Posts

Google Docs lockout: It's fixed, Google says, but users fret over 'creepy monitoring'

Image
A Google Docs glitch reminds users that the cloud's convenience can come at the expense of privacy and control. Google has fixed a glitch in Docs that triggered panic for some who could no longer access or share files because Google's systems had ruled they violated its terms of service. The problem left affected Google Docs users baffled when attempting to open files only to be told by Google that the item had been "flagged as inappropriate and can no longer be shared". Others were told they couldn't access the file, while some reported deleted files. Around 100 users reported the  issue on the Google Docs help forum  and for several hours were anxiously awaiting a response and fix from Google. National Geographic reporter Rachel Bale was surprised that her draft of a story about wildlife crime would be locked for a violation of Google's terms of service. After hearing that others experienced the same problem, she figured it was a glitch -- ra...

WPA2 security flaw puts almost every Wi-Fi device at risk of hijack, eavesdropping

Image
Security experts have said the bug is a total breakdown of the WPA2 security protocol. A security protocol at the heart of most modern Wi-Fi devices, including computers, phones, and routers, has been broken, putting almost every wireless-enabled device at risk of attack. The bug, known as "KRACK" for Key Reinstallation Attack, exposes a fundamental flaw in WPA2, a common protocol used in securing most modern wireless networks. Mathy Vanhoef, a computer security academic,  who found the flaw , said the weakness lies in the protocol's four-way handshake, which securely allows new devices with a pre-shared password to join the network. That weakness can, at its worst, allow an attacker to decrypt network traffic from a WPA2-enabled device, hijack connections, and inject content into the traffic stream. In other words: This flaw, if exploited, gives an attacker a skeleton key to access any WPA2 network without a password. Once they're in, they can eavesdrop on ...

Cisco updates ACI for customers moving to a multi-cloud strategy

Image
The new features should simplify network management and improve security across complex environments. Cisco on Thursday announced updates to its software-defined networking (SDN) offering, Application Centric Infrastructure (ACI), with the intent of simplifying network management for the growing number of customers adopting complex, multi-cloud strategies. The latest release (ACI 3.0) offers improved security and simplified management for any combination of workloads in containers, virtual machines, and bare metal for private clouds and on-premise data centers. "By automating basic IT operations with a central policy across multiple data centers and geographies, ACI's new multi-site management capability helps network operators more easily move and manage workloads with a single pane of glass - a significant step in delivering on Cisco's vision for enabling ACI Anywhere," Ish Limkakeng, SVP for data center networking at Cisco, said in a statement. Cisco...

Cloud vulnerabilities are being ignored by the enterprise

Image
RedLock's latest cloud security report suggests that organizations are failing in the most basic security practices. The enterprise is still ignoring the most basic security precautions when using cloud services, researchers claim. On Thursday, RedLock released its annual   cloud security report , which suggests that vulnerabilities in the cloud are being outright ignored, with poor database security and key leaks commonplace. After analyzing customer environments, the cloud security firm said that roughly 38 percent of organizations in the enterprise have user accounts active which have potentially been compromised, and 37 percent of company databases allow inbound connections from the web, which is generally a poor security practice to implement. In addition, seven percent of these databases are permitting requests from suspicious IP addresses, which suggests they have been compromised. Throughout their research, the RedLock team discovered that at least 250 org...

Microsoft tries to stem its self-made collaboration-tool confusion

Image
Microsoft is using this week's Ignite conference to try to help clarify its collaboration-tool strategy. Here's how SharePoint, Teams and Yammer figure in the mix. Choice is good. But too much choice, especially when it comes to collaboration tools, has been a problem for Microsoft. This isn't news to customers, partners or Microsoft execs themselves. But at the company's Ignite IT Pro conference in Orlando this week, Microsoft execs took a step to try to clarify the company's strategy and messaging in this area. Microsoft Office 365 Marketing chief Ron Markezich kicked off the conference this week with a slide entitled "Microsoft 365 Teamwork: Where to Start a Conversation." That slide attempts to do what  Microsoft initially attempted with a 60-plus-page whitepaper : Clarify which collaboration tools customers should use when. The slide, which features SharePoint -- and its files, sites and content storage at the center -- is broken down into t...

New Verizon leak exposed confidential data on internal systems

Image
Dozens of documents reveal detailed maps and configurations of internal Verizon servers. Security researchers have found yet another data exposure at Verizon. Confidential and sensitive documents, including server logs and several instances of credentials for internal systems, were found on an unprotected Amazon S3 storage server controlled by a Verizon Wireless customer, discovered by  security researchers at the Kromtech Security Research Center . The server contained several files, mostly scripts and server logs -- some appeared to show usernames and passwords to internal systems. Other folders contained internal Verizon documents, many of which were marked "confidential and proprietary materials," include detailed server and infrastructure maps, server IP addresses, global router hosts, and several scripts that could be used to gain elevated privileges within the system. A portion of the files were shared for verification. The files largely appear to refer...

Linux gets blasted by BlueBorne too

Image
BlueBorne is a set of Bluetooth security holes that just keeps on hitting. Besides smartphones and Windows, it seriously impacts Linux desktops and servers. The security company  Armis  has revealed eight separate Bluetooth wireless protocol flaws known collectively as BlueBorne . This new nasty set of vulnerabilities have the potential to wreak havoc on iPhones, Android devices, Windows PC, and, oh yes, Linux desktops and server, as well. While BlueBorne requires a Bluetooth connection to spread, once the security holes are exploited, a single infected device could infect numerous devices and computers in seconds. Attacks made with BlueBorne are silent, avoid activating most security measures, and require nothing from new victims except that their devices have Bluetooth on. Armis CEO Yevgeny Dibrov explained: "These silent attacks are invisible to traditional security controls and procedures. Companies don't monitor these types of device-to-device connections i...

Sun set: Oracle closes down last Sun product lines

Image
Oracle is shutting down SPARC and Solaris. Good bye, Sun. It was nice knowing you. Officially,   Oracle   hasn't said a thing. Unofficially, if you count the cars in Oracle's Santa Clara office, you'll find hundreds of spots that were occupied last week now empty. As   many as 2,500 Oracle, former Sun, employees have been laid off . Good bye, SPARC. Good bye, Solaris. Your day is done. None of this is a real surprise.   Oracle had cut former Sun engineers and developers by a thousand employees   in January. In Oracle's most recent   SPARC/Solaris roadmap , the next generation Solaris 12 had been replaced by Solaris 11.next and SPARC next -- incremental upgrades. Former Sun executive Bryan Cantrill reported, based on his conversations with current Solaris team members, that   Oracle's latest layoffs were, "So deep as to be fatal:   The core Solaris engineering organization lost on the order of 90 percent of its people, including essentiall...

711 million email addresses ensnared in 'largest' spambot

Image
The spambot has collected millions of email credentials and server login information in order to send spam through "legitimate" servers, defeating many spam filters. A huge spambot ensnaring 711 million email accounts has been uncovered. A Paris-based security researcher, who goes by the pseudonymous handle  Benkow , discovered an open and accessible web server hosted in the Netherlands, which stores dozens of text files containing a huge batch of email addresses, passwords, and email servers used to send spam. Those credentials are crucial for the spammer's large-scale malware operation to bypass spam filters by sending email through legitimate email servers. The spambot, dubbed "Onliner," is used to deliver the Ursnif banking malware into inboxes all over the world. To date, it's resulted in more than 100,000 unique infections across the world, Benkow . Troy Hunt,  who runs breach notification site Have I Been Pwned , said it was a "...

Sonos says users must accept new privacy policy or devices may "cease to function"

Image
The sound system maker will not allow existing customers to opt-out of the new privacy policy. Sonos has confirmed that existing customers will not be given an option to opt out of its new privacy policy, leaving customers with sound systems that may eventually "cease to function". It comes as the home sound system maker prepares to  begin collecting  audio settings, error data, and other account data before the  launch of its smart speaker integration  in the near future. A spokesperson for the home sound system maker told that, "if a customer chooses not to acknowledge the privacy statement, the customer will not be able to update the software on their Sonos system, and over time the functionality of the product will decrease." "The customer can choose to acknowledge the policy, or can accept that over time their product may cease to function," the spokesperson said. News of the changes was announced to customers in an email last week. ...