Swimming Women's 4x200m Freestyle Relay Victory Ceremony (Day 3) | 28th ...

Happy Holidays!

Tricks Love: 7 Best Tips to Extend Android Battery Life

Tricks Love: 7 Best Tips to Extend Android Battery Life: Battery life is one of the biggest issues in the Android world today. Take your SIM card out, turn off Wi-Fi and never touch it and it&#39...

Great reason. why you should use Unified Inbox.

http://www.scmagazine.com/linkedin-accounts-can-easily-be-taken-over-if-https-is-not-always-enabled-by-default/article/356754/

Any LinkedIn user not serving all traffic overHTTPS by default could ultimately have their account taken over in a man-in-the-middle (MitM) attack provided they are on the same network as the attacker.

The MitM attack can happen if LinkedIn redirects users to HTTP following a successful login via HTTPS; however, it is "SSL stripping," a technique that changes HTTPS traffic to HTTP traffic, that enables a bad actor to see a user's session, and credentials, in plaintext, Zuk Avraham, founder and CEO of Zimperium, told SCMagazine.com in a Thursday email correspondence.

This enables interception of email addresses, passwords, read and sent messages, and connections, Avraham wrote in a Wednesday post, adding that attackers could take it a step further and edit user profiles, edit job postings, manage company pages, and send invitations to connect with others.

This is a particularly dangerous attack – which also impacts LinkedIn's mobile website, though not its mobile app – because even an unseasoned attacker can carry it out, Avraham said.

Avraham used Zimperium's zANTI penetration testing mobile app, which enables MitM attacks and SSL stripping, but he said that any other toolkit – such as Cain & Abel, Dsploit, Ettercap, and Arpspoof – can be downloaded for free to do essentially the same thing.

“There are several different ways to prevent SSL stripping,” Avraham said. “For example, the website owner can prevent these attacks by ensuring HTTPS is always enabled by default, and not just during login.”

Enabling HTTPS by default is an initiative LinkedIn began undertaking at the end of last year, but the business-oriented social network only began serving it up to U.S. and EU members last week – and Zimperium initially notified LinkedIn about the issue in May 2013, the Zimperium post indicates.

“This issue does not impact the vast majority of LinkedIn members given our ongoing global release of HTTPS by default,” a LinkedIn spokesperson wrote in a statement emailed Thursday to SCMagazine.com.

Expect to see an increase in these types of attacks, particularly as the number of unsecured hotspots continues to rise, Avraham said, adding that a security defense solution should always be used on any device when connecting to public Wi-Fi.

“Too many people think that anti-virus software will protect them, but it won't, not against these types of attacks,” Avraham said. “Unfortunately, there is not an easy manner for an end user to know their device is being compromised.”

can this happen to your company?

http://www.scmagazine.com/code-spaces-shuts-down-following-ddos-extortion-deletion-of-sensitive-data/article/356774/

Code Spaces recently became one of the roughly60 percent of small businesses that fold within six months of experiencing a cyber attack.

It began on Tuesday when the code hosting and project management services provider experienced a “well orchestrated” distributed denial-of-service (DDoS) attack against its servers, according to a post on the website.

Code Spaces then learned that unauthorized access was gained to its Amazon Elastic Compute Cloud (EC2) control panel, according to the post. The attacker left messages behind seeking communications via a Hotmail address.

As with several other recent extortion-based DDoS attacks, the attackers told Code Spaces that a “large fee” would resolve the issue.

Code Spaces moved to change its passwords, but the attacker had created backup logins and began "randomly" deleting artifacts from the panel, including most of Code Spaces' data, backups, machine configurations and offsite backups, according to the post.

“Code Spaces will not be able to operate beyond this point, the cost of resolving this issue to date and the expected cost of refunding customers who have been left without the service they paid for will put Code Spaces in a irreversible position both financially and in terms of ongoing credibility,” according to the post.

In a Thursday email correspondence, Ofer Hendler, CEO of cloud security company Skyfence, told SCMagazine.com that he believes the attack was made possible because an administrator's credentials were compromised – likely in a phishing attack.

“This incident is a not-so-subtle reminder that security controls to monitor and manage privileged access need to be taken just as seriously in the cloud as they are in the data center,” Hendler said. “That means limiting access to sensitive systems and data, both IT and business applications, to only those that need it.”

Multifactor authentication offers one way to help prevent these types of incidents from occurring, Hendler said, adding that organizations should also use technology that monitors and controls privileged commands executed by administrators in cloud apps.

“This will allow a company to know who made changes, including changes to security settings,” Hendler said. “In addition, some level of separation of duties should be enforced by controlling the actions that individual administrators can perform. This could have helped prevent this type of breach.”

Unified Inbox feature in Channel new asia at CommunicAsia

http://www.channelnewsasia.com/news/video/at-communicasia-how-to/1170208.html

[FULL] Volkswagen Eyes On The Road Cinema Stunt | Shocking Danger of Tex...