Infrastructure made of connected things is highly trending as organizations are in the process of adopting Internet of Things. At the same time security concerns around these connected devices continues to be a bottleneck for IoT adoption. In an effort to improve IoT security, earlier this month, Microsoft released Azure Sphere, a cost-effective way of securing connected devices. Gartner claims that worldwide spending on IoT security will reach 1.5 billion in 2018. Azure Sphere is basically a suite of services, used to enhance IoT security. Following are the services included in the suite: Azure Sphere MCUs These are a certified class of microcontrollers specially designed for security of internet of things. It follows a cross-over mechanism which allows the combination of running realt-time and application processors with built-in microsoft security mechanism and connectivity. MCU chips are designed using custom silicon security technology, made by Microsoft. Some of the highlights are: A pluton security subsystem to execute complex cryptographic operations A cross-over MCU with the combination of both Cortex-A and Cortext M class processor. Build-in network connectivity to ensure devices are upto date Azure Sphere OS Azure Sphere OS is nothing but a Linux distro used to securely run the internet of things. This highly scalable and secure operating system can be used to run the specialized MCUs by adding an extra layer of security. Some of the highlights are: Secured application containers focussing on agility and robustness A custom Linux Kernel enabling silicon diversity and innovation A security monitor to manage access and integrity The Azure Sphere Security Service An end-to-end security service solely dedicated to secure Azure sphere devices, enhancing security, identifying threats, and managing trust between cloud and device endpoints. Following are the highlights: Protects your devices using certificate based-authentication system. Ensure devices authenticity by ensuring that they are running on genuine software Managing automated updates for Azure Sphere OS, for threat and incident response Easy deployment of software updates to Azure Sphere connected devices. For more information, refer the official Microsoft blog. Read Next: Serverless computing wars: AWS Lambdas vs Azure Functions How to call an Azure function from an ASP.NET Core MVC application
On Friday, DockerHub informed its users of a security breach in its database, via email written by Kent Lamb, Director of Docker Support. The breach exposed sensitive information including some usernames and hashed passwords, as well as tokens for GitHub and Bitbucket repositories, for approximately 190K users. The company said this number is only five percent of DockerHub’s entire user base. Lamb highlighted that the security incident which took place a day prior, i.e. on April 25, where the company discovered unauthorized access to a single Hub database storing a subset of non-financial user data. “For users with autobuilds that may have been impacted, we have revoked GitHub tokens and access keys, and ask that you reconnect to your repositories and check security logs to see if any unexpected actions have taken place,” Lamb said in his email. The GitHub and Bitbucket access tokens stored in Docker Hub allow developers to modify their project’s code and also help in auto building the images on Docker Hub. In cases where a third-party gains access to these tokens would allow them to gain access to code within the private repositories. They can also easily modify it depending on the permissions stored in the token. Misusing these tokens to modify code and deploy compromised images can lead to serious supply-chain attacks as Docker Hub images are commonly utilized in server configurations and applications. “A vast majority of Docker Hub users are employees inside large companies, who may be using their accounts to auto-build containers that they then deploy in live production environments. A user who fails to change his account password and may have their accounts autobuilds modified to include malware”, ZDNet reports. Meanwhile, the company has asked users to change their password on Docker Hub and any other accounts that shared this password. For users with autobuilds that may have been impacted, the company has revoked GitHub tokens and access keys, and asked the users to reconnect to their repositories and check security logs to see if any unexpected actions have taken place. Mentioning DockerHub’s security exposure, a post on Microsoft website mentions, “While initial information led people to believe the hashes of the accounts could lead to image:tags being updated with vulnerabilities, including official and microsoft/ org images, this was not the case. Microsoft has confirmed that the official Microsoft images hosted in Docker Hub have not been compromised.” Docker said that it is enhancing the overall security processes and also that it is still investigating the incident and will share details when available. A user on HackerNews commented, “I find it frustrating that they are not stating when exactly did the breach occur. The message implies that they know, due to the “brief period” claim, but they are not explicitly stating one of the most important facts. No mention in the FAQ either. I’m guessing that they are either not quite certain about the exact timing and duration, or that the brief period was actually embarrassingly long.” To know more about this news, head over to the official DockerHub post. Read Next Hacker destroys Iranian cyber-espionage data; leaks source code of APT34’s hacking tools on Telegram Liz Fong-Jones on how to secure SSH with Two Factor Authentication (2FA) WannaCry hero, Marcus Hutchins pleads guilty to malware charges; may face upto 10 years in prison
Categories: Calley News 15Mar Michigan House approves Rep. Calley bill safeguarding election integrity Legislation ensures qualified voter file is kept up to dateLegislation sponsored by state Rep. Julie Calley to protect the integrity of elections in Michigan was overwhelmingly approved today in the Michigan House.Calley’s legislation, House Bill 5646, requires the Secretary of State to keep the list of people who are registered and qualified to vote in Michigan up to date by checking it against U.S. Social Security Administration’s death records. The legislation also requires continued participation in a multi-state program through which information is shared about the current address and registration status of voters.“People are more concerned than ever about the security of our elections,” said Calley, of Portland. “We must do everything we can to ensure them that our qualified voter file is being held to the highest standard possible. When someone passes away or moves to another state, it’s important to update our voter rolls in a prompt and efficient manner to eliminate the possibility of voter fraud.”While the Secretary of State currently utilizes these resources to update the qualified voter file, Calley said it is not required under current law. Her legislation ensures the practice continues in the future.In addition to Calley’s bill, the House also approved two other bills clarifying current practices of the Secretary of State. House Bill 5644, sponsored by Rep. Tom Barrett, spells out the procedure by which absentee voters can change their mind and spoil their absentee ballot.House Bill 5669, sponsored by Rep. Aaron Miller, clarifies the current list of acceptable forms of identification for election purposes.“Establishing these current practices as law ensures the Secretary of State and local election officials are all on the same page, and provides residents with confidence in the database of qualified voters,” said Calley, who serves as vice chair of the House Elections and Ethics Committee.House Bills 5644, 5646 and 5669 now move to the Senate for consideration.###
Ivy WongDiscovery has acquired a stake in VS Media, a Chinese multichannel network business.The MCN offers Chinese consumers locally made entertainment content from a roster of 500 creators. It works with the content creators, giving them studio space, funding, marketing and commercial assistance, and VS Media content now registers about 320 million views a month. It has 55 million subs.Discovery has taken an unspecified minority stake in the business, which was founded in 2013 by Chinese entrepreneur Ivy Wong.“I admire the strong community spirit Ivy has fostered with local creators and their followers,” said Arthur Bastings, president and managing director of Discovery Networks Asia-Pacific. “As Discovery looks to build deeper traction in the Chinese-speaking markets, VS MEDIA’s robust following is incredibly valuable to us. Through their advanced analytics, we can get fully plugged in to the Chinese millennial zeitgeist.”Ivy Wong added: “This partnership is a significant milestone in our company’s evolution. We believe that everyone can be an influencer as well as a digital entrepreneur. We continue to uncover, nurture and present the next generation of talent, raising the bar and setting industry best practices.”Discovery has bought in soon after Chinese state-backed private equity fund CMC invested in the business.With investment in hand, VS Media said it is creating a new US$4 million investment fund. It will also have access to content from Discovery Digital Networks, the Discovery division that produces and distributes millennial-skewed content. This content will be localised for the VS Media platform.Discovery has agreed several China-focused partnerships including a content deal with WASU Digital TV Media Group for WASU’s pay TV channel Qiu Suo, and a mobile docs deal with online distributor Viddsee.The VS Media deal is the latest from Discovery Asia under the stewardship of Arthur Bastings, who rejoined the company last year. The division’s Korea operation has been restructured and a new boss brought in, in India on Bastings’ watch.
Citation: Equifax data breach—consumers heard about it but took little action (2018, August 15) retrieved 18 July 2019 from https://phys.org/news/2018-08-equifax-breachconsumers-heard-action.html Provided by University of Michigan Credit: CC0 Public Domain More information: “I’ve Got Nothing to Lose”: Consumers’ Risk Perceptions and Protective Actions after the Equifax Data Breach: www.usenix.org/conference/soup … 018/presentation/zou In comprehensive interviews with 24 consumers, a team of researchers at the U-M School of Information led by Yixin Zou and Florian Schaub found that few knew if they were impacted by the breach, although they had heard about it and understood the risks of identity theft, and even fewer took protective measures, such as freezing their credit reports.”We expected that people might have issues with protecting themselves effectively but the degree of inaction after the data breach was definitely unexpected,” said Zou, a doctoral student at the school. “While a majority of our participants (19 out of 24) knew a big data breach had occurred at one of the big three credit bureaus and demonstrated detailed awareness of identity theft risks, more than half of them did not translate this awareness into any protective measures.”The researchers said many participants exhibited what is called optimism bias.”They underestimated the likelihood of becoming a victim of identity theft, thinking they would not be an attractive target and making the assumption that whoever had access to the stolen data would target people who were more affluent and had a better credit history, even though scammers are unlikely to investigate their financial situation before stealing their identity,” said Schaub, U-M assistant professor of information. “In fact, other research has shown that people of low socioeconomic status are disproportionately affected by identity theft.”Some consumers reported a tendency to delay security related tasks until they are actually harmed, even though recovery from identity theft is more labor and time-intensive than prevention, the researchers said.Many consumers think if a problem is going to occur it will happen right away, so when all seems well shortly after a breach they move on without much more thought about it.Then there were some who were unaware of available protective measures or had heard certain terms but misinterpreted their meanings. Equifax identifies 2.4 mln more affected by massive hack “For example, ‘fraud alerts’ were understood as alerts sent by your bank or credit card company when fraudulent activities have been detected on your account, whereas placing a fraud alert on your credit file actually means adding a flag to your credit report when it is requested by vendors, alerting them that you may be at risk of fraud and that they should carefully verify your identity before a transaction,” Zou said. “Credit freezes, which are the only effective way to prevent companies from requesting your credit report without you explicitly “unfreezing” it again, were misunderstood as ‘freezing’ credit cards by half of our participants.”For a number of the consumers, their inaction was an issue of cost. Placing a freeze on credit can cost up to $10 for each of the three major credit bureaus.”Freezing and unfreezing your credit reports should be free nationwide, because it is the only measure that can effectively limit certain types of identity theft,” Schaub said. “Similarly, consumers should be able to access their credit reports anytime for free, whereas current laws only mandate one free credit report per year.”The good news is that credit freezes will be free in all U.S. states starting from this September, as a result of a new federal law amending the Fair Credit Reporting Act. However, this new law doesn’t address some of the other issues we uncovered. For instance, consumers still need to place separate credit freezes at each credit bureau, something many of our participants were not aware of.”The actions favored by those that took the time to monitor their accounts were no-cost options such as going to Equifax’s website, checking credit reports either through the annual credit report site or free third-party services, and closer self-monitoring of existing bank, credit card and other financial accounts.Those actions can help spot identity theft when it occurs, but on their own do little to prevent identity theft, the researchers said. The Equifax breach included names, social security numbers, birth dates, addresses and driver’s license numbers of all impacted, plus credit card numbers of about 209,000 consumers and credit dispute documents for another 182,000 people.Zou and Schaub said the media played a role in informing consumers about the breach but not in prompting action. Instead, consumers were more willing to take actions when prompted by family members, colleagues or experts.The researchers said this points to the need for the companies not only to report breaches but to clearly inform consumers how they are affected, what their risks are from the exposure of their personal data, and what steps to take to protect themselves. Usually when a breach happens, the companies send a message that says the consumers’ data may have been compromised, with an offer for free credit monitoring and little more, leaving consumers to decide if they want to take steps or wait and hope for the best.The Identity Theft Resource Center shows that the number of data breaches in the United States climbed from 157 in 2005 to 1,579 in 2017 with nearly 179 million records exposed. All told, from 2005 to date there have been 9,215 breaches and 1.1 billion records exposed. When the Equifax data breach impacting nearly 147 million people occurred just over a year ago most consumers took little to no action to protect themselves despite the risk of identity theft, University of Michigan researchers found. Explore further This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.
Provided by Rutgers University Credit: CC0 Public Domain How to pick a new password, now that Twitter wants one Explore further “Websites focus on telling users if their passwords are weak or strong, but they do nothing to help people remember passwords,” said Janne Lindqvist, study co-author and assistant professor in the Department of Electrical and Computer Engineering in the School of Engineering.”Our model could be used to predict the memorability of passwords, measure whether people remember them and prompt password system designers to provide incentives for people to log in regularly,” Lindqvist said. “Logging in more often helps people remember passwords.”It’s well-known that text-based passwords are hard to remember and people prefer simple, unsecure passwords. The study found evidence that human memory naturally adapts based on an estimate of how often a password will be needed. Important, frequently used passwords are less likely to be forgotten, and system designers need to consider the environment in which passwords are used and how memory works over time.”Many people struggle with passwords because you need a lot of them nowadays,” Lindqvist said. “People get frustrated. Our major findings include that password forgetting aligns well with one of the psychological theories of memory and predicting forgetting of passwords.The peer-reviewed study by researchers at Rutgers-New Brunswick and Aalto University in Finland was formally published last month at the 27th USENIX Security Symposium in Baltimore, Maryland. The symposium—a tier-1 international conference—covered novel and scientifically significant practical advances in computer security. Citation: Do you know why and how you forget passwords? (2018, September 6) retrieved 17 July 2019 from https://phys.org/news/2018-09-passwords.html This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only. Do you frequently forget passwords to a baffling array of accounts and websites? Much depends on a password’s importance and how often you use it, according to a Rutgers University-New Brunswick-led study that could spur improved password technology and use. More information: Study paper: www.lindqvistlab.org/s/USENIXS … ttingofpasswords.pdf
Credit: CC0 Public Domain Provided by Netherlands Organisation for Scientific Research (NWO) https://www.nwo.nl/onderzoek-en-resultaten/programmas/open+technologieprogramma/projecten/2012/2012-12271 The methodology is used in the application Matching Data, offered by TAUS, an important think tank in the field of machine translation. This application tackles a big challenge within digital translation: for a good translation it is necessary to train the translation machine with reliable sources and datasets that contain the relevant type of words. For example, translating a legal text requires a completely different vocabulary and a different type of translation than for example, a newspaper report.Successful implementationIn 2013 the DatAptor project, supervised by Professor Khalil Sima’an of the UvA Institute for Logic, Language and Computation, received funding from Technology foundation STW (now: NWO Domain Applied and Engineering Sciences) to deal with this problem. The research results of the DatAptor project have now been successfully implemented by think tank TAUS. They offer the new technology under the name Matching Data.On the weblog of TAUS Sima’an says: “Our dream was to make the world wide web itself the source of all data selections. But we decided to start more modest and make the very large TAUS Data repository our hunting field first. In DatAptor we learned that every domain is a mixture of many subdomains. The combinatorics of subdomains in a very large repository harbors a wealth of new, untapped selections. Therefore, if the user provides a Query corpus representing their domain of interest, the Matching Data method is likely to find a suitable selection in the repository.” More information: Data-Powered Domain-Specific Translation Services On Demand (DatAptor) Google moves to curb gender bias in translation This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only. A new methodology to improve machine translation has become available this month through the University of Amsterdam. The project DatAptor, funded by NWO/STW, increasingly advances translation machines by selecting data sets. Citation: New technology for machine translation now available (2019, January 22) retrieved 17 July 2019 from https://phys.org/news/2019-01-technology-machine.html Explore further
NEW DELHI: Floods in Assam is a cause of worry for all of us, BJP working president JP Nadda said on Tuesday and asked party workers to help the affected people in all possible ways. “I appreciate the efforts of the state government for all possible relief and rescue operations on a war footing. The central government is also providing full support to the state,” he said in a tweet. Expressing his sympathy with the affected families, Nadda said the BJP stands shoulder to shoulder with the people of Assam and “our thoughts are with the bereaved families”. “I urge BJP karykartas to help the affected in all possible ways,” he said. Download The Times of India News App for Latest India News.XStart your day smart with stories curated specially for you