It is a Windows-centric world, but not at Facebook where the company has many more Mac laptops than those running Windows. With a lack of Mac OS X-based security network appliances, Facebook began, 18 months ago, to write its own security software. The result, Osquery, enables its security team to monitor, in real-time, the current state of those laptops’ operating systems. Facebook also made the tools freely available as an open source project, bringing outside security expertise to bear. Continue reading Facebook Writes and Open Sources Mac OS Security Software

Blackberry and Google have joined forces to develop an enterprise-friendly version of the Android operating system. The companies had already been working together on equipping phones with Android for Work, which helps keep mobile data for business and personal use separate. The new efforts will focus on security and application management features by integrating BlackBerry’s BES12 security software into Android Lollipop. BES12 is compliant with multiple OS platforms and recently added support for corporate-issued iOS devices. Continue reading BlackBerry and Google Partner for Business Version of Android

To patch two critical zero-day vulnerabilities, Adobe Systems issued an emergency update for its Flash media player. That’s in addition to a previously unknown vulnerability discovered over a week ago in a 400-gigabyte data dump published after hackers rooted the servers of Hacking Team. That bug allowed hackers to covertly install malware on end-user computers. Mozilla now blocks the hacker-susceptible Flash, and several industry leaders are calling for Adobe to pull the plug on the bug-infested media player. Continue reading New Emergency Patches for Flash Steps Up Calls for Its Demise

A group of 14 preeminent international cryptographers and computer scientists reported that offering government access to encrypted communications puts the world’s confidential data and infrastructure at risk. The report is in response to demands by the U.S. and British governments that technology companies provide a digital key for encrypted data. Conflict has been heating up between privacy advocates and government agencies over encryption, and the report is the latest move by technologists to counter government demands. Continue reading Silicon Valley and Security Experts Face Off Over Encryption

New language in China’s recently enacted national security law is generating major concern across the global technology industry. The rules call for a “national security review” of networking, tech products and services, and foreign investment. In addition, the rules call for crucial tech sectors to be made “secure and controllable,” which industry groups fear may suggest that back doors for allowing third-party access to systems would be necessary, perhaps even leading to the sharing of encryption keys or source code. Continue reading New Chinese Security Law Raises Concerns by Tech Industry

MasterCard plans to test a new program this fall that will experiment with using facial scans to approve online purchases. Consumers will photograph themselves with their smartphones at checkout, an approach MasterCard believes will be easier than remembering passwords. The company also believes it will help combat fraud. While SecureCode was used in 3 billion transactions last year, passwords can still be forgotten, intercepted or stolen. As a result, a number of companies have been turning to biometrics as a solution. Continue reading MasterCard to Test Using Facial Scans for Purchase Approvals

Tech companies in the U.S. are urging the Obama administration not to impose policies that could potentially weaken encryption systems created to protect the privacy of consumers. “We are opposed to any policy actions or measures that would undermine encryption as an available and effective tool,” stated a letter to President Obama this week from the Information Technology Industry Council and the Software and Information Industry Association, representing companies such as Apple, Google, Facebook, IBM and Microsoft. Continue reading Tech Companies Urge White House to Leave Encryption Alone

Official FIDO certification for 31 products — from physical devices to login services — has been issued to 18 companies, marking the first certification under the new spec that aims to foster alternatives to password authentication and provide new opportunities for interoperating services. Systems compatible with FIDO can accept logins from any certified device, such as a fingerprint reader or voiceprint detector. Google’s all-purpose login service was certified as a universal two-factor server, and Yubico received certification for two USB security keys. Continue reading FIDO Certification is First Step for a World Without Passwords

After the Senate declined to reauthorize the bulk collection of phone records, the National Security Agency began shuttering its controversial counter-terrorism program over the weekend. The Senate failed to reach an agreement to extend the program beyond May 31, when the law used to authorize it will expire. Some intelligence and law enforcement officials have argued that the program is crucial to tracking terrorists. While the Senate rejected two bills that would have continued the program, some believe an agreement could still be reached before the deadline. Continue reading NSA Preps Shutdown of Controversial Phone Tracking Program

Tech companies including Apple, Facebook, Google and Microsoft joined Internet security experts and civil liberties organizations this week to draft a letter to President Obama warning that a “backdoor” for U.S. law enforcement could also serve as a backdoor for hackers and other governments. The Obama administration has been considering whether companies should only be allowed to use encryption that provides law enforcement with unscrambled access (or a “backdoor”). Critics are concerned about weakening encryption tech that protects Internet communications. Continue reading Tech Industry Urges President to Not Weaken Encryption Tech

As part of the growing backlash to Facebook’s Internet.org project, 65 advocacy organizations from 31 countries released a letter of protest this week to Facebook CEO Mark Zuckerberg. Facebook has partnered with wireless carriers and other organizations on the initiative that hopes to bring free Internet service to the developing world. However, the letter argues that the project “violates the principles of net neutrality, threatening freedom of expression, equality of opportunity, security, privacy, and innovation.” Continue reading Letter Released in Protest of Facebook’s Free Internet Project

Apple is refuting a recent report that suggested HomeKit — its home automation software platform — was experiencing problems and could expect delays. This week the company announced that the first HomeKit-enabled devices will ship next month. The company first unveiled HomeKit at last June’s Worldwide Developers Conference. The platform enables Apple devices to control connected appliances in the home, essentially turning iPhones and iPads into a command system for smart thermostats, lights, garage doors, locks, security systems and more. Continue reading Apple Refutes Delays, Says HomeKit Devices Shipping in June

Technology trade groups — including TechNet, the Internet Association, the Information Technology Industry Council, and the Computer and Communications Industry Association — have joined the Reform Government Surveillance group in support of the USA FREEDOM Act. The bill intends to limit federal government bulk surveillance programs in an effort to protect privacy while still addressing national security. The consortium supports more transparency and a change to the collection of bulk data. Continue reading Tech Groups Express Their Support for the USA FREEDOM Act

As part of its Media Management in the Cloud at NAB, the ETC held a panel discussion on cloud security, which continues to be a leading concern of M&E firms considering greater adoption of cloud technologies. The panel was composed of leading experts in cloud security from different parts of the M&E and cloud industries. Among the questions discussed: How can cloud infrastructure better ensure security? What are the most common security concerns of cloud tenants? What is the next level of emerging security standards? How is security best balanced with ease of use? Continue reading ETC Panel Discusses Cloud Security: Today, Tomorrow, Beyond

On April 15, at ETC’s Media Management in the Cloud conference held at the NAB Show, John McCoskey, EVP & CTO of the Motion Picture Association of America, and Jim Reavis, executive director of the Cloud Security Alliance, delivered the MPAA keynote updating the audience on the MPAA’s first cloud security standards, which are continuing to progress and may be launched later this year. They encouraged media industry professionals interested in cloud security to implement the CSA’s Cloud Controls Matrix. Continue reading Development of MPAA Cloud Security Standards Moves Forward