next-gen IoT services.
SYS-CON Events announced today that CrowdReviews.com has been named “Media Sponsor” of SYS-CON's 22nd International Cloud Expo, which will take place on June 5–7, 2018, at the Javits Center in New York City, NY. CrowdReviews.com is a transparent online platform for determining which products and services are the best based on the opinion of the crowd. The crowd consists of Internet users that have experienced products and services first-hand and have an interest in letting other potential buye...
Founded in 2000, Chetu Inc. is a global provider of customized software development solutions and IT staff augmentation services for software technology providers. By providing clients with unparalleled niche technology expertise and industry experience, Chetu has become the premiere long-term, back-end software development partner for start-ups, SMBs, and Fortune 500 companies. Chetu is headquartered in Plantation, Florida, with thirteen offices throughout the U.S. and abroad.
SYS-CON Events announced today that DatacenterDynamics has been named “Media Sponsor” of SYS-CON's 18th International Cloud Expo, which will take place on June 7–9, 2016, at the Javits Center in New York City, NY. DatacenterDynamics is a brand of DCD Group, a global B2B media and publishing company that develops products to help senior professionals in the world's most ICT dependent organizations make risk-based infrastructure and capacity decisions.
DXWorldEXPO LLC announced today that All in Mobile, a mobile app development company from Poland, will exhibit at the 22nd International CloudEXPO | DXWorldEXPO. All In Mobile is a mobile app development company from Poland. Since 2014, they maintain passion for developing mobile applications for enterprises and startups worldwide.