Information Security, SSAE 16, ISO 27001, CISA, Cert-IN
Mobile Work Exchange, a public-private partnership focused on demonstrating the value of mobility and telework, launched the Secure Mobility Hot Zone, which includes a self-assessment tool and mobile security resource center, in coordination with Cisco.
Read more at Mobile Work Exchange
For fifteen tense minutes on 12th September afternoon, United Airlines’ fare booking engine was operating at full steam. Someone, likely a Flyertalk user, noticed that fares between Washington DC and Minneapolis were pricing at $10 and posted his finding onto the forum. Attention grew rapidly, with over 100 replies in just an hour, and the news spread to Twitter.
The glitch in the system appeared to offer $0 fares plus $5 in tax for many domestic flights, and was apparently caused by human error. Some forum readers reported finding $10 flights between Washington DC and Hawaii, while others scooped up over a dozen tickets to destinations all over the country.
Read the full article at Cnet
Nerval’s Lobster writes “Developer and editor Jeff Cogswell decided to poke around the security of Amazon Web Services, and found a potential loophole that could theoretically allow anyone — a developer, an unscrupulous Amazon employee, the NSA — to access and copy data volumes stored on the system, using a slightly modified version of the popular ‘chntwp’ password tool. In this article, he breaks down how he did it, and suggests some ways for those who use cloud-hosting services to keep their data a little more secure in the future. ‘The key here, of course, is that an unscrupulous employee might be able to make a copy of any existing Windows volume, and go to work on it without the customer ever knowing that it happened,’ he writes. ‘Now let’s be clear: I’m not accusing anyone of having done this; in fact, I doubt anybody has, considering I was unable to find a working copy of chntpw until I modified it.’ It’s a security concern, and one that’s particularly insidious to patch.”
Original article at Slashdot
An analysis of data collected during the Internet Census 2012, or Carna botnet, reveals that millions of embedded devices are vulnerable by default from the manufacturer.
Read more at Threat Post
Cisco said it would add a security arm to its existing services division with an eye toward pushing its support of its security products as well as offering a range of managed security services.
Read full article at Information Week
Promisec announced a free, downloadable and automated security inspection for up to 100 endpoints. The free inspection process produces results in about five minutes, with all data stored locally on the administrator’s machine to assure privacy and confidentiality.
Try it out at Promisec
Sure, you’ve heard of virtualized computing environments before, but a start-up here at TechCrunch Disrupt called PPL Connect is a platform that virtualizes your phone’s capabilities in real-time. That means you can make and receive calls and texts and access the photos and videos on your phone from any device with a web browser. It’s kind of like AirDroid, only you don’t need to have your phone with you or even have it turned on to make calls or receive texts once you’ve signed up. It’s a platform agnostic solution for a fragmented mobile world.
The magic happens via a localized app on your phone and Amazon cloud service to dish out your data where you need it. That cloud component both serves as cloud storage for your data and as a back-end VoIP relay station for calls and texts. Currently, photos, videos, contacts, calls and texts are what’s handled by the service, but the plan is to eventually fully replicate your phone’s capabilities. For folks who are concerned about putting your digital life in the hands of PPL connect, all transmissions to and from its servers are encrypted. And, the company is currently devising a fully encrypted system whereby the data’s only accessible with a single, user-owned key.
Read more at Engadget
New Delhi-based Ken Research has issued a new report focused on present conditions and future prospects for the Indian ATM Market.
Read the original article at ATM Market Place
GFI Software announced Free Asset Tracking Forever, a no-charge component of the GFI Cloud suite of cloud-based IT management services that enables organizations to audit and asset manage servers and workstations across the organization, as well as identify and manage units running legacy operating systems with minimal effort, all from a single management console.
Read more at GFI Cloud
An anonymous reader writes “Ralph Langner, the security expert who deciphered how Stuxnet targeted the Siemens PLCs in Iran’s Natanz nuclear facility, has come up with a cybersecurity framework for industrial control systems (ICS) that he says is a better fit than the U.S. government’s Cyber Security Framework. Langner’s Robust ICS Planning and Evaluation, or RIPE, framework takes a different approach to locking down ICS/SCADA plants than the NIST-led one, focusing on security capabilities rather than risk. He hopes it will help influence the final version of the U.S. government’s framework.”
Original article at Slashdot