Tag Archives: develop

DHS, SecureLogix develop TDoS attack defense

The U.S. Department of Homeland Security has partnered with security firm SecureLogix to develop technology to defend against telephony denial-of-service attacks, which remain a significant threat to emergency call centers, banks, schools and hospitals.

The DHS Science and Technology (S&T) Directorate said this week the office and SecureLogix were making “rapid progress” in developing defenses against call spoofing and robocalls — two techniques used by criminals in launching telephony denial-of-service (TDoS) attacks to extort money. Ultimately, the S&T’s goal is to “shift the advantage from TDoS attackers to network administrators.”

To that end, S&T and SecureLogix, based in San Antonio, are developing two TDoS attack defenses. First is a mechanism for identifying the voice recording used in call spoofing, followed by a means to separate legitimate emergency calls from robocalls.

“Several corporations, including many banks and DHS components, have expressed interest in this technology, and SecureLogix will release it into the market in the coming months,” William Bryan, interim undersecretary for S&T at DHS, said in a statement.

In 2017, S&T handed SecureLogix a $100,000 research award to develop anticall-spoofing technology. The company was one of a dozen small tech firms that received similar amounts from S&T to create a variety of security applications.

Filtering out TDoS attack calls

SecureLogix’s technology analyzes and assigns a threat score to each incoming call in real time. Calls with a high score are either terminated or redirected to a lower-priority queue or a third-party call management service.

SecureLogix built its prototype on existing voice security technologies, so it can be deployed in complex voice networks, according to S&T. It also contains a business rules management system and a machine learning engine “that can be extended easily, with limited software modifications.”

Over the last year, SecureLogix deployed the prototype within a customer facility, a cloud environment and a service provider network. The vendor also worked with a 911 emergency call center and large financial institutions.

In March 2013, a large-scale TDoS attack highlighted the threat against the telephone systems of public-sector agencies. An alert issued by DHS and the FBI said extortionists had launched dozens of attacks against the administrative telephone lines of air ambulance and ambulance organizations, hospitals and financial institutions.

Today, the need for TDoS protection has grown from on premises to the cloud, where an increasing number of companies and call centers are signing up for unified communications as a service. In 2017, nearly half of organizations surveyed by Nemertes Research were using or planned to use cloud-based UC.

New types of authentication take root across the enterprise

BOSTON — When IT professionals develop a strategy for user password and authentication management, they must consider the two key metrics of security and usability.

IT professionals are looking for ways to minimize the reliance on passwords as the lone authentication factor, especially because 81% of hacking breaches occur due to stolen or weak passwords, according to Verizon’s 2017 Data Breach Investigations Report. Adding other types of authentication to supplement — or even replace — user passwords can ensure security improves without hurting usability.

“Simply put, the world has a password problem,” said Brett McDowell, executive director of the FIDO Alliance, based in Wakefield, Mass., here in a session at Identiverse.

A future without passwords?

Types of authentication that only require a single verification factor could be much more secure if users adopted complex, harder-to-predict passwords, but this pushes up against the idea of usability. The need for complex passwords, along with the 90- to 180-day password refreshes that are an industry standard in the enterprise, means that reliance on passwords alone can’t meet security and usability standards at the same time.

“If users are being asked to create and remember incredibly complex passwords, IT isn’t doing its job,” said Don D’Souza, a cybersecurity manager at Fannie Mae, based in Washington, D.C.

IT professionals today are turning to two-factor authentication, relying on biometric and cryptographic methods to supplement passwords. The FIDO Alliance, a user authentication trade association, pushes for two-factor authentication that entirely excludes passwords in their current form.

We want to take user vulnerability out of the picture.
Brett McDowellexecutive director, FIDO Alliance

McDowell broke down authentication methods into three categories:

  • something you know, such as a traditional password or a PIN;
  • something you possess, such as a mobile device or a token card; and
  • something you are, which includes biometric authentication methods, such as voice, fingerprint or gesture recognition.

The FIDO Alliance advocates for organizations to shift toward the latter two of these options.

“We want to take user vulnerability out of the picture,” McDowell said.

Taking away password autonomy from the user could improve security in many areas, but none more directly than phishing. Even if a user falls for a phishing email, his authentication is not compromised if two-factor authentication is in place, because the hacker lacks the cryptographic or biometric authentication access factor.

“With user passwords as a single-factor authentication, the only real protection against phishing is testing and training,” D’Souza said.

Trickle-down benefits of new types of authentication

Added types of authentication increase the burden on IT when it comes to privileged access management (PAM) and staying up-to-date on user information. But as organizations move away from passwords entirely, IT doesn’t need to worry as much about hackers gaining access to authentication information, because that is only one piece of the puzzle. This also leads to the benefit of cutting down on account access privileges, said Ken Robertson, a principal technologist at GE, based in Boston.

With stronger types of authentication in place, for example, IT can feel more comfortable handing over some simple administrative tasks to users — thereby limiting its own access to user desktops. IT professionals won’t love giving up access privilege, however.

“People typically start a PAM program for password management,” Robertson said. “But limiting IT logon use cases minimizes vulnerabilities.”

Organizations are taking steps toward multifactor authentication that doesn’t include passwords, but the changes can’t happen immediately.

“We will have a lot of two-factor authentication across multiple systems in the next few years, and we’re looking into ways to limit user passwords,” D’Souza said.

Cisco, Hyundai to add software-defined platform to vehicles

Cisco and Hyundai Motor Co. said they would work together to develop vehicles anchored by software-defined networking. The first vehicles are slated to roll out next year, the companies said. Cisco and Hyundai released their plans at this year’s CES in Las Vegas, following up on an original announcement in 2016.

In smart-car fashion, Cisco and Hyundai will develop the vehicles with a focus on communication and sensors. That’s where the “software-defined” status comes in. The premium Hyundai vehicles will integrate a Cisco-built software-defined platform with an Internet Protocol (IP) and 1 Gbps Ethernet in-vehicle network, according to a Cisco statement.

The IP and Ethernet network will enable high-speed connectivity to each vehicle device, the statement said. But more than that, Cisco and Hyundai hope to develop a more open vehicle system to enable the actual communication among smart vehicles, roadways or traffic lights, Ruba Borno, Cisco’s vice president of growth initiatives, wrote in a blog post.

“This is the only way to achieve full autonomy and enable vehicle-to-vehicle and vehicle-to-roadways communication,” Borno wrote. “By putting software inside the central gateway, the new solution enables high-speed connectivity downstream to every device in the car — and upstream to the cloud. This IP connectivity is required for applications to control devices based on real-time data and analytics.”

The software-defined platform will also allow for easier feature updates.

“[The new platform] is highly configurable and secure — and offers the flexibility to design and build new services,” Cisco’s statement said. “It will provide ‘over-the-air updates’ and accelerate the time it takes to bring new capabilities to market.”

The software-defined platform will also act as a foundation for security, touting “integrated, multilayered security, as well as full end-to-end networking,” according to Cisco. This end-to-end security includes encryption, authentication, intrusion detection, firewall and network traffic analysis, Borno wrote in her blog post.

The companies said they are looking into integrating the software-defined vehicles with Hyundai data centers in order to access real-time data.

Windstream to acquire MassComm

Windstream said it plans to acquire MassComm, a New York-based competitive local exchange carrier, or CLEC, according to a filing submitted to the Federal Communications Commission the last week of December.

The proposal stated that Windstream will purchase in cash all issued and outstanding MassComm capital stock. Once the deal closes, MassComm will be a wholly owned subsidiary of Windstream, the filing said.

MassComm provides voice, data and networking technologies, in addition to telecommunications and connectivity management and consultation. The CLEC is authorized to serve customers in California, Connecticut, the District of Columbia, Florida, Illinois, Massachusetts, Michigan, New York, Pennsylvania and Texas. Those areas will be combined with Windstream’s reach across the U.S.  Windstream runs a fiber network comprising approximately 150,000 miles.

“By combining MassComm’s customer base with Windstream’s presence and fiber network, the combined company will have the opportunity to serve more of MassComm’s current customers on Windstream’s own last-mile facilities,” the proposal said.

The companies explained the acquisition holds no competitive risks, as MassComm doesn’t own any last-mile facilities, thereby eliminating potential overlap with Windstream’s facilities. Further, the proposal stated competition in the medium-sized business market will be enhanced. The companies don’t expect the transaction to affect current MassComm customer rates or terms of service, according to the filing.

The proposal did not disclose specific financial terms of the transaction. Windstream completed acquisitions of Broadview and EarthLink last year and also partnered with VeloCloud to offer SD-WAN managed services.

Aryaka and Zscaler partner to boost security for cloud-bound traffic

Aryaka is working with Zscaler to offer an SD-WAN package that combines Aryaka’s private network connectivity with Zscaler’s cloud-delivered security.

Once the service is available later this year, internet and cloud-bound traffic will be directly forwarded to Zscaler’s cloud via Aryaka’s edge device, Aryaka Network Access Point, according to an Aryaka statement. All traffic will then undergo a variety of security processes, including antivirus, threat prevention, data protection and access control.

Aryaka said the security enhancement will allow its customers to use its private network to securely access cloud-based and on-premises applications.

Zscaler already provides security services to other SD-WAN vendors, including VeloCloud, Riverbed and Talari.

Crystal’s story: Empowering the visually impaired with digital skills – Asia News Center

[embedded content]

Crystal Jhoy Banzil lost any chance of having eyesight when her retinas did not develop properly in the weeks after her premature birth. Now 14 years-old, she is confident that technology will help her forge an independent and productive life and career in Manila, the bustling capital city of The Philippines.

The 9th grader goes to a neighborhood school where she is the only visually impaired student in her class. She is doing well in her studies with the help of her teachers, family, and friends. She uses braille, but she has big ambitions and also wants to learn how to code. So, after school she takes extra classes at ATRIEV – Adaptive Technology for Rehabilitation, Integration and Empowerment of the Visually Impaired – a Philippine non-government organization at the forefront of providing access to information technology for those without sight or with low vision.

ATRIEV was established in 1994 by Antonio “Tony” Llannes, himself visually impaired. Initially, it started as a club for blind people to volunteer to teach computing skills to others with the disability, he explains. And, it grew from there.

“For the past two decades, we have witnessed how technology has brought the world closer together. And the blind, as a part of the global community, have taken full advantage of this technology,” the organization says. “Through the use of computers, the blind can now do what most sighted people can do: surf the web, send and receive emails, write articles, make calculations and even participate in social media.

“It has enabled training programs have produced blind contact center agents, virtual assistants, online content writers, transcriptionists, cross-sell agents, software analysts and search engine optimization managers.” ATRIEV also provides life skills workshops, personality development workshops, and courses in work ethics.

Microsoft has supported ATRIEV since 2008 as part of its YouthSpark Coding for Accessibility program. The partnership was widened last year. “We are working with them to support their digital literacy effort for the blind and people with low vision,” says Microsoft Philippines Education Programs Lead Clarissa Segismundo. “We provide them with the curriculum. We provide them with the materials.”

She says the emphasis is on productivity to help students be in tune with what’s happening in the digital world today. “We help the educators use these tools … to make sure that when they are in the classroom these technologies are maximized and put to proper use.”

Crystal and her fellow students are learning to become digitally literate. “I really want to improve and build on things I already know and the things I am about to learn.” She hopes one day soon to be able to create her own software.

“I am the type of person who is positive,” she says. “I don’t count the things I don’t have. I am content with what I have and who I am.”

Read more about ATRIEV here

Microsoft joins the Coalition For Better Ads – Bing Ads

At Microsoft, we believe in supporting and collaborating with the online advertising industry to develop standards that make the digital ecosystem function better for consumers, marketers and publishers.

In this spirit, we are excited to announce that Microsoft has joined the Coalition for Better Ads (CBA). Through our advertising platforms, and our multitude of consumer services, we believe we can make an important contribution to improving and safeguarding advertising standards on the web. 

Microsoft is committed to working with our industry partners and the Coalition for Better Ads to continue the development and implementation of standards that will have a positive impact on consumers and the entire online advertising community.   
 

Announcing the new 2017-2018 Microsoft Innovative Educator Experts and Showcase Schools |

At Microsoft, we recognize that technology alone cannot develop the 21st century skills students require. We are inspired, every day, by the impact amazing educators and thoughtful leaders are making on innovative teaching, all leading to improved student outcomes. We are heartened when our Microsoft Educators and Showcase Schools help support and transform others across the world – just as we saw last month, when the St. Thomas School in Medina, Washington collaborated on the development of a new Showcase School in Rwanda.

Today, we are delighted to announce thousands of educators, school leaders, and schools are once again leading digital transformation in education through our Microsoft Innovative Educator Expert and Microsoft Showcase Schools programs.

Announcing the 2017-2018 Microsoft Innovative Educator Experts

The Microsoft Innovative Educator (MIE) program is composed of more than 150,000 educators worldwide, who have joined the Microsoft Educator Community and successfully completed online courses, contributed lesson plans, and connected with other educators across the globe.

This year, we welcome over 6,000 educators who were selected as Microsoft Innovative Educator Experts (MIEE) for their excellence in teaching and learning. These educators spark creativity among their students with thoughtful integration of Microsoft technologies to improve student learning.

These accomplished educators inspire peers and policymakers as they find new and innovative ways to incorporate 21st century learning into their classrooms. They share their best practices and work together, both in-person and online, through the Microsoft Educator Community. The MIE Experts also provide Microsoft representatives with valuable insights and ideas, so we can evolve technology to improve teaching and learning further.

Hear from MIE Experts about what this community means to them:

[embedded content]

Announcing the 2017-2018 Microsoft Showcase Schools

The Microsoft Showcase Schools program recognizes innovative leaders in schools around the world. As Microsoft Showcase Schools, leadership teams are part of a professional community that thoughtfully leverages technology to drive digital transformation and efficiencies in schools.

Microsoft Showcase Schools are recognized leaders in personalized learning amplified by devices for each student. These schools thoughtfully integrate a variety of Microsoft solutions such as Windows, Office 365, OneNote, Skype and more to enable anywhere, anytime learning for students.

Microsoft Showcase Schools represent urban and regional schools, as well as schools with various levels of funding. They also cover all types of demographic and geographical regions – last year, for instance, we happily welcomed Ysgol Bae Baglan from Wales into the program.

[embedded content]

See the list of more than 550 new Microsoft Showcase Schools and 2,200 Microsoft Schools.

Recognizing our 2017-2018 Microsoft Schools

Currently there are more than 2,200 participating institutions in our Microsoft Schools program who are exploring digital transformation and integration of Microsoft technology into their classrooms. These schools are benefiting from the best practices of Microsoft Showcase Schools and are emerging as new education leaders in their communities.

If you are in a school that’s starting to consider how to transform education and integrate technology, we invite you to register anytime for the Microsoft Schools program.

Learn more about getting involved: