Tag Archives: News

Panda Security

Are we closer to hacker-proof computer code?

formal verification

Can you imagine a system that could not be hacked? That repelled those who tried? This apparently impossible dream has been pursued by developers for decades, without much success. In theory, this is perfectly possible; in practice, however, it demands too much effort and program code would be too long.

However, the HACMS project has taken a very big step to fulfill that dream. According to information recently revealed to the public, in the summer of 2015 the U.S. Defense Advanced Research Projects Agency (DARPA) conducted an experiment consisting of subjecting an unmanned military helicopter equipped with a new kind of security mechanism to attack by a team of six hacking experts. The helicopter was impossible to hack into, despite the hackers had the advantage of having been given access to some parts of the drone’s computer system.

The security mechanism they were testing is based on an old concept that only recently is becoming a reality: formal verification, a style of software programming that ensures code integrity. With the technology that we have today, it was absolutely impossible to hack into key parts of the helicopter’s computer system, its code as trustworthy as a mathematical proof.

Writing such strong computer code has been the aspiration of every expert since the inception of computer science. For a long time it seemed hopelessly out of reach, but the technological advances made by military and academic institutions, in collaboration with large multinationals such as Microsoft and Amazon, have made the idea of creating hacker-proof code a closer reality.

 

The technological advances made by military and academic institutions, along with tech giants, 

have pulled hacker-proof code into a closer reality.

panda securityThe ongoing efforts towards developing unhackable code are being spurred by the need to strengthen security in our increasingly interconnected world, with the Internet of Things becoming a reality in households, cities and almost every object that surrounds us.

The promising results of the HACMS project have already been replicated in other areas of military technology, such as satellites and driverless trucks, and Microsoft is working on two projects based on similar techniques: one aimed at securing complex cyber-physical systems such a drones, and another one, codenamed Everest, to create a verified version of HTTPS that allows users to browse online safely.

It is difficult to think that we are witnessing the beginning of the end of hacking, but it is true that we are one step closer to making things much harder for cyber-criminals by designing programs which, with today’s technologies, are impossible to tamper with.

 

The post Are we closer to hacker-proof computer code? appeared first on Panda Security Mediacenter.

Panda Security

Microsoft and Apple unveil new computers with improved security features

apple microsoft security

In events that took place on consecutive days, the two tech giants presented last week their new ‘weapons’ in the fight for computer supremacy. Whereas Microsoft has decided to go for more pricey, sophisticated and innovative computers, Apple has decided to stay with what the company knows works well and has limited itself to introducing some improvements in its acclaimed laptop computers.

The Redmond company has taken everyone by surprise by rolling out an ‘all-in-one’ device, Microsoft Studio, aimed at knocking the iMac off its perch as the favorite tool among creative pros. The new computer is one part PC, one part graphics tablet. It can be folded, allowing artists and designers to use it in a similar way to a tablet, while offering at the same time an extremely powerful computer very reminiscent of Apple’s iMac for all kinds of professionals.

Additionally, the company founded by Bill Gates has upgraded its Surface Book tablet and presented the new update of its Windows 10 operating system: Windows Creators Update. This new version is stuffed with new features, including the first revision in a long time of its security tool Windows Defender.

The program ditches its classic look and feel in favor of a more Windows 10-style appearance, with a responsive interface adapted to touch screens. It also looks like Windows Defender will be integrated with other tools, like Windows Firewall or Family Safety, allowing for central management of all security aspects of Microsoft’s operating system.

As for Apple, the new MacBook Pro features some significant enhancements with regards to security. First, it incorporates Touch ID for the first time ever. Touch ID, already present in the company’s iPhones, is a fingerprint scanner which, despite posing certain security risks, introduces a new mechanism to verify a user’s identity on Apple’s computers beyond traditional passwords.

This biometric security system will be integrated into Apple’s laptops through the new Touch Bar, a multi-touch strip located above the keyboard and which displays contextual menus and allows for different actions depending on the program you are using. With the Touch Bar, for example, you will be able to do something as simple as paying for an online purchase just by placing your finger on the small display.

If this were not enough, the new MacBook Pro comes equipped with a secondary processor that will perform all security-related tasks, including managing Touch ID and the new Touch Bar. This secondary processor includes what is called ‘Secure Enclave’ technology, specifically designed to manage personal and confidential data most securely.

 

The post Microsoft and Apple unveil new computers with improved security features appeared first on Panda Security Mediacenter.

Panda Security

97% of Large Companies are Victims of Mass Data Breaches

data-breachAshley Madison, Dropbox and Yahoo have something in common—they are all victims of mass data breaches where user log-in credentials were stolen. Sadly, this type of tactic has become more common over the last year. What’s even worse is that it seems like this will continue to be an objective for cybercriminals—after all, why wouldn’t they want access to millions of users’ data? The greater the risk, the bigger the reward.   

Large corporations cannot escape these attacks. Although you might think that regular internet users are the targets of these attacks, most cybercriminals are after large corporations. Despite the security solutions that companies can implement, a recent study has revealed that 97% of the thousand largest companies in the world have been victims of data breaches.

The 97% of the thousand largest companies in the world have been victims of data breaches.

Many users choose to use their corporate email when signing up for one of these online services which, over time, will be victims of some type of attack. If a business’s employees always use the same password to access different platforms, regardless if they use their work email or a personal one, the situation becomes much riskier.

Following a recent investigation, out of all the mass leaks that have affected large corporations, LinkedIn suffered a massive data breach during the attacks last May. Adobe was a victim of a similar attack during 2013. It’s no wonder these two companies were hit: both services are accessed by professionals who use their corporate emails to log-in.

However, the LinkedIn and Adobe cases are not the only multinational companies who have been victims. In fact, the study also reveals one of the most famous data breaches, the Ashley Madison attack that endangered thousands of corporate emails linked to large corporations.

Large economic consequences

The danger these data breaches have on corporate accounts is much greater than simply affecting the company’s reputation. In fact, according to a recent report by the Ponemon Institute , these data breaches cost companies an average of 4 million dollars, that’s more than 3.5 million euros.  With that said, make sure your employees are educated on the matter—While signing up for one of these services, they shouldn’t use corporate information like business emails, and they should make sure they use different usernames with several complex passwords.

The post 97% of Large Companies are Victims of Mass Data Breaches appeared first on Panda Security Mediacenter.

Panda Security

Signature recognition, a reliable replacement for passwords?

firma panda security

Biometrics continue to stand first in line to replace traditional passwords. All those whose employees use long and complex combinations of letters and numbers will be looking forward to a system whereby all that is required is for a fingerprint or iris pattern to be recognized by a sensor in order to access the services that employees have to use every day.

Nevertheless, in addition to these two popular systems which some latest generation mobile devices already incorporate, other biometric-based systems have been put forward as the alternative that will finally consign traditional passwords to history. This is the case with signature recognition.

What is it?

The truth is that this is a system that has been around for decades, in one form or another. Whenever you pay by credit card and have to sign a digital screen with an e-pencil, signature recognition is being used to confirm your identity. What’s happening is that your signature pattern is being contrasted with the one that your bank has stored in its systems.

This is not however a simple comparison of both images. The security software doesn’t just place the two signatures next to each other to see if they coincide, or at least, if they are similar. In reality, signature recognition compares the way that both images have been created, looking for a similar behavioral pattern.

Advantages and Disadvantages

So although it may be relatively simple to forge a signature, replicating the speed and pressure that was used to make the signature is practically impossible. As such, signature recognition using the most advanced technologies appears to be the perfect replacement for passwords for operating corporate bank accounts.

However, as with all secure identification methods, there are also downsides. One of the major setbacks is that the way we sign things varies for a number of reasons, which is a serious challenge. For the system to be practical, it is essential to be able to distinguish between a slow signature due to an injury and one that is the result of an attempted fraud.

Moreover, it is not an efficient way, at least at present, of accessing services. In fact, when you sign for something when paying for it, this data is not being used in real time. Instead, the data is sent to your bank to be validated later.

The current failings, however, of signature recognition will not see the door closed on this technology. It is more than likely that future corporate banking operations will be authorized through a simple signature on a tablet or smartphone.

 

The post Signature recognition, a reliable replacement for passwords? appeared first on Panda Security Mediacenter.

Panda Security

Modern Day Fears – Don’t Let The Monsters Get You

pandasecurity-modern-days-fears-halloween-2It is this time of the year when we are all going to Halloween costume parties, playing pranks on each other and visiting haunted attractions. Why do we do it? Well, we want to ward off the evil spirits while having fun in the process. There is nothing wrong with that!

However there are plenty of scary things going on in real life too. Instead of going to Knott’s Scary Farm, turn on the TV. We’ve come up with a list of modern world fears. We sincerely believe that 10 years from now you will be more afraid of hackers in Eastern Europe than from going to the dentist. In the year 2025, the Bogeyman will no longer be after you, he most likely will be after your virtual reality goggles and your credit card information!

Here are a few things people are scared of this Halloween

DDoS-o-phobia

Early this week half the internet went down after an unprecedented DDoS attack. The attack was so big that people were unable to complain on Twitter, as Twitter itself was down. Experts say an army of smart fridges, webcams, DVRs and other IoT devices managed to ruin your Monday morning! This on its own sounds like the plot of a Hollywood blockbuster, a bad one obviously. The media reported that some manufacturers left their devices so vulnerable to hacking attacks that they now are having some of their products recalled.

Imagine telling someone, 20 years ago, that an army of smart fridges and webcams would cause a major disruption in people’s lives! They would probably have laughed and brushed you off as a joker. Today though it is reality and is a real threat to our everyday life. Twitter and Facebook are like electricity, people start panicking when these services go missing.

Hack-o-phobia

So far we’ve learned that there are millions of people literally begging to be hacked as they don’t have their cell phone passwords set. The good news is that the other 2/3 of the US adult population actually have their cell phone passwords set and they are not interested in giving it up easily. Monsters are scary, but sharing your precious moments and credit card information with complete strangers whose main purpose in life is to ruin yours, sounds even scarier.

People should be scared, especially if they are not doing much to prevent hackers from stealing information from their smart devices.

Cell-phone-damage-o-phobia

The dog used to be man’s best friend, now it is the smartphone! A recent study confirmed that every day we spend more than four hours staring at our smartphones. We’ve never been as reliant on smartphones as we are now. With this in mind, we are attached to our smartphones and one of our biggest fears is of damaging them, or even worse, having our device in the hands of people who want to take advantage of all the confidential information on it.

So before you start watching horror movies at home – turn on the news channel, the threat is real and your fears are justified. Be prepared, be very prepared… by downloading the best free antivirus software in the world.

Panda Security wishes you a very scary Halloween! Stay safe!

The post Modern Day Fears – Don’t Let The Monsters Get You appeared first on Panda Security Mediacenter.