WITH 3 EASY TIPS - Black Knight IT

WHAT’S INSIDE
MONTHLY TECH NEWS FROM BLACK KNIGHT !
VOLUME 040 | March 2015
TechTimes
Improve internet security
WITH 3 EASY TIPS
Disable this feature
to stop your Samsung
Smart TV from
listening to you
ENCRYPTION CAN CREATE
STORMY WEATHER
IN THE CLOUD
SPYWARE
p
or
ped f
g
n
i
l
l
L
a
t
s
n
i
e
Pr
e
r
a
w
Spy
o Ra
v
o
n
e
CLOUD
TOP 8 CLOUD
SECURITY TIPS
Encryption in the Cloud
Article from:
http://www.technewsworld.com/story/81711.html
THE CLOUD
ENCRYPTION CAN CREATE
STORMY WEATHER
IN THE CLOUD
Encryption has received a lot of attention
lately as a solution to the growing data
breach problem, but one of the hangups dogging the technology has been its
ability to play nice in the cloud. That’s
especially true if an organization wants
to control the keys by which its data is
scrambled and use services offered by a
cloud provider beyond simple storage.
TRUST BUT KEEP KEYS
If a cloud provider can’t decrypt a client’s data, it could
break the provider’s antivirus, data loss prevention, file
preview and text indexing functions, as well as pose
performance challenges. If the cloud provider can’t decrypt
your data, the cloud just becomes a dumb bucket. That’s
why cloud service providers in the past have had access
to users’ data encryption keys. As long as a user trusted
their provider, that approach was acceptable, but that’s no
longer the case for many organizations. Compliance with
regulations requires some businesses to control the keys
by which they encrypt their data. Other organizations just
don’t want to lose control of their information.
If an organization wants to use a cloud provider’s services,
it can allow a provider to access its keys. From a security
perspective, though, that solution is imperfect. A rogue
employee of the cloud provider could abuse those key
privileges to peek at, or leak a customer’s data. The solution
also opens the door for lawyers or government authorities
to snatch the data. Those authorities usually obtain data
from a provider through a civil or criminal subpoena. As
long as there isn’t a gag order attached to the subpoena
-- a rare occurrence except in national security cases -- a
customer with control of its encryption keys has a chance
to protect their data.
2
“After we receive a subpoena, we inform the customer
that we’ve received it, at which time the customer can
deny us access to its encryption keys,” Intralinks’ Partridge
explained. “If they do that, the only thing we could hand
over to the courts is encrypted data. When we’re served
with a subpoena for data with a gag order, there’s pretty
much nothing we can do but turn over decrypted data
without telling the customer.”
US Sen. Ed Markey (D-Mass.) released a report exploring
the potential hacking of automobile electronics. Meanwhile,
Samsung came under fire for its smart TV terms of service
agreement, which warns that “if your spoken words include
personal or other sensitive information, that information will
be among the data captured and transmitted to a third party
through your use of Voice Recognition.” Although new
technologies in cars do have benefits such as the potential
to improve driver safety and vehicle performance, as
vehicles are becoming more connected through electronic
systems like navigation, infotainment and safety monitoring
tools, but the proliferation of these technologies raises
concerns about the ability of hackers to gain access and
control to the essential functions and features of those cars
and for others to utilize information on drivers’ habits for
commercial purposes without the drivers’ knowledge or
consent.
SOLUTION IN THE CLOUD
If auto makers want to mitigate future cyberattacks on their
products, they’ll need to focus their security efforts in the
cloud, maintains Andreas Mai, director of smart connected
vehicles at Cisco. “Cloud services need to assist a vehicle’s
threat defense, and remove threats before they reach
vehicles,” he told TechNewsWorld. “Misbehaving vehicles
and anomalies need to be detected and addressed from
the cloud,” he added. “It will simply not be acceptable to
vehicle owners to visit a dealer every time a cyberattack
needs to be addressed.”
However, the situation is worse
than Markey imagines and the
answer remains elusive even as
the need for a solution intensifies,”
observed Roger C. Lanctot,
associate director of the global
automotive practice for Strategy
Analytics. “Time to shelve the selfdriving cars until we sort this out,”
he told TechNewsWorld.
TOO SMART TV
The Samsung smart TV furor also
attracted a senator’s attention.
Sen. Al Franken (D-Minn.) sent
a letter to Samsung, as well as
fellow smart TV maker LG, asking
some pointed questions about the
gathering of voice data containing
personal information. Samsung
said it would respond to Franken’s
letter. In the meantime, it clarified
its warning, saying that voice
commands are captured and sent
to third parties only when users
conduct searches through its
TVs. The third party is Nuance, a
service provider that converts a
user’s speech into commands the
TV can understand.
“Monitoring by smart TVs is part of
a larger trend towards tracking all
kinds of activities and behaviors,”
noted Lance Cottrell, chief scientist
at Ntrepid. “Location tracking,
financial tracking and web tracking
also provide very invasive levels of
information about us. Increasingly
people need to think about what
things they really want to keep
private,” he told TechNewsWorld,
“because it is almost impossible
to protect everything without going
completely off the grid.”
Regulatory compliance requires
some businesses to control the
keys by which they encrypt their
data. Other organizations simply
don't want to lose control of
their information. However, if an
organization wants to use a cloud
provider's services, it can allow
a provider to access its keys.
"Encryption still takes place in
the cloud, but it's done with keys
managed by the customer," said
Todd Partridge, director of product
marketing at Intralinks.
CLOUD
8 CLOUD SECURITY TIPS
TOP 8 CLOUD
SECURITY TIPS
1. Back Up Data Locally.
It is good practice to create electronic
copies for any of your data so you will
still be able to access them even when
the original is lost or has been corrupted.
You should also manually backup your
data in an external physical storage
drive or device, like a hard disk or a
thumb drive. This allows you to access
the information when you have poor/no
Internet.
2. Avoid Storing Sensitive Info.
Keep only those files which you need
to access frequently and avoid putting
up documents containing passwords
for your various online accounts or
personally identifiable information such
as your credit card numbers, national
identification number or home address.
If you must include this information in
your files, make sure to encrypt them
before you upload.
3. Use Services That Encrypt.
The easiest way to safeguard your
privacy when using cloud storage
services is to look for one that offers
local encryption for your data. This
provides an additional layer of security
since decryption will be required before
you can be granted access to the data.
This can be done using military-grade
Advanced Encryption Standard (AES)
(256 bits), which FileQuay uses.
4. Use A Strong Password / Apply
Two-Step Verification
Ensure that your password can stand
a hacking or cracking attempt. There
are tons of tips on the Internet on what
makes for a good password. Aside from
going for a strong and unique password,
make sure to change it frequently and
not repeat it across all other online
accounts you have. Alternatively, you
should use secure two-step verification
for your login if your cloud service offers
the option.
5. Encrypt before uploading.
Even if you’re already opting for an
encrypted cloud service, it wouldn’t
hurt to go through a preliminary round
of encryption for your files to get a little
extra assurance.
6. Read The Small Print.
Besides storing your data, some cloud
services allow you to share your photos
and files with others. This sounds
appealing, but comes with a catch- fine
print that they don’t advertise but in
their Terms of Service (TOS) to make
it legitimate.
7. Be Wary Of Online Behaviour.
Sometimes, the security of your cloud
data depends on what you do online,
especially on public computers or
connections. When using a public
computer, do you opt to not save your
password, and ensure that you logged
out of your account after you are done?
Saving your password and leaving it
logged in exposes you to the risk of
strangers accessing your data. If you
tend to connect open and unsecured
Wi-Fi hotspots in public places to
log in to your cloud account- such
connections are typically unencrypted,
which means that whatever you do
while connected can be ‘sniffed‘ by a
hacker on the same network.
8. Protect With Anti-Virus/Spy
You may be using a secure cloud
service provider which you absolutely
trust, but sometimes the weakest link
happens to be the computer system
you’re logging in from. Without proper
protection for your system, you expose
yourself to bugs and viruses that
provide penetration points for hackers
to access your account.
3
Improve Internet Security
Disable this feature
to stop your Samsung
Smart TV from
listening to you
SECURITY
Improve internet security
WITH 3 EASY TIPS
Are you concerned about internet security?
Did you know there are a few simple ways
to get increased protection that require
only minimal investment of time? We’re not
just talking about changing your passwords
regularly or installing antivirus software.
There are a few other methods that are less
often talked about – here are three tips to
boost your internet security that you might
not have thought of yet.
to come. They’ll often try to take advantage
of this, searching for outdated devices to
infiltrate while their victims watch YouTube on
last year’s version of Firefox.
Yes, installing an update might take 15
minutes of your time. But it can pay dividends
in preventing a security breach that could cost
you or your business thousands.
Use HTTPs
Embrace two-factor authentication
When was the last time you typed those letters
Also known as two-step verification, most into a browser? Probably not this decade. It’s
of us have likely dealt with this at one time no wonder most people are unaware of this
or another. When you’re logging onto your tip. So for those who are oblivious, https is
bank’s website or your email account from the secure version of http – hypertext transfer
a different computer than you normally use, protocol. Believe it or not, that last “s” actually
you’re sometimes prompted for a one-time adds an extra layer of protection. It encrypts
password – sent to you via text message, email information sent, both ways, between a
or via some other method.
website’s server and you.
Nowadays, many sites such as Facebook,
Dropbox and Twitter also give you the option
to use two-factor authentication each time
you log in. So if you’re looking for an easy way
to up your security, it can give you that extra
protection without slowing you down too
much.
Update browsers and devices
Did you know that dated versions of browsers,
operating systems and even other software
packages can create an easy entry point for
hackers? Often, new updates are created
specifically to fix security holes. And hackers
are ever aware that people can be lazy – saving
that update for another day that never seems
4
www.technologyreview.com
You’re probably thinking, adding that last “s”
to http (or even typing in http in general) is
a complete pain in the rear. So to make this
easier you can actually install a program like
“HTTPS Everywhere” that’ll automatically switch
an http into an https for you.
Currently “HTTPS Everywhere”
is available for Firefox, Chrome
and Opera.
Looking for more tips to
boost your internet
security?
Get in touch to find
out how we can help.
SECURITY
Samsung Smart TV
Worried about Samsung eavesdropping on your
conversations? Here’s how you can turn off the Voice
Recognition feature on your Smart TV.
If you have a Samsung Smart TV with
voice recognition in your lounge room, it
might be worth making sure the feature's
deactivated and a piece of tape is over the
microphone before you make any private
or sensitive statements.
The South Korean technology giant has told
users of the voice recognition feature that
anything heard by the television may be whisked
away by the company over the internet and
sent to a third party. The company's privacy
policy states: "Samsung may collect and your
device may capture voice commands and
associated texts so that we can provide you
with voice recognition features and evaluate
and improve the features"
It adds the warning that if your spoken words
include personal or other sensitive information,
that information will be among the data
captured and transmitted to a third party. If
you disable voice recognition the television
will still listen out for key command phrases,
and “Samsung may still collect associated
texts and other usage data so that we can
evaluate the performance of the feature and
improve it”. You can disable data collection
entirely through the settings menu, which will
also disable all voice command capabilities.
Privacy campaigners have branded the policy
“outrageous” and made comparisons to
George Orwell’s description of telescreens,
which spied on citizens in his novel 1984.
provided to a third party during a requested
voice command search. At that time, voice
data is sent to a server, which searches for
the requested content then returns the
desired content to the TV.” Samsung has even
stated in its own privacy policy that if the TV’s
owner does decide not to share their private
information, then the company may still take
the information anyway. This leaves users
with no knowledge or control over where your
information goes or who has access to it and
that is simply unacceptable.
Samsung did not specify the ‘third party’
to which it sends the data, however the
company has had previous dealings with voice
recognition firm Nuance, the company behind
Apple’s Siri. Nuance’s own privacy policies state
that it too will forward data to third parties
under “limited circumstances”, such as “when
we believe we are required to do so by law”.
“Samsung does not retain voice data or sell
it to third parties,” the company told The
Guardian. “If a consumer consents and uses
the voice recognition feature, voice data is
5
Wireless Charging
TPG makes $1.4b
HARDWARE
play for iiNet
IKEA lamps,
bedside tables
that charge your
smartphone to be
rolled out soon
FUTURISTIC furniture that charges your
smartphone is about to arrive in your
loungeroom and bedroom. A revolutionary
range of lamps and bedside tables fitted
with a wireless charging pad will be rolled
out in Australia from October.
IKEA says its “home smart” innovation will help
do away with messy cables and flat battery
fury. “We have been looking at people’s lives
at home ... and how that frustration can be
reduced,” national commercial manager Tim
Prevade said.
For householders were keen to get rid of cable
clutter.The new furniture, with integrated Qi
wireless charging, is compatible with phone
models such as Samsung, HTC and Nokia, he
said.
iPhone owners wanting to use it will be able to
buy a special case for their handset. Mr Prevade
said the induction charging was similar to that
for cooktops and electric toothbrushes.
“It’s more or less the same energy usage and
time to charge batteries,” he said. “It could
potentially extend to other types of furniture,
Users plug in the furniture pieces at a power like couches.” Various furniture also features
source, then place their handset on a wireless a USB port allowing tablets and additional
charging station with a marked sign indicating devices to be charged.
where to rest the device.
Australians have one of the world’s highest
The products are expected to cost about $30 rates of smart phone usage with at least three
to $40 more than standard items. Separate in four adults using a handset to access the
wireless chargers including one that slots into web. Research released
desks will also be sold.
by technology analyst
Telsyte last year suggested
the average family juggled
up to eight internetconnectable devices such
as smartphones, tablets
and computers.
Some hi-tech homes
had more than 20
devices,
often
used
simultaneously.
6
www.technologyreview.com
INTERNET provider TPG Telecom is set to take
over rival iiNet in a deal worth $1.4 billion.iiNet’s
board of directors has recommended shareholders
accept the $8.60 per share offer, which is 33 per
cent above the company’s five-day average stock
price.“The board views this as a significant reward
for shareholders who have shown their faith in iiNet,”
iiNet chairman Michael Smith said.
TPG executive chairman and CEO David Teoh said
combined businesses would provide broadband to
more than 1.7 million subscribers and be “well positioned
to deliver scale benefits in an NBN environment.
Australian law
enforcement
asks for more
Facebook user data
Australian law enforcement and government
agencies are asking for increasingly more data on
Facebook users, the latest figures from the social
media giant show. In the six months from July
to December last year, Australian government
agencies requested 36 percent more data on
Facebook user accounts than in the previous six
month period.
Facebook’s latest twice-yearly government
requests report reveals it received 829 requests
for user data on 933 accounts from Australia.
It handed over the data on 69 percent of
requests. “We restricted access to three items
in compliance with a request from a local state
consumer affairs regulator for violating local
laws that ban ‘false and misleading information’,”
Facebook stated in its report. “We also restricted
one page in compliance with Australia’s federal
anti-discrimination laws.”
Govt pushes to collect more
biometric data at airports
The federal government is attempting to expand
the amount and type of biometric data it collects on
Australian citizens and foreigners - including minors
- at the country’s airports through new legislation.
The Immigration department currently collects facial
images, signatures and fingerprints - the latter only
in limited circumstances.The amendment would
ensure that any type of personal identifier - defined
as fingerprints or handprints; a person’s height
TECH TIPs
March Tech Times News
“iiNet and TPG are highly complementary businesses
in terms of geographic presence, market segments
and corporate customer base,” he said. If iiNet
shareholders approve the deal it should go through
in July.
IG market analyst Evan Lucas told The Australian
the deal had been expected for years. “It’s the worst
kept secret. It was always going to happen,” he said,
adding that the $1.4 billion price tag was fair. “It’s a
good price. It’s not expensive but it’s certainly not
cheap.”
Brandis to introduce
site blocking
legislation this week
The federal government plans to introduce legislation
allowing content owners to apply for court orders to
force internet service providers to block overseas filesharing websites. The Copyright Amendment (Online
Infringement) Bill - led by Attorney-General George
Brandis - was cleared for introduction into parliament
by the Coalition. The bill - the text of which is yet to be
made public - will facilitate the blocking of overseas
websites used for downloading and uploading
copyright infringing content.
Turnbull conceded that shutting down overseas filesharing websites could result in a game of whacka-mole - evident through the reappearance of The
Pirate Bay under a different domain after the filesharing site was pulled down in a Swedish raid. “If
you are asking me is it possible for .. to then move
to another IP address or another URL, of course that
is true,” Turnbull said at the time. The site-blocking
scheme has been likened to online censorship by
critics including consumer advocate group Choice and
Pirate Party Australia, who argue it will create a filter
that will allow the content industry to hit consumers
with disproportionate penalties.
and weight; photograph of a person’s head and
shoulders; audio or video recording of a person; an
iris scan; or a signature - can be collected from an
individual.
The bill will also allow law enforcement agencies to
collect the biometric data of minors and incapable
persons without the need to obtain consent or
presence of a parent or guardian during the
collection.
7
Digital Resolutions for 2015
TECH TIP
Lenovo Rapped for
Preinstalling
Spyware
Lenovo a few weeks ago came under fire for
preinstalling spyware on some of its laptops.
The software, Superfish, uses the same techniques
cybercriminals often employ to crack encrypted
traffic from computers to the Internet. Superfish is
designed to bypass the security of HTTPS websites in
a manner that would allow malware and attackers to
also bypass the security provided by HTTPS.
Users are inherently at risk of being directed to
malicious sites that appear valid, making it much
easier for attackers to steal information and further
infect computers with malware.However, security
concerns raised by malware fighters are misplaced,
Lenovo insisted. "We have thoroughly investigated
this technology and do not find any evidence to
substantiate security concerns," the company said in
a statement.
Superfish was installed on some consumer
notebooks from September to December of last year
to help customers potentially discover interesting
products while shopping, Lenovo explained. After
receiving negative customer feedback, the company
in January disabled the software on all Lenovo
machines and stopped preloading it on new laptops.
What makes Superfish so disturbing to many in the
security community is the program's disregard for
SSL security. SSL is used to encrypt communication
between computers and websites. "If you uninstall
the software, it doesn't remove the certificate created
by it," Venafi's Bocek said. "That allows hackers to
create malicious websites that will be trusted by those
Lenovo computers."
8
Lenovo reportedly banned
by MI6, CIA, and other spy
agencies over fear of Chinese
hacking (update)
Beijing-based computer maker
Lenovo
has
reportedly
been
blacklisted for years by spy agencies
worldwide, as concerns about
government-sanctioned
Chinese
hacking persist. According to the
Australian Financial Review, Australia,
the UK, Canada, New Zealand, and the
US have all rejected Lenovo machines
for their top-secret networks since the
mid-2000s, though the computers can
be used for lower-security tasks that
don’t involve sensitive information.
UPDATE: The Australian Government’s
Department of Defence disputes the
storysaying the Australian Financial
Review’s report is “factually incorrect,”
and that there is no ban on Lenovo
products on its classified networks.
It’s unclear whether the government
agency is mincing words or whether the
publication truly got the story wrong.
AFR originally cited a Department of
Defence spokesperson that Lenovo
products had never been approved
for those networks, but that’s not the
same as a ban on them ever becoming
approved in the future.