Tag Archives: weeks

The Bitcoin boom and its infosec effects

Listen to this podcast

In this week’s Risk & Repeat podcast, SearchSecurity editors discuss the recent bitcoin boom and how the cryptocurrency’s rising value could affect the cybersecurity landscape.

The bitcoin boom that saw a dramatic rise in the cryptocurrency’s value in recent weeks could have big implications for information security.

In the last month, the price of a single bitcoin tripled, jumping from approximately $5,700 to more than $17,000. A number of factors, including interest in the opening of the first regulated bitcoin futures exchanges and a hard fork in the cryptocurrency, could be contributing to the bitcoin boom beyond a general increase in buying and selling volumes.

But the surge also comes at a time of rampant global ransomware attacks, many of which demand payment from victims in bitcoin. While some enterprises have disclosed ransomware attacks, experts generally believe that many more attacks are kept quiet.

Could cybercriminals and ransomware attacks be contributing to the bitcoin boom? What will the rising price of the cryptocurrency mean for the cybercrime economy? Will the high value of bitcoin lead to more cyberattacks on bitcoin owners and exchanges, like NiceHash, which recently lost approximately $80 million in bitcoin following a massive data breach?

SearchSecurity editors Rob Wright and Peter Loshin discuss those questions and more on the bitcoin boom in this episode of the Risk & Repeat podcast.

For Sale – Gaming Laptop – 6 Weeks Old Hardly Used from PC Specialist – Top Spec GTX 1080

This could be an absolute bargain for somebody as the system is only six weeks old, flawless and hardly used. I have all the paperwork/documentation.

I purchased the laptop with a view to use the system on the move (on planes) etc as I travel around but it’s too big and heavy to be used as I intended. The spec is very impressive and please note that it has a cooling stand and two batteries:

Chassis & Display Octane Series: 17.3″ Matte Full HD 120Hz IPS LED Widescreen (1920×1080)
Processor (CPU) Intel® Core™i7 Quad Core Processor i7-7700k (4.2GHz) 8MB Cache
Memory (RAM) 32GB Corsair VENGEANCE 2400MHz SODIMM DDR4 (2 x 16GB)
Graphics Card NVIDIA® GeForce® GTX 1080 – 8.0GB GDDR5 Video RAM – DirectX® 12.1
1st Hard Disk 1TB Samsung 850 EVO 2.5″ SSD, SATA 6Gb/s (upto 540MB/sR | 520MB/sW)
Memory Card Reader Integrated 6 in 1 Card Reader (SD /Mini SD/ SDHC / SDXC / MMC / RSMMC)
AC Adaptor 1 x 330W AC Adaptor
Power Cable 1 x 1 Metre UK Power Cable (Kettle Lead)
Thermal Paste STANDARD THERMAL PASTE FOR SUFFICIENT COOLING
Sound Card Intel 2 Channel High Definition Audio + MIC/Headphone Jack
Bluetooth & Wireless GIGABIT LAN & WIRELESS INTEL® AC-8265 M.2 (867Mbps, 802.11AC) +BT 4.0
USB Options 4 x USB 3.0 Ports + 2 x USB 3.1 Type C Ports
Battery 2 x Octane Series Battery Pack, 82WH (One Spare)
Keyboard Language OCTANE SERIES BACKLIT UK KEYBOARD WITH NUMBER PAD
Operating System Genuine Windows 10 Professional 64 Bit – inc DVD & Single Licence
Operating System Language United Kingdom – English Language
DVD Recovery Media Windows 10 (64-bit) DVD with paper sleeve
Office Software FREE 30 Day Trial of Microsoft® Office® 365
Anti-Virus Norton Security Deluxe 3.0: 1 User, 5 Devices – 1 Year Subscription
Browser Google Chrome™
Laptop Cooling Stands CoolerMaster MasterNotePal Maker Laptop Cooler, upto 17.3 inch

Webcam INTEGRATED 2.0 MP FULL HD WEBCAM
Warranty 3 Year Standard Warranty (1 Month Collect & Return, 1 Year Parts, 3 Year Labour)
Delivery STANDARD INSURED DELIVERY TO UK MAINLAND (MON-FRI)
Build Time FAST TRACK 3 WORKING DAY DISPATCH
Pricing Information

Price (excluding VAT) £2,279.17
Price £2,735.00
Order Quantity 1
Bulk Discount £0.00
Total Order price (Ex VAT) £2,279.17
Total Order Price £2,735.00

Courier Instructions
Production Dates

Processed Date 17-10-2017
Build Date 18-10-2017
Test Date 18-10-2017
QC Date 19-10-2017
Awaiting Dispatch Date 19-10-2017
Dispatch Date 19-10-2017

Price and currency: 2250
Delivery: Delivery cost is not included
Payment method: Paypal or BACS
Location: Manchester
Advertised elsewhere?: Advertised elsewhere
Prefer goods collected?: I have no preference

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

Analyzing the accidental data breach

Listen to this podcast

In this week’s Risk & Repeat podcast, SearchSecurity editors discuss the rise of accidental data breaches following a series of enterprise exposures of user data online.

Data breaches are so common these days that some of them don’t even include threat actors or malware of any kind.

Troy Hunt, security researcher and creator of the website HaveIbeenpwned.com, recently testified before Congress in a hearing titled “Identity Verification in a Post-Breach World,” in which he discussed how organizations are often committing accidental data breaches. Such incidents typically involve enterprises mistakenly making corporate or user data public on the internet through cloud services, web services and other technologies.

Hunt’s testimony comes on the heels of a number of accidental data breaches via Amazon Web Services (AWS); several organizations, including the NSA and U.S. Army, have exposed sensitive data through misconfigured instances of AWS’ Simple Storage Service. More recently, Kromtech Security Center revealed that mobile app developer Ai.type exposed more than 370 million personal records of users, including, in some cases, users’ contact lists, through a misconfigured MongoDB database.

During the congressional hearing last week, Rep. Morgan Griffith (R-Va.) asked Hunt why these accidental breaches keep happening. “Is it really that easy to accidentally share your cloud services with the world?” Griffith asked.

“The simple answer to the last question is, yes, it is that easy,” Hunt said. “It’s very often just a simple misconfiguration.”

Why are enterprises committing so many accidental breaches? Do these incidents reflect a lack of security competency? Should cloud providers and software developers do more to protect customers from making these types of errors? SearchSecurity editors Rob Wright and Peter Loshin discuss those questions and more in this episode of the Risk & Repeat podcast.

Box using Azure is now available | Box Blog

A few weeks ago at BoxWorks 2017, Scott Guthrie, EVP of Microsoft’s Cloud and Enterprise group, joined our CEO Aaron Levie to announce some exciting news: Box using Azure will be generally available in November. The day has come!

What is Box using Azure?

Box using Azure is the first product milestone in the expanded partnership between Box and Microsoft. Now customers can benefit from combining Box’s cloud content management platform with Microsoft’s global-scale Azure cloud platform, to:

  • Simplify, cross-company collaborative processes between employees and external stakeholders.
  • Securely manage content for the enterprise, with integrations for 1,400 best-of-breed SaaS apps, including Office 365 apps, while allowing users to work in their familiar productivity and line-of-business tools.
  • Bring Box cloud content management capabilities to their own custom applications that deliver new digital content experiences and streamline business processes for their employees, customers and partners.

Today thousands of businesses get work done using Box with Microsoft Office 365 including the new Microsoft Teams. This new integration with Azure is another step toward delivering a great user experience for our customers using Box with the Microsoft stack.

“Flex has successfully been using Box as our primary platform for digital content sharing, storage and collaboration globally. We also use Microsoft Azure as one of our cloud computing services for our global IT infrastructure,” said Gus Shahin, CIO of Flex. “We look forward to seeing how Box and Microsoft Azure Cognitive Services work together to deploy next generation A.I. and machine learning capabilities.”

What’s coming next?

Microsoft and Box engineering teams are working hard to build out even more capabilities over the coming months, such as:

  • Powering Box content with intelligent capabilities from Microsoft Cognitive Services, that enable customers to automatically identify and categorize content, trigger workflows and tasks and make content more discoverable for users.
  • Leveraging Azure’s broad global footprint to meet data sovereignty requirements and ensure compliance with industry regulations or corporate policies.

“The integration of Box and Azure services is a welcome development for our digital transformation journey as a company. This can help deliver a more streamlined approach to our content management and ensures that Schneider Electric employees can securely and quickly work together and with customers and partners in a much more productive way, adding more value to our use of Box and Microsoft solutions,” said Herve Coureil, Chief Digital Officer, Schneider Electric.

Box using Azure is currently available with content storage in US data centers. Box add-on packages can be used with Box using Azure, including: information governance to meet all your organization’s security requirements and compliance standards, customer-managed encryption keys to take ownership over your encryption keys, and workflow automation to streamline business processes.

How do I get started?

If you’re interested in Box using Azure, learn more or get in touch with Box Sales.

Sale of Symantec Website Security completed

Listen to this podcast

In this week’s Risk & Repeat podcast, SearchSecurity editors discuss the sale of Symantec Website Security to DigiCert and what it means for Symantec’s troubled certificate business.

DigiCert Inc.’s acquisition of Symantec Website Security was completed last week, but concerns in the browser community still remain about Symantec’s SSL certificates.

DigiCert agreed to acquire the Symantec Website Security division, which includes the vendor’s public key infrastructure (PKI) business, in August, following months of negotiations between Symantec and web browser giants Google and Mozilla regarding widespread issues with the security vendor’s certificate authority. Those issues included certificate mis-issuance and a lack of proper auditing, which led Google and Mozilla to propose a removal of trust for certificates issued by Symantec Website Security.

After tense negotiations and delays, Symantec ultimately agreed to a remediation plan that would turn over its SSL certificate operations to another trusted certificate authority that would oversee issuance and validation. Instead of choosing a third-party partner, Symantec agreed to sell its PKI business to DigiCert.

However, Mozilla expressed concerns that Symantec’s old PKI operations, as well as its culture and processes, would continue to operate despite DigiCert assuming ownership of the business — DigiCert has said that all Symantec certificates will be issued and validated by DigiCert’s PKI by Dec. 1.

Questions still remain about how DigiCert will address the systemic problems within the Symantec Website Security division and when they will be resolved. SearchSecurity editors Rob Wright and Peter Loshin discuss those questions and more in this episode of the Risk & Repeat podcast.

For Sale – Noctua NF-A4x20 FLX 40mm Ultra Quiet Fans (x3) WANTED:Ubiquiti Unifi Kit – Switch and Outdoor AP

Selling my virtually brand new (1 weeks use) Noctua NFA4x20 FLX case fans.

These were running inside a Netgear GS724TP POE switch and massively reduced the noise produced whilst still keeping the components inside cool.

Please do not confuse these with cheap, noisy carbon bearing fans. These are high-end ultra low noise fans. Spec here – NF-A4x20 FLX

These fans retail at £15-18 plus postage each and as stated these are ‘as new’

All the supplied accessories have remained unused since installation.

£40 posted for all 3

I’m on the lookout for a couple of Unifi bits if anyone has anything knocking about

Unifi Switch (must have POE to support Unifi AP’s) US-8-60W for example (can be an earlier model)
Unifi Outdoor AP (does not need to be AC, ‘N’ is fine)

Location: Bristol

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

For Sale – Gaming PC ITX *no GPU* – £400

This PC has been my living room gaming PC for the past few months but I haven’t used it in weeks and it’s no use to me now.
It’s ready to go, just needs a GPU. I had a 980 in it and smashed pretty much everything at 1080p.

Thermaltake Core v1 Black
Intel i5 6500
CoolerMaster Hyper 412S with Coolink SWiF2-1201 (super quiet fan)
Corsair Vengeance DDR4 2133Mhz 16GB
ASRock Super Alloy H110M-ITX (the USB3 header has broken pins but there’s a USB2-USB3 header adaptor so all the front USB on the case work)
EVGA 600W PSU 80+ Bronze
Microsoft all-in-one keyboard+trackpad
USB3 hub with 4 extra USB3
120Gb Crucial SSD
500Gb HDD 5400rpm

Can ship for an extra £10 in the box the case came in so it will be super secure.

Price and currency: 400
Delivery: Delivery cost is not included
Payment method: Bank transfer / PayPal
Location: Kingston
Advertised elsewhere?: Advertised elsewhere
Prefer goods collected?: I prefer the goods to be collected

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

For Sale – Gaming PC ITX *no GPU* – £400

This PC has been my living room gaming PC for the past few months but I haven’t used it in weeks and it’s no use to me now.
It’s ready to go, just needs a GPU. I had a 980 in it and smashed pretty much everything at 1080p.

Thermaltake Core v1 Black
Intel i5 6500
CoolerMaster Hyper 412S with Coolink SWiF2-1201 (super quiet fan)
Corsair Vengeance DDR4 2133Mhz 16GB
ASRock Super Alloy H110M-ITX (the USB3 header has broken pins but there’s a USB2-USB3 header adaptor so all the front USB on the case work)
EVGA 600W PSU 80+ Bronze
Microsoft all-in-one keyboard+trackpad
USB3 hub with 4 extra USB3
120Gb Crucial SSD
500Gb HDD 5400rpm

Can ship for an extra £10 in the box the case came in so it will be super secure.

Price and currency: 400
Delivery: Delivery cost is not included
Payment method: Bank transfer / PayPal
Location: Kingston
Advertised elsewhere?: Advertised elsewhere
Prefer goods collected?: I prefer the goods to be collected

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

For Sale – Gaming PC ITX *no GPU* – £400

This PC has been my living room gaming PC for the past few months but I haven’t used it in weeks and it’s no use to me now.
It’s ready to go, just needs a GPU. I had a 980 in it and smashed pretty much everything at 1080p.

Thermaltake Core v1 Black
Intel i5 6500
CoolerMaster Hyper 412S with Coolink SWiF2-1201 (super quiet fan)
Corsair Vengeance DDR4 2133Mhz 16GB
ASRock Super Alloy H110M-ITX (the USB3 header has broken pins but there’s a USB2-USB3 header adaptor so all the front USB on the case work)
EVGA 600W PSU 80+ Bronze
Microsoft all-in-one keyboard+trackpad
USB3 hub with 4 extra USB3
120Gb Crucial SSD
500Gb HDD 5400rpm

Can ship for an extra £10 in the box the case came in so it will be super secure.

Price and currency: 400
Delivery: Delivery cost is not included
Payment method: Bank transfer / PayPal
Location: Kingston
Advertised elsewhere?: Advertised elsewhere
Prefer goods collected?: I prefer the goods to be collected

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

Risk & Repeat: Is vulnerability marketing problematic?

Listen to this podcast

In this week’s Risk & Repeat podcast, SearchSecurity editors discuss vulnerability marketing and compare how the recent KRACK attack and ROCA flaw were publicized and promoted.

Should security vulnerabilities be marketed like products? That was the question after two major security flaws brought to light last week — the KRACK attack and the ROCA flaw — offered a contrast in the practice of vulnerability marketing.

While the KRACK attack, which exploits a vulnerability in the WPA2 protocol, received more marketing and media attention, some infosec experts argued the ROCA flaw, which affects RSA encryption in Infineon Technologies chips, was equally, if not more serious than KRACK.

Both vulnerabilities were discovered primarily by security researchers at universities, not by vendors. Yet, ROCA appeared to have taken a backseat to the KRACK attack; the latter discovery benefited from vulnerability marketing efforts, which included a dedicated website and promotional efforts to raise awareness of the WPA2 flaw.

What are the potential drawbacks of vulnerability marketing? Should the researchers that discovered the ROCA flaw have done more to promote their findings, or is the infosec community treating vulnerabilities too much like products? SearchSecurity editors Rob Wright and Peter Loshin discuss those questions and more in this episode of the Risk & Repeat podcast.