How to Hack Twitter's Two-Factor Authentication: "We've pointed out some problems with Twitter's new two-factor authentication. For example, since just one phone number can be associated with an account, Twitter's two-factor authentication won't work for organizations like the Associated Press, The Onion, or The Guardian. They were hacked; they could still be hacked again in the same way. However, security experts indicate that the problem is worse than that, a lot worse."
Chinese Hackers Resume Attacks on U.S. Targets - A cyberunit of the People’s Liberation Army in China appears to have resumed its attacks using different techniques, hitting several of the same victims it has gone after in the past.
Chinese Hackers Resume Attacks on U.S. Targets - NYTimes.com: "It is not clear precisely who has been affected by the latest attacks. Mandiant, a private security company that helps companies and government agencies defend themselves from hackers, said the attacks had resumed but would not identify the targets, citing agreements with its clients. But it did say the victims were many of the same ones the unit had attacked before. The hackers were behind scores of thefts of intellectual property and government documents over the past five years, according to a report by Mandiant in February that was confirmed by American officials. They have stolen product blueprints, manufacturing plans, clinical trial results, pricing documents, negotiation strategies and other proprietary information from more than 100 of Mandiant’s clients, predominantly in the United States."
Cybersecurity starts in high school with tomorrow's hires | The News Journal | delawareonline.com: "Internships start as young as 16 at Northrop Grumman Corp., which reserves 20 spots for participants in the Air Force Association’s contest. “We’re the largest provider of cybersecurity solutions to the federal government, so we know that we’ve got to help build that talent pipeline,” said Diane Miller, Northrop’s program director for the CyberPatriot contest, on the sidelines of the March event. “We just have a shortage of people applying” for the 700 positions currently open. Security breaches experienced by institutions ranging from Facebook Inc. to the Federal Reserve are spurring spending on cybersecurity."
Internet rushes to download 3-D gun blueprint - Technology on NBCNews.com: "For as many people who hit up DefCad.com to download "The Liberator," even more came to look. At peak traffic, around 7 p.m. ET, DefCad.com received approximately 35,000 hits per hour, Wilson said. (Normally, a new blueprint attracts 1,300 hits per hour on average.) The Web administrator had to add mirror sites to keep the main site from crashing."
Computer scientists to FBI: don't require all our devices to have backdoors for spies - Boing Boing: "it doesn't matter if you can intercept someone else's phone calls or network traffic if the data you're captured is unbreakably scrambled. In response, the FBI has floated the idea of "CALEA II": a mandate to put wiretapping capabilities in computers, phones, and software. As Felten points out, this is a terrible idea. If your phone is designed to secretly record you or stream video, location data, and messages to an adverse party, and to stop you from discovering that it's doing this, it puts you at huge risk when that facility is hijacked by criminals. It doesn't matter if you trust the government not to abuse this power (though, for the record, I don't -- especially since anything mandated by the US government would also be present in devices used in China, Belarus and Iran) -- deliberately weakening device security makes you vulnerable to everyone, including the worst criminals:"
Officials said the aim in a new wave of attacks was not espionage but sabotage, and that the source seemed to be in the Middle East. (source infra)
Cyberattacks on Rise Against U.S. Corporations - NYTimes.com: "A new wave of cyberattacks is striking American corporations, prompting warnings from federal officials, including a vague one issued last week by the Department of Homeland Security. This time, officials say, the attackers’ aim is not espionage but sabotage, and the source seems to be somewhere in the Middle East. The targets have primarily been energy companies, and the attacks appeared to be probes, looking for ways to seize control of their processing systems. The attacks are continuing, officials said. . . ." (read more at link above)
US government is now the biggest buyer of malware, Reuters reports | The Verge: " . . . The US government won't say anything about the scope or details of its cyber warfare efforts, but vendors and former defense contractors say the US has become a top buyer in the burgeoning malware market. Former officials worry that this shift in priorities is luring skilled hackers and researchers away from defense and toward the more lucrative business of building weaponized malware for government use. "There has been a traditional calculus between protecting your offensive capability and strengthening your defense," said former NSA director Michael Hayden. "It might be time now to readdress that at an important policy level, given how much we are suffering."" (read more at link above)
FBI's Latest Proposal for a Wiretap-Ready Internet Should Be Trashed | Wired Opinion | Wired.com: "The FBI’s misguided proposal would impose costly burdens on thousands of companies (and threaten to entirely kill those whose business model centers on providing highly secure encrypted communications), while making cloud solutions less attractive to businesses and users. It would aid totalitarian governments eager to spy on their citizens while distorting business decisions about software design. Perhaps worst of all, it would treat millions of law-abiding users with legitimate security needs as presumed criminals — while doing little to hamper actual criminals."
Google's Eric Schmidt zeroes in on new digital age | Internet & Media - CNET News: ". . . .But even more troublesome is the scenario he paints for nations: a future where virtual armies become as important as real ones, to cope with a new era of permanent cyberwarfare which, he says, the Chinese are already waging. "There's evidence that China is busy stealing the intellectual property of American firms to help compete with them," Schmidt said. "And there's also evidence that they're stealing into government, our newspapers and so forth, for various human rights violations."
"Is there anything that can be done about this?" asked Braver.
"It's always going to happen. And the best thing to do is to strengthen your defenses," Schmidt said. "I worry about the U.S. government because it's so large, and many of its computers are 'down rev' -- not up to date.". . ." (read more at link above)
Overview of Electronic Mail Protection Systems | MIT Technology Review: " . . . All systems protect messages from interception by means of encryption, and some systems also provide protection from unauthorized distribution. As a rule, the greater the degree of protection from unauthorized distribution, the fewer types of mobile devices are supported. The reason is that this type of protection relies on client applications that are difficult to create for a large number of different mobile platforms. . . ." (read more at link above)
So-called "cybersecurity expert" QinetiQ was hacked repeatedly!--
China Cyberspies Outwit U.S. Stealing Military Secrets - Bloomberg: "QinetiQ’s espionage expertise didn’t keep Chinese cyber- spies from outwitting the company. In a three-year operation, hackers linked to China’s military infiltrated QinetiQ’s computers and compromised most if not all of the company’s research. At one point, they logged into the company’s network by taking advantage of a security flaw identified months earlier and never fixed." (read more at link above)
AT&T getting secret immunity from wiretapping laws for government surveillance | The Verge: "Internal government documents obtained by the Electronic Privacy Information Centerhave revealed that the US Department of Justice is secretly helping AT&T and other service providers evade wiretapping laws so that the US government can conduct surveillance on parts of their networks. The legal immunity comes from authorizations granted by the Justice Department through special "2511" letters that absolve carriers in the event that the surveillance is found to run afoul of federal law. The authorization program began as a narrow cybersecurity effort to monitor government defense contractors, but has been expanded to cover critical infrastructure like energy, finance, and health care, CNET reports. Normally, the Wiretap Act prohibits such eavesdropping, unless it's necessary to the functioning of the service or unless the user gives his or her consent to be monitored. EPIC's executive director Mark Rotenberg says "Alarm bells should be going off." . . ."
Bomb Suspect Was Put on Two Watch Lists - WSJ.com: "U.S. authorities put alleged Boston bomber Tamerlan Tsarnaev on two separate watch lists in 2011 after Russian security agencies twice reached out to their American counterparts, raising new questions about missed opportunities to prevent the attack."