POODLE’s bark is bigger than its bite

Tony Bradley , PCWorld Follow me on Google+

Tony is principal analyst with the Bradley Strategy Group, providing analysis and insight on tech trends. He is a prolific writer on a range of technology topics, has authored a number of books, and is a frequent speaker at industry events.
More by

Google researchers revealed a major flaw in the SSL encryption protocol—SSLv3 to be precise—which has been affectionately named “POODLE.” The vulnerability is more serious than the silly name might suggest, and the news has garnered a lot of attention because of the potentially broad implications. But security experts assure us the sky is not falling.

What Is POODLE?

POODLE is actually an acronym for “Padding Oracle On Downgraded Legacy Encryption.” SSLv3 is rarely used today, but most Web browsers will negotiate a compatible encryption protocol when connecting to a site or server, and are capable of downgrading to SSLv3 if necessary. The POODLE attack relies in part on forcing the target browser to fall back to the legacy protocol, which has inherent weaknesses that can be exploited to allow the attacker to access the encrypted information.

Read more »

1

3 simple ways two-factor authentication can protect you when no one else will

Tony Bradley , PCWorld Follow me on Google+

Tony is principal analyst with the Bradley Strategy Group, providing analysis and insight on tech trends. He is a prolific writer on a range of technology topics, has authored a number of books, and is a frequent speaker at industry events.
More by

It seems like consumer data is compromised in some massive data breach every other week. You should expect the companies you do business with to do everything possible to prevent data breaches and protect your data, but it’s unreasonable to believe it will never happen. It’s up to you to take additional steps to protect your own data, and minimize the potential fallout from a breach as much as you can. One of the best ways to do that is with two-factor authentication.

Dairy Queen and Kmart are just two of the more current examples of major retail chains that have had their point-of-sale systems compromised—resulting in attackers’ capturing sensitive customer data. Target, Home Depot, and UPS have also been victims of recent data breaches. Personal information and credit card data from tens of millions of consumers is now in the hands of criminals, and at risk of being used for fraudulent activity or identity theft.

2factorauth infographic final Image: Wave Systems Corp.
Read more »

0

Spot phishing scams and don’t take the bait

Tony Bradley , PCWorld Follow me on Google+

Tony is principal analyst with the Bradley Strategy Group, providing analysis and insight on tech trends. He is a prolific writer on a range of technology topics, has authored a number of books, and is a frequent speaker at industry events.
More by

Can you recognize a phishing scam email when you see one? Do you know what signs to look for to identify a phishing attack, and avoid becoming a victim? In honor of National Cybersecurity Awareness Month, PhishMe has developed an infographic with helpful tips to keep you safe and secure.

PhishMe points out the usual, common-sense things you should do to avoid getting compromised—by either phishing scams or malware exploits. Don’t open unknown file attachments or click on links in suspicious emails, and don’t enter your credentials on login pages linked from email messages.

Hopefully that goes without saying at this point for emails you receive from unknown sources. It doesn’t take a rocket scientist to realize that you aren’t expecting a package from UPS, or you haven’t actually conducted business that would involve a suspicious email with a cryptic “invoice” attached. Don’t let curiosity get the best of you. You can be fairly sure it’s not legitimate—and even if it is, you know it’s not for you. Just delete the message.

Read more »

0

Report: Huge spike in mobile malware targets Android, especially mobile payments

Tony Bradley , PCWorld Follow me on Google+

Tony is principal analyst with the Bradley Strategy Group, providing analysis and insight on tech trends. He is a prolific writer on a range of technology topics, has authored a number of books, and is a frequent speaker at industry events.
More by

Two very predictable traits drive cybercriminals: First, they tend to focus on targets with the highest odds of success. Second, they prefer attacks that generate profit. A new joint report from Kaspersky Lab and INTERPOL underscores how these two factors contribute to concerning trends in mobile threats. 

The Mobile Cyber Threats report analyzes mobile malware data collected from Kaspersky’s cloud-based Kaspersky Security Network (KSN) during the period of August 1, 2013 through July 31, 2014, for over 5 million Android smartphones and tablets protected by Kaspersky security products.

It shouldn’t come as any surprise that Android is by far the biggest target for mobile malware. Recent data from IDC indicates that Android comprises about 85 percent of the overall mobile platform market, with iOS a distant second, and the remaining crumbs being shared among Windows Phone, BlackBerry, and other platforms. From a pure numbers perspective, malware designed for Android has the greatest odds of success. Android is also a more open platform, which exposes it to great potential for exploit.

Read more »

1

Survey: BYOD security remains spotty, with users unaware or unmotivated about risks

Tony Bradley , PCWorld Follow me on Google+

Tony is principal analyst with the Bradley Strategy Group, providing analysis and insight on tech trends. He is a prolific writer on a range of technology topics, has authored a number of books, and is a frequent speaker at industry events.
More by

Many organizations have embraced the concept of BYOD (bring your own device), allowing employees to use their own personal smartphones and tablets at work. A new survey from BitDefender, however, suggests that BYOD policies and controls have a long way to go in order to be more secure.

The BitDefender study, conducted by Millward Brown, surveyed 1,045 Internet users in the United States, aged 18 and over, during August of 2014. The results of the survey should be a wake-up call for companies to examine their BYOD policies, and ensure that adequate security controls are in place to safeguard corporate data and resources.

Based on the survey responses, it seems that BYOD has transcended from a trendy buzzword to an accepted norm. The concept of connecting personal mobile devices to a company network or data is widely accepted, and half of the employees who are allowed to use their own smartphone, tablet, or laptop take advantage of that policy.

Read more »

0

Survey finds generation gaps in adoption of new tech

Tony Bradley , PCWorld Follow me on Google+

Tony is principal analyst with the Bradley Strategy Group, providing analysis and insight on tech trends. He is a prolific writer on a range of technology topics, has authored a number of books, and is a frequent speaker at industry events.
More by

Wearable tech and Internet-of-Things (IoT) gadgets are all the rage. A new survey from Acquity Group, though, illustrates how different generations are embracing these new developments.

The study defined three age groups: Millennials (ages 18-25), Generation X (ages 26-35), and Baby Boomers (over age 45). (I guess that group between age 36 and 45 just isn’t very interesting). Overall, Acquity Group found that younger consumers are most likely to adopt connected technologies in the long run, but older consumers are more likely to own certain products already.

For example, 53 percent of Millennials plan to buy some sort of in-home IoT technology in the next five years, compared to only 32 percent of Baby Boomers. When it comes to wearable tech, 36 percent of Millennials plan to adopt wearable tech gadgets in the next five years, while only 25 percent of Baby Boomers indicated as such.

Read more »

3

Prevent identity theft with this interactive site

Tony Bradley , PCWorld Follow me on Google+

Tony is principal analyst with the Bradley Strategy Group, providing analysis and insight on tech trends. He is a prolific writer on a range of technology topics, has authored a number of books, and is a frequent speaker at industry events.
More by

Preventing identity theft starts with you—making sure you’re aware of the threats out there, and how to avoid them.

Choice Loans, a financial lending service based in the UK, has put together a site that can help. It’s an interactive guide to various types of identity fraud, complete with 16 things you can do to detect or respond to them.

The site covers a broad swath of risks. It shares detailed information about computer viruses and malware, con artists and fraud, credit card fraud, online shopping, card skimming, card-not-present fraud, stolen credit or debit cards, mail theft, man-in-the-middle (MitM) attacks, cell phone scams, online password theft, passport fraud, pharming, phishing scams, pyramid schemes, shoulder surfing, and more.

Read more »

0