Month: September 2017

Will iPhone’s Face ID security be a security game-changer.

Posted on

Apple claims iPhone Face ID has better security than Touch ID

By: Michael Heller, Senior Reporter, Security Digest,Tech Target Published: 13 Sep 2017

Apple announced the new iPhone Face ID system, which replaces Touch ID in favor of facial recognition and may offer 20 times fewer false positives than fingerprint scanning.

With the announcement of the premium Apple iPhone X, the company left behind what it called the “gold standard” of smartphone security in Touch ID to focus on facial recognition with Face ID.

Phil Schiller, senior vice president of worldwide marketing for Apple, said during the iPhone event in Cupertino, Calif., that the iPhone Face ID system was built on a new system called TrueDepth. This system combines a traditional camera, an infrared camera, a depth sensor and a dot projector — which projects 30,000 infrared dots onto the user’s face — to create a “mathematical model of your face.”

This model is then run through the Neural Engine — a part of the new A11 Bionic system-on-a-chip — to compare the new scan against past models. The system will be able to learn over time to adapt as a person’s appearance changes with new hairstyles, facial hair, glasses, etc. All Face ID data will be stored in the Secure Enclave on the user’s device and not transmitted to the cloud.

According to Schiller, the chance of random person being able to unlock another device with the Touch ID fingerprint scanner was 1 in 50,000, but the iPhone Face ID should have a 1 in 1,000,000 chance of a false positive — a 20 times improvement. Schiller did note this likelihood would be higher if people share DNA, but claimed it should be able to tell the difference between a user and their “an evil twin.”

The iPhone Face ID security system was tested against realistic masks designed by Hollywood special effects teams, Schiller said, and was not fooled. And, iPhone Face ID unlock requires the user’s attention and will not work if the user is looking away or has his or her eyes closed. The Face ID security feature will be available exclusively on the iPhone X premium model and not for forthcoming iPhone 8.




In Aftermath of Recent Hurricanes, Stay Ahead of the Scams

Posted on

September 8,  2017

By: Emily Sullivan, News Assistant, NPR Business Desk

Even before Hurricane Irma arrived at Florida’s doorstep scammers geared into action.

A GoFundMe campaign purporting to be from Miami-born singer Jason Derulo set a fundraising goal of $1 million for Irma victims before being shut down by the website. Robocalls set up by scammers are telling people that their insurance premiums are overdue and that they must pay up immediately or else risk losing their coverage.

Amazon suspended 12 third-party vendors for attaching questionable fees to flood essentials. A case of water arrived at a home accompanied with a surprise $100 delivery fee. Florida Attorney General Pam Bondi told the Palm Beach Post that she has been in touch with Amazon, among other firms, about cracking down on abuses.

Such scams are pretty common during times of distress. In fact, less than two weeks after Harvey made landfall in Texas, the Office of the Texas Attorney General received nearly 3,000 complaints of storm-related fraud.

It’s likely that scammers will redirect their targets to Irma relief efforts. As Irma continues to accumulate damage in the Caribbean and is expected to ravage parts of Florida, the generosity of people living elsewhere unaffected is much needed. But it is crucial to exercise caution in donating to relief efforts.

Here are tips from legitimate sources on how to donate safely to Irma relief, and how to report instances of price gouging and fraud.

Know where your money is going

The Center for Internet Security reported that over 500 domain names associated with Harvey were registered as the storm approached Texas, noting that “the majority of these new domains include a combination of the words ‘help,’ ‘relief,’ ‘victims,’ ‘recover,’ ‘claims’, ‘donate,’ or “lawsuits.'”

It’s crucial to exercise caution with dubious Irma websites and dubious crowdfunding accounts. See a crowdfunding page that looks suspicious with a faceless organizer—or purported to be run by a celebrity who has not endorsed the page? Report it. GoFundMe has a policy of returning donors’ money if fundraising pages are shown to be fake.

Contribute to organizations that have an experience assisting in disaster relief, and be skeptical of charities that pop up solely in response to Irma. You can check out charities with the Better Business Bureau’s (BBB) Wise Giving Alliance, Charity Navigator, Charity Watch, or GuideStar.

Think twice about texting a donation

Confirm that the charity has authorized donations via text message — and keep in mind that your contribution may not reach the charity until after your phone bill is paid. It may be faster to donate directly to the charity.

Damage in Orient Bay on the French Carribean island of Saint-Martin, after the passage of Hurricane Irma. Lionel Chamoiseau/AFP/Getty Images

Be wary of clicking on links or opening attachments in e-mails

Don’t assume that emails you get — or social media messages you see — have really been posted by the legitimate source. The Center for Internet Security recommends that people exercise extreme caution when responding to individual pleas for financial assistance such as those posted on social media, crowd funding websites, or in an email, even if it appears to originate from a trusted source.

Report suspicious organizations

Find out if a charity or fundraiser is registered in your state by contacting the National Association of State Charity Officials. If the organization is not registered, consider donating to one that is.

Be skeptical if an organization will not send you information about their programs and finances: any legitimate organization will be glad to provide you with this information. The Better Business Bureau Wise Giving Alliance has charity reports on thousands of U.S. charities. If you believe a scam may be taking place, you can contact the BBB to report what you know.

Report instances of price gouging

Florida governor Rick Scott declared a state of emergency last Monday, meaning business were subject to fines of up to $25,000 for price gouging on items like food, ice, gas and lumber.

“You’ve got vendors trying to trick people,” said Bondi. “It’s sickening and disgusting and we’re not going to have it.”

[Residents were instructed that if they] suspected price gouging, [they were to] obtain as much information as possible in the form of estimates, invoices, receipts or bills. When comparing products, note as much information as possible, including the product name, size or quantity, manufacturer, item number and unit price. [They were to] report this information to Bondi’s office through the Florida Attorney General’s Price Gouging Hotline at 1.866.966.7226.

Integrated Technology Group Offers Comprehensive Port Scan for Network Security

Link Posted on Updated on

New Service

Our Perimeter Scan helps you stay ahead of cyber criminals. Our regularly updated scan engine identifies external network vulnerabilities so you can keep your data safe. Vulnerability scanning identifies top risks such as misconfigured firewalls, malware hazards, remote access vulnerabilities, and can be used for cyber security or compliance mandates like PCI DSS and HIPAA.

Add and Remove Scan Targets

We realize scan environments change frequently. Our vulnerability assessment tools help you stay on top of dynamic or new IP addresses by adding and removing your own targets through your Perimeter Scan Portal. And, to further simplify the process, you can mass upload scan targets and groups.

IP Target Group Management

For an organization with a high volume of scan targets, keeping port scans organized can be a challenge. Our vulnerability assessment tools allow you to group and label scan targets to make it easier to manage by location, network type, or unique circumstances at your organization.

Scan Targets on Your Schedule

Our Perimeter Scan allows you to test the scan targets you want, when you want. Run port scans on your most sensitive targets more frequently, test in scope PCI targets quarterly, or test designated IPs after changes to your network with simplicity. Perimeter Scan even provides the flexibility to create and manage your own schedule on a group level.

Review Perimeter Scan Results

Each network scan produces a summary report with identified vulnerabilities. Vulnerability scanning reports list the target, vulnerability type, service (e.g., https, MySQL, etc.), and the severity of each vulnerability (low, medium, high). Reports can be downloaded in PDF or an excel file that can be sorted by columns to help in remediation efforts.


Top Reasons To Use Integrated Technology’s Perimeter Scan

  • Simplified Vulnerability Reporting

Our proprietary vulnerability scanning engines scan for thousands of external network vulnerabilities. Perimeter scan identifies open ports available for data transfer. The port scans report all discovered vulnerabilities and security holes that could enable backdoors, buffer overflows, denial of service, and other types of malicious attacks. Perimeter scan even discovers SQL injection issues specific to your website programming.

  • Scan The Targets You Want

Because new vulnerabilities are identified daily, organizations are encouraged to regularly use vulnerability assessment tools on their systems. Our perimeter scan clients use scan credits to scan the IP addresses you are most concerned about whenever you want.

  • Dedicated Network Scan Team

We have a dedicated network scan team whose primary objective is to ensure scan accuracy and so works daily to build, improve and upgrade our proprietary vulnerability scanning engine.

  • False Positive Reduction

Many network scan vendors provide affordable vulnerability scanning on the surface, but after considering the time you spend resolving false positives, (when a scan engine identifies a threat that’s not real) scan prices quickly add up. At ITG, we continuously adjusts our scanning engines based on trial and customer feedback. This allows for accurate scanning, a reduction in false positives, and customer savings.

For a customized network exploitability check, contact ITG, or call 518.479.3881.


ITG Addresses Growing Security Risks

Posted on Updated on

When your anti-virus software poses a security risk, it can be a devastating blow to your organization. At Integrated Technology Group, we provide network security software designed to safeguard your data, and make sure that you and your staff are able to enjoy the breathtaking opportunities that technology offers.

We will help build a more secure digital world for your company by providing a comprehensive network security audit able to define potential vulnerabilities and performance limitations. We will explain any found security threats and offer necessary remediation suggestions. Contact us today for more information on our internal and external scans and our new Perimeter Scan. or 518.479.3881.

U.S. Bans Kaspersky Software For Federal Agencies Amid Security Concerns

Posted on

September 13, 2017

Heard on NPR’s All Things Considered – Transcript follows

David Welna, National Security Correspondent, Washington Desk, NPR on Twitter

The acting secretary of homeland security has banned the U.S. government from using Kaspersky software. The Russian company’s software — widely used throughout the world — has been deemed an unacceptable security risk.

ARI SHAPIRO, HOST: Kaspersky Labs is a big Moscow-based company that makes antivirus software. It’s used worldwide, even by some American government agencies. Now that may be over, at least for the U.S. government. The Department of Homeland Security issued a directive today that effectively bans all federal entities from using Kaspersky software or even having any products tied to it. NPR’s David Welna reports.

DAVID WELNA: The directive banning Kaspersky products was issued by acting Homeland Security Secretary Elaine Duke just hours after the U.S. Senate began debating a defense bill with a similar ban that applies only to the Pentagon. New Hampshire Democratic Senator Jeanne Shaheen has led the effort in Congress to forbid federal agencies from using Kaspersky products, and she says she’s pleased the Trump administration is also taking action.

JEANNE SHAHEEN: I applaud the department and acting Secretary Duke for issuing this directive that calls on all departments and agencies to identify any use or presence of Kaspersky products on their systems and to develop plans to get rid of them.

WELNA: The DHS gives agencies up to 90 days to start implementing its plan to discontinue use of Kaspersky products, then remove them from all federal government information systems. Senator Shaheen says there are ample grounds to impose such a ban.

SHAHEEN: Certainly there have been concerns raised publicly. There are concerns on record and some that suggest there has been direct collaboration with certain officials from Kaspersky and from the FSB, which is of course the successor to the KGB. There is also classified information that raises concerns.

WELNA: Those concerns about Kaspersky went public in May when Florida Republican Senator Marco Rubio posed this question to the chiefs of six U.S. spy agencies.

MARCO RUBIO: Would any of you be comfortable with Kaspersky Lab software on your computers?

WELNA: All six answered no. Shaheen says that for her, it was a key moment.

SHAHEEN: They were not comfortable with Kaspersky software on their computers. And if they’re not comfortable, then I don’t think the rest of the federal government should be comfortable.

WELNA: In an emailed statement, Kaspersky Labs said it was disappointed by the decision to ban its products. It said the company has never helped any government anywhere with cyber-espionage and added that it’s, quote, “disconcerting that a private company can be considered guilty until proven innocent due to geopolitical issues.”

In its directive, the DHS invites Kaspersky to address the department’s concerns. Kaspersky Labs says it looks forward to showing that the allegations made against it are without merit. -David Welna, NPR News, Washington.

SHAPIRO: And we should note that Kaspersky Labs is among NPR’s corporate underwriters.

This article from Bloomberg BusinessWeek provides further details.