Posts

Showing posts from October, 2017

Google Docs lockout: It's fixed, Google says, but users fret over 'creepy monitoring'

Image
A Google Docs glitch reminds users that the cloud's convenience can come at the expense of privacy and control. Google has fixed a glitch in Docs that triggered panic for some who could no longer access or share files because Google's systems had ruled they violated its terms of service. The problem left affected Google Docs users baffled when attempting to open files only to be told by Google that the item had been "flagged as inappropriate and can no longer be shared". Others were told they couldn't access the file, while some reported deleted files. Around 100 users reported the  issue on the Google Docs help forum  and for several hours were anxiously awaiting a response and fix from Google. National Geographic reporter Rachel Bale was surprised that her draft of a story about wildlife crime would be locked for a violation of Google's terms of service. After hearing that others experienced the same problem, she figured it was a glitch -- ra...

WPA2 security flaw puts almost every Wi-Fi device at risk of hijack, eavesdropping

Image
Security experts have said the bug is a total breakdown of the WPA2 security protocol. A security protocol at the heart of most modern Wi-Fi devices, including computers, phones, and routers, has been broken, putting almost every wireless-enabled device at risk of attack. The bug, known as "KRACK" for Key Reinstallation Attack, exposes a fundamental flaw in WPA2, a common protocol used in securing most modern wireless networks. Mathy Vanhoef, a computer security academic,  who found the flaw , said the weakness lies in the protocol's four-way handshake, which securely allows new devices with a pre-shared password to join the network. That weakness can, at its worst, allow an attacker to decrypt network traffic from a WPA2-enabled device, hijack connections, and inject content into the traffic stream. In other words: This flaw, if exploited, gives an attacker a skeleton key to access any WPA2 network without a password. Once they're in, they can eavesdrop on ...

Cisco updates ACI for customers moving to a multi-cloud strategy

Image
The new features should simplify network management and improve security across complex environments. Cisco on Thursday announced updates to its software-defined networking (SDN) offering, Application Centric Infrastructure (ACI), with the intent of simplifying network management for the growing number of customers adopting complex, multi-cloud strategies. The latest release (ACI 3.0) offers improved security and simplified management for any combination of workloads in containers, virtual machines, and bare metal for private clouds and on-premise data centers. "By automating basic IT operations with a central policy across multiple data centers and geographies, ACI's new multi-site management capability helps network operators more easily move and manage workloads with a single pane of glass - a significant step in delivering on Cisco's vision for enabling ACI Anywhere," Ish Limkakeng, SVP for data center networking at Cisco, said in a statement. Cisco...

Cloud vulnerabilities are being ignored by the enterprise

Image
RedLock's latest cloud security report suggests that organizations are failing in the most basic security practices. The enterprise is still ignoring the most basic security precautions when using cloud services, researchers claim. On Thursday, RedLock released its annual   cloud security report , which suggests that vulnerabilities in the cloud are being outright ignored, with poor database security and key leaks commonplace. After analyzing customer environments, the cloud security firm said that roughly 38 percent of organizations in the enterprise have user accounts active which have potentially been compromised, and 37 percent of company databases allow inbound connections from the web, which is generally a poor security practice to implement. In addition, seven percent of these databases are permitting requests from suspicious IP addresses, which suggests they have been compromised. Throughout their research, the RedLock team discovered that at least 250 org...