Home Company Services News Contact Client Access Links NewsLetter Type your name: Type your e-mail: Sign DSS HotLines Phone +55 21 33838842 dss@dss-consultoria.com.br 06/10/2015       06/10/2015       06/10/2015       06/10/2015       05/10/2015       05/10/2015       05/10/2015       05/10/2015       05/10/2015       02/10/2015       02/10/2015       02/10/2015       02/10/2015       01/10/2015       01/10/2015       01/10/2015       01/10/2015       01/10/2015       30/09/2015       30/09/2015       30/09/2015       30/09/2015       30/09/2015       29/09/2015       29/09/2015       29/09/2015       29/09/2015       28/09/2015       28/09/2015       28/09/2015       28/09/2015       25/09/2015       25/09/2015       25/09/2015       25/09/2015       24/09/2015       24/09/2015       24/09/2015       24/09/2015       23/09/2015       23/09/2015       23/09/2015       23/09/2015       22/09/2015       22/09/2015       22/09/2015       22/09/2015       21/09/2015       21/09/2015       21/09/2015       21/09/2015       21/09/2015       18/09/2015       18/09/2015       18/09/2015       18/09/2015       17/09/2015       17/09/2015       17/09/2015       17/09/2015       16/09/2015       16/09/2015       16/09/2015       16/09/2015       15/09/2015       15/09/2015       15/09/2015       15/09/2015       15/09/2015       14/09/2015       14/09/2015       14/09/2015       14/09/2015       11/09/2015       11/09/2015       11/09/2015       11/09/2015       10/09/2015       10/09/2015       10/09/2015       10/09/2015       09/09/2015       09/09/2015       09/09/2015       09/09/2015       08/09/2015       08/09/2015       08/09/2015       08/09/2015       04/09/2015 Baby Monitors Lack Basic Security Features    Several of the most popular Internet-connected baby monitors lack basic security features, making them vulnerable to even the most basic hacking attempts, according to a new report from a cybersecurity firm. The possibility of an unknown person watching their baby's every move is a frightening thought for many parents who have come to rely on the devices to keep an eye on their little ones. In addition, a hacked camera could provide access to other Wi-Fi-enabled devices in a person's home, such as a personal computer or security system. The research released Wednesday by Boston-based Rapid7 Inc. looks at nine baby monitors made by eight different companies. They range in price from $55 to $260. The cameras are often mounted over a baby's crib or another place where they spend a large amount of time. They work by filming the child, then sending that video stream to a personal website or an app on a smartphone or tablet. Some of the cameras also feature noise or motion detectors and alert parents when the baby makes a sound or moves. "There's a certain leap of faith you're taking with your child when you use one of these," says Mark Stanislav, a senior security consultant at Rapid7 and one of the report's authors. The Rapid7 researchers found serious security problems and design flaws in all of the cameras they tested. Some had hidden, unchangeable passwords, often listed in their manuals or online, that could be used to gain access. In addition, some of the devices didn't encrypt their data streams, or some of their web or mobile features, Stanislav says. The problems with the cameras highlight the security risks associated with what's become known as the "Internet of things." Homes are becoming increasingly connected, with everything from TVs to slow cookers now featuring Wi-Fi connections. But many consumer devices often don't undergo rigorous security testing and could be easy targets for hackers. And if a hacker has access to one connected device, he or she could potentially access everything tethered to that home's Wi-Fi network, whether it's a home computer storing personal financial information or a company's computer system that's being accessed by an employee working from home. In the Rapid7 study, researchers rated the devices' security on a 250-point scale. The scores then received a grade of between "A'' and "F." Of those tested, eight received an "F," while one received a "D." All of the camera manufactures were notified of the problems earlier this summer and some have taken steps to fix the problems. "When one gets an 'F' and one gets a 'D minus,' there isn't an appreciable difference," Stanislav says. "And unlike a laptop where you can install firewalls and antimalware, you can't do that here." For example, researchers noted that the Phillips In.Sight B120 baby monitor, which retails for about $78, had a direct, unencrypted connection to the Internet. That could allow a hacker watch its video stream online, as well as remotely access the camera itself and change its settings, the report says. Advertisement Continue reading the main story Advertisement Continue reading the main story Phillips NV released a statement noting that the model in question has been discontinued. It added that its brand of video baby monitors is now licensed to Gibson Innovations, which is aware of the problems and it working on a software update designed to fix it. The researchers also tested the iBaby and iBaby M3S, Summer Infant's Summer Baby Zoom WiFi Monitor & Internet Viewing System, Lens Peek-a-View, Gynoii, TRENDnet WiFi Baby Cam TV-IP743SIC, WiFiBaby WFB2015 and Withings WBP01. Officials for iBaby and Lens Laboratories Inc. didn't immediately respond to requests for comment. A spokesman for Withings said he couldn't immediately comment on the report. Summer Infant says in a statement saying that it's reviewing the report's findings and will make sure that the needed precautions are taken to protect its customers' security. Gynoii says that it's reaching out to Rapid7 in hopes of fixing the issues with its camera. TRENDnet notes that physical access to its camera would be needed to exploit its security bug but it has prepared a patch and a software update will be available soon. And WiFiBaby released a statement defending its camera's security, noting that its latest software requires users to set their own unique password when they set up their camera. Higher camera prices didn't translate to higher levels of security. In fact, the pricier models usually came with more features, which left unsecured could give hackers more ways to potentially access a camera or its video stream, Stanislav says. In order to protect themselves, consumers should keep an eye out for any camera or mobile application updates. In addition, if parents still want to use a camera that's known to be susceptible to hackers, they should use it sparingly and unplug it when it's not in use, Stanislav says. Source: The New York Times http://www.nytimes.com/aponline/2015/09/02/us/ap-us-baby-monitors-security.html 04/09/2015 Employees put business data at risk by installing apps   If you work for a large, global company, chances are some of your peers have installed gambling apps on the mobile devices they use for work, and that's bad news for IT security. A study has found that the average company has more than one such gambling application in some employee devices, putting corporate data stored on those devices at risk. resume makeover executive IT Resume Makeover: How to add flavor to a bland resume Don't count on your 'plain vanilla' resume to get you noticed - your resume needs a personal flavor to Read Now The analysis was performed by security firm Veracode, which scanned hundreds of thousands of mobile apps installed in corporate mobile environments. The study found that some companies had as many as 35 mobile gambling apps on their network environment. The company tested some of the most popular gambling apps it detected in corporate environments for potential security risks and found critical vulnerabilities that could enable hackers to gain access to a phone's contacts, emails, call history and location data, as well as to record conversations. For example, one casino app contained code for checking if the device was rooted or jailbroken, which could give the app unfettered access to the device. The app already had the capability to record audio and video and access user identity information, but on top of that it was also vulnerable to man-in-the-middle attacks that could allow hackers to sniff or alter its communications, the Veracode researchers said. Another slots app didn't use encryption when communicating with its back-end servers, allowing potential attackers to intercept its traffic and extract user demographic data like gender and birthday. Ironically, the app downloaded 24 megabytes of encrypted data from servers outside the U.S., without the user's permission, the researchers said. Ten other gambling apps had access to read, write and delete local files as well as to open network communications with arbitrary servers, a possibly risky activity in a tightly-controlled corporate network environment. Source: CIO http://www.cio.com/article/2979203/employees-put-business-data-at-risk-by-installing-gambling-apps-on-their- phones.html 04/09/2015       04/09/2015       04/09/2015       04/09/2015       03/09/2015       03/09/2015       03/09/2015       03/09/2015       02/09/2015       Powered by Interdelphi Design by IT Solutions