Security

0

WordPress blogs are complex pieces of software with a threat surface that expands with each plug-in or theme you install. Whenever I set up a new WordPress site, one of the first things I install is Wordfence - a security plug-in that provides a number of services that help me monitor and manage those sites. Wordfence has launched a WordPress Security Audit service.

1

One of the primary vehicles used by bad guys to access our systems is stealing log-in credentials in order to impersonate real users. All the security processes and tools in the world are circumvented when someone has your username and password. That's where two-factor authentication (2FA) comes into play. 2FA works by adding another authentication challenge to the equation. It's not just about what you know - your password, it's also about something you have. That's where the authenticator apps from Microsoft and Google come into play.

0

A new piece of research from Data 61, the digital research arm of CSIRO, has found the energy patterns we generate when we walk can be used to power mobile devices and to authenticate our identity. It turns out we have, in Star Trek parlance, unique energy signatures.

1

Cloud syncing of data is one of those things we've come to rely on. But we also trust cloud services to protect our data. And that extends to deletions. ElcomSoft has proven that it is possible to retrieve deleted notes after the 30-day window that Apple has set for getting notes back.

1

Backing up data to tape remains a viable path for many businesses. And even though it seems to be old school, it's still being developed even though disk-based backup has been gaining in popularity. IBM recently upped their tape capacities to 15TB. However, with more and more systems being managed remotely through private, public and hybrid cloud services, it's getting harder to justify tape as traditional deployments struggle to capture a complete snapshot of all your business data. That's why tape as a Service is appearing.

2

With WannaCry garnering a lot of attention over the last few days, it's easy to forget that the root cause of the damage it wreaked is still out there. The vulnerability it exploited was a weakness in Windows' file-sharing protocol. And while the threat of WannCry has been largely contained, if the vulnerability, dubbed EternalBlue by the NSA, remains unpatched, it can be exploited by others. And that's something being identified in the wild.

0

Microsoft's President and Chief Legal Officer, Brad Smith, says this week's WannaCry attack "provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem". And while Smith says Microsoft and other tech companies need to take the lead on combatting these widespread attacks, he highlights the shared responsibility required to protect, detect and respond to threats.

0

By now, you'll know all about WannaCry - a ransomware attack that ran rampant late last week and over the weekend. While ransomware attacks suck - they can cost a lot to recover from whether you measure that in ransoms or time lost in recovery - the worrying thing about WannaCry was the attitude of many organisations when it comes to updates and patching.

1

New research released today by Telsyte says the IoT market is set to soar with more than 300 million connected devices in Australian homes by 2021. That's more than ten devices for every man, woman and child - and excludes commercial devices and applications. While managing and securing those devices will be a massive challenge, keeping them connected and remotely accessible will also see our telcos scrambling as they seek to further embed themselves in our lives