STE WILLIAMS

Supercharge your infrastructure

A group of embedded-device hackers has turned up a vulnerability in D-Link consumer-grade products that provides unauthenticated access to the units’ admin interfaces.

The backdoor means an attacker could take over all of the user-controllable functions of the popular home routers, which includes the DIR-100, DI-524, DI-524UP, DI-604S, DI-604UP, DI-604+ and TM-G5240 units. According to the post on the /DEV/TTYS0 blog, a couple of Planex routers are also affected, since they use the same firmware.

A Binwalk extract of the D-Link DIR-100 firmware revealed that an unauthenticated user needs only change their user agent string to xmlset_roodkcableoj28840ybtide to access the router’s Web interface with no login required.

The /DEV/TTYS0 researcher found the user agent string inside a bunch of code designed to run simple string comparisons. For one of those comparisons, “if the strings match, the check_login function call is skipped and alpha_auth_check returns 1 (authentication OK)”, the author notes.

Some commentards to that post claimed to have successfully tested the backdoor against devices visible to the Shodan device search engine.

The /DEV/TTYS0 author, Craig, says the backdoor exists in v1.13 of the DIR-100revA products.

At this point, there’s no defence against the backdoor, so users are advised to disable WAN-port access to the administrative interfaces of affected products. ®

5 ways to prepare your advertising infrastructure for disaster

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/10/13/dlink_routers_have_admin_backdoor/

Supercharge your infrastructure

The National Security Agency is hurting the US economy with its “dragnet” surveillance, says uber-leaker Edward Snowden.

Snowden made his remarks at an event in Russia last week, footage of which surfaced on Monday. He also alleged, via The Washington Post, that the NSA has been slurping the contents of some 250 million electronic address books a year.

“These [surveillance] programs don’t make us more safe. They hurt our economy. They hurt our country. They limit our ability to speak and think and to live and be creative, to have relationships, to associate freely,” said Snowden, who has been accused of aiding terrorists and America’s enemies. The footage of his speech appeared on Democracy Now.

One such program is a scheme that sees the secretive agency collect the contact books associated with widely used email services, such as Hotmail and Gmail, and instant-messaging clients such as Yahoo! Messenger, according to The Washington Post on Monday.

The agency grabs this data as it passes over major internet transit points, so it does not need to slurp it from internal Google or Yahoo! servers and therefore doesn’t need to make an official request for the information.

Major web providers are thought to have added SSL encryption to their services in response to programs like this, but there is evidence the NSA has been trying to smash internet encryption by performing man-in-the-middle attacks using compromised cryptographic certificates.

Though the NSA insists that American citizens are not specifically targeted, it does proactively collect network traffic from numerous international arteries, such as submarine cables connecting up continents. If traffic passes through these inspection points, then the agency slurps the data indiscriminately.

“The assumption is you’re not a U.S. person,” one spy source told The Washington Post. As Reg readers know, this is a rather strange way to view intercepted communications.

Snowden said: “There’s a far cry between legal programs, legitimate spying, legitimate law enforcement, where it’s targeted, it’s based on reasonable suspicion and individualized suspicion and warranted action, and sort of dragnet mass surveillance that puts entire populations under sort of an eye that sees everything, even when it’s not needed.”

We imagine the NSA would bridle at this description, given the shadowy organization’s recent claim that it isn’t spying on digital interactions, rather it is “seeking to understand online communication tools technologies”.

Just as Uncle Sam’s spooks are trying to understand what we do online, Snowden says in his speech that he felt compelled to leak the information on the programs so citizens can do the same.

“If we can’t understand the policies and programs of our government, we cannot grant our consent in regulating them,” he said. ®

5 ways to prepare your advertising infrastructure for disaster

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/10/15/snowden_nsa_snooping_hurts_our_economy/

Supercharge your infrastructure

Security researchers are raising funds to conduct an independent audit of TrueCrypt, the popular disk encryption utility.

TrueCrypt is widely used as a tool to strongly encrypt and decrypt entire drives, partitions or files in a virtual disk. It can also hide volumes of data and said to be easy to use.

The source code for the Windows, Linux and Mac OS X utility is publicly available for people to inspect and verify, but this has not been enough to convince every cryptography guru that it’s entirely secure.

For one thing, researchers have been unable to prove that the downloadable Windows executable, built by the TrueCrypt team, can be constructed purely from the published source code, for reasons based on unusual decisions by the developers – as explained by cryptographer Matthew Green here. (In short, the Windows binary appears to save a block of unexplained bytes with the encrypted data. Some fear this is a key to a backdoor, which would allow in-the-know to decrypt the data without the user’s password.)

Encryption authority Bruce Schneier has recommended TrueCrypt as a tool to keep sensitive files out of the grasp of the NSA’s global data dragnet, albeit it with caveats. He stops short of giving it a ringing endorsement.

“No, I don’t have any inside knowledge about TrueCrypt, and there’s a lot about it that makes me suspicious,” said Schneier. “But for Windows full-disk encryption it’s [TrueCrypt], Microsoft’s BitLocker, or Symantec’s PGPDisk – and I am more worried about large US corporations being pressured by the NSA than I am about TrueCrypt.”

TrueCrypt’s documentation makes it plain that it can’t secure data on a computer compromised by malware or a hardware keylogger. It’s also well known in computer forensics circles that TrueCrypt keys can be recovered from memory, even using commercial tools from the likes of ElcomSoft, given physical access to a powered-up machine. So-called cold-boot attacks allow the same trick to be tried on recently powered-down devices.

Encryption tools are not a panacea. Unless a user follows best practices and operational security guidelines then their precautions will be stripped away by cops, the Feds, intelligence agencies or other capable attackers.

Hidden backdoors? Who knows

That’s always going to be the case with any security or encryption tool but the concern here is that TrueCrypt may be unsafe even when it’s used properly because of a hidden backdoor or similar. These concerns have always been present, but have risen to the fore because of the ongoing controversy over Bullrun, the NSA’s effort to work with hardware and software technology vendors to weaken encryption systems and their underlying components.

A new project aims to crowd-source funding to audit TrueCrypt and compare its published source to the compiled binaries in circulation. Such an audit is long overdue, as the security experts who kicked off the fundraising drive explain:

We want to be able to trust it, but a fully audited, independently verified repository and software distribution would make us feel better about trusting our security to this software. We’re pledging this money to sponsor a comprehensive public audit of TrueCrypt.

The project was created by Kenn White, a systems engineer who co-founded BAO Systems, a hosted services provider to the health sector, and Matthew Green, a cryptographer and research professor at Johns Hopkins University. The project’s goals include conducting a public cryptanalysis and security audit of TrueCrypt version 7.1a, one of the latest builds, as well as sorting out licensing issues that have prevented the suite from being bundled with Linux distributions including Ubuntu, Debian and Red Hat.

In addition, researchers also want to certify a build of the security software for Mac, Windows and Linux users. They hope to apply a variety of approaches and tools to study the code, including potentially paying out bug bounties as well as paying for professional fingertip-searches of the code.

An evaluation [PDF] of the deniability of hidden volumes in TrueCrypt by Schneier and other experts five years ago discovered security leaks and other causes for concern. These issues may well have been fixed by now but without a proper audit we just can’t be sure.

Code review

Scrutinizing code is painstaking work that can only be carried out thoroughly by experienced and skilled practitioners, so the only way to nail this audit is to ensure it’s properly financed. Hobby projects have resulted in improvements in cryptography in other areas but auditing TrueCrypt is a far more serious undertaking that can’t be left to amateurs.

The project has attracted $2,922 via 36 pledges to FundFill and a further $1,640 through Indiegogo by Tuesday afternoon; a fair way towards its funding target of $25,000 within two months.

A blog post by Green outlines several reasons why an audit of TrueCrypt is needed and arguably even overdue.

“The ‘problem’ with TrueCrypt is the same problem we have with any popular security software in the post-September-5 era: we don’t know what to trust anymore,” he writes. “We have hard evidence that the NSA is tampering with encryption software and hardware, and common sense tells us that NSA is probably not alone. TrueCrypt, as popular and widely trusted as it is, makes a fantastic target for subversion.”

Green is careful to say he has no specific reasons for doubting the strength and security of TrueCrypt. The audit is proposed more in the spirit of “trust but verify” than a search to confirm a suspicion. The developers of TrueCrypt are anonymous and this is a major reason that Green et al are uneasy about TrueCrypt, and one of the main reasons it has become the target of a funding drive.

“We don’t have an upper limit on Fundfill. I’m talking to audit firms this week,” Green told The Register.

TrueCrypt’s anonymous developers could not be reached for contact. Their website denies of any suggestion that TrueCrypt has a hidden backdoor. The same statement explains that it’s not possible for TrueCrypt to assist in decrypting data in cases where users have forgotten their own password – suggesting once you’ve lost the key, there’s no way of recovering the data. ®

5 ways to prepare your advertising infrastructure for disaster

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/10/15/truecrypt_security_audit/

LOS ANGELES, CA–(Marketwired – Sep 26, 2013) – TeleSign, the Mobile Identity Company, today announced AuthID, the company’s updated authentication app to securely identify and grant user access. The company also introduced Verify 2-Way SMS for business-grade delivery and receipt of security SMS messages. With these new offerings, TeleSign is helping companies securely authenticate customers and verify transactions.

AuthID Offers User Authentication and Secure Transactions

TeleSign introduced AuthID as a secure method to authenticate users’ logins and online transactions. Instead of requiring users to carry smart cards or key fobs, AuthID verifies user identity directly through the app on a user’s mobile phone. As a complement to SMS and voice authentication, AuthID adds an additional option so that users can choose their preferred method.

AuthID offers three new features to ensure secure logins and transactions:

Simple Push Notification provides alerts that appear on the user’s phone screen and prompts them to interact with an option as simple as selecting “Accept” or “Deny.” If an end user selects “Deny,” they are also given the option to report the request as fraud.

With the Code Challenge, a numeric code appears on the website and prompts the user to wait for a notification on their phone. The user will then enter the code into the mobile app to validate the authentication.

The new Soft Token tool uses a cryptographic key to provide a unique number that changes every 30-seconds. If the number entered by the user matches with the number on TeleSign’s authentication server, access is granted.

“AuthID allows users to have security and support in the palm of their hands,” said Charles McColgan, CTO at TeleSign. “With AuthID, customers are notified of a breach as soon as it happens and are able to protect their accounts from fraudsters, from the convenience of their mobile phone.”

AuthID is available under the AuthID brand with customizable and brandable alerts, banners, and icons or as a white labeled standalone app for customers that want their own branded experience.

Verify 2-Way SMS Provides Secure Message Delivery and Response

Verify 2-Way SMS uses an out-of-band method to communicate and confirm receipt of security-related messages between companies and their end users. With this approach, Verify 2-Way SMS can be used for secure transaction verification (e.g. notification of a wire transfer), confirmation of key account changes or two-factor authentication. This method can thwart man-in-the-middle (MITM) and man-in-the-browser attacks (MITB) and prevent the use of stolen account credentials.

About TeleSign

Every second, of every day, TeleSign protects the world’s largest Internet and Cloud properties by establishing and verifying Mobile Identity.

Digital businesses use TeleSign’s Mobile Identity platform to preserve their ecosystem by detecting a suspicious user before account creation, and to better protect their existing user base from account compromise.

TeleSign is trusted by the world’s largest companies and protects 2.5 billion accounts in more than 200 countries and in 87 languages.

Article source: http://www.darkreading.com/intrusion-prevention/telesign-unveils-authentication-app-and/240162625

.conf2013, LAS VEGAS, Sept. 30, 2013 — ForeScout Technologies, Inc., a leading provider of pervasive network security solutions for Fortune 1000 enterprises and government organizations, today announced a technology partnership with Splunk Inc., the leading software platform for real-time operational intelligence. In conjunction with the partnership, ForeScout has made available bi-directional integration between ForeScout CounterACT and Splunk Enterprise and a new ForeScout App for Splunk Enterprise. By combining ForeScout’s dynamic endpoint visibility, access and security capabilities with Splunk Enterprise’s advanced machine data analytics capabilities, enterprises gain enhanced threat insight and automated control.

ForeScout CounterACT helps organizations gain complete visibility for all devices, users, systems and applications attempting to connect to or on an enterprise network – wired or wireless, managed or unmanaged, PC or mobile. Devices are dynamically discovered, classified, profiled and assessed without requiring agents. CounterACT applies policy-based controls to: allow, limit or block access; manage guests and BYOD users; monitor and enforce endpoint compliance and mitigate violations and exposures. All captured information, as well as event logs, can be sent to Splunk Enterprise for data analysis, reporting and optimized retention. In addition, operators can enable Splunk Enterprise to communicate with CounterACT to directly mitigate security issues. As a result, IT organizations can make their data truly actionable.

“IT organizations are challenged with enormous visibility and control gaps given increased network complexity, BYOD proliferation and the velocity of sophisticated threats. Users not only want greater operational intelligence, but they also want the means to efficiently analyze data and effectuate policy,” said Scott Gordon, chief marketing officer at ForeScout. “A combined approach with ForeScout and Splunk gives the best of both worlds to solve a broad range of security issues.”

The ForeScout App for Splunk Enterprise allows customers to easily use and create a wide variety of operational dashboards and reports which take advantage of Splunk Enterprise to efficiently analyze, visualize and store huge volumes of identity, device, application, access and violation data generated by ForeScout CounterACT. Security analysts can combine this information with other big data sources for real-time monitoring and to conduct historical searches to identify advanced threats, fraud and other security exposures. Furthermore, Splunk can be easily configured to send triggered event data to ForeScout CounterACT in order to remediate endpoint security issues, isolate breached systems or trigger other policy-based controls.

“In today’s threat landscape, all data is security relevant and requires a solution that delivers real-time insights. ForeScout CounterACT provides visibility to network and endpoint activity that our customers can use to augment their Splunk analytics in order to monitor for critical security issues and expedite investigations,” said Bill Gaylord, senior vice president of business development at Splunk. “Leveraging the interoperability of Splunk Enterprise and ForeScout not only helps expand the surface area for customers to more rapidly and confidently identify problems but also automates controls to directly mitigate threats.”

The ForeScout App for Splunk Enterprise is available now on Splunk Apps. ForeScout integration with Splunk is performed via syslog, CEF (Common Event Format) and Web API (Application Programming Interface) standards. To check out the app, visit ForeScout at .conf2013 (hashtag #splunkconf), Splunk’s fourth annual worldwide users’ conference, Splunk Partner Pavillion, booth 7.

Relevant Links

ForeScout Splunk Integration Resource Center

ForeScout Blog

ForeScout Facebook

ForeScout Twitter

Tweet this: ForeScout and Splunk Team on Big Data and Actionable Intelligence http://bit.ly/191dxrS

About Splunk Inc.

Splunk Inc. (NASDAQ: SPLK) provides the engine for machine datatrade. Splunk software collects, indexes and harnesses the machine-generated big data coming from the websites, applications, servers, networks, sensors and mobile devices that power business. Splunk software enables organizations to monitor, search, analyze, visualize and act on massive streams of real-time and historical machine data. More than 6,000 enterprises, universities, government agencies and service providers in over 90 countries use Splunk Enterprise to gain operational intelligence that deepens business and customer understanding, improves service and uptime, reduces cost and mitigates cybersecurity risk. Splunk Storm, a cloud-based subscription service, is used by organizations developing and running applications in the cloud.

To learn more, please visit www.splunk.com/company.

About ForeScout Technologies, Inc.

ForeScout delivers pervasive network security by allowing organisations to continuously monitor and mitigate security exposures and cyberattacks. The company’s CounterACT appliance dynamically identifies and assesses all network users, endpoints and applications to provide complete visibility, intelligence and policy-based remediation of security faults. Because ForeScout’s solutions are easy to deploy, unobtrusive, open and scalable, they have been chosen by more than 1,500 enterprises and government agencies. Headquartered in Campbell, California, ForeScout offers its solutions through its network of authorised partners worldwide. Learn more at: www.forescout.com.

Article source: http://www.darkreading.com/management/forescout-and-splunk-team-on-big-data-an/240162626

NQ Mobiletrade Security Center Identities New Fraudware Virus Threat for Android Users

Virus Guises itself as Copycat Application Update via Google Play to Track Data Usage

BEIJING and DALLAS, October 15, 2013 — NQ Mobiletrade (NYSE: NQ) a leading global provider of mobile Internet services, announced that its security center has identified, “Copycat App,” a new fraudware virus threat targeting Android users in China and several countries in South East Asia.

“Copycat App,” identified as a.frau.longjian.a, appears to Android users as an update of the extremely popular NetDragon 91 Assistant app. When the user chooses to update with this fraudulent app, it automatically downloads other repackaged apps in the background that consume the user’s data.

The main nefarious behaviors of these repackaged apps are to:

subscribe to fee based services via SMS without the user’s knowledge, resulting in unwanted bill charges

access and collect various details about user’s device, such as phone information (e.g. phone number, IMEI, IMSI) and user’s apps, invading the user’s privacy

At the time of identification and inoculation, the number of infections has been identified as 193 users within a combination of mainland China, Angola, Hong Kong, Iraq, Macao, Malaysia, Singapore, Taiwan and Vietnam.

“While the superior technology used by NQ Mobile was able to quickly isolate and inoculate this malware with fewer than 200 infections out of billions of downloads of the legitimate app, it is important to note that it was spread across nine countries,” said Gavin Kim, Chief Product and Commercial Officer, NQ Mobile. “This again, shows that malware knows no boundaries and will continue to spread as more affluent markets are targeted.”

NQ Mobile Securitytrade for Android is available for download on Google Play.

About NQ Mobile

NQ Mobile Inc. (NYSE: NQ) is a leading global provider of mobile Internet services. NQ Mobile is a mobile security pioneer with proven competency to acquire, engage, and monetize customers globally. NQ Mobile’s portfolio includes mobile security and mobile games as well as advertising for the consumer market and consulting, mobile platforms and mobility services for the enterprise market. As of June 30, 2013, NQ Mobile maintained a large, global user base of 372 million registered user accounts and 122 million monthly active user accounts through its consumer mobile security business, 87 million registered user accounts and 16 million monthly active user accounts through its mobile games and advertising business and over 1,250 enterprise customers. NQ Mobile maintains dual headquarters in Dallas, Texas, USA and Beijing, China. For more information on NQ Mobile, please visit http://www.nq.com/.

Article source: http://www.darkreading.com/vulnerability/nq-mobile-discovers-copycat-app-malware/240162644

Universities and colleges are pumping out more and more software engineers each year. Yet it would seem to many in the industry that the quality of these freshly minted graduates is decreasing. Perhaps “quality” is too harsh a word — “immediate usefulness” would likely be more appropriate. What’s the problem?

During my career I’ve been lucky enough to work with and manage several of the world’s most renowned security engineering and research teams. In some cases, it may have been the pedigree of the development teams that made it inappropriate to recruit new graduates or anyone with less than five years of experience, but in other cases, with tight deadlines and demanding schedules, the development teams themselves weren’t prepared to expend the energy and time retraining a newbie.

That problem of “retraining” has always gnawed at me and, during the past year or so as I’ve worked with a growing number of universities and computer science professors around the world, I think I have a better understanding and articulation of the root cause to the “usefulness” problem when it comes to new software engineering graduates.

At its crux, the delta between university and commercial development can largely be attributed to two missed opportunities in the computer science:

1. 1. Individual project development. Through various courses and projects, students predominantly work on individual study assignments. It is the exception rather than the norm that they engage in group or collaborative development projects. I’ve been told about a common perception among students of university “honor code” infringement when it comes to discussing assignments or collaborative work.

   The problem with this in the commercial world is that, unless you’re a phenomenal and well-known uber-engineer (or working for a dinky never-heard-of start-up), you’re almost never going to be working on a project or product as a sole contributor. At every stage of a project, you’ll be working within a collective of software engineers, QA engineers, product managers, and project managers. Group communication and collaboration skills are mandatory — so, too, is maturity.

   Very rarely is an engineer born with these key group skills; they’re skills that must be practiced and reinforced through hands-on experience. This should be occurring daily within the university and college education program, but it’s not.

2. 2. Creating fresh applications. Most curriculums place an emphasis on learning the dynamics and advantages of a montage of programming languages and styles. The vast majority of projects and assignments students will participate in will revolve around writing new applications or modules from scratch. Very rarely will students have to face code written by others, or, if they do, it’ll be to find some kind of logic flaw or bug.

   The reality of commercial software development is that the vast majority of time a software engineer will be editing someone else’s code. More than likely the code will be several years old, passed through the hands of a dozen or more developers over that time, and only rudimentarily documented, and the engineer will be tasked with extending some existing functionality. Refactoring existing code to make it more efficient or reflect new standards is a timely and costly task, and no product manager will allow that to happen without a great deal of fuss that’ll be well above a freshly minted engineer’s pay grade.

I suspect that many of the old-hands charged with running engineering organizations or leading development teams are nodding to themselves right this moment — wishing, too, that the next batch of newbie engineers pouring out of the college and university gates were better prepared for the careers they have chosen.

The disparity between the skills newly minted software engineers arrive with and the operational needs of the engineering teams they eventually join are felt acutely within the security industry. It takes a special and finely honed engineering skill set to make legacy applications and the code they’re written from more secure. Merely sitting through a course covering the secure development life cycle (SDL) isn’t enough to make a difference — new engineers need the communication skills to negotiate and socialize ideas with their colleagues, and the ability to tweak existing code snippets and routines if they’re to be useful within the first few months of on-boarding.

Gunter Ollmann, CTO, IOActive Inc.

Article source: http://www.darkreading.com/attacks-breaches/the-reality-of-freshly-minted-software-e/240162657

WASHINGTON, Oct. 15, 2013 /PRNewswire-USNewswire/ — In honor of National Cybersecurity Awareness month, the American Bankers Association is offering tips for consumers to protect their identity.

“Financial fraud, including identity fraud, is a very real risk that must be taken seriously,” said Frank Keating, ABA president and CEO.

Identity fraud occurs when a criminal obtains and misuses someone’s personal information without permission, typically for economic gain. For many victims, it can result in drained bank accounts, poor credit, and a damaged reputation.

“The best way to contend with financial fraud is to prevent it from ever happening in the first place,” said Keating. “Banks use sophisticated technology and monitoring techniques, intricate firewalls and other methods of securing customer data, but there are steps consumers must take as well.”

ABA offers the following tips to help consumers protect themselves from becoming a victim of financial fraud:

— Don’t share your secrets.

Don’t provide your Social Security number or account information to anyone who contacts you online or over the phone. Protect your PINs and passwords and do not share them with anyone. Use a combination of letters and numbers for your passwords and change them periodically. Do not reveal sensitive or personal information on social networking sites.

— Shred sensitive papers.

Shred receipts, banks statements and unused credit card offers before throwing them away.

— Keep an eye out for missing mail.

Fraudsters look for monthly bank or credit card statements or other mail containing your financial information. Consider enrolling in online
banking to reduce the likelihood of paper statements being stolen. Also, don’t mail bills from your own mailbox with the flag up.

— Use online banking to protect yourself.

Monitor your financial accounts regularly for fraudulent transactions.

Sign up for text or email alerts from your bank for certain types of transactions, such as online purchases or transactions of more than $500.

— Monitor your credit report.

Order a free copy of your credit report every four months from one of the three credit reporting agencies at annualcreditreport.com.

— Protect your computer.

Make sure the virus protection software on your computer is active an up to date. When conducting business online, make sure your browser’s padlock or key icon is active. Also look for an “s” after the “http” to be sure the website is secure.

— Protect your mobile device.

Use the passcode lock on your smartphone and other devices. This will make it more difficult for thieves to access your information if your device is lost or stolen. Before you donate, sell or trade your mobile device, be sure to wipe it using specialized software or using the manufacturer’s recommended technique. Some software allows you to wipe your device remotely if it is lost or stolen.

— Report any suspected fraud to your bank immediately.

SOURCE American Bankers Association

Article source: http://www.darkreading.com/end-user/aba-provides-identity-fraud-prevention-t/240162677

DULLES, Va. (Oct. 15, 2013) — While U.S. government officials find the current pipeline for cybersecurity talent to be lacking, 82% of U.S. millennials say no high school teacher or guidance counselor ever mentioned to them the idea of a career in cybersecurity, according to a new survey commissioned by Raytheon (NYSE: RTN) and conducted by Zogby Analytics. The survey also found less than one-quarter of young adults aged 18 to 26 believed the career is interesting at all.

“Given that we need to add thousands of cybersecurity professionals to the workforce in the coming years, the data shows we have a long way to go in engaging young people in the idea of a career path in cybersecurity,” said Michael Kaiser, executive director of the National Cyber Security Alliance. “We have to work together to ensure that young people are prepared to use technology safely, securely, ethically and productively and are aware of the interesting and rewarding jobs available protecting the Internet.”

Young men (35 percent) are far more interested than young women (14 percent) in a career in cybersecurity, according to the survey, which was released as the U.S. marks the 10th anniversary of National Cyber Security Awareness Month, sponsored by the Department of Homeland Security and the National Cyber Security Alliance.

The survey found many young adults raised on social networking trust technology and are not overly concerned about the threat of online identity theft or of their personal data being stolen. Seventy-five percent of survey respondents said they were confident their friends would only post information about them on the Internet that they are comfortable with and 26% said they had never changed their mobile banking password.

The Facebook Generation, sometimes referred to as “Generation F,” includes millennials who have grown up using social networking tools such as Twitter, Facebook, LinkedIn and Pinterest. The Raytheon Millennial Cybersecurity Survey found that despite their risky online behavior, many millennials are becoming aware of Internet risks and are taking steps to protect themselves. Eighty-two percent of millennials password-protect their laptop or desktop computer, the survey found, while 61% password-protect their mobile phone. Thirty-seven percent of millennials said they had backed up the data on their laptop or desktop in the last month.

Key survey findings include:

Eighty-two percent of U.S. millennials say no high school teacher or guidance counselor ever mentioned to them the idea of a career in cybersecurity.

Young men (thirty-five percent) are far more interested than young women (fourteen percent) in a career in cybersecurity.

Thirty percent of millennials have met someone online who gave them a fake photo, false information about their job or education, or other misleading information about themselves.

Twenty percent have had to ask someone to take down personal information posted about them in the last year.

Forty-eight percent have used a portable storage device for their computer that was given to them by someone else.

Eighty-six percent said it’s important to increase cybersecurity awareness programs in the workforce and in formal education programs.

“Today’s millennials are tomorrow’s leaders and their embrace of technology will continue to drive our economy forward,” said Jack Harrington, vice president of Cybersecurity and Special Missions for Raytheon’s Intelligence, Information and Services business. “This survey shows the gaps that exist in teaching personal online security to our youth and in our efforts to inspire the next generation of innovators.”

For more detail and analysis of the survey findings, please visit the Raytheon Millennial Cybersecurity Survey Report and infographic illustrating the survey findings.

Methodology

The Raytheon Millennial Cybersecurity Survey was fielded by Zogby Analytics from Sept. 5 to Sept. 9, 2013. The responses were generated from a survey of 1,000 adults in the U.S. aged 18 to 26. The margin of error for the survey was plus or minus 3.2 percentage points at a 95% confidence level.

About Raytheon

Raytheon Company, with 2012 sales of $24 billion and 68,000 employees worldwide, is a technology and innovation leader specializing in defense, security and civil markets throughout the world. With a history of innovation spanning 91 years, Raytheon provides state-of-the-art electronics, mission systems integration and other capabilities in the areas of sensing; effects; and command, control, communications and intelligence systems; as well as a broad range of mission support services. Raytheon is headquartered in Waltham, Mass. For more about Raytheon, visit us at www.raytheon.com and follow us on Twitter @Raytheon.

Article source: http://www.darkreading.com/management/raytheon-survey-finds-cybersecurity-tale/240162661

San Francisco, CA – October 15, 2013 – Today, Sgrouples (https://www.sgrouples.com/), the Safe Social Alternative, announced the launch of its “My Cloud Storage” feature.

My Cloud Storage, now integrated into the Sgrouples platform as a “DropBox-like” feature, allows members to store and back up their photos, documents, and videos. Members have the option of choosing different storage capacities to match their needs, (100 GB, 200 GB, or 500 GB), above the 4 GB of space the company provides for free to each registered member.

Storage My Cloud Storage prices match those of DropBox, but Sgrouples members also enjoy additional complimentary features and functionality. Sgrouples members can easily connect with friends, family, and co-workers in separate groups as well as individually, sharing real life via videos, photos, documents, discussions, events, chat, privacy mail, and more.

Uniquely at Sgrouples, the privacy-centric platform, My Cloud Storage service gives Sgrouples members a dashboard-style control over previously shared content. Members can selectively delete their posts to groups, contacts, and even external social media accounts such as Facebook and Twitter–all from My Cloud Storage.

Sgrouples Founder and CEO, Mark Weinstein, made the following comment at the launch of My Cloud Storage: “At Sgrouples we are doing something amazing, restoring personal privacy and respect for people, within a cutting-edge communication platform that simplifies our lives. With the launch of My Cloud Storage, we have added another pillar of convenience for Sgrouples members. I am proud that Darcy Travlos at FORBES has called Sgrouples the “next generation in the evolution of social media.”

And as always, Sgrouples members own all their data and content. Anything stored by Sgrouples is back by its revolutionary privacy policy and privacy bill of rights.

About Sgrouples – Sgrouples is the next generation social platform with privacy you trust. No tracking, no stalking, no facial recognition–nothing creepy. Sgrouples enhances and supports the different groups in your life, giving you exclusive control over any overlap (or not) between them. Built into the Sgrouples platform are customizable ways to share photos, videos, discussions, documents, privacy mail, chat, and more. From your friends and family to your neighbors and co-workers; from being a baby, teenager, parent, or elder; Sgrouples is the convenient, fun, and flexible platform that serves your life and its organization.

At Sgrouples, a patent-pending advertising model anonymizes your information while providing you with ads of your choosing–with “No-Ads” as an option. The world’s first Privacy Bill of Rights delivers safety and trust. A crisp and simple User Interface replicates real life communication patterns and interactions.

Article source: http://www.darkreading.com/management/new-cloud-service-combines-safe-social/240162662