Monthly Archives: June 2017

Future of the SIEM

Current SIEM systems have flaws. Here’s how the SIEM’s role will change as mobile, cloud, and IoT continue to grow.

Ask security experts about security information and event management (SIEM) systems, and many will tell you SIEMs are becoming dated and need to be revamped.

 

The skepticism is understandable. How can SIEM, a multi-billion-dollar market around for many years, keep up as businesses adopt new technologies like cloud systems, mobile, and IoT? When it was invented, SIEM did exactly what organizations needed. Now their needs are more complex.

 

Behind the curve

 

SIEMs collect security events in real-time from various event and data sources.

 

“[SIEM] was a place where you pumped in a whole bunch of data and figured out what was suspicious,” says Larry Ponemon, chairman and founder of the Ponemon Institute. “It gave you an alert, quarantined the traffic, sandboxed it.

 

“For the most part, SIEM made a lot of sense from a business perspective. Dealing with potential attacks and vulnerabilities, without a tool, was like finding a pin in a stack of hay. It was virtually impossible to do manually.”

 

As attackers became more sophisticated, SIEM systems have failed to keep up.

 

Today, those same products “barely work at all,” says Exabeam CMO Rick Caccia. Older systems aren’t built to capture credential or identity-based threats, hackers impersonating people on corporate networks, or rogue employees trying to steal data.

 

A recent report by the Ponemon Institute, commissioned by Cyphort, discovered 76% of SIEM users across 559 businesses view SIEM as a strategically important security tool. However, only 48% were satisfied with the actionable intelligence their SIEMs generate.

 

Caccia likens the current state of the SIEM market to the state of the firewall market six- to seven years ago, before entrants like Palo Alto Networks entered the space with a next-level product that could catch new attacks and quickly solve problems. Similarly, SIEM is struggling with stale technology, new threats, and a need for change.

 

Shortcomings and challenges

 

Many of SIEM’s current shortcomings stem from its tough mission of monitoring security and detecting threats across the business, says Gartner vice president Anton Chuvakin. It’s a hard problem to solve, no matter how security pros choose to tackle it.

 

“If flying to the moon is hard, you’re not going to say your rocket is crap,” he quips. “It’s just difficult.”

 

Complex mission aside, one key shortcoming of today’s SIEM products is their reliance on humans. “SIEM is, in that sense, more rule-based and expert-described,” says Chuvakin. “That’s a main weakness because at this point, we’re trying to get developed tools to try and think for themselves.”

 

The dependence on human experts is a problem because there simply aren’t enough of them, he continues. If a business needs five SIEM experts and its entire IT team consists of five people, they don’t have the bandwidth to ensure the SIEM is effective.

 

Amos Stern, co-founder and CEO of Siemplify, explains there is need for better SIEM automation and management of people and systems. Businesses often have several security tools in many silos. SIEM systems will need to connect these silos and automate processes and investigations across these tools, evolving to the point where they function as a “Salesforce for security.”

 

Caccia echoes the need for greater SIEM intelligence, noting how most systems’ rules can’t keep up with attackers. For companies struggling with talent, he says, automation could help junior team members perform closer to an expert level.

 

SIEM implementation is another challenge. “It’s a process that sometimes costs more than the actual product,” Stern says. “Organizations wouldn’t rip and replace their SIEMs with new technology. Right now many are only at the point where their SIEM deployment is mature, or mature enough, to not create a ton of noise.”

 

Cloud, IoT, and the role of SIEM

 

SIEM challenges will continue to evolve as security managers grapple with cloud services, mobile, the Internet of Things, and other new technologies the IT department doesn’t always control.

 

IoT will be a huge factor as it drives the number of endpoints vulnerable to attackers, says Ponemon. It’s getting harder for cybercriminals to infiltrate computers but still fairly easy to hack cameras, refrigerators, microwaves, Bluetooth tools, and other connected devices and use them as an attack vector.

 

The growth of cloud, especially for SMBs, has transformed how businesses store and handle data. Companies once intimidated by high price of data storage benefit from SIEM providers like ArcSight, Nitro, and others that deploy modules from the cloud, he continues.

 

Cloud services and IoT devices will rapidly generate increasing amounts of data, and SIEM systems will have to adapt by learning to collect and organize the influx of information. 

 

“The SIEM evolution is about supporting more data types, supporting more problems,” says Gartner’s Chuvakin, whose research has focused on user behavior analytics and machine learning. He anticipates these will help SIEM think on its own and relieve the need for human experts.

 

Ponemon emphasizes the importance of machine learning and analytics in the next wave of SIEM, but notes companies are hesitant to explore this space. They don’t want to build products in an area where they lack the talent necessary to execute.

 

“A lot of companies aren’t making that investment because they feel they don’t have the internal resources to implement it properly,” he says. “They think the technology might get better; they don’t want to be early adopters.”

 

While this type of evolution is “still a futuristic thing,” progress is moving quickly, Ponemon says.

 

What’s up next?

 

The SIEM may need a face-lift, but it isn’t going anywhere.

 

“It’s not on the way out,” says Siemplify’s Stern. “It’s been around for quite some time.”

 

Caccia foresees several changes in the market shaping the growth of SIEM, including the growth of open-source big data technology and vendors focused on automated playbooks and incident response.

 

Chuvakin anticipates the immediate future will bring incremental improvements instead of major change. We won’t see a break in the SIEM market, but small, gradual changes.

 

“The future of SIEM will likely be an evolution, and not a revolution,” he says.

 

via:  darkreading

Apply risk-based approach to patch management – Security Think Tank

How should organizations address the need to keep software up to date with security patches without it costing too much or being too labor intensive?

The old mantra of “patch everything” is long gone. Many organizations cannot keep up with the multiplicity of systems and applications that need patching as IT becomes ever more pervasive, bring your own device (BYOD) increases, and testing all the combinations of devices, apps and operating systems becomes impossible, given the resources available.

As a result, organizations need to move away from the “patch everything 100%” and apply risk management to focus on critical systems and deploy limited resources to maximum effect.

Organizations need to identify the information that is most valuable, and the information they need to keep their operations running – such as patient records, backups, financial data – and the risk of its unavailability.

Lack of availability also needs to be examined, and not in terms of weeks or months, but in terms of minutes, hours or days. The impact of the lack of availability should be identified in business or customer-service terms. This means that the business managers and people who use the data on the “front line” will have to be involved in this risk assessment.

Once the impact is known, the systems where the information is stored and processed (at a minimum) should be identified, and then a patching regime for those systems can be created.

The backups – and the systems those backups reside on – should also be part of the same patching regime. If the systems are outsourced, the contract needs to have specific patching and recovery clauses inserted.

The patching regime should involve automated patching, with manual follow-ups to ensure these systems are up to date. Operational requirements will have to take second place to patching under this regime: patching is an operational necessity.

For other systems, automated patching is the way forward, using in-built processes in the operating systems where possible. Organizations will have to understand that 100% coverage will not occur so other processes and procedures must be in place to mitigate the effects of missing patches, including incident management.

For legacy systems and software, where patching is not an option, organizations will need to look at replacements, or other ways to minimize vulnerability, such as separate networks, controlling access to data and cloud provision. These systems and the appropriate solutions should be prioritized as these represent the greatest risk.

 

via: computerweekly

Microsoft looks to the cloud to make Windows 10 safer for enterprise users

We already knew that the next version of Windows 10, the Fall Creators Update, will feature a large number of new tools for consumers. While it was always clear that business users would also get their fair share of updates, Microsoft remained pretty quiet about what those would look like. That’s changing this week, as the company today announced a number of new security features for Windows 10 that will launch with the Fall Creators Updates later this year.

Rob Lefferts, the director of program management for Windows Enterprise and Security, told me that the company is obviously aware of the changing security landscape, which now often includes well-funded and supported hackers. To stay ahead of these threats, the company is doubling down on its existing security efforts, but in addition, it’s now also pushing ahead with new initiatives that emphasize cloud intelligence with AI and machine learning.

So while the team is hardening the Windows 10 platform with this new release — just like it has done with all the previous releases — it’s also building up its efforts to use the cloud to analyze security threats and prevent attacks.

As Lefferts noted, 96 percent of the attacks that Microsoft is seeing are distinct attacks. That’s partly because malware is now often polymorphic but also because the company is seeing more custom attacks.

 

 

One of the main vectors for attacking any desktop operating system is the browser. Back in 2016, Microsoft announced that it was working on a sandboxing technique — the Windows Defender Application Guard — that would allow it to stop attackers from ever getting a foothold on the machine, even if they were able to penetrate the browser’s defenses. It took the company quite a while to get this to market, but the next version of Windows 10 will now ship with support for this feature. Lefferts told me that it took the team a while to figure out the right user experience to enable this feature, which is hard when you start every browser session from zero. The team also had to ensure that it could quickly spin up these micro-containers with the Edge browser fast enough.

In addition, Microsoft is also improving the Windows Defender Exploit Guard with data it gathers from across its users. The Exploit Guard features a large set of intrusion rules and policies and Microsoft says that this feature should now help protect organizations better against quite a few advanced threats, including zero day exploits.

The company has now also built the Enhanced Mitigation Experience Toolkit (EMET), which was previously available as a stand-alone tool, right into Windows 10. Lefferts stressed that this was something that Microsoft’s users had asked for.

 

 

Microsoft is also extending the Windows Defender Advanced Threat Protection (ATP) feature that allows enterprise security teams to detect and respond to threats to include the Windows Server OS for protection across platforms. What’s more interesting, though, is that ATP is now linked to Microsoft’s cloud-based security services that use advanced analytics and machine learning to understand threats based on the huge number of signals Microsoft receives from across its users. The company is also using this cloud-based protection model to improve Windows Defender Antivirus.

Other new features include an improved version of Device Guard, the company’s service for managing which applications an enterprise user can run on a company-issued machine. Device Guard is now also integrated into Windows Defender ATP, which should make it easier to manage for IT and security teams. In addition, companies that want to opt into this can now use data from the Microsoft Intelligent Security Graph, which combines billions of data points to analyze threats, to automatically allow users to install applications that are most likely safe to install (thing Microsoft Word, Excel, etc.).

Lefferts noted that Microsoft’s goal is to bring together all of its compute, big data and machine learning smarts — combined with data it gathers from its users around the globe and traditional signature-based approaches — to protect its customer’s machines. “We think the Fall Creators update takes full advantage of Windows threat protection and we are pushing forward,” he said.

 

via: techcrunch

‘Petya’ ransomware attack strikes companies across Europe

Ukraine’s government, banks and electricity grid hit hardest by cyber-attack, but companies from Saint-Gobain in France to Rosneft in Russia also affected.

A major cyber-attack has struck large companies across Europe, with Ukraine’s government, banks, state electricity grid, telephone companies and even metro particularly badly affected.

The attack has caused serious disruption at companies including advertising multinational WPP, France’s Saint-Gobain, Russian steel, mining and oil firms Evraz and Rosneft, and the Danish shipping giant AP Moller-Maersk.

“We are talking about a cyber-attack,” Anders Rosendahl, a spokesman for the Copenhagen-based shipping group, told the Associated Press. “It has affected all branches of our business, at home and abroad.”

Seventeen shipping container terminals run by a Maersk subsidiary, APM Terminals, in the Netherlands and elsewhere around the world were also affected, the company said.

The Ukrainian deputy prime minister, Pavlo Rozenko, tweeted a picture of a darkened computer screen, saying the government’s entire computer system had been shut down.

Experts said the attack seemed consistent with ransomware described as a variant of a virus known as Petya or Petrwrap.

image

An attack by WannaCry or WannaCrypt ransomware last month affected more than 230,000 computers in over 150 countries, with the UK’s national health service, Spanish phone giant Telefónica and German state railways among those hardest hit.

Advertisement

The disruptions in Ukraine follow a rash of hacking attempts on state websites in late 2016 and a succession of attacks on Ukraine’s power grid that prompted security chiefs to call for improved cyberdefences.

The central bank said an “unknown virus” was to blame for the latest attacks. “As a result of these cyber-attacks, these banks are having difficulties with client services and carrying out banking operations,” it said in a statement.

“The central bank is confident that the banking infrastructure’s defence against cyberfraud is properly set up and attempted cyber-attacks on banks’ IT systems will be neutralised,” it said.

The state power distributor, Ukrenergo, said its computer system had been hit, but added that the attack had not affected power supplies.

Ukraine has blamed Russia for previous cyber-ttacks, including one on its power grid at the end of 2015 that left part of western Ukraine temporarily without electricity. Russia has denied carrying out cyber-attacks on Ukraine.

 

via:  theguardian

Snapchat starts sharing your (and your kids) location. Turn it off.

Snapchat has introduced a “whole new way!” (maybe new to Snap: not to Facebook, Apple and Google) for you to “explore the world” and “meet up with friends”: a location-sharing “Snap Map” that shows when nearby friends are…

…at a dance party!

…or a magic show!

…or having their privacy breached and their location leaked because they didn’t realize that Snap posts their location on Snap Map every time they open the app.

Looking at the Snap Map walkthrough you get when you update Snapchat might lead you to believe that you actually have to opt in to having your location shared when you’re at home, say, or maybe walking down a nearby dark alley, or at a best friend’s apartment… even though… huh… didn’t you say you were going out with Cindy to see a movie tonight?

Image credit: Snap Map walkthrough courtesy of Snapchat

But Snapchat is actually posting your location to Snap Map every time you open the app, not just when you share Snaps to Our Story.

Now bear in mind that Snapchat is crazy popular with children and teens.

Users aren’t limited to a map of nearby friends. They can also search for specific locations, such as schools or playgrounds, with the map displaying any public photos or videos sent by students, as pointed out by The Telegraph.

Multiple police forces and child protection services have warned parents to turn off Snap Map on their children’s phones. In the UK, Preston Police had this to say on the department’s Facebook page:

For all the snapchat users on here, in the last few days they have released a new update which connects to your GPS, and automatically (unless activated ghost mode) shows where you are on a map to anyone who is on your friends list and posts can possibly seen publically depending on your settings!!

…Obviously this may cause concern for certain users, particularly those who have young children who use the app.

The Telegraph quoted a spokesperson for the National Society for the Protection of Children:

It’s worrying that Snapchat is allowing under 18s to broadcast their location on the app where it can potentially be accessed by everyone in their contact lists.

With public accounts, this will include those who are not known to the user. This highlights why it’s vital children are automatically offered safer accounts on social media to ensure they are protected from unnecessary risks.

…and this is what the UK Safer Internet Centre had to say:

It is important to be careful about who you share your location with, as it can allow people to build up a picture of where you live, go to school and spend your time.

Given how specific this new feature is on Snapchat – giving your location to a precise pinpoint on a map – we would encourage users not to share their location, especially with people they don’t know in person.

As Preston Police noted, Ghost Mode keeps your location private.

How to turn on Ghost Mode

To change settings, open Snapchat and pinch the screen. That will load Snap Map. When you do it for the first time it should ask you if you want to activate ghost mode. If it doesn’t, click on the icon in the top right-hand corner, where you’ll be able to tick a box to turn on ghost mode, like so:

What other apps are stalkery?

Two years ago, Facebook switched off default location tracking and gave users full control over when and how they share such information.

User choice? What a concept!

In March, Facebook Messenger did, though, enable live location sharing, taking a page from the way that Apple handles it in iOS and Google in Android. Namely, users can tap on the location icon within a message to begin sharing their location. They’ll get a map of their current position and the option to share it live.

Thankfully, you can’t leave that location sharing on indefinitely: a clock starts ticking, and you get 60 minutes to share location. Facebook also gives you an estimate of how long it would take you to meet your friends if going by car and shares that ETA with others.

In February, “Live Location Tracking” was also spotted in WhatsApp, apparently in beta mode.

It was apparently switched off by default, as it should be. WhatsApp also gave users the ability to control how long the sharing continued.

Twitter likes to follow us around, too. To turn that off, this is what you do:

Twitter for iOS
  1. Go to Settings and tap Privacy
  2. Tap Location Services
  3. Locate the Twitter app and tap to select Never
Twitter for Android
  1. Tap the navigation menu or profile icon
  2. Tap Settings and privacy
  3. Under General, tap Location and proxy
  4. Deselect the checkbox next to Location

Instagram? Ah, Instagram’s interesting. We’ve seen all sorts of abuse of its location data: there was the underwear thief who used Instagram location data to find victims’ homes, for example.

Instagram at one point was also providing access to its API to Geofeedia, an app used by police to monitor activists and protesters. Geofeedia was also tapping into APIs at Twitter and Facebook to create real-time maps of social media activity in protest areas. Those maps were used to identify, and in some cases arrest, protesters shortly after their posts became public, including in the Dakota pipeline protests in the US.

In March, Facebook and Instagram turned off the data faucet for that location-fueled surveillance.

For its part, Uber has its own stalker history. In December, with the update that brought us version 3.222.4, Uber began tracking users’ locations constantly when the app’s running in the background. It also asked users to always share their address books. Up until that point, it had only collected location data if a user had the app open.

Obviously, Snapchat’s recent debut into the location-sharing, privacy-jeopardizing realm is only the most recent of a long list of apps that have concerning privacy practices. They’re all a reminder that when there’s an app update, whether to the app or to a phone OS, we should review our settings in case there’s a brand new privacy option with a default you didn’t expect.

Remember: if in doubt, don’t give it out, be it your taxpayer ID, your birth date, or your geolocation. You don’t know who will do what with that information, but we do know that plenty of people do plenty of dangerous things.

 

via:  sophos

Microsoft Boosts Ransomware Defenses for Windows 10

Users of newer, patch-supported versions of the Windows operating system aren’t the only ones to receive security updates aimed at protecting them against ransomware attacks such as last month’s WannaCry. Citing the “elevated risk for destructive cyberattacks at this time,” Microsoft said yesterday it’s also making those updates available to customers with older versions of Windows no longer supported with regular patches.

Also known as WannaCrypt, the WannaCry ransomware attack hit computer systems around the world that are still using outdated software like Windows XP and Windows 7. Among the organizations affected were FedEx and the U.K.’s National Health Service (NHS).

‘Elevated Risk for Destructive Cyberattacks’

Microsoft made the unorthodox decision to offer security updates to users with older versions of Windows after identifying some vulnerabilities that “post elevated risk of cyber attacks by government organizations, sometimes referred to as nation-state actors or other copycat organizations,” Adrienne Hall, general manager for the company’s Cyber Defense Operations Center, said in a blog post.

Following the WannaCry attack, some researchers said North Korea was likely to blame, although officials in that country denied the allegation. The WannaCry malware took advantage of a Windows vulnerability that had been used for surveillance by the National Security Agency before the exploit was stolen and released by the Shadow Brokers hacking group in April.

“Due to the elevated risk for destructive cyber attacks at this time, we made the decision to take this action because applying these updates provides further protection against potential attacks with characteristics similar to WannaCrypt,” Hall said in her blog post. However, the best defense against such malware is to update to a new platform that’s supported with regular security updates, she added.

“It is important to note that if you’re running a supported version of Windows, such as Windows 10 or Windows 8.1, and you have Windows Update enabled, you don’t need to take any action,” Hall said. “Older systems, even if fully up-to-date, lack the latest security features and advancements.”

The decision to offer updates for unsupported software “should not be viewed as a departure from our standard services policies,” Eric Doerr, general manager of the Microsoft Security Response Center, said in a separate post on Microsoft’s TechNet site.

Rising Concerns about Future Exploits

In a post last month on the site Steemit, the Shadow Brokers said that sometime this month it plans to launch a “ShadowBrokers Data Dump of the Month” subscription service that will release into the wild new exploits for Web browsers, banks and payment service providers, newer operating systems including Windows 10, and “compromised network data from Russian, Chinese, Iranian, or North Korean nukes and missile programs.”

Meanwhile, on June 1, the leak-publishing organization WikiLeaks posted online documents obtained from the Central Intelligence Agency’s “Pandemic” project, which targets Windows machines for cyberattacks.

“As the name suggests, a single computer on a local network with shared drives that is infected with the ‘Pandemic’ implant will act like a “Patient Zero” in the spread of a disease,” WikiLeaks said. “It will infect remote computers if the user executes programs stored on the pandemic file server. Although not explicitly stated in the documents, it seems technically feasible that remote computers that provide file shares themselves become new pandemic file servers on the local network to reach new targets.”

Security experts are voicing concern about the potential for the next cybersecurity attack to cripple utilities, hospitals, or other vital services. The WannaCry attack, for instance, forced Britain’s NHS to postpone numerous surgeries and other procedures. Identity theft, ransomware, and nation-state hackers are posing an increasing threat to the healthcare system in particular, according a recent report on cybersecurity from the U.S. Department of Health and Human Services’ Health Care Industry Cybersecurity Task Force.

“[T]he rise and sophistication of ransomware attacks that hold IT systems and patient-critical devices hostage continues to grow, as evidenced by hospital ransomware attacks of 2016,” the report stated. “These incidents underscore the concerns about organizations having neither the awareness of current threats nor the technical personnel to prevent or deal with these threats, many of which are not new.”

 

via:  enterprise-security-today

SEGA’s new SEGA Forever collection brings classic games to mobile for free

SEGA is bringing some of your favorite games to mobile in new, free-to-play formats that include ads as a way to drive revenue, support offline play and other more modern features like cloud saves. The games can also be rendered ad-free with a one-time $1.99 purchase, which is a really good deal given the pedigree of some of these titles, and what you might pay elsewhere to get re-released versions of classic console games.

The SEGA Forever collection already has five titles you can get at launch, including Sonic The Hedgehog, Phantasy Star II, Comix Zone, Kid Chameleon and Altered Beast. Each of these will be available on both the Google Play Store and the App Store for iOS devices (with iMessage sticker packs for each included in the bundle).

image

image

image

 

SEGA’s not stopping with those five, however – the plan is to launch new additions to the collection every two weeks, which should mean you’ll eventually see all your boxes ticked in terms of SEGA console nostalgia. This will expand to cover multiple console generations over time, SEGA says, and includes both “official emulations and ported games.”

Classic games likely have a finite shelf life, so it makes sense that we’d see companies do whatever they can to extract all of their value before that time runs out. But for gamers, this new model is a welcome change, since it means you can casually enjoy classics without putting down any money at all, and getting the ad-free upgrade isn’t going to break the bank.

 

via:  techcrunch

Do Not Disturb While Driving feature rolls out in Apple’s newest iOS 11 beta

With the release of iOS 11’s latest beta on Wednesday, testers can now get their hands on one of the new mobile operating system’s most important — if not most glamorous — new features: a long-needed “Do Not Disturb While Driving” mode. Announced in June at Apple’s Worldwide Developer Conference, the feature aims to combat the very dangerous practice of texting from behind the wheel, while also switching off other alerts that entice people to look at their phones while driving.

Distracted driving has become a national safety crisis because of the rise of smartphones. According to statistics from the U.S. Department of Transportation, 10 percent of fatal crashes, 15 percent of injury crashes and 14 percent of all police-reported motor vehicle traffic crashes were attributed to distracted driving — a blanket term that broadly encompasses cell phone use, as well as other in-car activity like adjusting the radio or climate controls, for example.

In 2015, 3,477 people were killed because of distracted driving, and 391,000 were additionally injured.

A number of third parties have approached the problem by offering mobile applications that prevent texting while the vehicle is in motion, but these can only really be integrated at the system level on Android devices. Because iOS applications run in a “sandbox” environment, they can’t interfere with iOS functions — like preventing someone from texting. Carriers have then stepped in with their own measures, like AT&T’s DriveMode, but these focus on silencing calls and text alerts, but not push notifications from apps.

Because of iOS’s lack of a built-in feature, app makers have come up with all sorts of workarounds, such as the use of external hardware, for example. But more often than not, iOS apps could only offer a monitoring solution, rather than a tool to actually block the activity. Other app makers haven’t even bothered trying to port their solution to iOS.

Apple’s “Do Not Disturb While Driving” feature isn’t a tool to fully prevent texting or alerts while in a moving vehicle. Instead, it offers to clamp down on distractions at a system level in a way that Apple has never before offered.

The feature, when active, will be able to tell if you’re in a car when your phone is connected to the car’s USB connection or Bluetooth. It will also be able to use the iPhone’s sensors to determine your speed, even if your phone isn’t connected to a car.

“It’s all about keeping your eyes on the road,” Apple Senior Vice President of Software Engineering Craig Federighi said when introducing the feature at WWDC in June. “When you’re driving, you don’t need to respond to these kind of messages. In fact, you don’t need to see them,” he said while showing a demo where the phone was receiving push notifications from apps like Twitter, Tinder and Words with Friends.

However, the iPhone itself is not on total lockdown. CarPlay functionality still works, for example. You can also still play your music or get navigation assistance through maps and other routing software. Plus, you can configure DND While Driving by choosing which contacts can always get through — similar to how iOS’s “Do Not Disturb” mode works today.

But when the car is in motion, anyone else who texts will get an automated response that reads: “I’m driving with Do Not Disturb turned on. I’ll see your message when I get where I’m going.” A second text also gives them a way to break through and get your attention in the case of an emergency by telling them, “If this is urgent, reply ‘urgent’ to send a notification through with your original message.”

The fact that there’s a way to bypass the setting is key to its adoption.

People worry about being disconnected from their devices for periods of time because they fear that someone won’t be able to reach them in case of an emergency, or other urgent situations. Though we somehow managed to get by before smartphones were ubiquitous, it’s nearly impossible to go back to that state. We’re always connected, and we can’t seem not to be — even if it’s during a short commute to work or school.

Parents also can choose to enable the new Do Not Disturb While Driving feature for their teenage drivers by enabling it in the Restrictions (parental controls) menu in iOS’s Settings. You also can turn it off and on for yourself from the newly revamped Control Center, where a widget is available that lets you enable the feature with a push of a button.

While on, your phone’s screen is dark and only critical alerts get through. The feature’s settings also let you customize the text that’s sent and specify who will receive it (Contacts, Favorites, etc.)

Plus, if you’re a passenger, you can opt to temporarily disable the feature.

Apple is fairly late to the game with this distracted driving prevention feature. Android already offers Auto Reply through Android Auto on any modern Android phone. But despite its delay in getting here, the feature is one of the most significant to arrive with iOS 11.

iOS 11 is currently in beta, and will be released to the public this September.

 

via:  techcrunch

Man Fined $4,000 for ‘Liking’ Facebook Comments

Read very carefully before hitting the Like button on Facebook — it could land you in court.

Reacting to content on Facebook can be achieved by commenting, sharing or probably the most popular method: hitting that Like button. However, a court in Switzerland just convicted a man on defamation claims simply for “Liking” libelous comments posted on the social network.

The comments posted on Facebook referred to an animal rights activist who was accused of “antisemitism, racism and fascism.” To be clear, the man in court did not write these comments, he simply hit the Like button for them. These Likes were made between July and September 2015. That’s before Facebook expanded the Like button to include several other reactions.

According to CNN, the court in Zurich decided to convict the man on several counts of defamation for hitting the Like button. The reason given was his clicking of the Like button constituted “indirectly endorsing” the comments. But further to that, the court also recognized the act of liking the comments as “further distribution” of them. A statement made by the court said, “The defendant clearly endorsed the unseemly content and made it his own.”

Reacting to content on Facebook can be achieved by commenting, sharing or probably the most popular method: hitting that Like button. However, a court in Switzerland just convicted a man on defamation claims simply for “Liking” libelous comments posted on the social network.

Although the defendant has the right to appeal, his punishment for being found guilty amounts to a $4,100 fine. As for Facebook, they are declining to comment on the court case beyond stating the social network sees “no direct link” to the company.

Regardless of what comments were made on Facebook, should the act of hitting the Like button result in a lawsuit? What’s more clear is, if the comments are libelous, then the person who wrote them can be pursued for prosecution.

However you feel about this court case, it’s important to keep in mind such action can be taken against an individual. Does the expansion of the Like button to include several types of reaction to a comment make the situation better or worse? I guess we won’t know that until another Facebook Like button lawsuit happens.

 

via:  entrepreneur

Hackers are Using Your Phone Number to Steal Your Personal Data

You’ve probably noticed that you are required to give your cell phone number when signing up for a new account on popular websites such as Facebook, Gmail, and plenty more. Intended to be an additional safety feature for your account, hackers are now using this added precaution to their advantage.

Hackers have developed “social engineering” tactics in order to gain access to your account. With just your phone number and your email, full name, or the last 4 digits of your social security number, scammers can convince customer service representatives to reset passwords, disclose personal information, and more over the phone. It is easier than ever to impersonate someone’s identity over the phone and cyber criminals are taking full advantage of this.

To protect yourself from an identity breach (as described above) it is most important that you remain aware of this threat. Stay on the lookout for suspicious activity on any of your accounts online and make sure to never disclose your phone number online or to anyone you don’t know. Anyone can use this information to breach your online accounts and steal you identity. Listed below are a few of the most popular companies that require your phone number when making an account. These are some of the most popular sites that criminals attempt to breach through the “phone number method”.

Companies are working on new ways to combat these issues but the system is not perfect. Hackers always seem to be one step ahead of everyone else, so it is impossible to rule out the possibility of one of these attacks. With more than 70% of cyber risk coming from human error, you can mitigate your cyber risk with cyber awareness training and employee education.

 

WATCH: 60 Minutes Shows How Easiliy Your Phone Can Be Hacked

 

 

via:  securable