John McAfee Wants Morgan Freeman to Play Him in Biopic

Johnny Depp is rumored to be be playing John McAfee in an upcoming biopic, but the cybersecurity pioneer believes Morgan Freeman would be better suited to the role.

Depp will play McAfee in The King of The Jungle , according to Deadline Hollywood, portraying the antivirus mogul during his controversial time in Belize.

McAfee tells Newsweek that, to the best of his knowledge, the rumors that Depp will play him are true but he is yet to meet the actor. “I have been frequently compared to Hunter S. Thompson and I have seen Depp’s magnificent portrayal of Thompson,” McAfee says.

“I think Depp is as good as Javier Bardem, John Turturro, Mickey Rourke or Morgan Freeman [to play the part]. I am not joking about the latter. I pray for a time when the skin tone is not a factor in character choice. From what I know of Freeman, his character closest matches mine.”

Antivirus mogul John McAfee thinks Morgan Freeman would be the best actor to play him in a movie about his life. Jordan Saville/ Composite

McAfee, who founded the eponymous computer virus company in 1987, spent several years in Belize before fleeing the country in 2013.  

During his time in the Central American country, McAfee was wanted by police for questioning in connection with the murder of his neighbour. The film covers McAfee’s time in Belize and is based on a 2012 article written by Joshua Davis for Wired magazine.

Depp has played a string of oddball characters throughout his career, often befriending the characters he plays. After the death of Thompson in 2005, the Fear and Loathing in Las Vegas star spent $3 million to fire the journalist’s ashes out of a cannon during his funeral.

According to Deadline, Glenn Ficarra and John Requa will direct a script written by Scott Alexander and Larry Karaszewski. The release date is not known at this time.

Article source: http://www.newsweek.com/john-mcafee-movie-morgan-freeman-johnny-depp-575985

Posted in McAfee | Comments Off on John McAfee Wants Morgan Freeman to Play Him in Biopic

There Are No Winners in the Google/Symantec Feud

1 Star2 Stars3 Stars4 Stars5 Stars (2 votes, average: 5.00 out of 5)

Loading…

Symantec Owes its Customers Better, But So Does Google.

The ongoing feud between Symantec and the browser community, specifically Google, is bad for the entire SSL industry. Its consequences will undoubtedly be felt across the internet, in ways both seen and unseen. And Symantec must step up to the plate and own a portion of the blame for even letting things get to the point where Google can threaten to remove trust in existing Symantec SSL certificates.

Before we get to that though, I want to level with you. We were split Friday about whether or not to discuss this proposal, made by Google’s Ryan Sleevi. On one hand, Hashed Out prides itself on being an industry leading news source. On the other, despite the fact that Hashed Out generally operates with a considerable degree of autonomy, The SSL Store™ is a very close partner with Symantec.

We offer and support all the Symantec family of brands, we are a seasoned upper-echelon platinum partner and have held a seat on Symantec’s Partner Advisory Council for a number of years. We’ve even purchased furniture together—you could say it’s a serious relationship.

Still, in the interest of maintaining objectivity and addressing some of the questions and feedback that we are fielding from our customers, clients, resellers and the community we feel that we need to discuss this proposal.

Let’s Start With the Proposal to Remove Trust in Existing Symantec SSL Certificates

For anyone who is not aware, on March 23rd, Ryan Sleevi, a Google Software Engineer, published a proposal that would gradually deprecate and remove trust in existing Symantec SSL certificates. The action proposed is:

  • A reduction in the accepted validity period of newly issued Symantec-issued certificates to nine months or less, in order to minimize any impact to Google Chrome users from any further misissuances [sic] that may arise.
  • An incremental distrust, spanning a series of Google Chrome releases, of all currently-trusted Symantec-issued certificates, requiring they be revalidated and replaced.
  • Removal of recognition of the Extended Validation status of Symantec issued certificates, until such a time as the community can be assured in the policies and practices of Symantec, but no sooner than one year.

To clarify, this refers to all SSL certificates from the Symantec family of brands (GeoTrust, Thawte, RapidSSL and of course the Symantec brand).

Now, the way we got here is complicated. It starts with Andrew Ayer, an independent researcher, posting about a handful of certificates that appeared to be mis-issued by Symantec. As all the parties involved (Symantec, Google, Mozilla, etc) started looking into the issue, an investigation revealed that there were some problems with Registration Authorities (RAs) that Symantec had partnered with. These RAs had a special partnership with Symantec where they were to handle certificate validation in certain overseas regions where they were more experienced in the language and the way business is done.

However, Google claims that Symantec failed to comply with industry standards and could not provide audits showing the necessary documentation. Because these companies issued certificates in Symantec’s name (and from its root certificates), Google suggests that Symantec was culpable for their failures.

Google seems to have taken issue with the fact that Symantec was unaware of these problems with its partners, and thinks that Symantec neglected to oversee their actions. This event, in combination with a similar compliance issue back in late 2015, has raised a few concerns for Google.

And that ultimately led to the proposal by Sleevi to deprecate and remove trust from Symantec.

One last thing, (for the sake of this discussion) I am referring specifically to Google because it is the only browser that has of yet made a formal proposal. It’s also the most publicly visible. Mozilla is also discussing punitive action. Apple and Microsoft, though considerably less public in their deliberations, typically fall in line with Google and Mozilla.

What Does This Mean?

As it currently stands, if this proposal is accepted, Symantec’s customers are going to be the ones that feel the brunt of the pain. This is going to be extremely disruptive on a lot of fronts, though Google has been very clear and concise about which party deserves the blame for that—and it’s not Google.

For Symantec customers, any existing SSL certificate that isn’t already set to expire in the next few months is going to need to be re-issued and re-installed. Additionally, if you paid for a validity period greater than nine months (which would apply to everyone), you may be out whatever money you paid for months ten and beyond. We envision Symantec will be able remedy this during the renewal process.

And finally, they’re saying if a Symantec customer invested in premium Extended Validation SSL, you would be completely out of luck, Google’s punishment is that Symantec will be without EV privileges for at least a year. So, you would either be stuck with a very expensive DV certificate (because that’s essentially what the browsers will view it as) or you’re simply going to have to find a new Certificate Authority and go through the entire extended validation process once again and waste more money and more time.

Now, Symantec has already rightfully stated that it will take the necessary measures to keep its customers from being negatively affected, but there’s only so much it can do that would be within its own control. While it can (and likely will) easily honor the original validity period that customers purchased by offering free renewals through the originally expected expiration date, it cannot replace the lost EV certificates – and perhaps just as importantly to the customer, the green address bar – nor can it save its customers the time and hassle that would be involved with re-installing all of these newly re-issued certificates.

Even in the most generous of potential outcomes, a good portion of Symantec’s customer base would be impacted through no fault of its own.

Why This is Bad for the Industry

Let’s start this portion of the discussion by acknowledging something that seems to hang over a lot of SSL-related debates that we frequently run into while actively participating in community discussions. There is an entire industry that has popped up around SSL/TLS. There are for-profit CAs, resellers, sub-resellers and a number of other parties that contribute to what has become a billion-dollar global industry.

A lot of folks seem to have a problem with that, there is a subset of people involved in this discussion that doesn’t believe there should be a financial gatekeeper to encryption. As a result of that position, any business-minded input is typically viewed negatively—almost as if it has no place in the conversation.

That is a very myopic perspective. Perhaps, in an ideal world where we knew what the internet was to become, things would have evolved differently. In an ideal world, the developers and engineers that so bemoan the monetization of encryption-related products would have designed the internet to be secure in the first place, thus eliminating any potential for an industry to pop up around a technology like SSL.

Frankly, we can all probably agree that may be a better alternative. But those ideals exist only in the imaginations of the passionate individuals that advocate for them. The reality of the situation is that the internet was not designed securely and by virtue of that there is a commercial SSL industry.

And while that may seem like an abstraction to some – those that don’t deal directly with customers and end users – it doesn’t change that it’s the reality. All I am trying to say is that a software engineer at Google is certainly going to have a far different perspective on our industry than, let’s say, one of our own account managers who deals hands-on with a diverse set of client types and their direct real-life feedback on a daily basis.

Neither are wrong, just very different.

My point is this: real people who have used this extremely popular commercial CA have their businesses, websites and financial livelihoods at stake here.

And no, I’m not talking about the people at Symantec, which is a multi-billion dollar business operation that could literally leave the SSL industry entirely and still stay solvent. I’m talking about the countless others involved directly and indirectly in the SSL industry at any level who are going to really feel the pain.

I’m talking about the IT services providers who are potentially going to have to drop everything and tend to thousands of support inquiries or rework deep integrations. The small business owner who bought a premium security solution and will never hear a peep about Symantec’s hardships, who just took a loss and has to scramble to find a replacement. The large enterprises where it takes six months for any new SSL to be fully adopted into their environment. The site owners that are going to have to figure out how to navigate something they know nothing about yet again. Heck, if we’re being funny, even dear old Aunt Edna, who was told to look for the EV indicator in the URL when accessing her bank account online to reduce her phishing risk, is now back to stuffing wads of dollar bills and piles of loose change inside her mattress because she’s now skeptical about online banking again.

All kidding aside though, I’m talking about potential dis-trust towards websites that should absolutely still be trusted to the fullest extent.

While this may not necessarily put most companies and organizations out of business, this proposal will undoubtedly result in the loss of money and other precious resources, in addition to having a butterfly effect down to the average web user. Businesses don’t like losing money. They also don’t like wasting resources like time and man hours on projects that they have already properly addressed.

Which leads to the more salient point, this move could potentially damage the public’s faith in SSL and encryption at a very inopportune time. It’s no secret that the browsers are moving rapidly to mandate encryption. Funny enough, it began with the Google Chrome team itself back in 2014 when it announced that SSL is now a ranking signal in its algorithm.  Recently, the shift to “secure”/”not secure” visual indicators is the most overt move yet in terms of pushing sites toward end-to-end encryption.

As a result, for many individual website owners, as well as an unfortunate number of businesses and organizations, this may be their first experience with SSL/TLS encryption. Symantec has historically enjoyed a reputation as one of the premier Certificate Authorities in the world. You can’t fault someone for choosing a Symantec product, especially considering that the majority of these customers aren’t keeping up with the CA/Browser Forum or following Google and Mozilla’s back-and-forth with Symantec.

That means for many people, their first experience with this newly required security solution (for which there is no real alternative) will be a negative one. They will have paid top dollar to purchase from a reputable brand and then that product will not only fail to deliver on their expectations, it may even end up causing them to lose money.

And keep in mind, these aren’t software engineers and security experts, these are business professionals that probably aren’t going to bother to read long, highly technical descriptions of what happened and why these actions were justified, etc. They’re going to boil it down to its most basic level—as is common in business.

There are three ways they might look at this: first, they will undoubtedly blame Symantec.

Second, they’re going to blame Google. Despite its best effort, Google is not going to come out of this unscathed.

And finally, those negatively affected by this proposal may reassess their opinion of SSL altogether. And we’re probably not going to like the conclusions they reach. Whether it’s starting to believe that SSL is some kind of racket, or it’s an inability to trust the technology moving forward—nothing about what’s being proposed is going to improve attitudes towards SSL.

While to people who are fully informed, this is a very specific debate about validation practices, policies and accountability (which I totally get), to the average person it’s going to look like two mega-corporations, Google and Symantec, fighting about a product and totally screwing over a bunch of innocent people in the process.

Nobody wins in this situation. Everyone loses, it just varies to what degree.

What Needs to Happen

The solution for this issue isn’t simple. On one hand, Symantec certainly needs to tighten some things up. To be fair, Google has given Symantec ample warning and opportunities to become compliant with its standards/expectations and Symantec apparently is yet to achieve that. Whether or not it’s fair that Google (and the other browsers) impose those requirements on Symantec is frankly irrelevant at this point, Symantec has a responsibility to its customers that should supersede that question.

But Google also needs to be more careful with the power it wields. In many ways, these actions seem less designed to force compliance and more designed to damage the business interests of Symantec. Nine months is an extremely irregular length of time for certificate validity and one could argue that this requirement places Symantec at an obvious competitive disadvantage. Additionally, by removing EV status for a year, Google is essentially cratering Symantec’s entire EV SSL operation. Most of Symantec’s existing EV customers will leave, and its credibility will be forever strained once the program comes back.

Granted, this is really Symantec’s problem—not Google’s. But the optics are terrible all around. And any conspiracy-minded individual doesn’t have to stretch very far to cobble together a narrative.

The two companies need to come together – a feat that shouldn’t be difficult considering their headquarters are located across the street from one another – and discuss a solution that both forces Symantec to address the issues Google has raised head-on, while also minimizing the amount of undue hardship on other, under-represented members of the SSL industry. You know, those who use and depend on it for normal business operation in real life. This is not the time for posturing, or for an unyielding adherence to policy, nor is it the time debate two contrasting philosophies on SSL—this is the time for pragmatism.

This debate isn’t occurring in a vacuum. There are real consequences and real collateral at stake here—it’s not an exaggeration to say this will affect peoples’ livelihood. Maybe Symantec doesn’t deserve the benefit of the doubt from Google, but Symantec’s customers sure do. Now is the time to find a solution that remediates Symantec’s issues while also preventing undue hardship on literally tens of thousands of individuals, companies, and organizations.

Because their voice is ours—and the implications of this proposal are far too wide-reaching for it to be ignored.

Article source: https://www.thesslstore.com/blog/remove-trust-in-existing-symantec-ssl-certificates/

Posted in Symantec | Comments Off on There Are No Winners in the Google/Symantec Feud

Almost 40% of industrial computers worldwide faced a cyberattack in the second half of 2016: Kaspersky

Two in five computers around the globe related to the technological infrastructure of industrial enterprises faced cyberattacks in the second half of 2016, according to cybersecurity company Kaspersky Lab.

Research from Kaspersky released on Tuesday showed that the percentage of industrial computers under attack grew from over 17% in July 2016 to more than 24% in December 2016. A press release from Kaspersky noted that the top three sources of infection were the Internet, removable storage devices and malicious email attachments and scripts embedded in the body of emails.

The results, published in a report titled Industrial automation systems threat landscape in the second half of 2016, examined the cyberthreat landscape faced by Internet connection sharing (ICS) systems. Kaspersky experts discovered that during the second half of 2016, malware downloads and access to phishing webpages were blocked on more than 22% of industrial computers. “This means that almost every fifth machine faced the risk of infection or credential compromise via the Internet at least once,” Kaspersky said in the release.

Other key findings from the report included:

  • Every fourth targeted attack detected by Kaspersky in 2016 was aimed at industrial targets;
  • About 20,000 different malware samples were revealed in industrial automation systems belonging to over 2,000 different malware families;
  • 75 vulnerabilities were revealed by Kaspersky in 2016. Fifty-eight of them were marked as maximum critical vulnerabilities; and
  • The top three countries that experienced industrial computer attacks were Vietnam (more than 66%), Algeria (over 65%) and Morocco (60%).

Kaspersky noted in the release that the desktop computers of engineers and operators working directly with ICS do not usually have direct access to the Internet due to the limitations of the technology network in which they are located. However, there are other users that have simultaneous access to the Internet and ICS. According to Kaspersky research, these computers – presumably used by system and network administrators, developers and integrators of industrial automation systems, as well as third party contractors who connect to technology networks directly or remotely – can freely connect to the Internet because they are not tied to only one industrial network with its inherent limitations.

But the Internet is not the only thing that threatens the cybersecurity of ICS systems – the danger of infected removable storage devices is another threat spotted by the company’s researchers. During the period of research, 10.9% of computers with ICS software installed (or connected to those that have this software) showed traces of malware when a removable device was connected to them.

Malicious email attachments and scripts embedded in the body of emails were blocked on 8.1% of industrial computers, taking third place, Kaspersky said in the release. In most cases, attackers use phishing emails to attract the user’s attention and disguise malicious files.

“Malware was most often distributed in the format of office documents such as [Microsoft] Office and PDF files,” the release said. “Using various techniques, the criminals made sure that people downloaded and ran malware on the industrial organization’s computers.”

Malware, which includes spyware, backdoors, keyloggers, financial malware, ransomware and wipers, “can completely paralyze the organization’s control over its ICS or can be used for targeted attacks respectively,” Kaspersky reported. The latter is possible because of inherent functions that provide an attacker with lots of possibilities for remote control.

“Our analysis shows us that blind faith in technology networks’ isolation from the Internet doesn’t work anymore,” concluded Evgeny Goncharov, head of the critical infrastructure defense department at Kaspersky. “The rise of cyberthreats to critical infrastructure indicates that ICS should be properly secured from malware both inside and outside the perimeter. It is also important to note that according to our observations, the attacks almost always start with the weakest link in any protection – people.”

Article source: http://www.canadianunderwriter.ca/insurance/almost-40-industrial-computers-worldwide-faced-cyberattack-second-half-2016-kaspersky-1004111007/

Posted in Kaspersky | Comments Off on Almost 40% of industrial computers worldwide faced a cyberattack in the second half of 2016: Kaspersky