Tag Archives: News

AVG

Has a plane been hacked mid-flight?

The FBI is investigating Chris Roberts, a security researcher, who claims to have taken control of an aircraft in midflight and made it drift sideways by controlling one of the engines. All this from a passenger seat and a connection through the entertainment system located under a seat.

Chris Roberts, who has demonstrated hacking many devices at Blackhat conferences, denies the claim and has tweeted

 

The FBI is reported to have interviewed Roberts a number of times in a recently published article on APTN, a Canadian news outlet. According to the article Roberts claimed he took control of an aircraft

Just one month ago, a GAO report warned of a vulnerability on aircraft where they claim that the avionics could be accessed through the entertainment system as they are connected through a common infrastructure. The GAO report was widely disputed by many industry experts as I detailed in a previous blog post.

This second incident has made me revisit the topic and makes me question whether or not I will be safe on my next flight. Once again, my conclusion is that I am. Here’s why:

  • The original conclusion that the two networks are not connected was based on expert commentary from Dr. Phil Postra a qualified pilot and professor of digital forensics at Bloomsburg University.
  • There is speculation that newer aircraft, specifically the Boeing 787 DreamLiner may have a single onboard network but experts say that even on these aircraft the flow of data is one way from the cockpit to the passenger network and that no traffic can fly in the opposite direction. This has been a speculative issue for the last 7 years, see this Fox news story.
  • The aircraft that Roberts reportedly hacked was ‘older’ and had the standard of separate networks for Avionics and Entertainment, which would imply that the hack may not have happened at all and may have just been a bit of bragging.
  • Since this story took to the mainstream press last month, I am certain that manufacturers of aircraft have tested and re-tested the security of the avionics systems and if necessary made the necessary changes. In fact, Roberts may have made the systems even more secure with just the rumor of a hack.
  • Lastly, aircraft are fitted with the ability for the pilot to take manual control and fly by wire, this is done through a disconnect switch in the cockpit. In the remote possibility someone did manage to mess with the avionics then I would trust one of the pilots to take control.

 

While there maybe doubt, speculation and differing views, there are many other systems that could potentially be hacked to disrupt a flight such as air traffic control systems or satellite positioning systems. These could be attacked from the ground and not require a hacker to be on board. It seems far more likely to me, that these would be the target of a person with malicious intent.

Will I be boarding an aircraft soon? Yes, next week. If the person sitting next to me gets out a screw driver and starts taking his seat apart to access networks cables I will call the crew over  and ask them to inform the pilot, I trust you will do the same.

AVG

Women in Tech: Changing the Conversation via the Bottom Line

Though industry numbers don’t yet reflect it, I have to say now is a very exciting time for women in tech. Why? Because for the first time in my career, there is an active conversation taking place about achieving gender and overall diversity in our industry.

This was illustrated yet again this past week by the “Women in Tech Executive Roundtable 2015” hosted by Silicon Valley’s venerable Churchill Club.

I was honored to be one of the speakers, joining a panel of five amazing and inspirational women for the breakfast event in Palo Alto, which brought us together with an active audience of the Valley’s women in tech  – and even a few men, who were brave enough to join us. (And I don’t use the word “brave” in a negative way – but in the best possible meaning – as in it was encouraging to see them showing up and participating in a discussion on women’s issues.)

Churchill Club Logo

 

You can find the Churchill Club video on their YouTube Channel here.

The bottom line, as my co-panelist Julie Hanna, the executive chair of Kiva and newly named Presidential Ambassador for Global Entrepreneurism, so eloquently describes it: the discourse on gender equality is not just a women’s issue, it needs to be a question for humanity.

As fellow panelist Amity Millhiser, Managing Partner at PwC, noted: “Think about our daughters and how do we want them to think about diversity?” I will paraphrase her here: but in addition to it being a justice issue, gender equality is a “success” issue.

There is no denying that women still lag in STEM education, tech jobs, equal pay, and the C-suites and boardrooms. But the numbers also tell another story. As I was reminded earlier last week by a new study on IT industry and gender diversity by The National Center for Women and Information Technology (NCWIT):  Companies with women on their executive boards outperformed companies will all-male executive boards. Gender-diverse management teams also showed superior return on equity, debt/equity ratios, price/equity ratios, and average growth.

The NCWIT analysis of 2,360 companies corroborates statistics on women-led company performance findings in a study Babson College Research last year, which I’ve written about previously.

The place where gender bias is most prevalent tends to be at executive and boardroom levels and in the VC funding process — where women have the smallest presence (and somehow seem to be “heard differently” than males – as many of my colleagues on the panel have witnessed).

Another salient point made by our discussion group that I, myself, identify with is how we as women are sometimes part of the problem. For example, the audience asked the panel about “cattiness” in the workplace, and why women can be jealous of other women’s success.

Julie Hanna spoke to the dichotomy and “strangeness” of being an engineering-geek woman, who had predominately worked with men, then going to working with other women and encountering a new kind of fear. “It’s like we have to, on a primal level, learn to recognize one of our own and know we/they mean no harm.”

Dr. Tanja Rueckert, Executive VP & Chief Operating Officer Products & Innovation for SAP further underscored: “Remind yourselves to hire for diversity” and for female VCs to invest in female startups.

I believe, much as one panelist reminded us – as Madeleine Albright famously said:  “There’s a special place in hell for women who don’t help other women.”

Madeleine Albright

It is also my strong belief, that as women, 1) we all have an inherent responsibility to educate ourselves what diversity means and why diversity is important and 2) vote with our pocket books – only work with and support companies that support diversity.

 

Here are some other key pieces of advice from the panel:

  • Always be yourself
  • Don’t apologize for your success; take credit when credit is due
  • Accept feedback, and don’t take criticism personally
  • Be supportive, not jealous of other women
  • Women need both women and men to sponsor, mentor and support them

 

And by the way, if you are in Silicon Valley and want to stay on top of insights and trends to empower women, and to help create a new conversation in the year ahead, please check out the Churchill Club. It is an extraordinary non-profit organization with a rich history of bringing together the best and brightest in Silicon Valley in conversations that ignite change – and it’s also a mecca for industry networking!

AVG

Hackers Using Starbucks Gift Cards to steal money

Earlier in May, researcher Bob Sullivan reported that hackers were targeting Starbucks mobile users and using the Starbucks app to steal money through linked credit cards.

The Starbucks app links to a credit card so that the user can prepay for goods and purchase Starbucks gift cards for friends and family to spend in store.

Reports indicate that the gift cards are fundamental to the attacks.

After gaining access to the victim’s Starbucks account, attackers create a new gift card for the entire balance of the account and issue it to themselves. The problem is then compounded  as the Starbucks app automatically tops up the user’s balance when it gets low. This means that the attacker can then strike again.

Within a few minutes, attackers could potentially siphon hundreds of dollars through gift cards without even needing the victim’s credit card details.

In a recent blog post, Starbucks recently defended the security of their app and said that “News reports that the Starbucks mobile app has been hacked are false.”

Instead, they say that it is reusing login details from other sites that is putting customers at risk:

Occasionally, Starbucks receives reports from customers of unauthorized activity on their online account. This is primarily caused when criminals obtain reused names and passwords from other sites and attempt to apply that information to Starbucks. To protect their security, customers are encouraged to use different user names and passwords for different sites, especially those that keep financial information.

 

This isn’t the first time that the Starbucks app has come under fire, after last year it emerged that it stores users’ passwords on the device in plain text.

 

How to help protect yourself from attacks such as these:

Pick a strong, unique password

It goes without saying that this attack would not be possible if hackers were shut out of Starbucks accounts. Therefore, keeping a strong and unique password (one that is not used on any other site) is one of the most important things you can do to help protect yourself from an attack like this. For help creating a strong password, check out this simple guide.

 

Turn off or limit auto-top up

One of the things that makes this attack so dangerous is the fact that the damage can escalate rapidly thanks to the auto top-up functionality used by the Starbucks app (and many others like it).

While automatically replenishing your account balance can be an incredibly convenient thing, if you are concerned about attacks like these, disable or set a deposit limit on your auto top-up.

 

Regularly check your accounts

Just like with online banking fraud, one of the best ways to protect yourself or recover from attacks such as this is to stay vigilant. Regularly check your bank statements and online account histories for suspicious activity and do not hesitate to get in touch with your bank or retailer should something unexpected appear.

For Starbucks users, if you see any suspicious activity on your Starbucks Card or mobile app, please immediately notify Starbucks customer service at 1-800-STARBUC.

AVG

AVG Technologies ring the opening bell at NYSE

Following investor briefings this week in New York and the recent acquisition announcement of UK based Privax Ltd., makers of the popular ‘HMA! Pro VPN’, it has been a busy time at AVG.

This is the second time that the AVG executive team has had the privilege of ringing the opening bell, doing so in 2012 when it first listed on the exchange. Now with 200 million active users, and over half of them on mobile devices, AVG is once again celebrating.

The NYSE was founded in 1817 and the original signal to open and close the market was a gavel, but during the late 1800’s this changed to a gong.  And then in 1903 the gong was switched to the bell format seen today.

Famous NYSE bell ringers have included Joe DiMaggio of the New York Yankees, Nelson Mandela, Kofi Annan and even fictional characters such as Micky Mouse and Darth Vader.

Standing on the NYSE podium and pushing the button that signals the bells to ring is seen by many as a great honor and a lifetime achievement.  We couldn’t be more proud of our executive team at AVG for their hard work and tireless dedication for this well deserved recognition.

Panda Security

How to reduce spam in almost 40%: Follow Canada’s example

mailbox

It was the year 2004 and Bill Gates dared to predict the spam’s death was near. According to him, in only two years spam wouldn’t be a problem. In 2006 nothing had changed.

Eleven years after that failed prediction, spam continues to flood daily our inbox, with huge amounts of emails in unknown languages with commercial information we hadn’t request.

However, someone somewhere is fighting against this intrusion, and surprisingly, they are winning the battle. We are talking about Canada, where they are trying to eradicate spam by means of law.

In July it will be a year since the Canada’s Anti-Spam Legislation (CASL) came into force and its results have been more that positive: according to a report, in the last ten months the spam received by Canadian Internet Users dropped 37%.

In fact, data go far beyond: the total of the emails received monthly by Canadian users has also dropped (29%) due to the spam reduction.

Canada

However, the problem is far from being solved. The CASL fight directly against spam sent from Canada, but can’t do anything when the sender is from another country. We are not talking about the Nigerian prince or Russian gold-diggers; 53% of the spam that Canadians receive actually comes from the United States.

A law to put an end to spam

For fighting against spam the CASL created three requirements about sending commercial emails and imposing hefty fines to any person or company that fails to comply these regulations:

  1. ‘You must have express or implied consent to send a commercial electronic message’.
  2. ‘You must clearly identify yourself and the business or organization sending the commercial electronic message’.
  3. ‘You must include an Unsubscribe mechanism on every commercial electronic message sent’.

Canadian companies that don’t strictly follow these criteria could receive a fine, as has already Compu-Finder, a company that received 26% of spam complaints, was fined for 1 million Canadian dollars (700.000 euros).

Canada has made it clear that there are things that can be done to clean Internet users’ inbox, but also, that without a global legislation the problem will never end.

The post How to reduce spam in almost 40%: Follow Canada’s example appeared first on MediaCenter Panda Security.

AVG

Adobe release critical security patches

Earlier this May, Adobe announced that, on Tuesday 12 May, it will release two vital updates to Adobe Reader and Acrobat that address critical security flaws.

Although Adobe has not yet announced what the issues are, all Adobe users should ensure that they install the update as soon as it becomes available to them.

Keeping your software up to date is one the simplest and most effective ways of keeping your device safe. New bugs and vulnerabilities emerge all the time and developers release updates to mitigate the threats.

For more information on how updating software helps protect your PC, watch the video below from AVG Security Awareness Director Michael McKinnon.

How updating software helps protect your PC

Video

How updating software helps keep you safe

 

 

AVG

Highlights from CeBIT Australia 2015

This week Sydney put on its finest weather for the CeBIT Australia 2015 trade show held at the famous city’s Olympic Park.  Featuring a diverse mix of technologies and innovation from the APAC region there was something for everyone, from 3D printing, robotics, low-power LED lighting, to enterprise and business computing.

The Australian-based AVG Business team was also there for the 8th consecutive year to capture the action and showcase AVG’s Secure-Sign-On, identity as a service, cloud, backup and IT management platforms.

On the security side, a particular highlight was the keynote talk from infamous black-hat turned white-hat hacker, Kevin Mitnick.  Mitnick captivated the audience with shocking revelations of devastatingly simple social engineering antics.

Mitnick

 

As is common-place at technology conventions these days, there were plenty of drones, and they’re getting smarter too.  One demonstrator walked in a circle around his drone while it faithfully hovered mid-air – and as he circled it, the drone rotated itself automatically, sensing where he was.

Drone CeBIT

 

And while we’re talking about smart gadgets, a return visitor to CeBIT was the kid-size humanoid robot soccer league – or more specifically the NUbot team from Newcastle University who are previous RoboCup world champions.

Nubot

 

What is RoboCup I hear you ask?  Well, imagine foot-high robots running (okay, shuffling) around a ridiculously undersized soccer pitch kicking a ball trying to score goals.  Hilariously, some of them kept falling over, as if to feign an injury (or so I imagined), and I found myself wondering if there had been any Italian inspired coding involved.

Green tech was once again a major feature at CeBIT with San Francisco based electric car manufacturer Tesla displaying one of their cars, a Model 85 – accompanied by a constant queue of people wanting to sit in the driver’s seat for a selfie!

Tesla

 

Were you at CeBIT Australia 2015? What were your highlights from the show? Let me know on Facebook or Twitter!

AVG

Watch out for Nepal Earthquake Scams

Unfortunately it is common for attackers and scammers to hijack news stories in an attempt such as the Nepal Earthquake to trick those trying to help.

One such website (which has since been removed) was savenepal.org

Save Nepal

 

If you wish to make a donation to the relief effort in Nepal, be sure to make it to an accredited charity. You can find a list of them here.

 

How to avoid phishing scams

Most scams take the form of a “phishing” attack, where victims are tricked into handing over their personal or payment details.

For more information on detecting and avoiding phishing scams, watch this AVG Academy video.

Video

How to avoid phishing scams

 

 Title image courtesy of FT.com

Panda Security

Russian models that fall in love with you… it’s a scam!

I want to chat with you” if you have received an email with this subject, or something similar, with the picture of a beautiful Miss Russia, just ignore it! She is not contacting you because she has fallen deeply in love with you.

The Spanish Internet User Security Office and the Spanish Civil Guard have warned about these scams, because as you might think their only purpose is to take all your money.

email scam

The Spanish Civil Guard warns via their Twitter account: Yes, we know that they are all crazy about you… but then they will ask you for money to come #SCAM

If you have already made some sort of contact, it is possible that they have already asked you for money so they can come to visit you, so you can finally meet in person,

In this case we recommend:

  • Don’t send money to anyone.
  • Stop all communications.

Spanish National Police warns us through their Twitter account about other kinds of scams similar to this one.

policia tuit fraude

As the tweet above says: someone answers to your add in which you are looking for concert tickets, a home for renting, etc. and they ask you for a deposit. Watch out, possible scam! Don’t take the bait!

Don’t fall for it!

The post Russian models that fall in love with you… it’s a scam! appeared first on MediaCenter Panda Security.

AVG

An Insider’s Look at the History of Cybersecurity

Vinton Cerf, often known as one of the “Fathers of the Internet”, was featured in a talk presented by The City Arts and Lectures, held in San Francisco on April 29.

For those who don’t know, Cerf was the co-designer, with Robert Kahn, of the TCP/IP protocols that founded the essential architecture of the Internet. He worked on building what would become Internet protocols as a graduate student. He now has the role of Chief Internet Evangelist for Google.

Cerf was brilliant and charming.  The audience listened intently to his anecdotes and stories about what grew to become the Internet – and so much a part of our daily lives. His talk was supposed to be focused on the Internet of Things, but ended up being wide-ranging and provided a lot of food for thought.

As we celebrate nearly 26 years of the Internet, Cerf’s shared that early Internet security considerations were hampered because work on public key cryptography systems remained top secret.

As Cerf noted in a video interview here:

“I worked with the National Security Agency on the design of a secured version of the Internet but we used classified security technology at the time and I couldn’t share that with my colleagues… If I could start over again I would have introduced a lot more strong authentication and cryptography into the system.”

Specifically in terms of the Internet of Things, Cerf said, it has a great capacity to reduce waste and costs in our everyday lives, but he also noted it definitely has security issues.

Cerf also detailed the fine line between the accessibility of digital data and the right to privacy. This is something he has obviously considered for a long time.

He chose healthcare as one example, where a patient’s heartbeat and temperature can be digitized, and that it is a great tool for medical professionals, but as Cerf said it “wields both ways,” as a hacker or crook would love to know the state of your health or when you’re going to be in the hospital.

Hearing the talk made me wonder what better security and encryption would have meant from the get-go for the Internet. Theoretically, it could have saved us many of the cybersecurity issues we face today.

Interestingly, as a backdrop, Cerf’s talk came on the heels of news of the White House being hacked. The White House had a data breach where Russian hackers apparently gained access to its unclassified computer system. This was reported back in October, but lightly, and now new details are emerging.

The good news is this hack didn’t include classified emails and information. The bad news: The hackers reportedly first breached the State Department system –via a phishing scam –and from there gained access to the White House network. You can read more in The New York Times article.

As they say, hindsight is 20/20, and the Internet is all about moving forward.

We all know cybersecurity issues will only become more important with IoT. If we are to change the course of cybercrime, it will require great minds like Vint Cerf along with champions for cybersecurity in both the private and public sector, more vigilance by businesses and better educated consumers who proactively take responsibility for their own cyber security. We’re certainly committed to doing our part.

You can hear Vint Cerf’s Internet of Things interview broadcast on City Arts & Lectures on Public Radio in the U.S. on May 24.

Title image courtesy of The Guardian