Pulse


Pulse

By GCN Staff


superfish spyware

Lenovo CTO: Superfish spyware confined to consumer notebooks

While the Superfish VisualDiscovery spyware found on some Lenovo PCs has damaged the company’s reputation, enterprise customers have been assured the adware was confined to consumer market notebooks.

Superfish adware intercepts users’ web traffic to provide targeted advertisements. It also installs a non-unique trusted root certification authority (CA) certificate, allowing an attacker to spoof HTTPS traffic, which US-CERT calls “a classic man-in-the-middle attack.” 

In an open letter from Lenovo CTO Peter Hortensius, he wrote that, “this issue was limited to our consumer notebooks and in no way impacted our ThinkPads; any tablets, desktops or smartphones; or any enterprise server or storage device.”

The company has also released an automated removal tool so customers could remove Superfish and related files. Additionally, Microsoft, McAfee and Symantec updated their software to automatically disable and remove this software.

Nevertheless, US-CERT says the systems that came with the software already installed will continue to be vulnerable until corrective actions have been taken. Instructions on detecting and eliminating Superfish are available from US-CERT.

Posted on Feb 24, 2015 at 11:21 AM1 comments


USDA cultivates open data

The burgeoning open data movement has taken hold in federal agencies as well as state and local governments.  Open data increases citizens’ confidence in government and fosters innovation and economic growth. Additionally, open data can improve agency operations as data is available in a central location.

In the last year, the Department of Agriculture has published over 800 data sets on usda.gov/data and data.gov, according to a recent agency announcement.  

In addition, USDA said it is engaging other stakeholders so it can use that feedback to improve future data submissions. In the last year USDA participated in the Safety Data Palooza and held Open Data Executive Seminars and the Open Data 500 Roundtable.

The Safety Data Palooza was co-hosted with the Department of Transportation to highlight innovations using open data from developers in the private, non-profit and academic sectors.  Various IT professionals from USDA lead policymakers during Open Data Executive Seminars providing briefings on open and big data. 

Lastly, the Open Data 500 Roundtable promoted the use of data to combat climate change.  The roundtable examined various ways data can address the risk climate change poses to the food supply as well as how data can help produce “food resilience” among the farming and food producing industry.    

USDA will continue to promote open data in 2015, outlining five goals: 

  • Document and institutionalize data publishing.
  • Development of interagency partnerships that can provide greater value for innovators and small business startups.
  • Improve the quality of USDA data sets.
  • Work with AgGateway, a group of non-profit businesses that aim to enhance and expand e-business in agriculture, to build on standards and definitions.
  • Identify who is using USDA open data sets in order to better tailor services to those users.

Posted on Feb 23, 2015 at 10:15 AM0 comments


N.C. joins states fielding live traffic safety apps

The morning commute can be a nightmare when travelers are pressed for time and unable to check traffic or weather reports before they leave home.  North Carolina has taken steps to address their concerns with the introduction of an application that allows users to check real-time conditions of roads and weather from desktops or smartphones.

The Traveler Information Management System (TIMS) provides NCDOT personnel, the public, media, emergency personnel and other state and federal agencies with 24/7 real-time data on incidents and weather conditions that affect traffic and structures on North Carolina roadways.

The app also features a search function, which allows users to zero-in on their region, route and county. TIMS provides live traffic camera coverage with updates on accidents and road conditions to provide commuters the latest possible information before they depart.   

Information from TIMS can be downloaded to an Excel spreadsheet. It is also available via RSS or SOAP feeds.

North Carolina joins a growing number of states providing mobile access to traffic data via 511 services, including Idaho, Virginia and Kentucky.

Idaho’s 511 mobile application provides access to real-time data on routes and highways across the state, including zoomable maps, roadwork and construction locations, traffic speeds, traffic incidents and video images in available areas. 

Virginia’s 511 mobile app lets users view data feeds via a map-based interface from over 800 live traffic cameras.  Virginia’s app makes voice alerts available to users who can program them for traffic events within a 5-mile to 15-mile range. In Virginia, users can also tap a “Reach The Beach” feature for best routes to Virginia Beach during peak summer beach travel.

Posted on Feb 19, 2015 at 12:44 PM0 comments


Boston tackles gridlock with Waze data

Boston tackles gridlock with Waze data

Boston Mayor Martin Walsh is continuing to take steps to ameliorate the sometimes discouraging traffic conditions within his city. Walsh announced a data-sharing partnership with the mobile traffic application Waze, which lets users see real-time traffic flows based on crowdsourced transportation information.

The city’s partnership is expected to help relieve traffic in two ways: more users will have access to information about road closures, and the Boston Traffic Management Center (TMC) will be able to use transportation data from Waze to better organize the city’s traffic flow–  including coordinating traffic signals more accurately. Boston has already been using data from Waze to supplement information received from hundreds of intersection cameras to help coordinate traffic signals.

This spring, the city will pilot several new approaches, such as evaluating traffic signal prioritization and its effectiveness along key routes. The city receives aggregated traffic speed data from the over 400,000 Waze users in the Boston area, which will allow it to measure before and after impacts on traffic speeds along targeted corridors.

The partnership with Waze follows the city’s earlier announcement to partner with the popular rideshare application Uber.  The Uber deal called for the ridesharing company to provide the city with its quarterly trip logs, which include time stamps as well as pick-up and drop-off data, distance traveled during trips and the duration of trips. The city plans to use this data to help its transportation system run smoother.  

“This partnership will help engineers in the TMC respond to traffic jams, accidents and road hazards quicker,” Boston’s Transportation Department Commissioner Gina Fiandaca said of the city’s new partnership with Waze. “And, looking forward, the Waze data will support us in implementing – and measuring the results of – new congestion management strategies.”  

Posted on Feb 17, 2015 at 1:14 PM0 comments


Facebook launches social media tool for cybersecurity pros

On the heels of President Obama’s announcement of a Cyber Threat Intelligence Center, Facebook also announced it was launching a framework for sharing cybersecurity information.

Facebook’s ThreatExchange is a social media framework that lets security professionals share threat information more easily, learn from each other’s discoveries and make their own systems safer, according to the platform’s website.

Mark Hammel, Facebook’s manager of threat infrastructure, told the Financial Times that ThreatExchange had been developed from a system that Facebook was already using internally to make it easier to catalog threats to the site in real time.

Facebook’s ThreatData  framework imports information about cybersecurity threats on the Internet in arbitrary formats, storing it efficiently and making it accessible for both real-time defensive systems and long-term analysis, the company said.

Early partners for ThreatExchange include Bitly, Dropbox, Facebook, Pinterest, Tumblr, Twitter and Yahoo.

Posted on Feb 12, 2015 at 7:35 AM0 comments