Daily Archives: October 8, 2018

Stay Smart Online Week 2018

Time for a Cyber Safety Check-Up?

Aussies love the internet. And the statistics just confirm it. In 2018, 88% of us describe ourselves as active internet users. And our social media usage is up there with some of the most prolific users worldwide with 60% of us active users on Facebook and 50% of us logging in at least once a day.

So, an annual reminder to take stock of our digital lives is a very good idea! Stay Smart Online Week is an initiative from the Australian Government designed to ensure we are all up to date with the latest cyber safety know-how. Kicking off from the 8th of October, I believe this annual event is the ideal opportunity for a yearly cyber safety check up.

We Are Choosing to Ignore the Risks

Research conducted by McAfee shows that many of us are very aware of the risks associated with our online behaviour but simply choose to ignore them. For example, 30% of Aussie parents are continuing to regularly post pics of their kids online despite 50% of us being concerned by the associated risks including paedophilia, stalking and cyberbullying. Is it the lure of likes, the surge of dopamine or just the face we are all time poor that affects our rational brain?

Keeping It Simple

I know many of us feel a little overwhelmed at the thought of staying on top of our online safety. We don’t know where to start, have very little time and, quite frankly, we’d rather be doing something else! But not taking your online safety seriously is a little like leaving like leaving your house unlocked. It puts your privacy and even your financial safety at risk.

But the good news is there are a host of simple, quick, steps you can take to ensure you are doing all you can to protect yourself online. So, make yourself a cuppa and let’s get to work. Here are 3 three things you can start to put in place today to secure yourself and your devices.

1. Protect ALL Your Devices

I bet if you added up the internet connected devices in your household, you’d be staggered at the figure. My latest count was over 30! And the figure is only going to increase. Research shows that by 2025 there will be approximately 75 billion connected devices worldwide from wearables and pacemakers to thermometers and smart plugs.

These devices will absolutely make our lives easier, but the reality is that many internet-connected devices (IoT) lack built in security features making them vulnerable to hacking and malware. In 2018 alone, McAfee uncovered numerous major security flaws in virtual assistants and smart plugs.

Here’s what you need to do:

  • Install comprehensive security software on your laptops, tablets and smartphones. McAfee’s Total Protection software will ensure you and your devices are protected against viruses, malware spyware and ransomware.
  • Secure your Internet Connected Devices. While there is no security software for Internet Connected (IoT) devices, you can still minimise the risks by changing the default password on your devices straight after purchasing and ensure you keep the device’s software up to date. And spend some time researching your purchases before committing. Focus on devices that have been on the market for a while, have a name brand, or have a lot of online reviews. Chances are that the device’s security standards will be higher, due to being vetted by the masses.

2. Think Before You Click

Our love of ‘all things celebrity’ has not escaped the attention of online scammers. In fact, these scammers spend a lot of time creating celebrity based professional looking websites that promise celebrity news stories or movie downloads. Unfortunately, the promised content requires a malicious link to be clicked that usually contains spyware or malicious software. These sites may also require users to set up an account. Unsuspecting visitors will then provide their email addresses and passwords to the site not realising that their details have been compromised.

New McAfee research reveals that Aussie model, MTV VJ and Orange is the New Black actress, Ruby Rose is the most dangerous celebrity to search for online. Using terms such as ‘free torrent’, ‘sex tape’ and ‘free pics’, McAfee was able to determine the riskiest celebrities to search for across the globe, as consumers often drop their guard in the name of convenience and speed to access content from their favorite celebs.

Here’s what you need to do:

  • Be careful what you click. Users looking for a sneak-peek of Ruby Rose starring in Batwoman should be cautious and only download directly from a reliable source. The safest thing to do is to wait for the official release instead of visiting a third-party website that could contain malware.
  • Apply system and application updates as soon as they are available. Very often the operating system and application updates include security fixes. Applying updates is an important step to help ensure devices stay protected.
  • Use parental control software. Kids are fans of celebrities too, so ensure that limits are set on the child’s device and use software that can help minimise exposure to potentially malicious or inappropriate websites.

3. Protect Your Personal Information Online

Most consumers would think twice when asked for their credit card information or address online but don’t take the same precautions when posting photos of themselves and their children online.

Recent McAfee research shows that despite 50 percent of parents being concerned by the risks such as pedophilia, stalking and cyberbullying when posting photos of their children online, 30 percent post a picture of their child online once a week, and 40 percent post photos of their child in school uniform on a regular basis.

Here’s what you need to do:

  • Set Ground Rules with Friends and Family. Be clear with friends and family about your expectations when they post images of your kids. If you are uncomfortable with anything they post, you are well within your rights to ask them to remove it.
  • Don’t Forget About Your Child’s Digital Reputation. Everything that is posted about someone forms part of their digital reputation. Always consider whether what you are considering posting could negatively impact this. And encourage your teens to regularly check the posts and images they are tagged in online too.
  • Ask for Consent But Be Prepared for Your Child to Say NO. Asking for an older child’s consent before you post pics is essential but be prepared for them to say NO! Remember, a good relationship is built on trust and respect!

So, go forth and continue to enjoy everything the internet has to offer BUT please take some time this Stay Smart Online Week to check in and see whether you may need to ‘tweak’ any of your online behaviours. And while you are at it – don’t forget about the kids. Why not put it on the agenda to discuss around the dinner table this week? Some of the most important conversations you will ever have with your kids will be around the dinner table!

Take Care

Alex xx


The post Stay Smart Online Week 2018 appeared first on McAfee Blogs.

Risky Business Feature: Named source in “The Big Hack” has doubts about the story

In this podcast hardware security expert Joe Fitzpatrick, a named source in Bloomberg’s “Big Hack” piece, explains why he felt uncomfortable reading the story when it was published.

He also provided Risky.Biz with emails he sent to Bloomberg, prior to the story’s publication, that said the hardware back-dooring the article described “didn’t make sense”.

NBlog Oct 9 – ten top infosec books

As a bookworm, these are my top ten information security books:
  1. The Cuckoo’s Egg by Clifford Stoll – the whodunnit that first got me seriously interested in hacking and IT security. A gripping story of intrigue and perseverance.

  2. Codebreakers by Hinsley & Stripp – the extraordinary tale of WWII cryptanalysis at Bletchley Park, and ultra-secrets.

  3. Secrets and Lies by Bruce Schneier – Bruce’s writing is always stimulating, thought-provoking. S&L was the first I read, and would remind me of the ones that followed.

  4. The Art of Intrusion by Kevin Mitnick – as with Bruce, the first book reminds me of the series. More social engineering than hacking, but ingenious nevertheless. The hacker mindset sings out.

  5. Information Paradox by John Thorp – the book that changed my way of thinking, treating IT and information as business tools. Underpins ISACA’s ValIT method.

  6. Managing an Information Security and Privacy Awareness and Training Program by Rebecca Herold – the book I wish I had written (and retitled!). Full to the brim with bright ideas.

  7. How to Measure Anything by Doug Hubbard – creative approaches to measure and analyse situations that seem unmeasurable.

  8. Security Engineering by Ross Anderson – my infosec textbook of choice, if a bit outdated now (a 3rd edition is long overdue!). Emphasizes a systematic, engineering approach to infosec.

  9. DTI Code of Practice for Information Security (BSI DIC PD003), or the Shell corporate infosec manual before that – the precursors to BS7799 and ISO27k. A chance to think about how far we’ve come and where we are, or rather should be, heading next with security standards.

  10. The Power of Resilience by Yossi Sheffi – the supply network and business continuity book I am thoroughly enjoying reading right now. 
What would you suggest for my Amazon wish-list?

The View From a Veracode Solution Architect: My Top 5 Lessons Learned

I recently had an interesting question from a prospective customer:

What are the top 5 lessons learned from implementing your solution at companies similar to ours?

After careful thought, and soliciting input from my fellow solution architects in the EMEA region, I came up with the list below. We’re sharing it here in the hopes it proves useful to others as they work to develop software both quickly and securely.

1. Start with a clear policy

Which applications need to be tested? How is business criticality defined for applications? What flaws must be remediated? When?

A clear policy covering the AppSec lifecycle needs to be in place to be able to work towards a successful program. When it comes to defining the flaws that must be fixed and the timeframe allowed, it is critical that this be kept as simple as possible and changed as little as possible.

Get details in our Everything You Need to Know About AppSec Policies guide.

2. Bring the business with you

Successful AppSec programs depend upon cooperation between security and development and a shared sense of accountability, and this extends through every level of the organisation. Regular communication with your peers and alignment of your goals will allow you to lead in the same direction and provide clear messages to the development teams. In addition, make sure that development teams are aware of all the tools and services that are available to help them – from IDE plugins to remediation coaching.

Get details in our Everything You Need to Know About Getting Buy-In for Your AppSec Program guide.

3. Automate everything that you can

Automation is key in any AppSec implementation as reducing manual intervention will allow your program to cost-effectively scale and go faster. Integrating scanning into the SDLC toolchain and synchronising results into the ticketing system as work items provide a feedback loop for development. In addition, finding ways to automate scoping, on-boarding, and governance allows you to focus on improvement rather than leg work.

Get details on integrating AppSec into your development processes.

4. If in doubt, have a readout

The Veracode Security Consulting team can help with everything from preparing code for scanning and configuring scans to finding the best way to improve the security of your application. The goal of your program should be to reduce the risk that your applications pose to the business, and our experience shows that app teams who engage with our ASCs test more effectively and fix more flaws, thus reducing risk more efficiently.

Find out more about our Security Consulting.

5. Measure and improve

The key to continuously improving your AppSec program is to have meaningful metrics in place and to use them to guide your changes. This means that you must gain control of your app inventory (you cannot measure what you don’t know) and ensure that all in-scope apps undergo regular testing, regardless of code changes (unless gathered regularly, metrics become less meaningful).

Get details in our Everything You Need to Know About Measuring Your AppSec Program guide.

Pulling it All Together

We’ve been helping customers secure their application landscape for more than a decade, and we’ve learned what works. Find out how all the above lessons come together on the path toward AppSec success in Everything You Need to Know About Maturing Your AppSec Program.

HTTrack – Website Downloader Copier & Site Ripper Download

HTTrack – Website Downloader Copier & Site Ripper Download

HTTrack is a free and easy-to-use offline browser utility which acts as a website downloader and a site ripper for copying websites and downloading them for offline viewing.

HTTrack Website Downloader & Site Ripper

HTTrack allows you to download a World Wide Web site from the Internet to a local directory, building recursively all directories, getting all the HTML, images, and other files from the server to your computer.

HTTrack arranges the original site’s relative link-structure, which allows you to simply open a page of the “mirrored” website in your browser, and you can browse the site from link to link as if you were viewing it online.

Read the rest of HTTrack – Website Downloader Copier & Site Ripper Download now! Only available at Darknet.

Project xCloud: Gaming with you at the center

YouTube Video

The future of gaming is a world where you are empowered to play the games you want, with the people you want, whenever you want, wherever you are, and on any device of your choosing. Our vision for the evolution of gaming is similar to music and movies — entertainment should be available on demand and accessible from any screen. Today, I’m excited to share with you one of our key projects that will take us on an accelerated journey to that future world: Project xCloud.

Today, the games you play are very much dictated by the device you are using. Project xCloud’s state-of-the-art global game-streaming technology will offer you the freedom to play on the device you want without being locked to a particular device, empowering YOU, the gamers, to be at the center of your gaming experience.

Content and community

Ultimately, Project xCloud is about providing gamers — whether they prefer console or PC — new  choices in when and where they play, while giving mobile-only players access to worlds, characters and  immersive stories they haven’t been able to experience before.

To realize this vision, we know we must make it easy for developers to bring their content to Project xCloud. Developers of the more than 3,000 games available on Xbox One today, and those building the thousands that are coming in the future, will be able to deploy and dramatically scale access to their games across all devices on Project xCloud with no additional work.

About Project xCloud

Scaling and building out Project xCloud is a multi-year journey for us. We’ll begin public trials in 2019 so we can learn and scale with different volumes and locations. Our focus is on delivering an amazing added experience to existing Xbox players and on empowering developers to scale to hundreds of millions of new players across devices. Our goal with Project xCloud is to deliver a quality experience for all gamers on all devices that’s consistent with the speed and high-fidelity gamers experience and expect on their PCs and consoles.

We’ve enabled compatibility with existing and future Xbox games by building out custom hardware for our datacenters that leverages our years of console and platform experience. We’ve architected a new customizable blade that can host the component parts of multiple Xbox One consoles, as well as the associated infrastructure supporting it. We will scale those custom blades in datacenters across Azure regions over time.

We are testing Project xCloud today. The test runs on devices (mobile phones, tablets) paired with an Xbox Wireless Controller through Bluetooth, and it is also playable using touch input. The immersive nature of console and PC games often requires controls that are mapped to multiple keys, buttons, sticks and triggers. We are developing a new, game-specific touch input overlay that provides maximum response in a minimal footprint for players who choose to play without a controller.

Photo of a tablet in someone's hands
A game runs via Project xCloud with a prototype touch overlay.

Cloud game-streaming is a multi-faceted, complex challenge. Unlike other forms of digital entertainment, games are interactive experiences that dynamically change based on player input. Delivering a high-quality experience across a variety of devices must account for different obstacles, such as low-latency video streamed remotely, and support a large, multi-user network. In addition to solving latency, other important considerations are supporting the graphical fidelity and framerates that preserve the artist’s original intentions, and the type of input a player has available.

Microsoft — with our nearly 40 years of gaming experience starting with PC, as well as our breadth and depth of capabilities from software to hardware and deep experience of being a platform company — is well equipped to address the complex challenge of cloud game-streaming. With datacenters in 54 Azure regions and services available in 140 countries, Azure has the scale to deliver a great gaming experience for players worldwide, regardless of their location.

Map shows 54 Azure regions around the world

Developers and researchers at Microsoft Research are creating ways to combat latency through advances in networking topology, and video encoding and decoding. Project xCloud will have the capability to make game streaming possible on 4G networks and will dynamically scale to push against the outer limits of what’s possible on 5G networks as they roll out globally. Currently, the test experience is running at 10 megabits per second. Our goal is to deliver high-quality experiences at the lowest possible bitrate that work across the widest possible networks, taking into consideration the uniqueness of every device and network.

We are looking forward to learning with you during our public trials next year and sharing more details as we continue on this journey to the future of gaming with you at the center. Stay tuned!






The post Project xCloud: Gaming with you at the center appeared first on The Official Microsoft Blog.