twitter google-plus facebook instagram pinterest Rechercher triangle-down Femme Actuelle Les Testeuses Hellocoton Mon compte
Vous êtes sur la partie communautaire de Beauté Addict : Le Blog de Danaefiona

publié le 11 novembre 2017 Beauté › Troc entre nous

I reach home and, still burning from my close shave earlier in the day and now determined to prove the survey wrong, I send a print job over local Wi-Fi from my Google Nexus 7. Poorly connected? Hah, I’ll teach them.Usenix Enigma The United States National Security Agency (NSA) is a notoriously secretive organization, but the head of its elite Tailored Access Operations (TAO) hacking team has appeared at Usenix’s Enigma conference to tell the assembled security experts how to make his life difficult.Rob Joyce has spent over a quarter of a century at No Such Agency and in 2013 he became head of TAO, with responsibility for breaking into non-US computer networks run by overseas companies and governments. Joyce's presentation on network security at the event boiled down to one piece of advice.“If you really want to protect your network you have to know your network, including all the devices and technology in it,” he said. “In many cases we know networks better than the people who designed and run them.”

NSA tiger teams follow a six-stage process when attempting to crack a target, he explained. These are reconnaissance, initial exploitation, establish persistence, install tools, move laterally, and then collect, exfiltrate and exploit the data.During the reconnaissance phase agents examine a network electronically and, in some cases, physically. They work out who the key personnel are, what email accounts matter, how far the network extends, and maintain constant surveillance until they can find a way in.“We need that first crack and we’ll look and look to find it,” he said. “There’s a reason its called and advanced persistent threat; we’ll poke and poke and wait and wait until we get in.”The goal is to find weak points, whether they be within the network architecture, or in staff who maybe work from home or bring in unauthorized devices. There’s also areas where the target network interconnects with other computer systems, like heating and ventilation controllers, which can be useful for an attack.Companies need to pay particular attention to cloud providers, he said. Once you use a cloud company you are essentially handing your data over to them and relying on their security, so he warned due diligence is even more important than usual.

For the initial exploitation phase the key attack vectors are malware attachments in email, injection attacks from websites, and removable media - the latter being particularly useful for penetrating air-gapped systems that aren’t even on the network; Iran found that out the hard way with Stuxnet.Another common attack vector is common vulnerabilities and exposures (CVEs) that haven’t been patched, he said. Companies need to make automatic patching the norm to protect themselves against nation-state hackers he warned. As for zero-day flaws, he said they are overrated.“A lot of people think that nation states are running their operations on zero days, but it’s not that common,” he said. “For big corporate networks persistence and focus will get you in without a zero day; there are so many more vectors that are easier, less risky, and more productive.”As for the NSA’s own collection of zero-day exploits, Joyce said that in fact the agency had very few and each new one was discovered was evaluated by an outside committee to see when software manufacturers should be informed to build a patch. The NSA doesn’t have the final decision on this, he claimed.To protect against this admins need to lock things down as far as possible; whitelisting apps, locking down permissions, and patching as soon as possible, and use reputation management. If a seemingly legitimate user is displaying abnormal behavior, like accessing network data for the first time, chances are they have been compromised, he said.

Reputation-based tools are particularly useful against malware, Joyce explained. Signature-based antivirus won’t protect you against a unique piece of attack code, but when used in conjunction with reputation databases it can be effective - if code or a domain hasn’t been seen before there’s a high chance it’s dodgy.It’s amazing how often simple issues come up and allow access to target networks, he explained. Things like administrator credentials being left embedded in scripts, how many networks are unsegmented, and how often suspicious activity reported in network logs got missed.He cited cases where NSA hackers have performed penetration testing, issued a report on vulnerabilities, and then when they go back two years later to test again found the same problems had not been fixed. When the NSA hacking squad comes back, he said, the first thing they do is investigate previously reported flaws and it’s amazing how many remain un-patched even after the earlier warning.

  • Acer AL12A32 Battery
  • Acer AL10G31 Battery
  • Acer AL10BW Battery
  • Acer al10a13 Battery
  • Acer AS10B6E Battery
  • Acer AS10B5E Battery
  • Acer AS10B3E Battery
  • Acer AS09F34 Battery
  • Acer AS09D70 Battery
  • Acer AS09D56 Battery
  • Acer AS09D36 Battery
  • Acer AS09D34 Battery
  • Acer AS09B56 Battery
  • Acer AS09B5E Battery
  • Acer AS09A90 Battery
  • Acer AS09A78 Battery
  • Acer AS09A75 Battery
  • Acer AS09A73 Battery
  • Acer AS09A61 Battery

Once inside a network, the next stage is to establish persistence, primarily by establishing software run lines or subverting other applications. Application whitelisting is key to locking down this phase of an attack he said.A 0-day security breach at Lincolnshire County Council has exposed locals' medical records, addresses, and bank details, claimed an anonymous tipster, though the council denies any data was stolen.The breach was reported by The Lincolnite, which stated "anonymous reports from inside the council" suggested a major breach of its "main adult care system" had spaffed the sensitive personal information of constituents.Talking to The Register this morning, a council spokesperson denied that any data had been lost and claimed an email attachment with a zero-day exploit had managed to infect its internal system after being sent to multiple members of staff.In addition, The Lincolnite reported that another system which stored staff details and bank details, as well as "the G Drive, which holds various other documents and forms", had been breached.

According to the local paper's source, emails were not initially affected by the breach, however the attackers' access seems to have been extended to include them.The council's response has been to order staff to "close their computers and turn the power off."Judith Hetherington Smith, the council's CIO, told the local paper that the council "closed down our systems very quickly to protect the data and are investigating the cause but at this stage have found no evidence of any breach."A spokesperson for Lincolnshire County Council added that, "as a precautionary measure, [we] have suspended IT use until the extent of it is clear."The shutdown seems to be affecting all of the council's systems.Libraries are open as usual but please be aware that the computers are currently unavailable due to a malware attack As part of a campaign into UK councils' cyber security conducted last year, The Register was told that Lincolnshire County Council's AV solution(s) - the specifics of which the council declined to disclose - had thrown up 196,553 malware alerts in 2015.The Register has learned that the council has outsourced its IT operations to Serco since last April, although what AV solutions the outsourcer company uses has not been disclosed.

The council told us that there had been 32 malware infections, via email, over that period. The areas and machines affected were not recorded, however. Faster, longer battery life, chip-based security – innovation is alive and well in its sixth-generation Core chips, Intel claims, with the company officially launching its sixth-generation Core vPro processors on Tuesday, wrapped in a series of changes it claimed would inevitably drive sales.Two and a half times the performance of a fifth-gen CPU-powered laptop, three times the battery life, and four times faster wake-up are the promises. Also, we're looking forward to Intel authenticate – multi-factor authentication that also works with PINs and biometrics in association with a smartphone.If the phone strays further than a specified Blue-toothy connection distance from the i7 vPro machine in question, it locks you out. No more PCs going walkies in public places, mid-session documents, and data open to plunder.PC makers are lining up behind the chips, claiming about 200 business PC designs – 160 for vPro and 30 ultra book designs. Machines are coming from Acer, Dell, Hewlett-Packard, Lenovo and others in a variety of form factors – 2 in 1s, ultra books, and desktops, you name it.

  • Acer AS09A56 Battery
  • Acer AS09A51 Battery
  • Acer AS09A41 Battery
  • Acer AS09A36 Battery
  • Acer AS09A31 Battery
  • Acer AS11B5E Battery
  • Acer AS11A5E Battery
  • Acer AS11A3E Battery
  • Acer AS10G3E Battery
  • Acer AS10E76 Battery
  • Acer AS10E7E Battery
  • Acer AS10D81 Battery
  • Acer AS10D75 Battery
  • Acer AS10D73 Battery
  • Acer AS10D71 Battery
  • Acer AS10D61 Battery
  • Acer AS10D51 Battery
  • Acer AS10D41 Battery
  • Acer AS10D31 Battery

The thrust is very much the business user, with Intel citing one Gartner analyst claiming the chips make PCs part of businesses’ "overall security solution" with users "more secure and productive than ever".Innovation is still the industry’s muse: as a phrase it's over used, often mischaracterised, and its application frequently divorced from cold, hard market realities. Explaining recent years' falling PC sales and the eclipse of the PC by the tablet, vice president and general manager of Intel’s business client platform division, Tim Garrison, told The Register he believes the “innovation” on display now will shift boxes.“Years ago we got in trouble [because] there wasn’t much innovation going into the PC. It was the same old PC we’d had for generations and people said ‘I don’t see a future here'," said Garrison. “Since then, with the sixth generation core, you see so much more innovation going on.”However, the PC market's structural dynamics, which have blighted sales for the last few years, are still in place. PC makers, and those middlemen in the channel responsible for getting devices into the hands of buyers, remain saddled with a backlog of unsold PCs using old chips.

They’ve been stuck for a variety of reasons: consumers flocking to new tablets, businesses holding out on Windows XP and Windows 7 on old PCs, and OEMs and channel partners burned by buying big into Microsoft’s promises on Windows 8.That was a version of Windows where Microsoft was playing the “innovation” card – innovation around the touch interface, which ultimately proved about as popular as John Lennon proclaiming the The Beatles were "more popular than Jesus".Gartner this week reckoned 232 million traditional PCs would be shipped in 2016, equating to a 1.7 per cent drop on 2015. In the last quarter of 2015, 22.5 million PCs shipped into third-party sellers in EMEA, according to the research giant, a decline of 16.1 per cent year-on-year.IDC in December reckoned on compound annual growth rate of one per cent over five years for portable PCs, and a decline of 2.5 per cent for desktops. That’s alarming for Intel, which relies on a cadence of PC sales of three years in notebooks and four for desktops to help drive sales.

Also, Intel has historically relied on new releases of Windows – businesses and consumers buy fresh PCs to cope with the system demands of Microsoft’s new OS.“When people move to a new operating system they almost always do so on new hardware so it’s a benefit to us as well,” Garrison said on a trip to the UK. He estimated people are “excited” about Windows 10, released in July, a fact that will drive PCs sales and therefore mean business as usual.“What you get from your old PC versus what you can buy is a significant cost for the business, plus the PC starts to wear out and break frequently,” Garrison said. But, if Gartner and IDC are correct, Windows 10 hasn’t so far (and won’t in the near future) do anything to prompt growing PC sales.Microsoft hasn’t exactly helped by giving Windows 10 away for free to download – an offer that, at times, has seen Microsoft forcing Windows 10 on existing users. Worse, Microsoft has said there will be no new versions of Windows after Windows 10 – that it’ll be incremental updates, instead.

Garrison reckoned this won’t hurt PC sales, and the raw fact that the older a PC becomes the slower and cruddier it gets, will somehow prick the conscience of corporate IT purchasers. “Do we expect to see any change in the hardware purchase? The answer is 'no'. If they are on a three-year cycle we expect to see them still on a three-year cycle," he said.Intel won’t admit it, but Microsoft will (or has), and the author of the Windows client seems to have recognised both the implications and the limitations of its “free” policy. Microsoft will refuse to release updates for Windows 7 PCs to take advantage of new chipsets from January 2020 and January 2023 for 8.1.Whether it’s ignorance about ending support deadlines, lack of money to spend on new PCs, or just a willingness to gamble, Microsoft's dangling of the carrot hasn't forced them to upgrade in the past. It's unlikely to do so in the future. On Tuesday, the California chip giant sprung this news on the world, revealing what it seemed to be saying was a really big secret: all this time, the sixth-gen Core family, launched in September, has had brand-spanking new multi-factor authentication support, and no one knew? Blow me down with a feather.

0 vote 0 commentaire

Partagez cet article

Réagissez à l'article de Danaefiona

Si vous avez un compte Addict, connectez-vous !

Sinon, utilisez simplement le formulaire ci-dessous pour déposer votre commentaire :

Votre pseudo *

URL de votre site ou blog

Votre commentaire *

Afficher les commentaires

D'autres articles pouvant vous intéresser :

Akku Dell 5p140

A recent development is the ability to run Android apps from the Google Play Store on Chromebooks. This perk lets you use the laptop, even when you're not connected to the Internet. These are the same apps you run on your phone, including games, productivity apps, and streaming video services...

Akku Acer emachines d440

Ich sprach von einem einfachen Weg, mein MacBook und andere technische Geräte mit Solarstrom zu versorgen und mir damit Unabhängigkeit von einer Stromquelle zu verschaffen. Und hier ist er:Ihr schließt ein faltbares Solarpanel an eine passende Powerbank an. Es gibt hier besonders...

Akku Dell 310-5195

Apple MacBook Air: Kleiner, leichter, schneller Das Gehäuse des neuen MacBook Air fällt deutlich kleiner aus, der breite Rahmen um das Display ist passé. Damit ist das neue Modell bei gleicher Bildschirmgröße (13,3 Zoll) schmaler als sein Vorgänger (30,4 statt 32,5 Zentimeter). Mit 15,6...

Accu Sony VGP-BPS13/Q

Windows is normaal gesproken op de C-schijf geïnstalleerd. Door deze partitie zo schoon mogelijk te houden, blijft het besturingssysteem lekker snel. Bewaar persoonlijke bestanden daarom bij voorkeur op een andere partitie, bijvoorbeeld de D-schijf. Verder loop je de C-schijf desgewenst handmatig...

Accu Samsung AA-PB2VC6W

De Banana Pi is een Chinese kloon van de Raspberry Pi, die zoveel mogelijk compatibel is met de echte Raspberry Pi, maar meer mogelijkheden biedt. De Allwinner ARM Cortex-A7 dualcore-processor is veel krachtiger en draait alle software die voor de Raspberry Pi geschreven is. Het Chinese bordje is...

Beauté AddictBlogs B.A.Tous les Blogswww.portable-batteries.comAccu Samsung AA-PB2VC6W