Network Testing Tomorrow Morning May Have Service Impact on ANGEL
On October 24, 2014 (Friday), between the hours of 5:30AM to 6:00AM EDT, Information Technology Services (ITS) will perform network readiness testing that may have an intermittent impact on ANGEL’s availability. Although ITS does not anticipate an impact, we recommend you do not submit any assignments or take quizzes during this timeframe. This maintenance activity […]more…
CACTUS update
On Friday, 24 October, 2014, during the ITS maintenance window, we will be changing the CACTUS Web interface configuration. This change will disable SSL versions 2 and 3 over HTTP. We have tested this change and do not expect any problems, but users should contact the IT Service Desk for assistance if they experience any […]more…
Manipulating WordPress Plugin Functions to Inject Malware
Most authors of website malware usually rely on the same tricks, making it easy for malware researchers to spot obfuscated code, random files that don’t belong, and malicious lines injected at the top of a file. However, it can become difficult when the malware is buried deep within the lines of code on normal files. […]more…
Akamai sees record-setting spikes in size and volume of DDoS attacks
The size and volume of distributed denial-of-service attacks has exploded in the past year, with a 389 percent increase in average attack bandwidth between the third quarter of 2013 and the third quarter of 2014, according to an Internet security report from Akamai Technologies. This should make companies consider using cloud-based security services, such as […]more…
Planned vSphere Upgrade for VM Hosting Service
On Wednesday October 29th from 5:00 p.m. to 9:00 p.m., the VM Hosting management server will be upgraded to version 5.5 in order to provide significant improvements to the vSphere web client, including Linux and Mac OS compatibility. This upgrade will be performed by ITS Services and Solutions (SaS) and will affect users of the […]more…
You are responsible for your own Internet privacy
Bill Clinton’s run for presidency nearly derailed when rumors surfaced that he had smoked marijuana during his time in England. In an effort to control the damage, Clinton admitted that he indeed experimented with the illegal drug but “didn’t inhale.” Imagine how history might have changed if a video of a glassy-eyed Clinton with a […]more…
New Mobile OS Versions Improve Security
The competition between mobile OSes is heating up, with Apple’s iOS 8 and Google’s Android Lollipop in tight competition, as the public discovers their features and what these OSs can do for them. There are notable changes and significant improvements in these releases, particularly in their default settings. Encryption by default seems to be the primary […]more…
Abandoned subdomains pose security risk for businesses
Many companies set up subdomains for use with external services, but then forget to disable them when they stop using those services, creating a loophole for attackers to exploit. Because many service providers don’t properly validate the ownership of subdomains pointed at their servers, attackers can set up new accounts and abuse subdomains forgotten by […]more…
4 security tips for Apple Pay users
Many security experts agree that Apple Pay and contactless payment systems like it are an improvement over traditional credit-card based systems. However, Apple Pay is still new and relatively untested, and it’s wise to approach it strategically. [Related: Security, Payments Experts Talk Apple Pay] Peter Olynick, card and payments practice lead with Carlisle & Gallagher […]more…
Apple to stop SSL 3.0 support for push notifications soon
Apple will stop support next week for an encryption protocol found to contain a severe vulnerability, the company said on Wednesday. Support for SSL 3.0 will cease as of Oct. 29, it said. “Providers using only SSL 3.0 will need to support TLS as soon as possible to ensure the Apple Push Notification service continues […]more…
Government regulation on cloud security may spur SaaS use in health care
Governments may need to tighten the regulatory screws on SaaS vendors to make them be more transparent and forthcoming about their security practices. Until then, it will be hard for health care companies in particular to fully trust cloud software vendors, according to speakers at the EU-U.S. ehealth Marketplace and Conference in Boston on Wednesday. […]more…
A false choice: the Ebola virus or malware?
In September we came across mentions of people in Africa suffering from the Ebola virus and unusual invitations to a conference of the World Health Organisation (WHO) in the subject line of so-called “Nigerian” emails. The aim of the conmen was, as usual, to swindle money from trusting recipients who entered into conversation with the […]more…
Xiaomi moving data outside China following privacy concerns
Chinese smartphone maker Xiaomi is moving customer data and its Internet platforms to servers outside China, only months after the company apologized over privacy concerns. Since early this year, Xiaomi has been migrating the data as a way to “cut down latency and reduce failure rates” for its customers across the world, said company vice […]more…
Google goes beyond two-step verification with new USB Security Key
Google’s adding support for a physical USB second factor that will first verify the login site as being a true Google website, not a fake site pretending to be Google, before it hands over a cryptographic signature.more…
SSCC 170 – Is the best time to shop at a store right after it has a breach? [PODCAST]
Here’s the latest episode of our weekly security podcast. Join Sophos experts Chester Wisniewski, John Shier and Paul Ducklin as they turn news into advice…more…
Leave your passwords at the Checkout Desk
Hotels, Restaurants and Airports used to offer customers free tablets while using their facilities. Recently while attending an event and staying in one such hotel, I had the chance to use a free iPad especially installed in my room. To my surprise, it not only contained the event agenda and provided a free WiFi connection, […]more…