Pulse


Pulse

By GCN Staff


Secure browsing, messaging skyrockets after high-profile hacks

Secure browsing, messaging skyrockets after high-profile hacks

Secure browsing topped a list of the most activated mobile applications  in the last year, according to a report by enterprise mobile management firm Good Technology, which estimated that secure browsing rose 197 percent quarter over quarter and was the most activated app in 2014, increasing tenfold.

Citing the catastrophic damage from the hacking at the U.S. Central Command, the Sony Studio attacks and a recent breach in 30 banks in over 100 countries, Good said enterprise demand for secure mobile browsing was accelerating and with it an interest in overall app security.

“With the rapid ascent of these attacks, [organizations] of all sizes are investing in and activating mobile apps that have been designed for security from the inside out,” according to the company’s Mobile Index Report for Q4 of 2014.

 “A secure browser reduces the risk on mobile devices, where traditional anti-malware and firewall solutions are typically not in place,” the report added.

In addition to secure browsing, secure instant messaging also rose, with a 131 percent jump last quarter and a nine-fold increase throughout the year, according to the report.

Good CEO and chairman Christy Wyatt acknowledged that the end user is “often the weakest link in any security model.”  As a result, it’s critical that enterprise IT managers ensure that “employees, customers and partners are using secure-based apps across mobile workflows is [to build] cyber resiliency,” she said.

Good also announced new products, including support for user access to enterprise apps via the Apple Touch ID feature on iOS devices. With IT department enablement, users can access any Good-secured app using their fingerprints on Apple smartphones and tablets without affecting Good's container security. This feature might be especially useful in the public sector where adoption of iOS devices is greater. iOS makes up 82 percent of devices in the public sector, Good said, possibly because of the perception of security issues across the fragmented Android landscape.

The company also said it would provide secure data and content access on wearable devices through the Good Dynamics Platform. The platform secures business data stored on wearables and shared between other Good secured apps.

Posted on Mar 09, 2015 at 1:46 PM0 comments


DHS offers prize for indoor tracking tech

When firefighters or police enter a building, the rest of their team often has no way to track them. If the building is filled with smoke, the responder himself may not even know where he is.

The difficulty of tracking responders indoors is exacerbated if radio communications are poor or non-existent. And current solutions based on GPS technology don’t work well for indoor tracking because of weak signals and the difficulty of penetrating buildings.

In an effort to crack the problem, the DHS Science and Technology Directorate announced the “Where am I, Where is my Team?” prize for developing personalized, modular and scalable approaches to track first responders indoors.  Submissions should consist of a concept/design for a low cost, robust, real-time indoor tracking capability using current and emerging technologies, sensors and techniques, DHS said.

Ideally, a winning solution will be wearable, and able to self-report real-time x, y, z positioning, according to DHS. Additionally it should be “mission-agnostic,” meaning it could be used by law enforcement, firefighting, emergency medical services and/or emergency management.

“Indoor tracking is a critical need for first responders,” said Dr. Robert Griffin, DHS Deputy Under Secretary for Science and Technology and former firefighter and emergency manager. “When a firefighter runs into a burning building or when law enforcement raids a warehouse, incident commanders need to maintain situational awareness of the locations of team members.”

The total cash prize payout for this competition is $25,000, consisting of a first place award of $20,000 and a second place award of $5,000.

To submit ideas, the public can register at https://www.innocentive.com/ar/challenge/9933726. Winning submissions may be selected for development and operational use. All submissions must be received by April 2, 2015. More information is available in the Federal Register.

Posted on Mar 05, 2015 at 12:40 PM0 comments


NIST funds center to model disaster recovery strategies

NIST funds center to model disaster recovery strategies

After a large storm system rips through a community, a quick response time is essential for saving lives and rebuilding so communities can get back to business.  To help communities improve disaster response and remediation, The National Institute of Standards and Technology awarded a $20 million contract to Colorado State University to create the Community Resilience Center of Excellence.

The center will develop computer tools and virtual models to help local governments decide how best to invest in resources to mitigate the impact of extreme weather on communities and speed recovery. 

NIST-CORE or Community Resilience Modeling Environment, will be a pivotal piece of the center’s capabilities for meeting stated goals.  Using an open-source platform, NIST-CORE will incorporate risk-based decision-making and enable quantitative comparisons of different resilience strategies, NIST said.

The system will provide scientific metrics and decision tools that communities will use to evaluate the resilience of a built environment and its interconnected infrastructure. The models will also integrate social systems that are essential to recovering communities in various sectors, such as health care delivery, education, social services and financial institutions.

“The tools developed by the center will help to further advance the important goal of disaster resilience from ambitious concepts to cost-effective solutions that communities can implement over time,” said Acting Under Secretary of Commerce for Standards and Technology and Acting NIST Director Willie May.

NIST-CORE will eventually be capable of performing analysis unlike any other disaster-resilience model in the world – learning from one analysis to the next.  As it continues to be applied, NIST-CORE’s performance will be tested alongside data from previous disasters. 

Posted on Mar 04, 2015 at 1:50 PM0 comments


CBP expands mobile passport app

CBP expands mobile passport app

Last August, the Customs and Border Patrol introduced a mobile iOS application that streamlined the entry of qualified individuals into the United States by allowing them to submit passport information electronically prior to inspection.  

CPB’s Mobile Passport Control app is now expanding to include Android devices and will also be available to travelers at the Miami International Airport. 

When Mobile Passport Control first launched, it was used solely at Hartsfield-Jackson Atlanta International Airport.  Due to the success of the mobile application, CBP expects expand to an additional 20 airports by 2016. 

Developed by Airports Council International-North America in concert with Airside Mobile and CBP, Mobile Passport Control allows travelers to create a profile, submit a declaration form and get an electronic receipt that they can show to agents at the airport, along with their passports. Travelers using the app experience more rapid service and less wait times, CPB said.

Posted on Mar 03, 2015 at 11:56 AM0 comments


superfish spyware

Lenovo CTO: Superfish spyware confined to consumer notebooks

While the Superfish VisualDiscovery spyware found on some Lenovo PCs has damaged the company’s reputation, enterprise customers have been assured the adware was confined to consumer market notebooks.

Superfish adware intercepts users’ web traffic to provide targeted advertisements. It also installs a non-unique trusted root certification authority (CA) certificate, allowing an attacker to spoof HTTPS traffic, which US-CERT calls “a classic man-in-the-middle attack.” 

In an open letter from Lenovo CTO Peter Hortensius, he wrote that, “this issue was limited to our consumer notebooks and in no way impacted our ThinkPads; any tablets, desktops or smartphones; or any enterprise server or storage device.”

The company has also released an automated removal tool so customers could remove Superfish and related files. Additionally, Microsoft, McAfee and Symantec updated their software to automatically disable and remove this software.

Nevertheless, US-CERT says the systems that came with the software already installed will continue to be vulnerable until corrective actions have been taken. Instructions on detecting and eliminating Superfish are available from US-CERT.

Posted on Feb 24, 2015 at 11:21 AM1 comments