Turbotodd

Ruminations on IT, the digital media, and some golf thrown in for good measure.

Archive for the ‘cybersecurity’ Category

New IBM Linux-only Mainframe Delivers Breakthrough Security

leave a comment »

IBM has unveiled the IBM LinuxONE Emperor II, the next generation of its family of Linux-only enterprise systems, which delivers new capabilities aimed at helping organizations achieve very high levels of security and data privacy assurance while rapidly addressing unpredictable data and transaction growth.

A key feature of the new LinuxONE Emperor II, IBM Secure Service Container is an exclusive LinuxONE technology that represents a significant leap forward in data privacy and security capabilities.

Last year, more than four billion data records were lost or stolen, a 556 percent increase over 2015. Of the more than nine billion records breached during the past five years, only four percent were encrypted – or securely scrambled — leaving most of that data exposed and vulnerable to attackers.

With IBM Secure Service Container, for the first time, data can be protected against internal threats at the system level from users with elevated credentials or hackers who obtain a user’s credentials, as well as external threats.

Software developers benefit by not having to create proprietary dependencies in their code to take advantage of these advanced security capabilities. An application only needs to be put into a Docker container to be ready for Secure Service Container deployment, and the application can be managed using the Docker and Kubernetes tools that are included to make Secure Service Container environments easy to consume.

Developers and clients can learn more and apply to participate in the beta at: http://ibm.biz/sscbeta. Developers can access new technologies, open source code and documentation on containers, mainframe development and more with IBM Developer Journeys: https://developer.ibm.com/code/journey/.

The most advanced enterprise Linux platform for data

The new LinuxONE Emperor II is the world’s most advanced enterprise Linux platform, featuring the industry’s fastest microprocessor and a unique I/O architecture with up to 640 cores dedicated to I/O processing. The vertical scale, shared-everything system design allows LinuxONE Emperor II to:

  • Scale-up a single MongoDB instance to 17 TB in a single system and get 2.4x more throughput and 2.3x lower latency on LinuxONE Emperor II leveraging the additional memory available compared to LinuxONE Emperor – providing applications faster, more secure access to data while enabling greater scale at reduced complexity.
  • Provide up to 2.6x better Java performance than x86 alternatives, and integrated hardware for pause-less garbage collection, enabling mission-critical Java workloads — which require consistent high-throughput and low-latency processing — to minimize unpredictable transaction delays due to garbage collection.
  • Provide a Docker-certified infrastructure for Docker EE with integrated management and scale tested up to two million Docker containers – allowing developers to compose high-performance applications and embrace a micro-services architecture without latency or scale constraints.

Learn more about IBM LinuxONE.

Written by turbotodd

September 12, 2017 at 9:09 am

Worried About Equifax Breach? Put a Security Freeze on Your Credit Files!

leave a comment »

After blowing my top when learning about this latest data breach at Equifax, where roughly 44 percent of Americans’ personal information — including Social Security, driver’s license, and credit card numbers were put at risk — well, I decided I’m mad as hell, and I’m not going to take this anymore!

Rather than spend a monthly fee paying one of these credit companies a fee to protect the very information they traffic in, I went one better: I put a security freeze on my credit file with each of the four major credit vendors in the U.S.: Experian, Equifax, TransUnion, and Innovis.

So what did this involve?

It was much easier than people might have you think, and for the full details, we have Krebs on Security to thank for the full instructions.

Here’s the bottom line:

A security credit freeze basically blocks any potential creditors from able to view or "pull" your credit file, unless you affirmatively unfreeze or thaw your file first. So, if you need to have a credit line inquiry anytime soon, this option’s not for you.

On the other hand, if you’re sick and tired of being sick and tired worrying about these data breaches, this is the option for you.

Depending on your state, it’s a modest fee to put a security freeze on your credit file for each of the previously mentioned vendors. (In Texas, each freeze costs $10, although for some reason Innovis was free.)

What does this freeze do?

First, ID thieves can still apply for credit in your name, but they won’t succeed in getting new lines of credit because few if any creditors will extend that credit without first being able to gauge your risk worthiness.

Also, the freeze can help protect your credit score, because as you’ve probably heard, every credit inquiry made by a creditor can negatively impact your credit score.

How do you do all this? It’s easier than it looks.

Go to each of the websites (www.experian.com, etc.) and search for "security freeze." You then should be able to find each vendor’s direct link with directions on how to impose the freeze.

If you or someone you know has been the victim of identity theft, you well know that $30-50 is a small price to pay to gain some piece of mind and to frustrate the hackers looking to benefit from your prior naivete.

Take your personal info and credit back into your own hands.

Do it, and do it now!

Written by turbotodd

September 8, 2017 at 4:04 pm

Hurricanes, Earthquakes, and Data Breaches

leave a comment »

First things first. TGIF (Thank God it’s Friday).

Although if I were hanging out in Key West at the moment, I’d probably be thinking about more than just another margarita and earth-bending sunset.

Hurricane Irma has already wracked devastation across the Caribbean, hammering Antigua, Barbuda, Puerto Rico, and now passing through the Turks and Caicos, the northern coast of Cuba, and the southern Bahamas before making landfall in south Florida.

The New York Times’ characterized Irma overnight as an “extremely dangerous” Category 4 storm with sustained winds of up to 155 miles an hour. The National Hurrican Center has the latest probable path here.

Meanwhile, an 8.2 magnitude earthquake struck off the Pacific Coast of Mexico late last night, killing at least 32 and sending people in Mexico City fleeing into the streets.

Effects of the quake were felt through the southern states of Oaxaca and Chiapas, and on into Guetemala. Last night’s quake was said to be more powerful than the one that killed nearly 10,000 in 1985, after which construction codes were bolstered significantly.

The Mexican government issued a tsunami warning off the coast of Oaxaca and Chiapas, but neither appeared to have been impacted by waves.

And then there was the man-made disaster. Credit reporting agency Equifax announced on Thursday that hackers had gained access to company data and potentially compromised sensitive information for 143 million American consumers (~44 percent of the U.S. population!), including Social Security numbers, driver’s license numbers, credit card numbers, and other personally-identifiable information.

The company’s press release indicated that “criminals exploited a U.S. website application vulnerability to gain access to certain files.”

As if having a web exploit endanger the personal information of about one-third of the American population weren’t bad enough, Bloomberg is reporting that three of Equifax’s senior executives sold shares worth almost $1.8 million in the days after the company discovered the security breach.

Coincidence?

If you believe that, I’ve got some credit card numbers I’ll be happy to sell you at a rock bottom price!

The hack is so gargantuan that Equifax is offering ALL U.S. consumers free credit file monitoring and identity theft protection for one year through its TrustedID Premier service.

It’s the least they can do.

Read Krebs post to learn more about the breach and its aftermath.

In the meantime, take matters into your own hands. Check all your credit card statements online to ensure no suspicious charges are starting to get racked up, and consider putting a freeze on your credit until you’re confident you’re not a victim of this “incident.”

Written by turbotodd

September 8, 2017 at 9:40 am

Taking Cyber Command

leave a comment »

Happy Friday.

Well, as happy as you can get about this week.

I’m still sending warm, fuzzy sangria and tapas thoughts out to all mi amigos in Barcelona. One of the world’s great cities, and if I could transport myself Star Trek style I’d be trekking down Las Ramblas in solidarity with my Spanish friends this very evening.

Instead, I’ll knock back an Estrella later and dream of Gaudi buildings.

In the meantime, the cyber world moves on, and Politico reported some interesting news earlier today out of the Trump Administration.

President Trump announced today that U.S. Cyber Command has now been elevated to a "Unified Combatant Command," putting it on equal footing with other organizations that oversee military ops in the Middle East, Europe, and the Pacific.

In a statement, the president said the following:

"This new Unified Combatant Command will strengthen our cyberspace operations and create more opportunities to improve our Nation’s defense. The elevation of United States Cyber Command demonstrates our increased resolve against cyberspace threats and will help reassure our allies and partners and deter our adversaries."

TechCrunch elaborated in its own coverage that "whatever happens" with this change, it will be "welcomed by many" and that "there is a sense that we are being outplayed by cyber operatives in countries and organizations all over the world, from Russia to IS."

Ya think??!

Written by turbotodd

August 18, 2017 at 3:10 pm

Game of Hacks

leave a comment »

I’ve been following this HBO hack with great fascination.

One, because I’ve always had an interest in cybersecurity matters (although I’m not a hacker, nor do I play one on the Internets).

Two, because it’s HBO, whom I’m also a big fan of, and I still remember the reverberations of the Sony hack in late 2014, one which led to the downfall of its dear leader, Amy Pascal.

The Guardian has a new story out this morning on the HBO hack, alleging that the HBO hackers have "released personal phone numbers of Game of Thrones actors, emails and scripts in the latest dump of data stolen from the company," and, that they "are demanding a multimillion-dollar ransom to prevent the release of whole TV shows and further emails."

Where’s Daenerys Targaryen and those flying, fire-breathing dragons when you need them?

And is it just me, or do I find it completely serendipitous that this hack comes about around the time of probably one of the peak episodes of the entire GOT franchise…SPOILER ALERT…you know, the one where Daenerys finally unleashes the wrath of those damned dragons and Dothraki scythes on Jaime Lannister and his woefully unprepared army.

While GOT players will settle for bags of gold, the HBO hacker, now someone calling themselves "Mr. Smith." (You can’t make this $%#$ up!), has apparently told HBO chief executive Richard Plepler in a 5-minute video letter to pay the ransom within three days or they would put the HBO shows and confidential corporate data online.

Continues the Guardian report: "The hackers claim to have taken 1.5TB of data — the equivalent to several TV series box sets or millions of documents — but HBO said that it doesn’t believe its email system as a whole has been compromised."

Along with the video letter, the hackers have gone ahead and released 3.4GB of files, including technical data about the HBO internal network and admin passwords, draft scripts from five Game of Thrones episodes, and a month’s worth of email’s from HBO’s VP for film programming, Leslie Cohen.

The whole episode sounds as though it could have been derived from a script from Mr. Robot, but so far as I know, USA Network has, thus far, been immune from hacktivists.

HBO’s response, according to The Hacker News, is that the company’s "forensic review is ongoing."

But one has to wonder whether, somewhere on some back lot in Hollywood, that HBO’s brass is filling the gas tanks on a few dragons of its own.

For the audience, it may all just be pure entertainment.

But HBO is running a business, and they, nor any other going concern, should ever have to be held hostage by somebody calling themselves something as unimaginative as "Mr. Smith."

Especially not in Hollywood.

Written by turbotodd

August 8, 2017 at 10:28 am

New IBM Mainframe Users in New Era of Data Protection

leave a comment »

IBM today unveiled IBM Z, the next generation of the IBM mainframe, capable of running more than 12 billion encrypted transactions per day.

The new system also introduces a breakthrough encryption engine that, for the first time, makes it possible to pervasively encrypt data associated with any application, cloud service or database all the time.

IBM Z’s new data encryption capabilities are designed to address the global epidemic of data breaches, a major factor in the $8 trillion cybercrime impact on the global economy by 2022.

Of the more than nine billion data records lost or stolen since 2013, only four percent were encrypted, making the vast majority of such data vulnerable to organized cybercrime rings, state actors and employees misuing access to sensitive information.

You can learn more about the new IBM Z system here.

Written by turbotodd

July 17, 2017 at 2:31 pm

The Petya Attack

leave a comment »

Another big ransomware attack is coming…has already arrived??

From The Verge: A major ransomware attack has brought businesses to a close throughout Europe, in an infection reminiscent of last month’s WannaCry attack. The most severe damage is being reported by Ukrainian businesses, with systems compromised at Ukraine’s central bank, state telecom, municipal metro, and Kiev’s Boryspil Airport. Systems were also compromised at Ukraine’s Ukrenego electricity supplier, although a spokesperson said the power supply was unaffected by the attack.

From Krebs on Security: A new strain of ransomware dubbed “Petya” is worming its way around the world with alarming speed. The malware is spreading using a vulnerability in Microsoft Windows that the software giant patched in March 2017 — the same bug that was exploited by the recent and prolific WannaCry ransomware strain….Security firm Symantec confirmed that Petya uses the “Eternal Blue” exploit, a digital weapon that was believed to have been developed by the U.S. National Security Agency and in April 2017 leaked online by a hacker group calling itself the Shadow Brokers….Organizations and individuals who have not yet applied the Windows update for the Eternal Blue exploit should patch now. However, there are indications that Petya may have other tricks up its sleeve to spread inside of large networks.

The Guardian is reporting that “Victims of a major ransomware cyberattack that has spread through the US and Europe can no longer unlock their computers even if they pay the ransom.”

The New York Times on what we know and what we don’t.

And from IBM’s X-Force Exchange: Petya Ransomware Campaign.

Written by turbotodd

June 27, 2017 at 4:14 pm

%d bloggers like this: