Archive for January 9, 2015

Only 1 In 10 Cloud Apps Are Secure For Enterprise Use: Netskope

Posted in Commentary with tags on January 9, 2015 by itnerd

Thinking about using apps in the cloud to reduce your costs? You might want to think again. According to cloud experts Netskope, only one in ten cloud apps are secure enough for enterprise use. According to the study, organizations are employing an average of over 600 business cloud apps, despite the majority of software posing a high risk of a potential data leak. The company showed that 15% of logins for business apps used by organizations had been breached by hackers. Over 20% of businesses in the Netskope cloud actively used more than 1,000 cloud apps, and over 8% of files in corporate-sanctioned cloud storage apps were in violation of DLP (Data Loss Prevention) policies, source code, and other policies surrounding confidential and sensitive data. Google Drive, Facebook, Youtube, Twitter and Gmail were among the apps investigated in the Netskope research.

That should be a wake up call to businesses to tighten their use of cloud based apps. It truly isn’t that hard and it can help a company avoid a lawsuit, embarrassment, or some other really bad event down the road.

 

Leave a comment »

Asus WiFi Routers Can Be “Pwned” From Inside Your Network…. Yikes!

Posted in Commentary with tags on January 9, 2015 by itnerd

If you have an Asus router, you need to know that an exploit has been discovered that gives a user inside your network full administrative control to the router. Which means that they can do pretty much anything they want. In effect, they would “pwn” you. This news comes via research conducted by security firm Accuvant and published on Github.

Here’s the non-nerdy explanation. All routers (or computers for that matter) have software on them run very specialized tasks in the background as part of the operating system. Those are called services and you don’t notice them most of the time. There’s a specific service on Asus routers that has the ability to run as the “root” user which is the user that can do anything and everything on the router (or computer as Macs, LINUX, and UNIX computers have the same user within them). This service contains a command that has a flaw where it doesn’t require any authentication. So some evil doer can leverage that command to “pwn” your router and you by extension. What’s worse is that Asus posted the source code on their support site which basically provides a “how to” guide for someone to “pwn” you.

#fail

Now there is no fix for this at the moment. So if you have an Asus router, you are at risk until one comes out. Hopefully, Asus acts on this quickly for the sake of those who use their routers which until today were very highly regarded.

Leave a comment »

Bug In OS X Spotlight Exposes Data To Spammers…… Yikes!

Posted in Commentary with tags , on January 9, 2015 by itnerd

I see that Apple’s software quality has taken yet another hit.

This time there apparently is a bug in OS X Yosemite’s Spotlight feature. German tech news site Heise is reporting that when you use Spotlight to search Apple Mail, Spotlight will show previews of emails and when it does this, it automatically loads external images linked in HTML email. The problem with that is that loading external images also exposes your IP address, current OS version and some details about the browser used as well as the version of Quick Look to spammers among others. That can identify your location as well as other details that can be used to spam you or launch a targeted attack against you. That’s why I have the loading of external images turned off by default in Apple Mail. But Spotlight ignores this setting for whatever reason and displays the external images anyway.

#fail

The only workaround is to uncheck the “Mail & Messages” box for Spotlight in System Preferences. When this option is disabled no mails are returned in Spotlight’s search results, and thus, no preview is shown. That’s great unless you actually rely on Spotlight like I do. Bottom Line: Apple really needs to fix this and fix it now as this is just a glaring privacy issue that should have never, ever made it outside the doors of 1 Infinite Loop.

Leave a comment »