Today’s topics include Google adding trust labels to help users identify credible news sources; attackers exploiting Microsoft’s Dynamic Data Exchange protocol; Cisco unveiling a $1 billion smart cities infrastructure program; and the launch of the Quad9 DNS internet security service.
Google will soon employ Trust Indicator labels next to stories in Google News to help users more easily identify content from credible sources.
This effort is part of the broader initiative called the Trust Project hosted by the Santa Clara University’s Markkula Center for Applied Ethics, which is designed to give readers more context on online articles to distinguish legitimate journalistic content from misinformation and promotional material. Participating news organizations include Google, Facebook, Twitter, Bing, the Washington Post, the Economist, The Globe and Mail, Italy’s La Repubblica and the Trinity Mirror.
The Trust Project has developed eight initial trust indicators that publishers can add to their site’s code so search engines can pick up and include them. These include indicators for a publisher’s reliability, author expertise, type of content, citations and references, and diverse voices.
Internet security firm Zscaler reported Nov. 15 that online attackers have used a feature of Microsoft Office documents, known as the Dynamic Data Exchange protocol, to download and execute malware in at least three separate campaigns.
The DDE fields allow a document to automatically update its data from external sources, but can also be used to embed a link to malicious code, causing the Office applications to download and execute malware. Microsoft acknowledged the issue on Nov. 8 but does not consider it a vulnerability because the program alerts the user to the activity.
According to Mohd Sadique, head researcher with Zscaler’s ThreatLabZ team, “[A]ttackers are [maliciously] stealing a user’s sensitive information, uploading and executing malware on a user’s machine, [and] altering the user’s data.” Microsoft has added warnings when documents try to open external data and is urging users to take care when opening attachments from untrusted sources.
Cisco Systems announced on Nov. 14 its new $1 billion City Infrastructure Financing Acceleration Program, aimed to make it easier, faster and more affordable for cities around the world to fund and adopt technologies that will transform their communities. The funding will be provided through Cisco Capital in partnership with private equity firm Digital Alpha Advisors and pension fund investors APG Asset Management and Whitehelm Capital.
“Funding is a major stumbling block for municipalities beginning their smart city transformation,” said Anil Menon, global president of Cisco’s Smart+Connected Communities. He added that with its partners, “Cisco will bring the capital and expertise it takes to make smart city projects a reality.”
Whether a city is trying to reduce energy usage, ease traffic and parking, or boost public transportation ridership and revenues, the program will help assemble the right type or suite of finance instruments with minimal initial investment.
IBM, Packet Clearing House and the Global Cyber Alliance announced on Nov. 16 the launch of Quad9 DNS, a free service to help internet users reduce risk and stay secure online.
Domain Name Service is a foundational element of internet infrastructure, matching IP addresses with domain names. The name “Quad9” is a reference to the service’s IP address of 9.9.9.9, which IBM has owned since the 1980s.
Paul Griswold, director of Strategy & Product Management at IBM X-Force, told eWEEK, “We were saving 9.9.9.9 for the right project, and the value Quad9 is going to bring to the public is [that] project.” With Quad9, DNS queries from users are routed through the secure platform, helping to protect users from security threats.