7. September 2016 09:44
The 3 big takeaways for TechRepublic readers
1. A recent study by Softchoice has shown that less than 1% of enterprise organizations have upgraded their Windows devices to Windows 10, even a full year after the OS was released.
2. Most business were still running Windows 7, according to the study, as Windows 8 also saw poor adoption rates after its release.
3. A plethora of concerns over privacy and functionality, combined with the effort it takes to upgrade a whole organization, likely led to the low adoption numbers for Windows 10.
For more details, click on http://www.techrepublic.com/article/99-of-businesses-have-not-upgraded-to-windows-10-according-to-study/?ftag=TREe09998f&bhid=10269272
6. September 2016 16:41
A bug bounty program, also called a vulnerability rewards program (VRP), is a crowdsourcing initiative that rewards individuals for discovering and reporting software bugs. Bug bounty programs are often initiated to supplement internal code audits and penetration tests as part of an organization's vulnerability management strategy.
Many software vendors and websites run bug bounty programs, paying out cash rewards to software security researchers and white hat hackers who report software vulnerabilities that have the potential to be exploited. Bug reports must document enough information for for the organization offering the bounty to be able to reproduce the vulnerability. Typically, payment amounts are commensurate with the size of the organization, the difficulty in hacking the system and how much impact on users a bug might have.
Mozilla paid out a $3,000 flat rate bounty for bugs that fit its criteria, while Facebook has given out as much as $20,000 for a single bug report. Google paid Chrome operating system bug reporters a combined $700,000 in 2012 and Microsoft paid UK researcher James Forshaw $100,000 for an attack vulnerability in Windows 8.1. In 2016, Apple announced rewards that max out at $200,000 for a flaw in the iOS secure boot firmware components and up to $50,000 for execution of arbitrary code with kernel privileges or unauthorized iCloud access.
While the use of ethical hackers to find bugs can be very effective, such programs can also be controversial. To limit potential risk, some organizations are offering closed bug bounty programs that require an invitation. Apple, for example, has limited bug bounty participation to few dozen researchers.
Copyright 2016 TechTarget
1. August 2016 13:00
"Greetings from the front. The cyberwar continues. Our operatives continue to hit infrastructure targets around the globe. In June alone we conducted 44 ops, hitting targets in 26 U.S. states and six countries total. Each operation impacted as many 15,000 people and lasted for up to four and half hours. Of course that’s just our unclassified operations; the actual number of power outages our operatives have caused is 10 times that number.
"As we continue to wreak havoc on your electric infrastructure, your policymakers and cyberwar hawks are rattling sabers, worried about online attacks from nation-states, completely ignoring the threats that successfully target your power grid every day. The Washington Post, Forbes, USA Today, and even the esteemed Ted Koppel talk about “cybergeddon,” trillion-dollar risks, and when — not if — a massive cyberattack on the U.S. electric power grid will occur. Even President Obama is worried. In the meantime, we quietly go about our work, disrupting power generation and transmission across the globe.
"To date there has been exactly one, just one, power outage that can be attributed to some sort of cyberattack by a nation-state. Last December, someone (many people say directed by the Russian government, but there really isn’t enough evidence to support that accusation) hit up to six different power companies in Ukraine with a coordinated malware and DDoS attack. This definitely wasn’t a random lone hacker in a basement; this took months of planning and coordinated effort. It sounds scary but the outages only lasted a few hours and affected around 80,000 residences. We have caused far bigger and longer outages all by ourselves."
To read further, go to https://foreignpolicy.com/2016/07/31/the-threat-to-americas-electrical-grid-is-much-bigger-than-you-can-possibly-imagine-cyberwar-squirrels-rodents-hackers/