In early 2014, the University of Alabama will decommission the UA public wireless network. All users will be required to log on to UA-WPA2 instead. The Office of Information Technology is making this change in order to provide the most up-to-date wireless security and scalability in our wireless infrastructure. The change will not affect other wireless networks in use on campus. For additional details, go to www.oit.ua.edu anyone with questions should contact the IT Service Desk at email@example.com or 205.348.5555. Thank you
To defend themselves against hackers, some of America’s largest corporations have adopted shadowy tactics usually reserved for government spies.
They go undercover, infiltrate secretive hacking groups and occasionally even build personal profiles of their attackers — everything short of physically hunting them down themselves.
The old method of constructing defenses and waiting for a strike doesn’t cut it anymore, according to security professionals who advise Fortune 500 firms. Cyberattacks have gotten far more effective, especially now that hackers are increasingly being funded by foreign governments.
In fact, experts said that key corporate executives — whose email accounts usually carry the most prized information — are no longer the target of choice for hackers. Instead, the bad guys now try to hack into accounts of secretaries, who are often just as knowledgeable as their bosses, or engineers who create valuable intellectual property.
“The more modern approach is: I want to know who’s going to attack me, so I can tune my defenses in advance,” said Ian Amit, service director at security consultant IOActive.
None of the security consultants who spoke to CNNMoney would identify their clients. But the consultants said the largest firms in banking, energy, technology and health care are the ones most likely to be engaging in espionage to keep hackers at bay.
So how exactly are companies fighting back? Some use what’s referred to as “active defense.” Amit said that involves maintaining a cybersecurity team to monitor clandestine chat forums or marketplaces where hackers plan their assault. This usually happens on the so-called deep web, where anonymity is paramount.
Sneaking in. The first step is infiltration, security experts say. To fit in, some corporate scouts are fluent in Arabic, Chinese or Russian. To gain the community’s trust and prove themselves as worthy, some even stage hacks of their own company. A bank might create a few throwaway credit card accounts.
“You’ll fake compromise a few credit cards and lose a couple of bucks. If that buys your way into a forum that gives you a heads up on intelligence on future fraud,” Amit said.
Businesses may also prepare bait to lure in an outside attack. Some set up computer servers as targets to passively study the hacker’s movements. Others ruin the digital files hackers are trying to loot as it leaves their system. Hackers stealing large amounts of data tend to compress files to move them faster, so corporate tech security will change a single byte in the compressed file, rendering it useless.
The scary reality of hacking infrastructure
Companies often team up with consultants for the heavy lifting. A team of operatives at anti-virus software maker Symantec (SYMC, Fortune 500) does that very kind of spy work.
Samir Kapuria, who leads Symantec’s Security Intelligence Group, recalls an incident last year when a major manufacturer (he wouldn’t name) created bogus blueprints of a valuable product and left it hidden in its servers. When the company later found it being traded in an underground community, it knew there was a leak somewhere in its computer system.
“For them, it was really telling,” Kapuria said.
Hacking the hackers. As companies up the ante, some flirt with the idea of fighting back. Jeffery Stutzman is the CEO of Red Sky Alliance, which coordinates intelligence sharing among 30 of the world’s largest conglomerates. His firm profiles attackers by keeping their pictures, phones numbers and other personal information on file.
At a recent security industry conference in New York City, he noted the building sentiment among some companies to commit a counterstrike.
“I’m all for the Second Amendment right in cyber,” he said, referring to the right to bear arms. “You’ve got to be able to defend yourself.”
That could mean hijacking an attacker’s computer and making its hard drive overheat. Or wiping it blank. Or turning on their webcam and taking their picture.
But industry experts say that type of offensive is rare, and admitting to it is taboo. Although tempting, the risks of getting caught are too high, said Craig Carpenter, a marketing executive at digital investigating firm AccessData.
Fighting back is time intensive and expensive. Because hackers occasionally hijack servers to launch an attack, fighting back might hurt an innocent third party. And if it’s a state sponsored attack, as with some Chinese government hacking, an American firm might be striking back on a government-owned enterprise.
“Vigilantism in the cyber world is dangerous,” Carpenter said. “You could find yourself in a situation of undeclared war. It’s a really bad idea.”
It would also draw the ire of the FBI, which is why the industry norm is to document attacks, track down hackers and hand over “prosecution files” to the FBI. It gives federal agents a significant head start and puts companies one step closer to eliminating the threat.
“As a commercial entity, it’s very hard to take an operation down by yourself,” IOActive’s Amit said. “This is a law enforcement thing.”
In an effort to improve retinal implant technology, researchers have developed a new method that uses microsecond pulses, on-chip counter-electrodes, and controlled firing of electrodes to shape the electrical field, which could help people who have lost their sight see more than just light and vague shapes.
Researchers at the University of Arizona and University of Tübingen have made a breakthrough in retinal implant technology that could help people who have lost their sight see more than just light and vague shapes.
Wolfgang Fink, an associate professor in the UA departments of electrical and computer engineering and biomedical engineering, is researching new implant design and methods of electrical stimulation of the retina that will enable retinal implants to produce much clearer images.
Fink conducted the research jointly with Erich Schmid, professor emeritus of theoretical atomic and nuclear physics at the University of Tübingen, Germany. Fink will present the team’s findings in San Diego during the November 6-8, 2013 IEEE International Conference on Neural Engineering, organized by the Engineering in Medicine & Biology Society.
Only a handful of companies and research institutions worldwide are developing retinal implants, which stimulate surviving retinal cells in people who have lost their sight due to common degenerative diseases such as macular degeneration and retinitis pigmentosa. Implant patients can usually detect the presence of light, but the images they perceive are very low resolution.
“Current technologies and methods are far behind what can be done,” said Fink, who is working with Tech Launch Arizona to patent the new technology and license it to retinal implant developers.
The conference presentations – “Simultaneous vs. Sequential and Unipolar vs. Multipolar Stimulation in Retinal Prostheses” and “Electric Stimulation of Neurons and Neural Networks in Retinal Prostheses” – will reflect the team’s view that implants on the market don’t work, and will propose new methods for achieving higher resolution images so implant patients can see in greater detail.
The low-level visual acuity currently achievable, Fink said, enables implant patients to make out white stripes on a black computer screen, or to distinguish between white objects such as a cup and a plate on a black background in a darkened room. “But only if the patients are told in advance that they are to choose between a cup and a plate,” Fink said.
The level of restored vision the research team thinks is achievable, using its discoveries, is for an implant patient to be able to make out a bird flying in the sky. To accomplish that level of detail, the team’s novel method of electrical stimulation uses microsecond pulses, on-chip counter-electrodes, and controlled firing of electrodes to shape the electrical field.
The technology of retinal implants
Retinal implants consist of an array of electrodes that are activated – either by light entering the eye or by a signal from a camera mounted outside the eye – to emit electric fields, which in turn stimulate retinal cells that send signals to the brain.
In an attempt to achieve greater resolution, some companies are developing implants with more densely packed electrodes while maintaining the array’s same small footprint. Just adding more electrodes, however, is not the answer, Fink said, stressing that without the stimulation methodology he and Schmid propose, the vision achievable with hundreds or even thousands of electrodes would be no better than that achieved using tens of electrodes.
“Stimulation methodology is what achieves the improved vision, not electrode density,” Fink said.
Stimulation methodology, not electrode density, is key
One problem with current implants, Fink explained, is that the return electrode, or counter-electrode, is too far from the electrode array, or chip, often somewhere within the patient’s head. This configuration does not allow fine-tuned stimulation of retinal cells that are just microns above the chip.
The research team’s solution is to use electrodes on the chip as return electrodes, so the electrical stimulation can be more focused.
Some electrodes are programmed to fire in short bursts – it is these microsecond high-voltage pulses that stimulate retinal cells – while others are programmed to fire for longer periods. The team has discovered that the field emitted by the longer-firing electrodes can be used to shape the field emitted by the electrodes firing in short bursts.
It’s easy, but erroneous, to visualize a one-to-one relationship between the electrodes on a chip and the retinal cells they stimulate to form a pixel. An electrode cannot emit an electric field with laser-like focus – the laws of physics dictate otherwise. In reality, each electrode, when firing alone, emits a hemispherical field that stimulates all retinal cells in its vicinity. When all the electrodes on an array are fired up simultaneously, the fields bunch together but never overlap, again due to physics. However, the shape of the electrical field can be controlled by selectively firing the electrodes in specific patterns.
For example, an electrode’s stimulating field can be shaped by fields from adjacent electrodes into what the team calls a “fountain” – a tall, focused electric field that pushes upward directly into a localized region of the retina and then cascades down, fountain-like, to the return electrodes on the chip.
Chip-level field shaping improves visual perception
Unlike the technology developed by Fink and Schmid, current retinal implants rely on longer pulses, typically measured in milliseconds, and a single distant counter-electrode. They also lack the firing-sequence control that enables fields to be shaped.
“If you look at the electrode array in the cup and plate scenario, only a few electrodes of the entire array are firing and stimulating the retina – all the other electrodes are quiescent,” Schmid said. “This is why current implants appear to work well.”
Conversely, Schmid said, being able to see a bird flying – a small, dark shape traversing an expanse of blue and white – is a highly complex task for a retinal implant. And it’s a negative of the cup and plate scenario: Every single electrode is firing except for those tracking the bird.
“With every electrode firing simultaneously, the fields are forced into very thin, almost parallel electric field lines. There is so much bunching going on that no electric current can leave the chip. You’re basically strangling the stimulation being emitted from the chip,” said Schmid, likening the effect to squeezing around the middle of a bunch of straws.
In the artificial vision generated by the implant, that bird is represented by non-firing electrodes. However, the absence of an electrical field above those electrodes leaves a vacuum into which adjacent fields readily enter, thus obliterating the image of the bird. The team’s novel field-shaping and neural stimulation methods would allow the bird to be perceived.
Beyond Retinal Implants
Taken in its wider context, Fink and Schmid’s research is about neural stimulation.
“We believe this same methodology could work for all forms of neural stimulation,” said Fink. “It could be applied to paralysis, deep brain stimulation, things like that. There are definitely some cool ideas to explore that go way beyond vision.”
Fink is the founding director of the Visual and Autonomous Exploration Systems Research Laboratory, and the inaugural holder of the Edward and Maria Keonjian Endowed Chair. He holds joint appointments in the UA departments of electrical and computer engineering, biomedical engineering, systems and industrial engineering, aerospace and mechanical engineering, and ophthalmology and vision science.
In 2012 he was elected to the College of Fellows of the American Institute for Medical and Biological Engineering for his outstanding contributions in the field of ophthalmology and vision sciences with particular focus on diagnostics and artificial vision systems.
The U.S. Department of Energy and the National Science Foundation have funded Fink’s research into artificial vision, and his research contribution to the DOE Artificial Retina project involved developing a real-time image-processing system, determining the most effective electric stimulation patterns (awarded two patents to date), and designing a robotic surrogate for patients with a vision implant. In 2009, the DOE Artificial Retina project won R&D Magazine’s R&D 100 Award and the Editors’ Choice Award as one of the top three of the 100 award winners that year.
Source: Pete Brown, College of Engineering, University of Arizona
A pair of vulnerabilities in Internet Explorer are currently being exploited in the wild to install malware on computers that visit at least one malicious Web site, security researches warn.
The classic drive-by download attack targets the English versions of IE 7 and 8 in Windows XP and IE 8 on Windows 7, security firm FireEye warned in a company blog post Friday. However, the security researcher wrote that its analysis indicated that other languages and browser version could be at risk.
“The exploit targets the English version of Internet Explorer, but we believe the exploit can be easily changed to leverage other languages,” FireEye researchers Xiaobo Chen and Dan Caselden wrote. “Based on our analysis, the vulnerability affects IE 7, 8, 9 and 10.”
The second of the two holes is an information leakage vulnerability that is used to retrieve the timestamp from the program executable’s header.
“The timestamp is sent back to the attacker’s server to choose the exploit with a ROP chain specific to that version of msvcrt.dll,” the pair wrote. “This vulnerability affects Windows XP with IE 8 and Windows 7 with IE 9.”
The exploit’s “ROP chain,” or return-oriented programming, is a technique for disguising executable code from security defenses.
FireEye wrote in a follow-up post that further analysis found that the exploit was part of an advanced persistent threat (APT) in which attackers inserted the exploit code directly “into a strategically important website, known to draw visitors that are likely interested in national and international security policy.”
Further distinguishing this exploit from others is that the payload was delivered without first writing to disk, a technique that “will further complicate network defenders’ ability to triage compromised systems, using traditional forensics methods,” the researchers wrote.
“Specifically, the payload is shellcode, which is decoded and directly injected into memory after successful exploitation via a series of steps,” FireEye researchers wrote in the latest post. “By utilizing strategic Web compromises along with in-memory payload delivery tactics and multiple nested methods of obfuscation, this campaign has proven to be exceptionally accomplished and elusive. APT actors are clearly learning and employing new tactics.”
FireEye did not identify the affected Web but said the attacks can be mitigated by using Microsoft’s Enhanced Mitigation Experience Toolkit (EMET).
Security Fears Give Way to Economics as Cloud Computing Grows
By Jordan Robertson - Mar 27, 2013 9:30 AM CT
Stuart McClure has simple advice for companies that want to put their data in the cloud: Don’t do it. When it comes to security, the former chief technology officer of McAfee said choosing a safe service can be like “picking a dog with the least fleas.”
Yet when McClure needed help running his security startup, Cylance Inc., he didn’t heed his own advice. He said he reluctantly hired a company that handles administrative work such as managing employee 401(k)s over the Internet, even though he described the cloud provider’s initial security plan as an “abysmal mess.”
“It’s just a painful process,” McClure said. “The challenge is you have to get comfortable accepting a certain amount of risk around the data — and if you can’t do that, you really shouldn’t get into the cloud.”
The economics of cloud computing have become so irresistible that even die-hard opponents, who fear confidential information will be stolen or service outages will hurt their business, are making the shift to save money on hiring staff and buying computer servers.
Spending on cloud computing is forecast to grow 18.5 percent to $130.7 billion worldwide this year, according to Gartner Inc. As consumers pour data into the websites of Google Inc. and Amazon.com Inc., companies including Salesforce.com Inc., Savvis Inc., Terremark Worldwide Inc. and Rackspace Hosting Inc. have grown up alongside them catering to businesses.
Still, the question about cloud computing remains: Is it secure?
The answer: Large, successful attacks aimed specifically at cloud providers for business have, for the most part, not materialized. Yet.
“I’ve been looking for it, but I can’t find any real evidence that the cloud is more risky than hosting everything completely internal,” said Wade Baker, managing principal of Verizon’s RISK group, which investigates breaches. Verizon owns cloud provider Terremark. “I’ve studied a lot of breaches; we get a lot of information from a lot of different organizations, and it doesn’t seem to be there.”
Most hacking attacks against corporations are still aimed at internal computer systems, he said. Eighty percent of the breaches Verizon investigated in 2012 involved internally hosted data. The remainder involved externally hosted data — but those breaches began inside companies’ networks and spread to the third-party hosting services, not the other way around, Baker said.
While cloud companies are loath to disclose details of attacks against their networks, hackers are clearly paying attention.
FireHost, a cloud hosting company based in Richardson, Texas, blocked more than 64 million attacks last year, said senior security architect Chris Hinkley. Most were directed at FireHost’s clients and not the online service itself, he said.
The distinction is important in determining whether the cloud is riskier than using internal networks. Hackers who attack FireHost clients may have no idea they’re actually targeting servers managed by a cloud service. But direct assaults against FireHost’s infrastructure are growing, Hinkley said, which indicates some hackers are focusing on the cloud.
One upside — perhaps the only one — to the high number of attacks is that it gives FireHost valuable insight into hackers’ techniques.
“It’s a double-edged sword,” Hinkley said. “We have thousands upon thousands of different customers on our infrastructure, and we’re seeing attacks on those tenants. But the benefit of our infrastructure is we can use all the attack data to protect other clients.”
Savvis, a subsidiary of Monroe (Louisiana)-based Internet provider CenturyLink, said last year it was seeing 400 targeted attacks per month on its public application programming interface (API), which amount to direct assaults on the cloud company’s infrastructure. Attacks were growing 25 percent per quarter.
The number of attacks has since stabilized, said Chris Richter, Savvis’s vice president in charge of security products and services, who declined to give updated numbers.
Google is seeing targeted attacks against both its consumer and corporate data stored in the cloud, according to Eran Feigenbaum, director of security for Google Apps.
“Any online presence that’s saying they’re not seeing targeted attacks is not being forthright or doesn’t have the insight into what’s going on,” he said. In one high-profile attack, hackers from China targeted the Gmail accounts of human-rights activists in 2009. Google now has 300 information-security professionals focused on protecting company and client data, Feigenbaum said.
Even as the cloud market grows, lingering concerns over security have affected how companies use third-party online services.
Only a fifth of the largest companies use an external cloud service for critical tasks, said John Pescatore, director of emerging security trends at the SANS Institute, a research and training group based in Bethesda, Maryland. For instance, big banks are reluctant to outsource the systems used to process ATM transactions.
Still, cloud services can be especially appealing to small companies that can’t afford to run secure data centers, said Richard Bejtlich, chief security officer of Mandiant in Alexandria, Virginia, a firm that investigates hacking attacks.
That was the case for Mike Gustafson, chief executive officer of Virident Systems, a data-storage company. While at a previous company, which only had three full-time IT workers, he was part of an internal debate over whether to outsource critical data to the cloud. The issue boiled down to balancing millions of dollars in savings with the potential security risks. After receiving contractual assurances from the provider, Gustafson signed on.
“For our business model, it was much more attractive to look at a small fixed price,” he said.
In spite of his discomfort with cloud services, Cylance’s McClure was able to alleviate his concerns by striking a deal with a provider that satisfied his security demands.
“Cloud security is an oxymoron,” McClure said. “Unless you’re working with veteran, well-established entities, when you start to move away from those more mature models, you get into a slippery slope that falls off really quick when it comes to security.”
Security fears often accompany technological change, but those issues can be managed with enough preparation, said the SANS Institute’s Pescatore.
“When we left the mainframe, the security guys said the world’s over — how are we going to secure all these PCs?” he said. “Every time we make one of these major changes, security gets broken and threats come around and life goes on.”
Big data: The next frontier for innovation, competition, and productivity
May 2011| byJames Manyika, Michael Chui, Brad Brown, Jacques Bughin, Richard Dobbs, Charles Roxburgh, Angela Hung Byers
The amount of data in our world has been exploding, and analyzing large data sets—so-called big data—will become a key basis of competition, underpinning new waves of productivity growth, innovation, and consumer surplus, according to research by MGI and McKinsey’s Business Technology Office. Leaders in every sector will have to grapple with the implications of big data, not just a few data-oriented managers. The increasing volume and detail of information captured by enterprises, the rise of multimedia, social media, and the Internet of Things will fuel exponential growth in data for the foreseeable future.
Deep analytical talent: Where are they now?
Research by MGI and McKinsey’s Business Technology Office examines the state of digital data and documents the significant value that can potentially be unlocked.
MGI studied big data in five domains—healthcare in the United States, the public sector in Europe, retail in the United States, and manufacturing and personal-location data globally. Big data can generate value in each. For example, a retailer using big data to the full could increase its operating margin by more than 60 percent. Harnessing big data in the public sector has enormous potential, too. If US healthcare were to use big data creatively and effectively to drive efficiency and quality, the sector could create more than $300 billion in value every year. Two-thirds of that would be in the form of reducing US healthcare expenditure by about 8 percent. In the developed economies of Europe, government administrators could save more than €100 billion ($149 billion) in operational efficiency improvements alone by using big data, not including using big data to reduce fraud and errors and boost the collection of tax revenues. And users of services enabled by personal-location data could capture $600 billion in consumer surplus. The research offers seven key insights.
1. Data have swept into every industry and business function and are now an important factor of production, alongside labor and capital. We estimate that, by 2009, nearly all sectors in the US economy had at least an average of 200 terabytes of stored data (twice the size of US retailer Wal-Mart’s data warehouse in 1999) per company with more than 1,000 employees.
2. There are five broad ways in which using big data can create value. First, big data can unlock significant value by making information transparent and usable at much higher frequency. Second, as organizations create and store more transactional data in digital form, they can collect more accurate and detailed performance information on everything from product inventories to sick days, and therefore expose variability and boost performance. Leading companies are using data collection and analysis to conduct controlled experiments to make better management decisions; others are using data for basic low-frequency forecasting to high-frequency nowcasting to adjust their business levers just in time. Third, big data allows ever-narrower segmentation of customers and therefore much more precisely tailored products or services. Fourth, sophisticated analytics can substantially improve decision-making. Finally, big data can be used to improve the development of the next generation of products and services. For instance, manufacturers are using data obtained from sensors embedded in products to create innovative after-sales service offerings such as proactive maintenance (preventive measures that take place before a failure occurs or is even noticed).
Distilling value and driving productivity from mountains of data
Michael Chui discusses how the scale and scope of companies’ access to data is changing the way they do business.
3. The use of big data will become a key basis of competition and growth for individual firms. From the standpoint of competitiveness and the potential capture of value, all companies need to take big data seriously. In most industries, established competitors and new entrants alike will leverage data-driven strategies to innovate, compete, and capture value from deep and up-to-real-time information. Indeed, we found early examples of such use of data in every sector we examined.
4. The use of big data will underpin new waves of productivity growth and consumer surplus. For example, we estimate that a retailer using big data to the full has the potential to increase its operating margin by more than 60 percent. Big data offers considerable benefits to consumers as well as to companies and organizations. For instance, services enabled by personal-location data can allow consumers to capture $600 billion in economic surplus.
5. While the use of big data will matter across sectors, some sectors are set for greater gains. We compared the historical productivity of sectors in the United States with the potential of these sectors to capture value from big data (using an index that combines several quantitative metrics), and found that the opportunities and challenges vary from sector to sector. The computer and electronic products and information sectors, as well as finance and insurance, and government are poised to gain substantially from the use of big data.
6. There will be a shortage of talent necessary for organizations to take advantage of big data. By 2018, the United States alone could face a shortage of 140,000 to 190,000 people with deep analytical skills as well as 1.5 million managers and analysts with the know-how to use the analysis of big data to make effective decisions.
7. Several issues will have to be addressed to capture the full potential of big data. Policies related to privacy, security, intellectual property, and even liability will need to be addressed in a big data world. Organizations need not only to put the right talent and technology in place but also structure workflows and incentives to optimize the use of big data. Access to data is critical—companies will increasingly need to integrate information from multiple data sources, often from third parties, and the incentives have to be in place to enable this.
Cyber security has moved from operations to a concern of the C-suite and the board, EY (formerly known as Ernst & Young before getting carried away with hip rebranding), the consultancy, has found in its work across industries.
“For nearly three- quarters of organizations surveyed, information security policies are now owned at the highest organizational level,” the firm concluded in a recent report on cyber security, “Under Cyber Attack, EY Global information security survey 2013.” Because the attacks are becoming more numerous and more sophisticated, organization have to improve their defenses and get proactive. (For a fascinating look at how Obama’s security is protected — a tent that is erected in hotel or conference rooms with tools to protect against eavesdropping, see The New York Times.)
“The number of threat actors is increasing and each has a different high value target,” said Chip Tsantes, cybersecurity leader for financial services at EY. “Five years ago it was protecting money, but now threat actors, nation states and hactivists are looking to disrupt, embarrass, steal IP or help their domestic industries. The number of targets has increased, techniques have gotten better and they are going after a wide array of targets.”
EY divides cyber attackers into three buckets, aid Terry Jost, principal in the EY cybersecurity practice.
1 Nation states looking to steal intellectual property (IP). Threats are already a huge number and the attacks are escalating.
2 Organized crime, sometimes with backing by some other entity, looking to steal money.
3 Hacktivist aiming to disrupt an organization often on behalf of some cause.
Intruders often disguise their identity and where they are attacking from so it is more useful to identify the technique of the attack and look for a signature than trying to figure out where it came from.
“Especially in Financial Services, our clients are getting better at determining the key targets and how to better protect and complicate the access within the network. They are also paying much greater attention to vendor networks. Since very few transactions are done in house, vendors are handling sensitive data, customer data. Companies must understand the full chain of custody of that transaction and ensure that the right handling is in place throughout the chain.”
The consultants encourage their clients to inventory their most important assets and take steps to protect those. Thinking like a hacktivist helps — someone might find that targeting a CEO’s emails or cell phone is valuable, for example.
“Make sure you are spending in the right areas,” added Jost. “It’s pretty easy to spend a lot of money, but harder to know you are going to maximize the investment.” Today’s tight budgets are an issue, but the threats persist and will require constant investment in security.
“With the rising sophistication in the threats and techniques, every three to five years you probably have to spend more’ it’s not like you spend once and it is over.”
Most sophisticated firms encrypt everything, so if a laptop is lost it isn’t much use. In most states, when an encrypted laptop is lost it doesn’t have to be reported as a data loss.
The major vulnerabilities are around the edge — employees using the wifi at a coffee shop and not using VPN to connect to the company or business partners who have access to a company but aren’t as secure as the company’s system is.
Cell phones are a major security concern. Unlike PCs whose design makes security layers possible, cell phones are designed to share information, including the phone’s location.
“Cellphones should be thought of as a compromised device” said Tsantes. The mobility of a cell phone breaks everything IT departments have been managing for a long time. They always knew a server was in a data center, and they could maintain data behind the firewall and allow read-only access. Now with a smart phone, a user can easily photograph screens of data.
“Smart phones are an unfenceable problems and there is an exponential level of risk of attack through them.” Phones, however, can also improve security by becoming a secure identification, a one-time security code in addition to a user ID and password.
“Smart tokens on smart phones will be big because everyone carries a phone, and it provides additional information like geo-location,” said Tsantes.
Education should be a constant part of a security environment, they added, but it tends to fall way down the list of corporate priorities.
“Almost every breach I have seen had humans involved, Tsantes said. “It’s not Spy vs. Spy or Mission Impossible but humans making errors leading to significant breaches.”
Getting proactive is not just one more business cliché; it defines a difference in approach to security. Standard anti-virus software is based on known viruses but not every effective against new forms of attack. To protect against novel types of attacks, security experts use behavior-based analytics looking for unusual patterns to provide an early warning of something wrong on the network, malware, system-to-system communication that is rogue, or unusual human activities. They would warn that a Bradley Manning or Edward Snowden was downloading rather more documents than he needed for his work.
“That should have triggered an alert so the activity could be shut down and investigated.” Security which might have been content to issue a warning a few years ago now monitors 24×7 and shuts down a system if a danger is spotted.
“Advanced computing and big data help with this kind of monitoring, Tsantes said. You are looking for anomalies and can correlate many activities from the swipe of a badge to the location of a cellphone.”
Utilities are a whole other area of security concern, they added, since they run on 15 to 18-year old controlling devices that could be hacked. The White House sent out n executive order last year to operators of critical infrastructure — about half of the firms were utilities. The New York Times reported that a major cybersecurity attack will be simulated in a drill this fall. Jost said utilities are stepping up their spending on new, more secure controllers.
Attackers are extremely organized and some are well funded,” said Jost who sees an offensive launched at businesses to steal IP. “Next will probably be a lot more aggressive behaviors that will be launched between businesses and/or countries to protect themselves. “This whole game is perhaps early signs of a cyber war that is starting to be waged,. It’s a landscape we don’t see to it is hard to tell whether any individual is one of a team or is an individual. It will continue to get a lot more complicated.”
All of the wizards and geeks over in OIT have been working hard for many months setting things up so that even the worst disaster would not knock out critical systems and applications for more than just a few hours. Such a capability is something most Universities only wish they had. But being in Tuscaloosa we certainly understand the importance of this, and so UA has made the necessary investment to properly prepare for any eventuality. We now have an off-campus Continuity of Operations computer center operational in a secure facility in Atlanta.
The ability to quickly transfer enterprise IT operations from one location to another is a tricky and complex business, though. So to be sure it works, a series of exercises are being performed. For the Banner application suite, including the myBama portal, production systems will be transitioned to the Atlanta facility for one week beginning Sunday, May 19th.
The myBama portal required reengineering to enable the transition. As a result you may notice some small differences to the myBama pages. In most cases these are self-explanatory and only cosmetic in nature. If you customized your myBama home page, your customizations will not be applied during this exercise. The currently operational myBama (as well as all the other Banner applications) will return to normal operations from the UA data center on Sunday, May 26th.
January 4, 2013 – Internet on the go has finally become a reality with today’s mobile technology. Whether you’re checking email at the coffee shop or taking a quick conference call at the beach, tablets make it easy to stay entertained and productive virtually anywhere life takes you.
Beware though. Taking your tablet online can make you vulnerable to an assortment of internet dangers, including identity theft and hackers. This is especially true if you’re taking advantage of a public hotspot rather than your home network. Follow these simple steps to ensure safe and secure browsing no matter where you are.
1. Use 3G rather than free WiFi
Wireless hotspots are often unsecured, leaving your information within sniffing reach of anyone within range of joining the network. Even encrypted WiFi connections can make your data accessible to the other guests around you. A 3G or 4G data plan is the best option for security, but not all mobile services are unlimited. The next few tips will minimize your risks when you do connect through a public network.
2. Use a VPN
Virtual private networks (VPN) are available through many mobile service providers. Featuring multiple layers of encryption, a VPN offers a secure way to surf the web without compromising your sensitive data. A VPN may also include additional features, such as remote desktop access to safely and conveniently access and transfer files between your home and work networks.
3. Be selective with your browsing
If you are not using a VPN, it’s important to use caution when you’re surfing the web using a WiFi hotspot. Websites with https addresses (rather than just http) are encrypted for better security. Make sure your email server uses this encryption throughout your session to keep snooping eyes out of your inbox. Save sensitive activities like banking or shopping for home if you can.
But be aware of the others ways criminals could access your data or tablet’s resources.
Whether you’re connecting over a 3G network or a public hotspot, a good security app can prevent many headaches. These apps are similar to computer security software and can help protect your device from malware, as well as other online mishaps.
5. Download from trusted sources
Even when you’re browsing over a secure network, certain types of websites can pose threats to the security of your tablet. Some sites may attempt to download files to your device that could collect information or damage your existing files. Downloading apps from third-party sources can put your device at risk as well. Stick to trusted app stores such as the iOS App Store, Google Play and the Amazon App Store.
Historically, the official marketplaces have been suffered less from malicious apps than the third-party unofficial stores.
6. Keep your OS and apps up-to-date
Keeping your tablet and its software up to date is the best way to protect yourself as well as your device. System upgrades are particularly important because many of these updates contain vital security fixes. Running a previous version of the operating system can open your device up to even more dangers, especially hackers. Be sure to keep your apps up to date as well. Many have access to a great deal of information.
September 19, 2012 – Printing at The University of Alabama is taking a step into another dimension – literally.
Construction has started in Hardaway Hall on a 3-D printing lab that will allow students across multiple areas of studies to bring their three-dimensional creations to life. Expected to be completed before the end of next semester, it will consist of four 3-D printers and two 3-D scanners.
“The idea is getting manufacturing into the hands of people,” associate professor in The College of Engineering Andrew Graettinger said.
Graettinger is part of an informal committee to oversee the project comprised of faculty members from across different areas of campus, including Shane Sharpe, dean of the UA Honors College, and Craig Wedderspoon, an associate professor of art and sculpture.
“The really exciting thing to me is the interplay between handmade and digital,” Wedderspoon said. “And being able to explore where that’s going to take us on the arts side of things.”
There are different styles of 3-D printers, each with different functions and uses.
The most common technology is called fused deposition modeling, which works almost like a hot glue gun. The printer splits the part into layers and prints each layer with a fine plastic filament material, the location of which is controlled by computer software.
The second type uses the Objet poly-jet process, much like an ink-jet printer. The jet head slides back and forth, laying down a liquid photo-polymer material. An ultraviolet light then shines on the material, hardening it before the next layer is laid down.
Both types of printers will be featured in the lab, which will be housed in Room 160 of Hardaway Hall, in addition to 3-D scanners, which can make digital models out of existing objects. These objects can then be modified on the computer and reprinted for more accurate and refined results.
Animation and game design students could print out physical models of their creations. Anatomy students can create models of bones and other structures to examine more closely. All students will be able to use the printers.
“What that does is it enables us to merge the handmade and digital worlds,” Wedderspoon said. “There’s just so many possibilities”
3-D printing is not an entirely new concept at Alabama. The Computer-Based Honors program installed its own 3-D printer in the spring for its students to use on their independent research projects. The College of Engineering already has one and other faculty have their own as a result of research grants.
A variety of projects have already been completed. One CBH student printed fake fish and later painted them to resemble actual species. When placed in a tank with living fish, the real fish reacted to the printed models. Amy Lang, an associate professor of aerospace engineering scanned a shark fin and printed a new one that was placed in a water tunnel to examine the difference between a real shark fin with moveable scales and her model without them.
Hisham Ali, a senior majoring in aerospace engineering and CBH student, researched 3-D printing in his internship with NASA’s Marshall Space Flight Center in Huntsville this summer. Ali used his experience with the 3-D printer in CBH to support NASA’s development of 3-D printing in space.
The project examined the effectiveness of printing by sending the designs from earth to space, allowing plans to be flexible by printing one set of parts for one use, melting them down, then reusing the material to print another set of parts for a different use, drastically reducing the cost of certain missions.
“If you need one set of tools going to Mars, maybe once you get to Mars you need a separate set of tools,” Ali said. “It saves you from bringing so much mass into space.”
Ali later used his experience to consult the UA lab, advising Graettinger and other faculty on which technologies would be most effective on campus as a result of his research.
Students will be able to use the lab at no cost to them. Graettinger said the lab will be tracking factors such as the users, material use and costs. But instead of the cost to run the lab, the focus is on encouraging students to make their creations come life.
“These 3-D printers will allow you to print anything you want,” Graettinger said. “It’s really a shift from manufacturing by few to manufacturing by everybody.”