Click Here!

CISOs Look to Hire White Hat Hackers to Head Off Security Breaches

The best defense is a good offense and savvy CISOs are searching for security professionals such as certified ethical hackers. However, the demand for these highly skilled workers is skyrocketing.

CIO — Many companies continue to struggle to secure their data and identify and address system vulnerabilities. But chief information security officers (CISOs) are finding the best way to defend against hackers might be to hire a hacker of their own.

However, that expertise and security assurance comes at a hefty price, according to Matt Comyns, global co-head of search firm Russell Reynolds Associates' cybersecurity practice in this recent article.

CISOs themselves can command between $500,000 and $700,000 a year, with compensation at some technology companies reaching as high as $2 million, with generous equity grants included, Comyns says. In comparison, CISOs who have been with a company for five or more years are on average receiving $200,000 to $300,000 per year, Comyns said.

Hackers for Hire

"If you're a CISO and you're looking to build a great security team, one of the best places to start is with a white-hat hacker, or a certified ethical hacker," says Ryan Lee, COO of online IT skills training firm CBT Nuggets.

"Of course, some companies shy away because these folks are expensive, but without an emphasis on proactive security, the costs to a company could be even more disastrous," Lee says. Certified ethical hackers can command salaries upwards of six figures, he says, though the specific range depends on each company individually.

[Related: Serious Flaw in GnuTLS Library Endagers SSL Clients and Systems]

The demand for CISOs and security specialists like white-hat hackers is somewhat anecdotal, but overall the IT community is becoming increasingly nervous about security issues and there is an uptick in interest in security and ethical-hacking related content, says IT security expert and training professional James Conrad, who develops and teaches security and ethical hacking courses for CBT Nuggets.

"One of the things I've noticed is the escalating need for security pros at all levels, especially in the last few years," Conrad says. "When the Web was young, security was a secondary priority, but as unscrupulous people found ways to exploit vulnerabilities, it moved quickly to the top of the list, and it has stayed there," he says.

However, while the demand for highly skilled security pros hasn't lessened, the available talent pool has, especially among specialized talent like vulnerability testers, penetration testers and white-hat hackers, he says.

[Related: 4 Lessons CIOs Can Learn From the Target Breach]
[Related: Target CIO Resignation Puts Retail CIOs on Alert]

"Most IT security pros are already working between 40 and 60 hours a week maintaining, building, patching systems and otherwise putting out fires," Conrad says. "They just don't have the time to do much more, especially in the area of finding new vulnerabilities. Sure, there are teams of security personnel, and in an ideal world they could devote their time to these issues. But in the real world, that stuff is pushed aside in favor of day-to-day routine work," he says.

Complacency Is Costly in the Security Biz

And that complacency is all a hacker needs to enter and exploit a company's systems, data and information. That's especially true when dealing with large organizations with less-secure branch offices or with small businesses that don't have huge security budgets in the first place, Conrad says.

Unfortunately, many companies don't understand the value of having hackers working for them, even as security breaches, data loss and state-sponsored cyber attacks dominate the headlines, says CBT Nuggets' Lee.

"The highly publicized Target and Neiman Marcus security breaches [and] the discovery of the Chinese hackers targeting the U.S. are the kinds of advanced, persistent threats companies face every day, and it can be expensive and time-consuming to proactively fight against them," Lee says. "But that's how these threats have to be handled," he says.

[Related: Businesses Can Do More in Battle Against Gameover Zeus Like Botnets]

Education is the best weapon, Lee says. Certified ethical hackers can help businesses understand both the nature of the threats and the potential for disaster by discovering potential vulnerabilities and stopping attacks before they begin.

"The goal of most of the honest, white-hat folks is to become a penetration tester, to perform legal hacks on systems to determine vulnerabilities," says CBT Nuggets' Conrad. But many times ethical hackers' hands are tied, so to speak, by the legalities of contracts, privacy statutes and compliance concerns.

A License to Hack

"When an ethical hacker is contracted, oftentimes they must sign a legal contract based on an attorney's advice that defines the scope of the work they're doing, what data and systems they can and can't access, as well as the length of time they can devote to these hacks," Conrad says. In most cases, ethical hackers are given a few weeks in which to work, and that's just not enough time.

"It's such a challenge. Black-hat hackers sometimes take months and even years to create and deploy attacks; it's not like they are bound by traditional ethics codes," Conrad says. "The longer you can give a white-hat to work within your systems, the better, but many companies bury their heads in the proverbial sand and don't want to spend the money on doing so -- until it's too late," he says.

While some of the most obvious hacks and attacks can be found and exploited within a week, many of the more sophisticated attackers will ignore the "low-hanging fruit" and simply wait out businesses for weeks, months or years in order to gain the data or the access they desire, Conrad says.

While many businesses that employ white-hats will feel they're adequately protected because they've kept up with patches, antivirus, anti-spam and software updates and have hired an ethical hacker to address blatant vulnerabilities, they often find they've missed more complicated, less obvious vulnerabilities.

"One of the most important jobs an ethical hacker has is to educate companies on how hackers can leverage their way into the systems," says Conrad. "They have to prove their own ROI, in a sense, and justify why it's worth a business paying them the six-figure salaries they can now command," he says.

Is There Honor Among Hackers?

Of course, this begs the question: How do you know for certain that the ethical hackers you've hired are, in fact, ethical? Unfortunately, you can't ever know for sure, says Conrad, since the entire profession of white-hat and ethical hackers is based on a code of personal integrity and an 'honor system.'

"When you become a certified ethical hacker, you do have to sign a legal document agreeing that you will use your powers for good, not for evil," Conrad says. "But that's no guarantee, and, unfortunately, there's really no way to be absolutely sure. It's one of the built-in risks companies have to take in order to address these threats," he says.

CBT Nuggets currently offers version 7 of its Ethical Hacking course and is in the process of finishing version 8 of the class, which will be released in its final form in June 2014. CBT Nuggets' Lee says version 8 has already amassed more than 12,000 views, and expects that number to keep growing as security concerns and highly publicized attacks dominate headlines.

"Security as a whole is a huge area right now, especially with news of Target, eBay, Neiman Marcus and others," Lee says. "It is key to educate and open people's minds to the dangers and the cyber security threats out there, and that's what we're trying to do," he says.

To become a certified ethical hacker, candidates should have a minimum of helpdesk-level IT skills, some server experience and familiarity with Linux, says Conrad. Obviously, the more experience the better, but resources like those available at CBT Nuggets can help developers quickly get up to speed, he says.

"The market's wide open for certified ethical hackers, especially as attacks become more sophisticated and vulnerabilities less obvious," Conrad says. "There's not a lot of folks out there doing these kinds of hacks -- yet. But the damage they can do is monumental and the need for these skills will continue to grow," he says

Read More

Bitcoin Apps May Be Heading To Apple Store

Bitcoin Apps May Be Heading To Apple Store

Apps which let you make payments using bitcoin could soon be available in Apple's app store.

The company's app policy has changed allowing developers to use "approved virtual currencies".

Apple has not published a list of approved currencies yet, but it is likely to include popular cryptocurrency bitcoin.

Until now, Apple has removed apps which enable virtual currency payments, explaining that a currency must be legal in all markets in which the app is available.

The new app store review guidelines say that "apps may facilitate transmission of approved virtual currencies provided that they do so in compliance with all state and federal laws for the territories in which the app functions."

Virtual currencies use software to generate "coins" by using a series of computers to carry out complicated mathematical operations.

The value of a bitcoin peaked in November last year at $1,000 (£596) but later slumped.

A bitcoin is now worth around $650 (£388).

In contrast to Apple's strict approach, Google has many Android apps which support different virtual currencies.

Apple may be late to the bitcoin boom - a number of developers have already built bitcoin wallets that work in a user's web browser.

Windows 8.1 overtakes Windows 8 in desktop OS arena

Net Applications

Windows 8.1 is now more dominant than its predecessor, at least based on all desktop OS traffic seen by Net Applications.

For the month of May, Windows 8.1's share inched up to 6.35 percent from 5.88 percent in April. That gave it just enough of a nudge to steal third place from Windows 8, which earned a 6.3 percent share, down from 6.36 percent the prior month.

Windows 8.1's gradual ascension over its predecessor in the desktop market should hardly come as a surprise. Launched last October as a free update, Windows 8.1 added several features missing in action from the touch-driven Windows 8, notably a Start button, a boot-to-desktop option, and a way to sync the same background for both the Start screen and desktop. An update released this past April added more items to appeal to traditional mouse and keyboard users. Microsoft will try to further placate PC users with the return of a full Start menu, though that may not arrive until sometime next year.

In first place, Windows 7 took home more than half of all desktop OS Web traffic for the first time ever in Net Applications' stats, rising to 50.06 percent from 49.3 percent in April. On the flip side, Windows XP continued to lose share a little bit at a time, slipping to 25.3 percent in May from 26.3 percent the previous month.

The slow but steady rise of Windows 7 and Windows 8.1 at the expense of the now unsupported XP is a promising sign, certainly in the eyes of Microsoft. For the past couple of years, the software giant has been urging users to upgrade from XP to a more modern operating system, either Windows 7 or 8. In early April, Microsoft finally ended support for XP, meaning that users will no longer receive bug fixes or security updates, putting them at greater risk to security threats.

Still, Windows XP remains firmly in second place in the desktop OS market. Responsible for a quarter of all desktop OS traffic, the now almost 13-year-old operating system won't be going away completely anytime soon.

Read More

Report: Google Spending Billions on Web-Beaming Satellites

Google will reportedly shell out more than $1 billion for a fleet of satellites that will orbit the Earth in an effort to provide Internet access in under-served areas.

According to the Wall Street Journal, which cited unnamed sources, the high-flying venture will initially launch 180 small, high-capacity devices, rotating at lower altitudes than typical satellites.

Details are sparse, but the Journal said the project will be spearheaded by Greg Wyler, the founder of satellite-communications company O3b Networks who recently joined Google. Google also hired engineers from satellite manufacturer Space Systems/Loral (SSL), the paper said.

Still in the early stages, the task could cost upwards of $3 billion, depending on its final design and future expansions, the Journal said.

"Internet connectivity significantly improves people's lives. Yet two thirds of the world have no access at all," a Google spokesman told PCMag. "It's why we're so focused on new technologies—from Project Loon to Titan Aerospace—that have the potential to bring hundreds of millions more people online in the coming years."

SSL did not immediately respond to a request for comment.

There is no word on how, if at all, orbiting satellites will coincide with Google's Project Loon (pictured), which floated 30 balloons into the sky, with the intent of bringing Web access to remote corners of the globe.

Initially launched in New Zealand almost one year ago, Project Loon in April announced that one of its balloons circumvented the globe in a record 22 days, beating the forecasted 33 days per trip.

Google will presumably continue Project Loon as it develops a satellite system, which, according to the Journal, will provide more flexibility and greater capacity than balloons. For a higher price, of course.

Eventually, the Web giant hopes to expand its work to cover the globe with sub-250-pound satellites, promising Internet-surfing capabilities for all.

Also in the race to connect the world is Facebook's Connectivity Lab, which is taking a similar approach by developing new platforms "on the ground, in the air and in orbit." With the help of experts from NASA's Jet Propulsion Lab and Ames Research Center, the National Optical Astronomy Observatory, and U.K.-based Ascenta, the social network is eyeing solar-powered Web-broadcasting drones to bolster its Internet.org outreach program.

Editor's Note: This story was updated at 11:10 a.m. Eastern with comment from Google.

Read More

WhatsApp back in Windows Phone store; gets new features

#WHATSAPP

By tech2 News Staff /  02 Jun 2014 , 08:48

Around two weeks ago, Microsoft had pulled out WhatsApp from theWindows Phone store, citing reasons like technical issues. Looks like, the problem has been fixed. The WhatsApp app is not only back in store, but also gets some new features. In a tweet, Joe Belfiore announced that WhatsApp is back and working.

The new features in WhatsApp include chat backgrounds, better privacy settings and the ability to customise notification tones. A lot of users had been complaining about the WhatsApp to the developers about serious issues with update 3 for Windows Phone 8 that either caused consistent errors or permanently disabled notifications.

Needless to say, Windows 8.1 is crucial for Microsoft, and the company wanted to ensure that the app doesn’t offer a compromised experience.

While WhatsApp is looking to double its user base to a billion in one year, it has been facing some hiccups in terms of smooth functionality. Just one week before the app was pulled out from the Windows Phone store, it went down for some users. It faced delays in sending messages, some messages were shown as sent but never reached the recipient, and so on.

Read More

Google Posts Request Form in EU to Remove Personal Info Online

Google Posts Request Form in EU to Remove Personal Info Online 

The move complies with an EU court ruling that Google and other search firms have a process for people to request the removal of objectionable online content.

Google has made an online form and process available for people in the European Union who want to have information about them removed from searches. The move complies with a recent court order in the EU that search providers such as Google must have such a process to "forget" things about people if they make removal requests.

Google posted the form for EU users on May 30, along with complete instructions on how to make a request.

"To comply with the recent European court ruling, we've made a webform available for Europeans to request the removal of results from our search engine," Google said in a statement emailed to eWEEK. "The court's ruling requires Google to make difficult judgments about an individual's right to be forgotten and the public's right to know. We're creating an expert advisory committee to take a thorough look at these issues. We'll also be working with data-protection authorities and others as we implement this ruling."

The new online form states that the "Court of Justice of the European Union found that certain users can ask search engines to remove results for queries that include their name where those results are (emphasis added by Google) 'inadequate, irrelevant or no longer relevant, or excessive in relation to the purposes for which they were processed.'"

Why IT Infrastructure + Hadoop = The Need for Data Virtualization

Register Now

Google states on the form's site: "In implementing this decision, we will assess each individual request and attempt to balance the privacy rights of the individual with the public's right to know and distribute information. When evaluating your request, we will look at whether the results include outdated information about you, as well as whether there's a public interest in the information—for example, information about financial scams, professional malpractice, criminal convictions, or public conduct of government officials."

>

Users who want to make a removal request will have to provide their full name, a copy of a valid photo ID and other related information.

"Please note that this form is an initial effort," the form states. "We look forward to working closely with data-protection authorities and others over the coming months as we refine our approach."

Only residents in Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland and the United Kingdom are presently eligible to use the form, according to Google.

Users making information-removal requests must provide the URL for each link appearing in a Google search for your name that they request to be removed, as well as an explanation about why the linked page is about them and how it is irrelevant, outdated or otherwise inappropriate.

Users must provide additional details and sign and attest to the authenticity of their request.

Google did not respond to an eWEEK request for further details about the action, including how many removal requests have been received so far and if the company is seeking ways of continuing to fight the decision, which is not appealable.

Jeff Jarvis, a journalism professor at City University of New York and the author of the 2011 book, "Public Parts: How Sharing in the Digital Age Improves the Way We Work and Live," told eWEEK that the EU court's decision was "an insane ruling" that is "beyond belief. It has a huge impact on freedom of speech, and that's my primary concern."

- See more at: http://www.eweek.com/cloud/google-posts-request-form-in-eu-to-remove-personal-info-online.html?google_editors_picks=true#sthash.g5W8ixpo.dpuf

Read More