Bruce Schneier, CTO at the security firm Resilient Systems, is busy examining how IoT - the name given to the computerization of everything in our lives - is changing the security world.

From sensors that collect data about our environment to databases in the cloud to analytics that help us make use of data, the Internet of Things is capable of changing our physical world.

"We're building an internet that senses, thinks and acts, but doesn't have a body, and that is the textbook definition of a robot," Schneier says. "What I want to propose is that we're building a world-sized robot, and we don't even realize it. While this change has its merits in bringing about enormous changes in social, economic and political environments, this is only going to increase security vulnerabilities," he says.

CISOs are lost when it comes to comprehending that this growing web will create an "interconnected system of threats," he says in an interview with Information Security Media Group during the 2016 RSA Conference Asia Pacific & Japan in Singapore.

"My clear message to security practitioners is: Pay attention to larger innovations that affect the environment, which have a cascading effect on security," he adds (see: IoT: Security Must Be Built In).

In this interview, Schneier discusses:

How CISOs need to tackle growing threats; The importance of policy and regulation; Actionable items for practitioners.

Schneier, who is chief technology officer and security technologist at Resilient Systems, an IBM company, is the author of 14 books, including the best-seller Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World. He's also written hundreds of articles, essays and academic papers. His newsletter "Crypto-Gram" and his blog "Schneier on Security" are read by more than 250,000 people. Schneier is a fellow at the Berkman Center for Internet and Society at Harvard University, a fellow at the Belfer Center at Harvard's Kennedy School of Government and a board member of the Electronic Frontier Foundation.

Too many organizations have too many disjointed security controls, says Vijay Bharti of Happiest Minds. What do they need? An integrated cybersecurity approach that includes analytics, machine learning and a higher degree of automation.

Bharti, Vice President and head of the Security unit at Happiest Minds, talks about the pressing need for this integrated approach to cybersecurity. The single biggest reason: Just to keep pace with the cyber criminals, whether they be nation-states, organized gangs or hacktivists.

"To me, the biggest concern is that cyber criminals are moving at a much faster pace in terms of being able to launch these attacks," Bharti says. "Versus the industry, which is still trying to gain momentum in terms of how to defend against these attacks."

And it's not that there isn't plenty of information about the criminals and the evolving threats. The challenge is: Organizations simply cannot move as quickly or as nimbly.

"Today, the speed in which an attack can be launched is much faster than the speed of detection and responding to these attacks," Bharti says. "And one of the reasons for that is ... security has not evolved as an integrated approach."

In an interview about creating this integrated approach to cybersecurity, Bharti discusses:

How to create an integration roadmap; Leveraging analytics and machine learning for enhanced detection; How to enhance automation and orchestration of security controls.

Vijay Bharti brings in more than 20 years of experience in the area of IT security across multiple domains such as identity and access management, data security, cloud security and infrastructure security. His recent work includes building security operation center frameworks (including people, processes and various SIEM technologies) where he is working on building an integrated view of security and ways of leveraging advance analytics and big data innovations for cyber security.

Mobility , Privacy

Pokémon Go: Why Are We So Stupid About Security? Police Advise Practicing 'Situational Awareness' Mathew J. Schwartz (euroinfosec) • July 22, 2016    

As the Pokémon Go craze continues, it's clear that when it comes to chasing virtual creatures through real-world locations, too many people fail to keep some common sense guidelines in mind.

See Also: 2016 State of Threat Intelligence Study

Of course, when it comes to security - be it of the personal or data-related kind - many individuals regularly act with seeming disregard for their privacy or safety.

We've long seen poor cybersecurity behavior when it comes to people picking poor passwords or organizations selecting poor ways of securing those passwords. For years, people have also continued to fall victim to attacks involving USB memory sticks dropped in parking lots, which they duly pocket and plug into PCs, leading to malware infections, for example, at U.S. Central Command.

As the craze for the augmented-reality smartphone game Pokémon Go continues to sweep the world, however, it's sparking a whole new set of stupid behaviors. "In countries where the game has already been launched, various incidents have been reported, including users getting run over by a car, falling into a pond, getting bitten by a snake and getting robbed," says Japan's National Center of Incident Readiness and Strategy for Cybersecurity.

Indeed, many Pokémon Go players appear to throw caution to the wind. A group of teenagers in England stole a rowboat to pursue a rare Pokémon creature across a lake. Firefighters in New Jersey rescued a woman after she chased a Pokémon up a cemetery tree. New York's Central Park temporarily descended into chaos after a stampede of players began chasing a rare type of Pokémon known as a "Vaporeon."

Chaos ensues in Central Park following the nighttime sighting of a rare Pokémon.

But the gameplay hasn't just involved hijinks. In Baltimore, the driver of an SUV slammed into a - thankfully unoccupied - patrol car, after which the driver emerged and said he'd been playing Pokémon Go, according to footage from a nearby police officer's bodycam.

#PokemonGO is not all fun and games. Here is a video of a distracted driver who struck one of our cars. #PlaySafe pic.twitter.com/kOTfbTcILo

Pokémon Go Safety Guidance

With those risks in mind, Japan's NISC has released a nine-point safety guide for players. "I want people to abide by the warning so that people can play it on smartphones safely," Chief Cabinet Secretary Yoshihide Suga tells Japan Times.

Here's a loosely condensed and translated version of NISC's guidance:

Privacy: Use "cool names that are different from real names." Malware: Beware fake versions of Pokémon Go, which hackers have been using to infect smartphones with malware. Weather: Pay attention to local weather conditions. Sun: Beware of heat stroke, drink lots of water and don't be afraid to pack a "hat and parasol." Power: Pack a spare battery whenever possible, since the game relies on GPS data and gobbles power, which could leave users stranded. Communications: Carry a phone card and money for a pay phone, in case the battery dies, and especially for children, be sure to travel in groups and not stray. Danger: When chasing Pokémon, avoid "dangerous zones," wild animals and bodies of water, and note that in other countries, Pokémon Go players have been targeted by robbers. Awareness: Remain aware of your surroundings, try to alert people to your presence and never meet up with strangers. Trains: Walking with a smartphone without paying attention can be extremely dangerous.

Florida: Shots Fired

Those common sense recommendations echo a list of safety tips issued by the Flagler County Sheriff's Office in Florida following a July 17 incident in which a homeowner fired several times at two teenagers who had parked in the street outside his house at about 1:30 a.m. while playing Pokémon Go. Authorities say their investigation is ongoing.

To the "parents of Pokémon Go Hunters," the sheriff's office offers several tips. "Talk to your kids about strangers and set limits on where your kids can go," it says. In addition, watch out for fake software. "Be aware of third-party software apps claiming to enhance the gaming experience. Unfortunately, many of these apps allow access to sensitive personal data."

For players, meanwhile, the sheriff's office urges them to "use common sense, be alert at all times and stay aware of your surroundings," adding that "in law enforcement, we call this situational awareness."

That's a message that police in multiple communities have been repeating, including in North San Diego County, where two men - both in their early 20s - fell off an ocean bluff, leading to both suffering moderate injuries.

"I think people just need to realize this is a game," Sgt. Rich Eaton of the San Diego County Sheriff's Department tells the Los Angeles Times. "It's not worth your life. No game is worth your life."

Anti-Malware , Technology

MacKeeper Threatened Legal Action Against 14-Year-Old Teenager Continues to Defy Anti-Virus Firm's Video Takedown Demand Jeremy Kirk (jeremy_kirk) • July 22, 2016     MacKeeper's mascot

MacKeeper, the embattled security program for Apple computers, has attracted vitriol over the years due its aggressive advertising of its security evaluations of computers. Kromtech Alliance Corp. of Germany, which owns MacKeeper, carefully monitors the internet for negative reviews of its product and, in some cases, threatens legal action against reviewers.

See Also: The Inconvenient Truth About API Security

Frustrated by MacKeeper's pop-up advertisements and warnings, those who've vented about the program online have occasionally gone overboard, characterizing it as an illegal scam, which puts them at risk of potential libel or slander claims. But setting aside the company's marketing tactics, MacKeeper has had real issues. On July 21, I reported that MacKeeper did not inform its users that the product was failing to update, for up to six weeks, during which time the users would have been at increased risk from malware infections (see MacKeeper Hid Product Update Error).

Now, one of MacKeeper's latest negative reviewers - 14-year-old high school student Luqman Wadood who lives in Stavanger, Norway - provides new insights into some of the heavy-handed tactics Kromtech uses to try and quash content it doesn't like before potentially following through on those threats by filing a lawsuit.

Between December 2015 and April 2016, Wadood posted a series of four videos on YouTube that took aim at MacKeeper. He's since removed three of the videos, marking them as private so the public can't view them. But he's holding strong on the fourth one and has published an impassioned video defending his decision and challenging Kromtech to make the next move.

"MacKeeper, I'll meet you guys in court," Wadood says in the video.

Luqman Wadood explains his decision to keep a video that's critical of MacKeeper online.

'Your Parents Will Pay'

For some of his videos, Wadood prank called MacKeeper's tech-support line, apparently harassing technicians. About a month after he posted a fourth video in April, titled "Trolling MacKeeper (Once Again)," he received an email from MacKeeper. Kromtech's U.S.-based spokesman, Jeremiah Fowler, warned him that the company would take Wadood to Norway District Court if the videos weren't removed.

Fowler warned that the videos "imply that MacKeeper is a scam and is engaged in criminal activity, and these false claims can be considered as an additional case for libel and slander."

I spoke with Wadood via instant message. He describes himself as a technology enthusiast and runs a tech-focused YouTube channel called InCrunch. He says he first encountered MacKeeper after he came across a pop-up advertisement last year warning that his Mac might be infected with a virus.

A MacKeeper pop-up advertisement.

"The pop-up was also designed to make it look like a Mac OS system notification so that, for example, elderly people (who cannot distinguish between a fake and real Mac alert) would press on it and MacKeeper would start to install on the computer," Wadood says.

Wadood shared with me his email correspondence with Fowler. Wadood initially responded to Fowler's threats by asserting that his videos were entertainment and that he had a right to free expression.

Sensing resistance, Fowler turned up the heat. "If the videos are not removed we will file the case against you," he said in a May 25 email. "This makes you liable for financial damages, and as a minor, your parents would be responsible for paying your legal fees or civil fines. I am sure your parents or guardians would not want to pay thousands of euros/dollars in court costs because you want to challenge what is expression and what is illegal harassment, libel and slander."

Wadood said he alerted his parents when things began to escalate, explaining to them about MacKeeper and the tactics it employs to entice users to download the software. "They were worried at first," Wadood says. "It was difficult to explain to them."

The Standoff Ends?

Eventually, Wadood backed down and set three of the videos to private on YouTube, thus disabling public access. He admits that "those three videos simply did not make me proud, and prank calling anybody simply for fun isn't the right thing to do." But he's holding firm on the fourth video, titled "Confronting MacKeeper," originally published on Dec. 4, 2015.

Shortly into the video, Wadood shows a screen of text that says: "Your Mac anti-virus might be a virus. If you have the following application, get rid of it ASAP." Ironically, that's the same style of implication and innuendo that MacKeeper uses in its pop-up ads to elicit fear and anxiety from less-experienced Mac users.

The video also shows a Google ad campaign that leads viewers to a website called MacKeeper Reviews, which is filled solely with positive reviews. Wadood asserts that these reviews are scripted and fake. The last part of the video includes excerpts from a call Wadood made to MacKeeper, asking to speak to someone about the company's advertising practices, including the questionable reviews site.

Whether Wadood's video passes legal muster would be up to a court to decide. But Wadood says he is standing by his video and that he hasn't heard from MacKeeper since late May. His long-term goal is to "get MacKeeper to either change their advertising and marketing methods, or just give up completely."

Responding to my request for comment, Kromtech's Fowler tells me that Wadood's "age does not give him a free pass to make false claims or engage in harassment." He further dismissed the fact I was writing about the situation. "This story amounts to a tabloid click bait headline and shows little more than a biased view against MacKeeper."