Pulse


Pulse

By GCN Staff


FCC releases its own mobile performance testing app

The Federal Communications Commission recently released its eagerly anticipated Speed Test phone app, which will measure mobile broadband performance for Android users. Developed in cooperation with SamKnows Ltd., the app performs periodic tests when the phone is not in use, and it also allows for manual tests by the user. If the app gets enough users, the FCC will be able to gather speed data on cellular carriers nationwide.

With this information, the FCC intends to release an online interactive map that will detail how well each data provider does in different locations, including network performance, upload and download speed, latency, packet loss and other performance factors. All four major wireless carriers have agreed to participate in the app, and the FCC has stated that no personally identifiable information will be collected. 

While this is a first for the FCC, the broadband speed test is not a new concept. Speedtest.net, launched in 2006, is a popular website and app from Ookla. It allows users to test data connection speeds and publishes all available data on its website. The FCC is following suit with this crowdsourced mobile performance testing, which is in line with FCC Chairman Tom Wheeler’s goals to ensure adequate competition in the wireless and broadband markets. 

"Knowledge about how various mobile broadband providers compare, at specific locations in a geographic market, will aid [mobile users] in choosing the provider that best suits their needs," FCC Commissioner Mignon Clyburn said in a statement. "Transparent information about service performance does not just enable consumers to select among service offerings in a meaningful way. It also creates incentives for providers to improve those services." 

The app works by collecting user location, device type including operating system, time of data collection and cellular and broadband performance characteristics, such as signal strength and speed, FCW reported. An iPhone version of the app is expected to be released in January 2014.

Posted on Nov 22, 2013 at 9:09 AM0 comments


Less malware predicted for 2014 but new tactics emerge

Cybersecurity was a hot topic in 2013 with agencies increasingly focusing on insider threats, attacks from nation states, and compliance. Last week Websense Security Labs released its cybersecurity predictions for 2014, suggesting areas IT managers should monitor: 

Advanced malware volume will decrease. Research has shown that the quantity of new malware is beginning to decline. However, this means cybercriminals will rely less on high-volume advanced malware because over time it runs a higher risk of detection. They will instead use lower volume, more targeted attacks to hack into networks. 

Attackers will be more interested in cloud data than networks. Because critical business data is increasingly stored in cloud-based systems, criminals will focus their attacks more on data stored in the cloud than data stored on the network. 

Java will remain highly exploitable and highly exploited. Organizations that continue to use older versions of Java will remain extremely exposed to exploitation. In 2014 criminals will devote more time to finding new uses for tried-and-true attacks and crafting other aspects of advanced, multistage attacks. 

Attackers will compromise organizations via professional social networks. As the business community continues to increase its social media use, attackers will increasingly use professional websites, such as LinkedIn, to get in touch with executives to gather intelligence and compromise networks.

Criminals will target the weakest links in the “data-exchange chain.” Attackers will target the consultants outside the network who have the most information. This includes contractors, vendors and others who typically share sensitive information with the large corporate and government entities. 

Read the full report.

Posted on Nov 21, 2013 at 9:15 AM0 comments


FAA releases road map for domestic drones

Last week, the U.S Department of Transportation’s Federal Aviation Administration released its first road map outlining safety measures for unmanned aircraft systems (UAS), also known as “drones.” The 66-page document addresses policies, regulations, technologies and procedures that will be required for use of commercial drones in national airspace.

Drones are typically used by federal, state and local government agencies, as well as universities conducting research. The Department of Homeland Security uses drones for border monitoring; NASA and the National Oceanic and Atmospheric Administration use them for atmospheric research; while Virginia Tech uses drones for mapping agricultural diseases. 

The road map explains that developing minimum standards for sense and avoid technology, monitoring control and communications and finding ways to ensure that UAVs can comply with air traffic control visual clearances and instructions are among the challenges yet to be overcome.

In response to concerns from privacy and civil liberties advocates, the FAA also released its final privacy policy for UAS test sites. The road map and the privacy policy have been in the works since February 2012, when Congress mandated that the FAA integrate commercial drones into civilian airspace by 2015. The FAA plans to select six test sites to research how to safely integrate UAS into the national airspace. Test site operators will manage individual site privacy policies. 

Posted on Nov 14, 2013 at 8:11 AM1 comments


3 tips for secure use of USB drives in the agency

The convenience USB drives offer for portable storage is well known. But so is the potential security threat.

Devices can easily be lost or stolen, putting agency data at risk, or used to deliberately take data from an agency, as Edward Snowden did. They can even be used to introduce malware to a network: A 2011 penetration test by the Homeland Security Department found that 60 percent of USB drives deliberately left in agency and contractor parking lots were picked up and inserted into network computers.

In a recent blog post, Chris LaPoint, vice president of product management at SolarWinds, offered three basic steps agencies can take to ensure USB drive security:

Monitor and track network activity. Unusual activity can indicate breaches or USB-introduced malware. 

Use a secure managed file transfer system. These Web-based systems control access through virtual folders, eliminating the need for physical media and allowing for active monitoring. 

Use a USB defender tool. These provide real-time alerts whenever a USB drive is in use, and block usage if a malicious attack is detected. 

Government agencies have struggled with how to balance the convenience of portable storage devices with the security risks they create. In fact, the Defense Department instituted a ban on these devices for two years, which was eventually lifted in favor of regulated use. Sound precautionary measures, and use of products such as encrypted USB drives, can help agencies store and share their data efficiently.

Posted on Nov 12, 2013 at 7:43 AM0 comments


Microsoft issues fix for zero-day IE flaw

Microsoft’s monthly Patch Tuesday update includes a fix for a recently discovered zero-day vulnerability in Internet Explorer that the company said was being exploited. The flaw is present in all versions of Windows from XP through the most recent version, 8.1.

The security company FireEye said it had found exploits of the flaw carried out against IE 7, 8, 9 and 10, on PCs running XP or Windows 7, Computerworld reported. FireEye said the exploits were part of a watering hole campaign involving an infected website in the United States. The company didn’t identify the site but said it focused on domestic and international security policy.

Watering hole attacks are becoming popular among malicious actors as an alternative to attacks such as spear phishing. Like spear phishing, they’re highly targeted, but instead of sending someone a targeted email that will try to induce them to click on a link to an infected site, watering hole attacks pick sites their targets are likely to visit, infect the site and then lie in wait. When the target — either an individual or someone from a targeted group — visits the site, the user's computers can be compromised.

The exploit FireEye found was unusual because it was designed to erase itself when the PC is rebooted, Darien Kindlund, the company’s manager of threat intelligence, told Computerworld. Such an attack harder to detect because it leaves no trace after the restart, but it also means that the attackers must have operators on hand when a target, likely identified by its IP address, visits the site to take advantage.

Posted on Nov 12, 2013 at 11:10 AM0 comments