Tuesday, December 31, 2013

Route Hijacking, Redirecting Internet Traffic

If a bad actor (e.g., a criminal or government agency) can't access your traffic, it will try to redirect it to a place where it can . . . .

Cyber-security puzzle: Who is sending Internet traffic on long, strange trips? - CSMonitor.com: "Doug Madory, a Renesys expert, is one of the few able to see what was going on. As he watched his computer monitor in late summer, he says, unidentified hackers subtly diverted a US Internet provider’s Denver data stream – its e-mails and electronic file transfers – that were intended to travel just across town to another Denver location. “Route hijacking has been around for a long time, but it’s typically been accidental, brief, and highly public,” Mr. Madory says. “What we’re seeing now is subtle, almost impossible to detect – a man-in-the-middle setup to intercept data over relatively long periods of time: several hours or even an entire day. It looks like a targeted attack by either a criminal organization or nation state.”"

more news below

Saturday, December 28, 2013

OpenDNS, Internet Security

About Us: "OpenDNS secures the networks used by more than 50 million people to connect to the Internet. Across all continents, in Fortune 50 enterprises and small businesses alike, at one in every three U.S. schools and hundreds of thousands of homes. Our services are smart and lightweight, yet more powerful than anything else available. They require no software or hardware, and can be set up in just minutes, immediately taking effect across all devices that connect to the Internet -- tablets, smartphones, even gaming consoles. Ask anyone who's deployed a network service across an enterprise and they'll tell you just how revolutionary that is. We're changing the face of Internet security."

more news below

Thursday, December 26, 2013

Google, password-free authentication Chrome OS

Google eyes password-free authentication in Chrome OS | Internet & Media - CNET News: " . . . The chrome.screenlockPrivate feature would let an app wake up a Chromebook or Chromebox if it judges a person to be present based on trusted data from Bluetooth, NFC, or USB ports. "A platform app may use the USB, NFC, and/or Bluetooth APIs to communicate with a secondary trusted device such as a phone, ring, watch, or badge, thereby allowing that trusted device to serve as an alternative form of authentication for the user," said a design document pointed out by Chrome watcher and Google employee Francois Beaufort...."

more news below

Tuesday, December 24, 2013

French government spoofing Google domain certificates

Biggest security risks today come from governments -- from China to the US to France to . . . .

Google catches French govt spoofing its domain certificates | ZDNet: "This is not the first time that the flaws of SSL certificates have been exposed. The US National Security Agency is alleged to have used man-in-the-middle attacks through unauthorised certificates against Google in the past. Additionally, in August 2011, a breach at DigiNotar, another CA, found that an Iranian hacker had created rogue certificates for Google domains, intercepting user passwords for Gmail."

more news below

Saturday, December 21, 2013

Microsoft Cybercrime Center

The giant from Redmond does do a pretty good job on cybersecurity (but for the NSA et al) --

Microsoft's new Cybercrime Center combines tactics against hacking groups | Reuters: "...Microsoft Corp's expanded Digital Crimes Unit inside the 16,800-square foot, high-security facility combines a wide array of tactics that have worked the best: massive data gathering and analysis, gumshoe detective work, high-level diplomacy and creative lawyering. The new approach, to be launched on Thursday, is the latest attempt to close the gap created in the past decade as criminal hackers innovated in technology and business methods to stay ahead of adversaries mired in the slow-moving world of international law enforcement...."

more news below

Thursday, December 19, 2013

Names of Hackers and Cybercriminals

Call Me i$Hm@eL: On the Names of Hackers and Cybercriminals: " . . . Then there are those that value reputation over risk, like the hacker and former spammer I met with in Southeast Asia: He has used the same handle, chosen at random from the dictionary, since he was a teenager, through his forays into crime, and even after going straight. “I mean, I’ve got a reputation, I’ve got friends—people trust me,” he explained. Giving it up, he said, would be akin to relinquishing his identity in the physical world and starting again. Today, he works as what is called a penetration tester, a legal hacker of sorts, hired to find holes in a client's system before a real attacker does. Some clients have discovered his past, and his long-established online reputation. But they seem pleased. They figure it means he’s more effective at his job." (read more at link above)

more news below

Tuesday, December 17, 2013

Google says NSA tactics bad for all American companies

Google: NSA tactics bad for all American companies — RT USA: "...“The current lack of transparency about the nature of government surveillance in democratic countries undermines the freedom and the trust in most citizens cherish, it also has a negative impact on our economic growth and security and on the promise of an internet as a platform for openness and free expression,” said Google’s law enforcement and information security director, Richard Salgado, as quoted by Reuters...."

Need we say more?

more news below

Saturday, December 14, 2013

Internet architects propose encrypting all internet traffic

In other words, the National Security Agency (NSA) will have defeated itself by its egregious practices leading to unintended consequences --

Internet architects propose encrypting all the world’s Web traffic | Ars Technica: "...The proposal, announced in a letter published Wednesday by an official with the Internet Engineering Task Force (IETF), comes after documents leaked by former National Security Agency contractor Edward Snowden heightened concerns about government surveillance of Internet communications. Despite those concerns, websites operated by Yahoo, the federal government, the site running this article, and others continue to publish the majority of their pages in a "plaintext" format that can be read by government spies or anyone else who has access to the network the traffic passes over. Last week, cryptographer and security expert Bruce Schneier urged people to "make surveillance expensive again" by encrypting as much Internet data as possible...."

more news below

Thursday, December 12, 2013

FBI says US government computers breached by Anonymous

Following up on our last posting re: poor US government cybersecurity practices --

Exclusive: FBI warns of U.S. government breaches by Anonymous hackers | Reuters: "Activist hackers linked to the collective known as Anonymous have secretly accessed U.S. government computers in multiple agencies and stolen sensitive information in a campaign that began almost a year ago, the FBI warned this week. The hackers exploited a flaw in Adobe Systems Inc's software to launch a rash of electronic break-ins that began last December, then left "back doors" to return to many of the machines as recently as last month, the Federal Bureau of Investigation said in a memo seen by Reuters..." (read more at link above)

more news below

Tuesday, December 10, 2013

US Government a Poor Example for Best Security Practices

Do as I say, not as I do! --

President’s tech council plays sad trombone for federal cybersecurity | Ars Technica: ""The Federal Government rarely follows accepted best practices," the report stated. In order to ensure that the country as a whole is more secure against cyber attack, the council advised, the government "needs to lead by example and accelerate its efforts to make routine cyber attacks more difficult by implementing best practices for its own systems.""

more news below

Saturday, December 7, 2013

NSA infection, 50000 computer networks, malicious software

NSA infected 50,000 computer networks with malicious software - nrc.nl: "The American intelligence service - NSA - infected more than 50,000 computer networks worldwide with malicious software designed to steal sensitive information. Documents provided by former NSA-employee Edward Snowden and seen by this newspaper, prove this...." (read more at link above)

more news below

Thursday, December 5, 2013

Your Cyberincident-response Plan?

How good is your cyberincident-response plan? | McKinsey & Company: "Many organizations must face a troubling fact: defending their digital perimeter is not enough. They should assume that successful cyberattacks will occur—and develop an effective plan to mitigate the impact...That’s why it’s not enough to focus, as many enterprises do, on defending the digital perimeter with cybertechnologies such as intrusion detection and data-loss prevention. When determined adversaries such as hacktivists and organized criminal syndicates set their minds on finding a way inside, every organization with valuable digitized information is at risk of having its perimeter breached and its critical assets compromised...." (read more at link above)

more news below

Tuesday, December 3, 2013

How the Feds Took Down Silk Road

There IS a difference between a free internet and a lawless internet -- great read at the link below (excerpt follows) --

How the Feds Took Down the Silk Road Drug Wonderland | Threat Level | Wired.com: "...The informant directed investigators to the site, accessible only through the Tor anonymizing network, and explained how transactions for the sale of heroin, cocaine and LSD went down using the digital currency Bitcoin. But that wasn’t all Silk Road was selling — there were stolen credit and debit card numbers, fake IDs, counterfeit currencies, hacking tools and login credentials for hacked accounts. The tip, which arrived about six months after Silk Road was launched and coincided with the emporium’s growing notoriety following a June 2011 Gawker story, spawned a multi-agency task force based in Baltimore — dubbed “Marco Polo” in reference to the drug market’s historical namesake — that eventually included investigators from the FBI, DEA, DHS, the IRS, U.S. Postal Inspection, U.S. Secret Service, and the Bureau of Alcohol, Tobacco, Firearms and Explosives...."

more news below

Saturday, November 30, 2013

Stuxnet, Its Secret Twin, Sabotage

Fascinating read at the link below (excerpt follows) --

Stuxnet's Secret Twin - By Ralph Langner | Foreign Policy: "....In other words, blowing the cover of this online sabotage campaign came with benefits. Uncovering Stuxnet was the end of the operation, but not necessarily the end of its utility. Unlike traditional Pentagon hardware, one cannot display USB drives at a military parade. The Stuxnet revelation showed the world what cyberweapons could do in the hands of a superpower. It also saved America from embarrassment. If another country -- maybe even an adversary -- had been first in demonstrating proficiency in the digital domain, it would have been nothing short of another Sputnik moment in U.S. history. So there were plenty of good reasons not to sacrifice mission success for fear of detection. We're not sure whether Stuxnet was disclosed intentionally. As with so many human endeavors, it may simply have been an unintended side effect that turned out to be critical. One thing we do know: It changed global military strategy in the 21st century..."

more news below

Thursday, November 28, 2013

3 Ways Malicious Hacking Occurs

11 sure signs you've been hacked: "The hope of an anti-malware program that can perfectly detect malware and malicious hacking is pure folly. ... And if you are risk-adverse, as I am, always perform a complete computer restore with the event of a breach. Because once your computer has been compromised, the bad guys can do anything and hide anywhere. It's best to just start from scratch. Most malicious hacking originates from one of three vectors: unpatched software, running Trojan horse programs, and responding to fake phishing emails. Do better at preventing these three things, and you'll be less likely to have to rely on your antimalware software's accuracy -- and luck." (read more at link above)

more news below

Tuesday, November 26, 2013

Kevin Mitnick shows how easy it is to hack a computer

Kevin Mitnick: 'The only thing McAfee is good at is making videos' - 16 Oct 2013 - Computing News: ". . . . Mitnick demonstrated how easy it is to hack a computer, even when secured by the latest McAfee AV client, which he claimed was fully patched. He explained that the simplest form of attack is to identify a specific individual target in a firm, then research them on social media in order to tailor a message to them that will make them more likely to open an infected attachment.
"The attacker only has to find one person to open a PDF, so you do the attacks surgically. LinkedIn is the best tool - you search for networks and positions. You might want to target sales and marketing, because they're the most likely to comply with my request. So you find out who they communicate with, their partners, customers and suppliers. You can then spoof communications that appear to come from a trusted source. . . ." (read more at the link above)

more news below

Saturday, November 23, 2013

Pentagon Secret Backbone Hardly Secret

Kevin Mitnick: 'The only thing McAfee is good at is making videos' - 16 Oct 2013 - Computing News: "He showed the audience a detailed network topology map, which included all the switches and routers on the network, and all of the internal and external IP addresses. The network in question was the Pentagon Secret Backbone. Mitnick explained that someone at the Pentagon had installed a peer-to-peer client at some point, and not realised that various important documents, such as this map, had been leaked as a direct result."

(ed. note): And yet people in government still think the Chinese and Russians wanted Snowden's documents. Truth is, they probably had already obtained all of those documents themselves before Snowden ever thought about it.

more news below

Thursday, November 21, 2013

Tim Berners-Lee calls encryption cracking by spy agencies 'appalling and foolish'

Tim Berners-Lee: encryption cracking by spy agencies 'appalling and foolish' | World news | The Guardian: " . . . In an interview with the Guardian, he expressed particular outrage that GCHQ and the NSA had weakened online security by cracking much of the online encryption on which hundreds of millions of users rely to guard data privacy. He said the agencies' decision to break the encryption software was appalling and foolish, as it directly contradicted efforts of the US and UK governments to fight cybercrime and cyberwarfare, which they have identified as a national security priority. Berners-Lee also said it was a betrayal of the technology industry. In contrast to several senior British politicians – including the prime minister, David Cameron – who have called for the Guardian to be investigated over reporting of the Snowden leaks, Berners-Lee sees the news organisation and Snowden as having acted in the public interest. . . ." (read more at link above)

more news below

Tuesday, November 19, 2013

NSA revelations cause NIST Review of Guidance Methods

NIST Launches Review of Guidance Methods - GovInfoSecurity: "Noting that its integrity has been questioned, the National Institute of Standards and Technology has launched a formal review on how it develops cryptographic standards because of concerns that the National Security Agency might have corrupted its cryptography guidance. "Our mission is to protect the nation's IT infrastructure and information through strong cryptography," NIST says in a statement issued late Nov. 1. "We cannot carry out that mission without the trust and assistance of the world's cryptographic experts. We're committed to continually earning that trust.". . ." (read more at link above)

more news below

Saturday, November 16, 2013

Cybersecurity a trillion dollar market

World cybersecurity leaders call for cooperation - CBS News: "Governments and businesses spend $1 trillion a year for global cybersecurity, but unlike wartime casualties or oil spills, there's no clear idea what the total losses are because few will admit they've been compromised. Cybersecurity leaders from more than 40 countries are gathering at Stanford University this week to consider tackling that information gap by creating a single, trusted entity that would keep track of how much hackers steal. . . ." (read more at link above)

more news below

Thursday, November 14, 2013

Unbreakable encryption

Unbreakable encryption comes to the U.S. - Fortune Tech: " . . . . QKD stood out to Battelle's researchers as the best technically feasible means of generating secure encryption that wasn't just a solution that works now and that won't leave data exposed in the future. But QKD also has some drawbacks, including a limited range and potential difficulties in sharing keys. So Battelle turned to ID Quantique, a Geneva-based quantum technology company with extensive experience in quantum communications, to help smooth out those issues. QKD works by tapping some of quantum physics' stranger phenomena to make it virtually impossible for a third party to steal an encryption key without sender and receiver being aware. Using a standard encryption algorithm, the sender encrypts the data and transmits it to the receiver. But instead of sending along the key by conventional means, it is encoded into a single photon -- the elementary particle of light -- which is then placed into a correlated state with a second photon. Physicists call this "entanglement" (Einstein called it "spooky") and under the laws that govern the quantum world any attempt to observe or measure one photon affects the other correlated photon regardless of whether they are in the same room or on opposite sides of the planet. . . ." (read more at link above)

more news below

Tuesday, November 12, 2013

Google's Chrome Browser to automatically block malware

Google's Chrome will automatically block malware | PCWorld: "A developer version of Google’s Chrome browser will automatically flag and block malware that the user’s anti-malware system wouldn’t otherwise detect, Google said. The “Canary” version of Chrome, designed for early testing by developers and others, will show a small warning note in the area of the screen reserved for downloads, notifying the user that it had prevented malware from being downloaded, Google said in a blog post. The new technology is in addition to Google’s existing “Safe Browsing” capability, which blocks up to 10,000 new websites per day, based on a reputation score that Google develops and assigns. . . ."

more news below

Saturday, November 9, 2013

BackDoors, Security

How to Design — And Defend Against — The Perfect Security Backdoor | Wired Opinion | Wired.com: "Since BULLRUN became public last month, the security community has been examining security flaws discovered over the past several years, looking for signs of deliberate tampering. The Debian random number flaw was probably not deliberate, but the 2003 Linux security vulnerability probably was. The DUAL_EC_DRBG random number generator may or may not have been a backdoor. The SSL 2.0 flaw was probably an honest mistake. The GSM A5/1 encryption algorithm was almost certainly deliberately weakened. All the common RSA moduli out there in the wild: We don’t know. Microsoft’s _NSAKEY looks like a smoking gun, but honestly, we don’t know. . . ." (read more at link above)

more news below

Thursday, November 7, 2013

FTC, Mobile, Scareware

FTC Takes Tough Action Against ‘Scareware’ Tactics | Jeff Ifrah - JDSupra: " . . . . Jesta (which also does business as Jamster) is known mostly for its marketplace of ringtones, photos, videos and apps. Starting in 2011, it ran a scareware campaign, purportedly for anti-virus software, that the FTC asserts crossed the line into deceptive advertising. The ads ran on the free version of the Angry Birds app for Android. Using a graphic that looks like the Android robot logo, the banner ad displayed a warning that viruses had been detected on the device – even though no virus scan was conducted. According to the FTC, when the consumers clicked on the “remove [virus]” button, or similar “warning” buttons, Jesta directed them through a number of pages about virus protection that left to very fine print a monthly service fee for ringtones and other content. . . ." (read more at link above)

more news below

Tuesday, November 5, 2013

Experian, Consumer Data, ID Theft Service

Experian Sold Consumer Data to ID Theft Service — Krebs on Security: "An identity theft service that sold Social Security and drivers license numbers — as well as bank account and credit card data on millions of Americans — purchased much of its data from Experian, one of the three major credit bureaus, according to a lengthy investigation by KrebsOnSecurity. . . ."

more news below

Saturday, November 2, 2013

US government, draft cybersecurity framework

US government, cybersecurity? --

US government releases draft cybersecurity framework | Security & Privacy - CNET News: " . . . The National Institute of Standards and Technology released its draft cybersecurity framework for private companies and infrastructure networks on Tuesday. These standards are part of an executive order that President Obama proposed in February. The aim of NIST's framework (PDF) is to create guidelines that companies can use to beef up their networks and guard against hackers and cybersecurity threats. Adopting this framework would be voluntary for companies. NIST is a non-regulatory agency within the Department of Commerce. The framework was written with the involvement of roughly 3,000 industry and academic experts, according to Reuters. It outlines ways that companies could protect their networks and act fast if and when they experience security breaches. "The framework provides a common language for expressing, understanding, and managing cybersecurity risk, both internally and externally," reads the draft standards. . . .

more news below

Thursday, October 31, 2013

NSA delayed anti-leak software where Snowden worked

Greatest threats are always from the inside. NSA found out the hard way.

Exclusive: NSA delayed anti-leak software at base where Snowden worked -officials | Reuters: " . . . . Snowden was assigned by Booz Allen Hamilton to the Hawaii facility in late March or early April 2013, after first attending training sessions near NSA's Maryland headquarters. He was only there for a few weeks before he told his employers that he needed time off because of health problems. Snowden then disappeared and turned up several weeks later in Hong Kong. There, he gave a TV interview and a trove of secrets from the NSA and its British counterpart, Government Communications Headquarters, to writer Glenn Greenwald, filmmaker Laura Poitras, and journalists from Britain's Guardian newspaper. Reuters reported in August that Snowden began downloading documents describing the U.S. government's electronic spying on an earlier job working for Dell Inc in April 2012. One official said Congressional oversight committees had repeatedly expressed concerns to the administration that agencies across the government, including spy units, had moved too slowly to install updated security software. Another official said that U.S. agencies were still not positive they knew the details of all the material which Snowden had downloaded and turned over to journalists."

more news below

Tuesday, October 29, 2013

Cyber Attacks, Business Cybersecurity, a decade out of date

Out of date security is no security --

Business understanding of cyber attacks a decade out of date
The Australian Financial Review
Business understanding of cyber attacks a decade out of date ... old as civilisation itself: espionage, sabotage, crime, terrorism, warfare and protest,” ... In a survey of IT security professionals last year, ISACA found that one in five worked in an organisation that had been the subject of an APT attack and 63 per cent said they ... (read more at link above)

The Australian Financial Review

more news below

Saturday, October 26, 2013

Most secure browser is Chrome on Chrome OS

If you care about security, the most secure browser is Chrome on a Chrome OS computer (Chromebook or Chromebox) --

Google defends Chrome browser's security features: "Chrome is the most secure browser and offers you control over how it uses and stores data. Chrome asks for permission before storing sensitive information like credit card details, and you don't have to save anything if you don't want to. Furthermore data stored locally by Chrome will be encrypted, if supported by the underlying operating system. For example, Chrome OS encrypts all data stored locally by default. We recommend people use the security measures built into their operating system of choice." (read more at links above)

more news below

Thursday, October 24, 2013

DNS poisoning, Malaysia

Beware who manages and controls your Domain Name Servers --

Google Malaysia hit by DNS poisoning (Updated) - Tech News | The Star Online: "It is believed that it is not the Google Malaysia search page that has been hacked, but it is the domain name servers that translates the name "google.com.my" into actual web address that has been compromised. In this "DNS poisoning" attack, anyone trying to visit the Google Malaysia website will instead be redirected to the hacker's page." (read more at link above)

more news below

Tuesday, October 22, 2013

Android, Myths, Malware, Mobile Security

Like most irrational tirades against Google these days (and governmental investigations), there's more myth than truth involved when it comes to Android and "security" --

Google's perspective on the real-world threat posed by Android malware -- and by extension, the effectiveness to date of its choice of app review and distribution model -- has been echoed in other quarters. A study released Monday by researchers at the Georgia Institute of Technology and security firm Damballa, "The Core of the Matter: Analyzing Malicious Traffic in Cellular Carriers," found that mobile malware "appears in a minuscule number of devices" in the two networks they studied. (source infra)

Google: Don't Fear Android Malware - Security - Mobile Security -: "Ludwig continued by likening Android's security model to how the Centers for Disease Control and Prevention (CDC) tackles real-world infections. "The CDC knows that it's not realistic to try to eradicate all disease. Rather, it monitors disease with scientific rigor, providing preventative guidance and effective responses to harmful outbreaks," he said." (read more at links above)

more news below

Saturday, October 19, 2013

Security, NSA, Stasi, China, Employment

Future make-work jobs coming from our Big Brother NSA? --

The Future For Middle Class Jobs? China Employs 2 Million To Browse The Web -SVW: "Security is a growing market and there's lots of jobs to be done that still can't be done well by software. It's not the best paid job in the world but it's a steady job with wonderful growth prospects. There are estimates that one-third of East Germany's population worked for the Stasi security organization either as informers or agents. In my dystopian fantasies it's easy to see a future in which most people work in security, scanning and patting each other down, at every doorway. . . ."

more news below

Thursday, October 17, 2013

DNS spoofing, DNS-Based Hacker Attack

DNS-Based Attack Brings Down New Victim: WhatsApp – ReadWrite: "The WhatsApp home page has since been returned to normal, but during the attack, it was noted that the Domain Name Service records for the WhatsApp site had been changed. This would suggest that the attackers had not actually cracked into WhatsApp, but had instead used DNS spoofing to hijack the web site's address.DNS spoofing is an increasingly popular way for malicious hackers to effectively obtain access to a web site. The attack is remarkably simple, and was instrumental in this summer's hacks of the Twitter and New York Times home pages. While it is not known if this was indeed how WhatsApp was attacked this morning, details from the August 29 attack on the New York Times web site would support the theory. . . ."

more news below

Tuesday, October 15, 2013

Hosting Provider DNS hijacking

Hosting provider LeaseWeb falls victim to DNS hijacking | PCWorld: " . . . LeaseWeb is still investigating how attackers managed to change the DNS records for its domain name, but it appears that they gained access to the domain administrator password at the domain registrar from which LeaseWeb bought its domain. Spear phishing might have been a part of the attack, but at this point the investigation is ongoing so there’s no definitive answer, Alex de Joode, senior legal counsel of LeaseWeb, said (last) Monday via email. . . ." (read more at link above)

more news below

Saturday, October 12, 2013

US Intelligence, Tor, Anonymity

U.S. Intelligence Defends Attempts to Break Tor Anonymity Network - Arik Hesseldahl - News - AllThingsD: " . . . .It was all legal and appropriate, Clapper argues, because, “Within our lawful mission to collect foreign intelligence to protect the United States, we use every intelligence tool available to understand the intent of our foreign adversaries so that we can disrupt their plans and prevent them from bringing harm to innocent Americans. … Our adversaries have the ability to hide their messages and discussions among those of innocent people around the world. They use the very same social networking sites, encryption tools and other security features that protect our daily online activities.” The ironic part is that Tor was invented at the U.S. Naval Academy as a project meant to help activists overseas evade surveillance by officials of repressive regimes. A good amount of its funding has come from the NSA’s parent agency, the U.S. Department of Defense."

more news below

Thursday, October 10, 2013

FBI shuts alleged online drug marketplace Silk Road

FBI shuts alleged online drug marketplace Silk Road - Orlando Sentinel: "In a corresponding civil asset forfeiture action, prosecutors claimed Silk Road and Ulbricht were liable to the government for the value of all transactions involving drug tracking and computer hacking, as well as for money laundering penalties, and a final amount would be determined at trial." (read more at link above)

more news below

Tuesday, October 8, 2013

NSA "undermined the fundamental trust in the internet"

How a Crypto 'Backdoor' Pitted the Tech World Against the NSA | Threat Level | Wired.com" . . . Even without more explicit confirmation that the weaknesses in the algorithm and standard constitute a backdoor, Kocher and Schneier believe they do. “It is extraordinarily bad cryptography,” says Kocher. “If you look at the NSA’s role in creating standards [over the years] and its general cryptographic sophistication, none of it makes sense if there isn’t a backdoor in this.” Schneier agrees and says the NSA has done too many other things for him to think, when he sees government-mandated crypto that’s weak, that it’s just by accident. “If we were living in a kinder world, that would be a plausible explanation,” he says. “But we’re living in a very malicious world, it turns out.” He adds that the uncertainty around the algorithm and standard is the worst part of the whole matter. “This is the worst problem that the NSA has done,” Schneier says. “They have so undermined the fundamental trust in the internet, that we don’t know what to trust. We have to suspect everything. We’re never sure. That’s the greatest damage.”. . ."

more news below

Saturday, October 5, 2013

Closing Back Doors, NSA, Security

The National Security Agency undermines confidence in communication by weakening encryption (source infra)

Close the N.S.A.'s Back Doors - NYTimes.com: "The back doors also strip away the expectations of privacy that individuals, businesses and governments have in ordinary communications. If back doors are built into systems by the N.S.A., who is to say that other countries’ spy agencies — or hackers, pirates and terrorists — won’t discover and exploit them? The government can get a warrant and break into the communications or data of any individual or company suspected of breaking the law. But crippling everyone’s ability to use encryption is going too far, just as the N.S.A. has exceeded its boundaries in collecting everyone’s phone records rather than limiting its focus to actual suspects." (read more at link above)

more news below

Thursday, October 3, 2013

China, Top Secret Military Site, Visible on Google

China’s Latest Top Secret Military Site Is Visible on Google | TIME.com: "Imagine, then, what his response might have been to the latest upheaval in intelligence gathering, whereby high-definition pictures of secret military installation turn up online, on obscure corners of the web, for anyone to see. “The grainy photos that they were getting from those spy satellites were nothing compared to what you can get from Google Earth,” says Peter Singer, director of the Center for 21st Century Security and Intelligence at the Brookings Institution. Singer and his co-researcher, Jeffrey Lin, recently wrote an analysis of China’s latest covert project, its first home-made aircraft carrier, based on nothing but photos pulled from blogs. With a little Googling, anyone can find them." (read more at link above)

more news below

Tuesday, October 1, 2013

NIST Says Drop Its Own Encryption Standard

Government Standards Agency “Strongly” Suggests Dropping its Own Encryption Standard - ProPublica: " in a little-noticed footnote, NIST went a step further, saying it is “strongly” recommending against even using one of the standards. The institute sets standards for everything from the time to weights to computer security that are used by the government and widely adopted by industry."

more news below

Saturday, September 28, 2013

Hackers attempt to rob bank with £10 device

Santander 'hackers' attempt to rob bank with £10 device - Telegraph: " . . . “It sounds like an inside job, and I guess the attraction of using a KVM (keyboard video mouse) is it makes it a lot less obvious what’s going on,” said Ferguson. “If the computer in question is in the data centre – or a server room even – it’s not the kind of place where you’d see people standing around tapping away on keyboards. So installing the KVM means you can go back to your desk and look like you’re just going about your normal business.” The only way to prevent this kind of attack is to step up the amount of physical security in the building. However, if the person in question is authorised to access the data centre and install KVMs, then there is very little the organisation can do. . . ." (read more at link above)

more news below

Thursday, September 26, 2013

Fingerprints and other biometric authentication tokens

Why fingerprints make lousy authentication tokens - Boing Boing: "This is the paradox of biometric authentication. The biometric characteristics of your retinas, fingerprints, hand geometry, gait, and DNA are actually pretty easy to come by without your knowledge or consent. Unless you never venture into public without a clean-room bunny-suit, mirrorshades, and sharp gravel in your shoes, you're not going to be able to stop dedicate strangers from capturing these measurements. And as with Schauble's fingerprints, you can't revoke your DNA and replace it with new DNA once a ripoff artist has used it to clean out your bank-account or break into your workplace."

more news below

Tuesday, September 24, 2013

NSA sabotage foil

How to foil NSA sabotage: use a dead man's switch | Technology | theguardian.com: " . .  .It doesn't really matter if you trust the "good" spies of America and the UK not to abuse their powers (though even the NSA now admits to routine abuse, you should still be wary of deliberately weakened security. It is laughable to suppose that the back doors that the NSA has secretly inserted into common technologies will only be exploited by the NSA. There are plenty of crooks, foreign powers, and creeps who devote themselves to picking away patiently at the systems that make up the world and guard its wealth and security (that is, your wealth and security) and whatever sneaky tools the NSA has stashed for itself in your operating system, hardware, applications and services, they will surely find and exploit. . . . "

more news below

Saturday, September 21, 2013

NSA Spooks, Internet crypto, Backdoors

Spooks break most Internet crypto, but how? | Ars Technica: "...The short answer is almost certainly by compromising the software or hardware that implements the encryption or by attacking or influencing the people who hold the shared secrets that form one of the linchpins of any secure cryptographic system. The NYT alludes to these techniques as a combination of "supercomputers, technical trickery, court orders, and behind-the-scenes persuasion." The paper went on to refer to technologies that had been equipped with backdoors or had been deliberately weakened. Snowden put it slightly differently when he said: "Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around" encryption. Exploiting the implementations or the people behind these systems can take many forms. What follows are some of the more plausible scenarios...."

more news below

Thursday, September 19, 2013

NSA Spying fallout, India Bans Use of Google

NSA Spying: Indian Gov't Bans Employee use of Google as European Parliament Weighs Law Fining Firms that Cooperate | Informed Comment: "The rest of the world is much more appalled at the spying of the National Security Agency on telephone, email, web browsers and other personal information than is the US public. As new revelations come out almost daily about the cavalier way in which the NSA has spied on the world’s presidents, parliaments and ordinary citizens it is natural that the rest of the world should begin responding to what they see as a dire threat to government and personal privacy."

more news below

Tuesday, September 17, 2013

NSA sabotage, electronic locks

Latest Snowden revelation: NSA sabotaged electronic locks - latimes.com: "In short, the implication of the mass of documents leaked thus far is that the NSA is not just monitoring seemingly every utterance on the planet, it is planting weaknesses in the security technology that protects legitimate online communications for the sake of decrypting illegitimate ones."

more news below

Saturday, September 14, 2013

Melbourne IT, overseas reseller, NY Times domain name breach

Melbourne IT blames overseas reseller for New York Times domain name breach - new york times, spear phishing, twitter, Melbourne IT, Syrian Electronic Army - ARN: "Melbourne IT has revealed one of its overseas resellers was a victim of a “spear phishing” attack which allowed the Syrian Electronic Army to hijack the New York Times (NYT) and some Twitter websites. A Melbourne spokesperson said staff of an overseas-based reseller “unwittingly” responded to a spear phishing attack which allowed attackers to access sensitive information, including usernames and passwords. This was used to access the reseller's account on Melbourne IT systems. “This resulted in unauthorized changes to the DNS records of two domain names associated with providing news related to the Syrian conflict,” he said."

more news below

Thursday, September 12, 2013

Email, Tracking, Privacy

The NSA Isn’t the Only One Tracking You | McManis Faulkner - JDSupra: "ReadNotify is a paid service. There are similar services, like SpyPig and WhoReadMe, offered at no cost. Once you sign up, you create an email that is sent to the service’s server and then sent to your recipient. The emails appear to the recipient as if they are coming directly from you, but they are actually processed through ReadNotify, Spypig, WhoReadMe, etc. The service provides the sender a report that lets the sender know the date and time the recipient opened the email. In addition, the service can also report if the recipient forwarded the email and the approximate location where the email was opened. " (read more at link above)

more news below

Tuesday, September 10, 2013

US Army Computer Security Flaws

Exclusive: How An Army Computer Security Flaw Got Swept Under The Rug: "...Big private tech companies like Google, Facebook, and Microsoft routinely seek out and sometimes pay people like Mark who expose security flaws. Some have set up bounty systems giving any member of the public who finds and reports a bug up to $20,000. The military has no such system. If reporting to a superior goes nowhere, then in reality, there is little recourse for soldiers who discover computer security problems. They could report a bug to the Department of Defense Inspector General, which handles complaints about fraud, waste, and abuse. But that’s not an obvious avenue for computer issues. Moreover, if their superiors found out, they could face retaliation...." (more at link above)

more news below

Saturday, September 7, 2013

Researchers reverse-engineer Dropbox client

Researchers reverse-engineer the Dropbox client: What it means - TechRepublic: "In their paper Looking inside the (Drop) box, Dhiru and Przemyslaw get right to the point: "We describe a method to bypass Dropbox’s two-factor authentication and hijack Dropbox accounts. Additionally, generic techniques to intercept SSL data using code injection techniques and monkey patching are presented."" (read more at link above)

more news below

Thursday, September 5, 2013

Amazon, GAO, IBM, $600 million CIA contract

A redacted version of a lawsuit Amazon filed against the federal government became public, offering a look at the company’s effort to block rebidding of its lucrative CIA deal.

Amazon blasts GAO and IBM over $600 million CIA contract | Business & Technology | The Seattle Times: ". . . So when AWS won the contract to build the Web-based infrastructure for the CIA in January, IBM, a losing bidder, protested. IBM took its case to the GAO, which can review contract-bidding processes at government agencies. The GAO agreed, in part, with IBM in June. The GAO found that Amazon’s bid was technically superior, even though IBM’s bid to build the technology was significantly lower. But the GAO also agreed with IBM that the CIA did not properly evaluate IBM’s bid in a few narrow, technical matters. The CIA decided to follow the GAO’s recommendations. “In response to the GAO decision, the CIA has taken corrective action and remains focused on awarding a cloud contract for the intelligence community,” said agency spokesman Christopher White. That determination triggered Amazon’s suit against the United States last month, a suit that was sealed until Tuesday. Amazon’s central argument is that IBM’s complaints regarding the Agency’s evaluation of its pricing on one piece of the contract were untimely. And Amazon argues that IBM doesn’t have the capability to deliver the type of Web-based computing that the CIA seeks. So even if IBM’s arguments had merit, they wouldn’t affect the outcome of the contract. For its part, IBM said, Amazon had its chance to defend its bid before the GAO and lost. . . ." (read more at link above)

more news below

Tuesday, September 3, 2013

White House Taps McAfee CTO for Cybersecurity Post

White House Taps McAfee CTO for Cybersecurity Post - Digits - WSJ: "Phyllis Schneck, a vice president and chief technology officer for the public sector at McAfee, a unit of Intel, will start in early September as the deputy undersecretary for cybersecurity, a DHS official said. Homeland Security takes a leading role in protecting U.S. networks from foreign and domestic hackers. She steps into a position that has had an active revolving door lately. Her predecessor, cybersecurity veteran Mark Weatherford, stayed in the job for less than 18 months and left in April. His interim replacement, Bruce McConnell, announced his departure in July."

more news below

Saturday, August 31, 2013

German Government Warning Not To Use Windows 8

LEAKED: German Government Warns Key Entities Not To Use Windows 8 – Links The NSA | InvestmentWatch: "The backdoor is called “Trusted Computing,” developed and promoted by the Trusted Computing Group, founded a decade ago by the all-American tech companies AMD, Cisco, Hewlett-Packard, IBM, Intel, Microsoft, and Wave Systems. Its core element is a chip, the Trusted Platform Module (TPM), and an operating system designed for it, such as Windows 8. Trusted Computing Group has developed the specifications of how the chip and operating systems work together."

more news below

Thursday, August 29, 2013

Open Sourcers, Secure Email

Open Sourcers Pitch Secure Email in Dark Age of PRISM | Wired Enterprise | Wired.com: "...“E-mail is going to be with us for a long time,” says Bjarni RĂșnar Einarsson, a software developer and member of the Icelandic Pirate Party. “We need to do what we can to make it more secure.” Einarsson is doing his part with Mailpile, an open source web-based e-mail client that you can run on your own computer or in the cloud. With this creation, he hopes to make it easier for every day users to encrypt their mail — without giving up the sort of search tools they get from a service like Google’s Gmail. The team has already raised over $100,000 dollars on the crowdfunding site Indie GoGo to fund its future development...."


more news below

Saturday, August 24, 2013

BIND Vulnerablilty, DNS Cache Poisoning Attack

BIND Vulnerablilty Enables DNS Cache Poisoning Attack | Threatpost: "A vulnerability in the BIND domain name system (DNS) software could give an attacker the ability to easily and reliably control queried name servers chosen by the most widely deployed DNS software on the Internet, according to new research presented at the Woot Conference in Washington D.C. today. The Internet Systems Consortium has acknowledged the vulnerability."

more news below

Tuesday, August 20, 2013

Secure email service? Not if NSA has its way

Silent Circle sees 'writing on the wall,' shuts down secure email service | The Verge: "Phil Zimmerman’s encrypted communications company Silent Circle is shuttering its Silent Mail email service after another secure email service used by NSA leaker Edward Snowden, called Lavabit, closed down earlier today. Silent Circle wrote that it saw "the writing on the wall" after Lavabit owner Ladar Levison explained he was being forced to "become complicit in crimes against the American people or walk away." Silent Circle’s other services, Silent Phone and Silent Text, are completely end-to-end encrypted; only the users hold the keys needed to decrypt the messages, so even if the company were compelled to produce evidence in court, it wouldn’t have access to its customers’ communications in a usable form. But the protocols used for email — SMTP, POP3, and IMAP — can’t be secured, facing the team with a dilemma: continue providing Silent Mail, which offers similar privacy protections as other secure email services, or ditch the service altogether."

more news below

Saturday, August 17, 2013

NSA secrets kill Trust

Opinion: NSA secrets kill our trust - CNN.com: "Both government agencies and corporations have cloaked themselves in so much secrecy that it's impossible to verify anything they say; revelation after revelation demonstrates that they've been lying to us regularly and tell the truth only when there's no alternative."

more news below

Thursday, August 15, 2013

Anyone could be a NSA Target

Weak or non-existent Congressional oversight, secret "rubber stamp" courts, inept Presidential leadership, all  lead to one conclusion -- an out-of-control electronic spy agency could make anyone a "target"--

What It Means to Be An NSA "Target": New Information Shows Why We Need Immediate FISA Amendments Act Reform | Electronic Frontier Foundation: "An important New York Times investigation from today reporting that the NSA "is searching the contents of vast amounts of Americans’ e-mail and text communications into and out of the country," coupled with leaked documents published by the Guardian, seriously calls into question the accuracy of crucial statements made by government officials about NSA surveillance."

more news below

Tuesday, August 13, 2013

Oil and Gas Cyber Security

SMi's 3rd annual Oil and Gas Cyber Security conference, taking place on 25-26 November in London, will feature an array of global project updates from oil and gas companies including Petroleum Development Oman, Shell and GDF Suez, among others.

IT Business Net
Cyber criminals are increasingly sophisticated, highly organised and constantly inventing ways to bypass traditional defences such as anti-virus and firewalls.
Broadway World
EAST BRUNSWICK, NJ and OAKBROOK TERRACE, IL(Marketwired - Aug 5, 2013) - Tetrus Corporation, a leading provider of information sharing, collaboration ...
FutureGov Magazine
The two agencies aim at the joint development of a strategic plan for national cyber security (2013-2017). The Minister for ICT, Anudith Nakornthap, said, “Cyber ...

Is cyber insurance AAA for data or another back door? - BetaNews
Robert X. Cringely
Data theft is being viewed as a military problem and the term cyber warfare is ... 

more news below

Saturday, August 10, 2013

Asia's Cyber Security Battleground

Asia's Cyber Security Battleground
Diplomatic Courier (blog)
The Obama Administration has had a rough time dealing with cyber security ... Dr. Schneck's opening remarks included details form the recent cyber-attack on ...
Drives & Controls
Rockwell Automation has announced an initiative to help manufacturers to cut risks to their control systems from cyber-security threats. The initiative aims to help ...
TechWeekEurope UK
At a time of successful and continued growth, Thales Cyber Security are recruiting for talented, passionate IT, Network and Security Architects to join their ...

more news below

Thursday, August 8, 2013

Latest cyber security technologies

Latest cyber security technologies to be demonstrated to industry ...Military & Aerospace Electronics
Cyber warfare experts at the U.S. Department of Homeland Security (DHS) in Washington are going to Silicon Valley to demonstrate recently developed cyber ...

Military & Aerospace Electronics

more news below

Tuesday, August 6, 2013

Tango Hacked -- Is Your Site Next?

WordPress is a very popular platform for blog-style websites, and as such it's a prime target for attack. If your site relies on WordPress, you absolutely must keep the platform up to date, as many of the updates patch serious security vulnerabilities. (source infra)

Syrian Electronic Army Hacked Tango Chat App; Is Your Site Next?: " . . . The biggest entry point for hackers, and the hardest to secure, is attack by social engineering. For example, one employee of The Onion was fooled by a phishing message into entering Google Apps credentials on a bogus site. Those credentials gave hackers access to all of The Onion's social media accounts. They also used the hacked account to broadcast a second phishing attack to more of the staff. You need a multi-layered defense against this kind of attack. Create and enforce a policy that all employees must use strong passwords. Educate them on how to spot fraudulent email messages, and what to do with links in emails (don't click them!). Limit your potential losses by giving each employee access to only those accounts and resources needed for the job. And be prepared for the eventuality that despite all your precautions, some schmo will fall for a phishing message and thereby compromise your site. . . ."

more news below

Saturday, August 3, 2013

Google Engineer Wins NSA Award but Says NSA Should Be Abolished

"I don’t want to live in a country with an organization like the NSA is right now."

Tikkun Daily Blog » Blog Archive » Google Engineer Wins NSA Award, Then Says NSA Should Be “Abolished”: "In an interview with Andy Cush at Animal, Bonneau went even farther in his critiques of the NSA: I’d rather have it abolished than persist in its current form. I think there’s a question about whether it’s possible to reform the NSA into something that’s more reasonable…But my feeling based on what I’ve read is that I don’t want to live in a country with an organization like the NSA is right now. When Bonneau learned that he has won the award from the NSA, he considered turning it down. However, he ultimately decided upon accepting as a way to potentially bridge academic gaps with the NSA, as a means of opening up at least one avenue into the organization that has been mostly closed."

more news below

Thursday, August 1, 2013

US Marshals Lose Track of Encrypted Radios Worth Millions

The biggest security risks ALWAYS come from inside--

Marshals Lose Track of Encrypted Radios Worth Millions - WSJ.com: "The U.S. Marshals Service has lost track of at least 2,000 encrypted two-way radios and other communication devices valued at millions of dollars, according to internal agency documents, creating what some within the agency view as a security risk for federal judges, endangered witnesses and others. The problem, which stretches back years, was laid out in detail to agency officials at least as early as 2011, when the Marshals were deploying new versions of the radios they use to securely communicate in the field. Agency leaders continued to have difficulty tracking their equipment even after they were warned about the problems by an internal technology office, according to the documents, which were obtained through Freedom of Information Act requests. Some Marshals officials told The Wall Street Journal that besides the wasted money and resources, the inventory problems raise the possibility that criminals could get their hands on radios and listen to them to learn details of security or law-enforcement operations. Such radios are a key communications tool of U.S. Marshals. . . ." (read more at link above)

more news below

Tuesday, July 30, 2013

Sim Card Encryption Flaw, Phones Vulnerable

Encryption Flaw Makes Phones Possible Accomplices in Theft - NYTimes.com" . . . A German mobile security expert says he has found a flaw in the encryption technology used in some SIM cards, the chips in handsets, that could enable cyber criminals to take control of a person’s phone. Karsten Nohl, founder of Security Research Labs in Berlin, said the encryption hole allowed outsiders to obtain a SIM card’s digital key, a 56-digit sequence that opens the chip up to modification. With that key in hand, Mr. Nohl said, he was able to send a virus to the SIM card through a text message, which let him eavesdrop on a caller, make purchases through mobile payment systems and even impersonate the phone’s owner. . . ."

more news below

Saturday, July 27, 2013

Universities Under Cyberattack

Universities Face a Rising Barrage of Cyberattacks - NYTimes.com: " . . . Analysts can track where communications come from — a region, a service provider, sometimes even a user’s specific Internet address. But hackers often route their penetration attempts through multiple computers, even multiple countries, and the targeted organizations rarely go to the effort and expense — often fruitless — of trying to trace the origins. American government officials, security experts and university and corporate officials nonetheless say that China is clearly the leading source of efforts to steal information, but attributing individual attacks to specific people, groups or places is rare. The increased threat of hacking has forced many universities to rethink the basic structure of their computer networks and their open style, though officials say they are resisting the temptation to create a fortress with high digital walls. . . . ." (read more at link above)

more news below

Thursday, July 25, 2013

Salting Passwords For Tighter Security (video)

Break Out The Shaker – Salting Passwords For Tighter Security - The Official Rackspace Blog: " . . . .In this video, I’ll explain the differences between two common password protection methods, encryption and hashing, and I’ll show why they alone are not enough to protect your password database. Hackers have sophisticated ways to crack encryption keys; once they get that key it is like they have a combination to a safe and can loot everything inside. While hashing is a one-way function and offers a level of protection, rainbow tables and pre-computed tables enable hackers the opportunity compromise your application. . . ."

more news below

Tuesday, July 23, 2013

Nations Buying as Hackers Sell Code Exploits

A never-ending market--

Nations Buying as Hackers Sell Flaws in Computer Code - NYTimes.com: "“Governments are starting to say, ‘In order to best protect my country, I need to find vulnerabilities in other countries,’ ” said Howard Schmidt, a former White House cybersecurity coordinator. “The problem is that we all fundamentally become less secure.” A zero-day bug could be as simple as a hacker’s discovering an online account that asks for a password but does not actually require typing one to get in. Bypassing the system by hitting the “Enter” key becomes a zero-day exploit. The average attack persists for almost a year — 312 days — before it is detected, according to Symantec, the maker of antivirus software. Until then it can be exploited or “weaponized” by both criminals and governments to spy on, steal from or attack their target." (read more at link above)

more news below

Saturday, July 20, 2013

Obama and NSA surveillance programs

Probably a pipe dream . . . but dream on . . . .

Obama considers ending NSA surveillance programs, Democratic senator says — RT USA: "The long-time member of the Senate Intelligence Committee said Thursday that privacy and civil liberties advocates could be on the verge of “making a comeback” due to the blowback caused by recent leaked national security documents. Speaking to the New York Times this week on the effect leaked documents attributed to former National Security Agency contractor Edward Snowden have had on the United States, Sen. Wyden said he imagines the White House is willing to reconsider the current surveillance policies in place that have sparked widespread protest and criticism in recent weeks."

more news below

Thursday, July 18, 2013

US government access to global cable networks for surveillance

Agreements with private companies protect U.S. access to cables’ data for surveillance - The Washington Post: ". . . .Negotiating leverage has come from a seemingly mundane government power: the authority of the Federal Communications Commission to approve cable licenses. In deals involving a foreign company, say people familiar with the process, the FCC has held up approval for many months while the squadron of lawyers dubbed Team Telecom developed security agreements that went beyond what’s required by the laws governing electronic eavesdropping. The security agreement for Global Crossing, whose fiber-optic network connected 27 nations and four continents, required the company to have a “Network Operations Center” on U.S. soil that could be visited by government officials with 30 minutes of warning. Surveillance requests, meanwhile, had to be handled by U.S. citizens screened by the government and sworn to secrecy — in many cases prohibiting information from being shared even with the company’s executives and directors. “Our telecommunications companies have no real independence in standing up to the requests of government or in revealing data,” said Susan Crawford, a Yeshiva University law professor and former Obama White House official. “This is yet another example where that’s the case.” The full extent of the National Security Agency’s access to fiber-optic cables remains classified. . . ." (read more at the link above)

more news below

Tuesday, July 16, 2013

South Korea beefs up cyber security

South Korea beefs up cyber security - SpaceDaily
Seoul (AFP) July 04, 2013 - South Korea on Thursday said it would double its cyber-security budget and train 5000 experts amid growing concern over its ...

Wan Junaidi calls for proactive MCMC to counter 'national security' threat ...
The Malaysian Insider
The Malaysian Communications and Multimedia Commission (MCMC) has to develop a mechanism to monitor and address cyber security challenges, said deputy home minister Datuk Dr Wan Junaidi Tuanku . . .\
British defence giant blames Chinese hackers for wave of cyber attacks
This is Money
The revelation shows for the first time the scale of serious cyber attack on Britain's defence industry.On Friday, BAE was among nine UK-based defence firms that joined forces with the Government in the Defence Cyber Protection Partnership to boost ...

more news below

Saturday, July 13, 2013

UK Signs Cyber Security Deal With 9 Defense and Tech firms

UK Government Signs Cyber Security Deal With 9 Defence, Tech firms
The UK government has signed in a deal involving nine of the major defence contractors and telecommunication companies to prevent further cyber security attacks, said a recent post on BBC. The partnership can be broadly viewed as a startup for the ...

Cyber Security JWG for casting the net wide to rope in professionals
The Hindu
With India becoming more vulnerable to cyber attacks, the Joint Working Group on Cyber Securityhas said shortage of professionals in the sector should be tackled in a mission mode, with innovative recruitment and placement procedures. According to ...

Cyber strikes
The News International
The fact remains, though, that in the event of a sustained cyber attack on business, security forces and agencies, the armed forces or the various arms of governance all of which rely heavily on the internet, they would be almost defenceless. There ...

more news below

Thursday, July 11, 2013

Ex-FBI Chief on Risk of Cyber Terror

AP Interview: Ex-FBI Chief on Risk of Cyber Terror
ABC News
United States intelligence officials must do a better job analyzing the mountains of global internet, telephone and financial data they already collect to thwart the cyber terrorists of tomorrow, according to former FBI director Louis Freeh. Speaking ...

Cyber crime fears over internet in Irish prisons
The Irish Sun
But an IT expert told the Irish Sun criminals will be able to break any Firewalls or monitoring put in place. Cyber security expert Paul Dwyer said: “The reality is nothing is 100 per cent secure. They could try to monitor what prisoners are doing, but ...

Talking to China on the cyber threat
Financial Times
Tom Donilon, the former White House national security adviser, has complained that cyber attacks are “emanating from China on an unprecedented scale”. General Keith Alexander, director of the National Security Agency and commander of US Cyber ...

more news below

Tuesday, July 9, 2013

SEC identity theft rule

Stock brokerages, mutual funds and investment advisers will be required to establish programs to help detect identity theft under new rules adopted by U.S. securities regulators--

SEC adopts identity theft rule in first act by new chairman | Fox Business: "The SEC and CFTC first jointly proposed the rules in February 2012. They require firms to create programs to set up red flags to spot potential identity theft, respond to cases of ID theft and periodically update their programs. The joint rules become final after both the SEC and CFTC sign off. The CFTC's rules would apply to such firms as futures brokerages and commodity trading advisers. "These rules are a common sense response to the growing threat of identity theft to all Americans," White said." (read more at link above)

more news below

Cybersecurity - Google News

Malware - Google News

National Security - Google News

"Security Threats" - Google News

Maritime security - Google News

The State of Security

TSA - Google News

Homeland Security - Google News