Seven ways DARPA is trying to kill the password

---------- Forwarded message ----------
From: "Network World Daily News AM Alert" <nww_newsletters@newsletters.networkworld.com>
Date: Aug 11, 2014 8:48 AM
Subject: Seven ways DARPA is trying to kill the password
To: <aquarianm@gmail.com>
Cc:

Microsoft still believes in basic phones, launches Nokia 130 for $25

Innovative effort at Fidelity Investments results in Harvard students presenting new business ideas

Network World Daily News AM

August 11, 2014

Share this email

Seven ways DARPA is trying to kill the password

A seemingly constant stream of data breaches and this week's news that Russian hackers have amassed a database of 1.2 billion Internet credentials has many people asking: Isn't it time we dumped the user name and password?A lot of the best technology of today exploits biometric factors such as retina patterns, fingerprints and voice analysis, but beyond that a number of researchers are looking to tap into the way we think, walk and breathe to differentiate between us and an intruder.Helping to lead the research is DARPA, the U.S. military's Defense Advanced Research Projects Agency. Its active authentication project is funding research at a number of institutions working on desktop and mobile technologies that work not just for the initial login but continuously while the user is accessing a device. The array of sensors already found in mobile phones makes some of the ideas particularly interesting.To read this article in full or to leave a comment, please click here

Issue highlights

1. Microsoft still believes in basic phones, launches Nokia 130 for $25

2. Innovative effort at Fidelity Investments results in Harvard students presenting new business ideas

3. iPhone 6 rumor rollup for the week ending Aug. 8

4. New security tools from Tenable, HP, Co3 attempt the impossible

5. Mobile chips face lockdown to prevent hacks

6. Riverbed bolsters net mgmt. software for greater automation

7. Def Con talk gives low-tech tips for detecting high-tech surveillance

8. Many home routers supplied by ISPs can be compromised en masse, researchers say

9. Hacker coalition sets out to improve critical device security, challenges car makers

10. Microsoft, Google, others back Facebook in New York privacy dispute

11. Payment cards with chips aren't perfect, so encrypt everything, experts say

12. Steve Jobs was 'central figure' in Silicon Valley hiring case, judge says

13. FCC requires emergency texting services from carriers, texting apps

14. Win Phone 7 users aghast Microsoft axed Skype for their phones

WEBCAST: BMC Software

Boost Productivity with Self Service for Middleware

Middleware continues to play a significant role in the interconnectivity of applications across the enterprise. Find out how BMC Middleware Administration is used to increase productivity and meet ser requests. This session will provide insight into how to provide stakeholders with role-based self-service access to WebSphere MQ. Learn More

Microsoft still believes in basic phones, launches Nokia 130 for $25

Microsoft's Devices Group has unveiled the Nokia 130, a mobile phone that costs just US$25 but lacks an Internet connection and apps.The focus of Microsoft's mobile device strategy is on building both high-end and low-cost smartphones running Windows Phone, but there is still a need for "ultra-affordable" mobile phones, the company said on Monday.With the 130, Microsoft is going after people in emerging markets who are buying their first phone. It's also a good fit for people who want a backup to complement their existing smartphones, according to the company.The $25 price tag (before taxes and subsidies) is about $90 cheaper than the Lumia 530, which is the lowest cost Windows Phone Microsoft has introduced so far. The price difference with the cheapest Android-based Nokia X—which was recently killed in favor of Windows Phone—is about the same.To read this article in full or to leave a comment, please click here READ MORE

Innovative effort at Fidelity Investments results in Harvard students presenting new business ideas

Fidelity Investments today hosted four teams of Harvard students who demonstrated new products that Fidelity can bring to market, the culmination of a program the investment giant put together to collect innovative ideas from new sources.The program was conceived of by Fidelity last September and designed with the help of the Harvard Innovation Lab and IDEO, a design and innovation consulting company, says Sean Belka, Senior Vice President and Director of the Fidelity Center for Applied Technology, what insiders simply call Fidelity Labs (see our Q&A with Belka).To read this article in full or to leave a comment, please click here READ MORE

iPhone 6 rumor rollup for the week ending Aug. 8

It may be that the world will end Sept. 9, or at least the World-as-we-know-it-without-the-iPhone-6. That's The Date the new iPhone(s) will be announced, according to one unsourced declaration. Also this week: lots of allegedly "new details" of the Next iPhone, details that sound, to The Rollup's cynical ears, more like plausible guesses. New photos of yet another rear aluminum casing, with a solution to the threat of Accidental Volume Changes, and an embedded logo crafted perhaps of Liquidmetal.MORE ON NETWORK WORLD: iPhoneys: Apple iPhone 6 concepts And the Chinese workers killed in a factory explosion won't delay the iPhone 6 after all.To read this article in full or to leave a comment, please click here READ MORE

New security tools from Tenable, HP, Co3 attempt the impossible

Automated incident response is one of the fastest growing fields in computer security. Alternatively called threat monitoring, vulnerability management or threat management, it encompasses the seemingly impossible task of defending a network from active threats as they happen, in addition to detecting every possible vulnerability that could be exploited by an attacker. As such, you don't see tons of companies jumping into this area. But several companies have come out with automated incident response products and three of the leading vendors accepted our invitation for a comparative review -- Tenable Network Security SecurityCenter, Hewlett Packard WebInspect and Co3 Systems Security Module.To read this article in full or to leave a comment, please click here READ MORE

WHITE PAPER: BMC Software

Five Levers to Lower Mainframe MLC Costs

This paper discusses five levers you can use to lower your mainframe MLC costs by up to 20 percent or more. Explore best practices and real-world examples of dramatic savings through a mainframe MLC optimization strategy based on higher visibility, predictability, and automation. Learn More

Mobile chips face lockdown to prevent hacks

Chip makers want to make hardware the first layer of defense against data breaches and other attacks on tablets and smartphones.Mobile devices are becoming increasingly vulnerable, with more personal information, banking data, passwords and contacts residing on devices without any protection, said presenters at the Hot Chips conference in Cupertino, California, on Sunday.The NSA revelations and a mounting pile of data breaches have reminded hardware makers that well-designed chips for PCs, servers and mobile devices, can minimize, if not prevent, attacks, said Leendert VanDoom, corporate fellow at Advanced Micro Devices."You can't open a newspaper without reading about a security attack," VanDoom said.To read this article in full or to leave a comment, please click here READ MORE

Riverbed bolsters net mgmt. software for greater automation

Riverbed tacked three new software modules onto its SteelCentral network management product today, broadening the features already available through that framework.The company's announcement detailed the availability of NetAuditor, NetPlanner and NetCollector modules. The first is designed to improve configuration management, the second to provide robust planning and design capabilities for hybrid networks, and the last to work as an assistant to the other two, by providing real-time data management.+ALSO ON NETWORK WORLD: Netscout sues Gartner over Magic Quadrant rating | Carriers' remote control software continues to put some mobile devices at risk +To read this article in full or to leave a comment, please click here READ MORE

Def Con talk gives low-tech tips for detecting high-tech surveillance

At Def Con 22, Philip Polstra, an associate professor of digital forensics at Bloomsburg University of Pennsylvania, presented "Am I being spied on: Low-tech ways of detecting high-tech surveillance."Technical Surveillance Counter Measures (TSCM) are usually expensive and used to detect corporate espionage. Yet after the Snowden revelations, we learned regular folks might be victims of high-tech spying via implanted hardware, software or firmware. Why should you care? Polstra pointed out, "Our government's assault on the Constitution is pretty well known." But there's a chance someone else could also be spying on you, like someone you've ticked off or a jealous and suspicious significant other.To read this article in full or to leave a comment, please click here READ MORE

Many home routers supplied by ISPs can be compromised en masse, researchers say

Specialized servers used by many ISPs to manage routers and other gateway devices provisioned to their customers are accessible from the Internet and can easily be taken over by attackers, researchers warn.By gaining access to such servers, hackers or intelligence agencies could potentially compromise millions of routers and implicitly the home networks they serve, said Shahar Tal, a security researcher at Check Point Software Technologies. Tal gave a presentation Saturday at the DefCon security conference in Las Vegas.At the core of the problem is an increasingly used protocol known as TR-069 or CWMP (customer-premises equipment wide area network management protocol) that is leveraged by technical support departments at many ISPs to remotely troubleshoot configuration problems on routers provided to customers.To read this article in full or to leave a comment, please click here READ MORE

WHITE PAPER: IBM

Store Less, Spend Less

Spending the same amount to store all types and pieces of data—or even to keep any data which has no positive value to an organization—is a suboptimal approach from many perspectives. Read more to learn how to store and spend less on data. Learn More.

Hacker coalition sets out to improve critical device security, challenges car makers

The group aims to improve cyber security of medical, automotive, home electronics, and public infrastructure systems READ MORE

Microsoft, Google, others back Facebook in New York privacy dispute

Key technology companies including Google, Microsoft and Twitter on Friday filed in support of Facebook's dispute with the New York County District Attorney's office over the collection of user data in bulk under a gag order for a fraud investigation.The New York Civil Liberties Union and the American Civil Liberties Union also filed an amicus curiae brief Friday in support of the Facebook plea.Facebook said in June that a court in New York directed it to turn over to law enforcement virtually all records and communications for 381 accounts, including photos, private messages and other information. The social networking company was also prohibited from informing the targeted persons who included "high schoolers to grandparents, from all over New York and across the United States."To read this article in full or to leave a comment, please click here READ MORE

Payment cards with chips aren't perfect, so encrypt everything, experts say

There's a push to adopt chip-equipped payment cards in the U.S. following high-profile breaches at large retailers and restaurant chains during the past 12 months, but experts warn that switching to this payment system will not make fraud disappear.The EMV (Europay, MasterCard and Visa) standard is widely deployed around the world, and for the past 10 years or so it has been the de facto payment card system in Europe, where it's also known as chip-and-PIN. The cards authenticate with ATMs and payment terminals using the combination of a customer PIN and information stored securely on an integrated circuit.In order to drive EMV adoption in the U.S., the credit card brands plan to shift liability in October 2015, after which parties that haven't deployed the system will be held liable for fraudulent transactions.To read this article in full or to leave a comment, please click here READ MORE

Steve Jobs was 'central figure' in Silicon Valley hiring case, judge says

In rejecting a proposed settlement in Silicon Valley's closely watched "no hire" case, District Judge Lucy Koh said on Friday there's strong evidence that Steve Jobs was a central figure, if not "the" central figure, in the alleged conspiracy to suppress workers' wages.The case involves allegations that seven of Silicon Valley's biggest companies, including Apple, Google, Intel and Adobe Systems, had secret agreements in place not to poach each others' workers. That would be a violation of the Sherman Antitrust act and would limit the chance for workers to increase their salaries by switching jobs.Last year, three of the accused companies—Intuit, Lucasfilm and Pixar—settled the case by paying damages to the affected class of workers. The other four companies fought on, until in April they reached a separate settlement that required Judge Koh's approval.To read this article in full or to leave a comment, please click here READ MORE

FCC requires emergency texting services from carriers, texting apps

The commission votes to require mobile carriers and texting apps to adopt text-to-911 functionality READ MORE

Win Phone 7 users aghast Microsoft axed Skype for their phones

Skype can no longer be used on Windows Phone 7 devices READ MORE

WEBCAST: Xirrus, Cisco, Aerohive, Extreme Networks, Motorola

How Location-Based Services Can Help Your Business

Jason Rolleston from Cisco and Mike Leibovitz of Extreme Networks join Robin in exploring how location-based services can add value to your enterprise with real business examples. The discussion then moves to address privacy concerns and how to design a Wi-Fi network for location-based services. Learn more

SLIDESHOWS

Black Hat 2014: How to crack just about everything

From cell phones and cars to IPv6 security researchers have turned their skills against a world of technology.

JOIN THE NETWORK WORLD COMMUNITIES

As network pros you understand that the value of connections increase as the number of connections increase, the so called network effect, and no where is this more evident than in professional relationships. Join Network World's LinkedIn and Facebook communities to share ideas, post questions, see what your peers are working on and scout out job applicants (or maybe find your next opportunity).

Network World on Facebook

Network World on LinkedIn

MOST-READ STORIES of 2014

1. Netscout sues Gartner over Magic Quadrant rating

2. Why TCP/IP is on the way out

3. Amazon Fire Phone: Nice but nothing to get fired up about

4. Rackspace bows out commodity IaaS market in favor of 'managed cloud'

5. Cisco's new UCS fabric interconnect: no ACI?

6. Smartphone kill-switch bill passes California assembly

7. Emerging networking technology used by Apple, Cisco will frustrate firewalls

8. IBM/DARPA turn out brain-like 5-billion transistor superchip

9. 10 ways to get noticed at Black Hat