Tag Archive for: Address

‘TunnelCrack’ Vulnerabilities Identified; Updating VPN Should Address Security Issue – Forbes Advisor

/in


Editorial Note: We earn a commission from partner links on Forbes Advisor. Commissions do not affect our editors’ opinions or evaluations.

A virtual private network can provide peace of mind by encrypting your activity on the internet and hiding your identity while you browse, which allows you to visit foreign websites and provides a more secure way to transmit private information.

But a new study has uncovered weaknesses that could allow your phone or computer to be tricked into leaking your online data input, known as “traffic,” before the traffic reaches the protected VPN tunnel.

In a paper presented at the USENIX Security Symposium on August 11, researchers from New York University, KU Leuven University in Belgium and NYU Abu Dhabi dubbed the VPN problem “TunnelCrack.”

And no matter what type of device you use, or what your VPN is, you could be at risk.

What Were the Findings?

“Our tests indicate that every VPN product is vulnerable on at least one device,” the researchers wrote. “We found that VPNs for iPhones, iPads, MacBooks, and macOS are extremely likely to be vulnerable, that a majority of VPNs on Windows and Linux are vulnerable, and that Android is the most secure with roughly one-quarter of VPN apps being vulnerable.”

The differences appear to have to do with the way the various operating systems are designed.

The testers confirmed their findings by running 248 experiments involving 67 VPN providers on Windows, macOS, iOS, Linux and Android.

Study co-author Mathy Vanhoef, a professor at KU Leuven, says researchers were able to run their tests without putting the public at risk. “We…used our own phones and own laptops, installed a lot of VPN apps you can find and then tested it,” he says, “and could basically attack ourselves in a lot of cases.”

Choose the VPN Plan that Works for You

Protect your Windows, Mac, iOS, Android, Linux devices, as well as gaming consoles, smart TVs, and routers with CyberGhost VPN.


Explore More

How Does TunnelCrack Work?

Two types of vulnerabilities were discovered: LocalNet attacks and ServerIP attacks.

LocalNet attacks involve traffic sent to and from…

Source…

More rangers coming to Colorado Springs trails to help address safety concerns

/in


COLORADO SPRINGS — Efforts to clean up Colorado Springs’ trails and help them feel safer, will get a bit of a boost in the fall as new city park rangers start their patrols.

The plan is to hire four new park rangers who will be out patrolling hot spots for complaints about homeless camps and will work closely with the other departments to find a solution.

“I think it’s any of the underpasses you have to go under. I just get a little more nervous.” Michelle Grey’s concerns shared city-wide is seen in the increasing number of complaints that are coming into the city about loiters and the homeless.

Piles of trash, clothing, and personal belongings can be found all along the Pikes Peak Greenway trail. Homeless encampments have plagued areas of urban corridors prompting safety concerns among trail users.

Starting in September, more rangers will be out patrolling Colorado Springs trails. Park Maintenance and Operations Division Manager, Eric Becker says, “It’s a very complex issue. We’ve heard the concerns and I believe the presence of the ranger will make a big difference.”

The new ranger program received $446,000 out of the city’s general fund during 2023 to get started and cover staff and two new vehicles, according to the city budget. Sales taxes support the city’s general fund, typically used for core city services.

The teams of rangers will patrol when parks are busiest. “We will have one senior ranger and three rangers – ones that we’re in the process of hiring. They will patrol in teams of two with a concentration on the Midland and Greenway trails. Those seem to be the biggest concern at this time,” explains Becker.

The amount of unhoused in Colorado Springs is a widespread issue. In fact, Mayor Yemi Mobalde has made addressing homelessness, street outreach, and more affordable housing an immediate mission of his. Park rangers are an added piece to this bigger puzzle. They will work closely with CSPD, the city’s Homeless Outreach Team, and neighborhood services. They also rely on reports from citizens.

Rangers will have back up if needed, and will increase enforcement when necessary but like Becker says, “Our presence of the trails. That’s key. We will be there to…

Source…

Integrating IT And OT Security To Fully Address Business Risk

/in


Jason is the Director of Cyber Risk at Dragos & a SANS certified instructor and author for critical infrastructure protection.

Since the dawn of the Industrial Revolution, business owners and operators have had to manage business risk as well as the risks to the health and safety of their workers and their communities. For centuries, this has been a hands-on task, protecting primarily physical premises and processes. With the advent of the information revolution, the game and the stakes have changed. Today’s digital environment creates a new range of risks and responsibilities in ensuring physical security.

The integration of information technology (IT) with operational technology (OT) means that systems and processes that once were logically isolated are now exposed to the same cyber threats as the IT world. Businesses are no longer stand-alone operations; they are components of critical infrastructures and supply chains, which significantly increases their exposure to risks.

The need for integrating OT and IT security for risk management is evident, but OT and IT security have developed separately—creating risky and expensive security silos.

Despite the need for coordinated security, fewer than half of the companies included in a Ponemon study said their IT and OT cybersecurity procedures and policies are aligned. The primary causes for this disconnect are the cultural differences between IT and OT teams as well as the technical differences between their respective best practices and what is possible in OT environments—in short, a cultural divide.

Products Of Different Worlds

OT comprises the systems that control and manage physical assets and processes. Businesses rely on these critical systems for everything from managing production lines and distribution networks to operating HVAC systems. Originally engineered and architected as proprietary stand-alone systems, they now often use off-the-shelf IP-addressable equipment connected with traditional IT systems. The same technology that enables administrators to remotely manage OT systems also makes it possible for adversaries to compromise them.

IT and OT systems have evolved with different missions. IT has become…

Source…

Inside TikTok’s proposal to address US national security concerns

/in


TikTok has presented a detailed proposal to a secretive federal panel that will decide its future in the U.S. that relies extensively on the American tech giant Oracle to mitigate perceived security risks of the viral video app.

A TikTok official speaking on condition of anonymity described the company’s proposal to the Committee on Foreign Investment in the United States to CyberScoop. Aspects of the proposal, known as Project Texas (a likely reference to Oracle’s Austin headquarters), have been previously reported and briefed to members of civil society, but as negotiations have stalled with CFIUS, which will decide whether the company can continue to operate in the U.S., the company has begun to describe the proposal in greater technical detail. 

Under the terms of the proposal, TikTok would divulge core segments of its technology to Oracle and a set of third-party auditors who would verify that the app is not promoting content in line with Beijing’s wishes or sharing U.S. user data with China. 

“Project Texas effort clearly reflects a serious effort to address U.S. government concerns and has been informed by years of negotiation,” said Samm Sacks, a senior fellow at Yale Law School’s Paul Tsai China Center who has been briefed on the plan. “My key takeaway is that you don’t have to trust TikTok or the Chinese government, because at least from what I can understand of the contours of this plan is that the U.S. government would have the ultimate oversight and monitoring of compliance with whatever they agree to.”

The proposal from TikTok, which is owned by the Chinese company ByteDance, represents an attempt to end a battle between TikTok and the U.S. government dating back to the Trump administration over whether it represents a national security threat. In 2020, President Trump attempted to ban the app and force its sale to a U.S. firm. That effort collapsed, and when President Biden entered office, he rescinded the ban, which had been ruled unlawful in U.S. courts. Yet, calls to outlaw TikTok have resurfaced over the past year, and nearly half of all states have moved to ban the app on government-owned devices. 

The ongoing…

Source…