Friday, May 31, 2013

Twitter Two-Factor Authentication Hackable

How to Hack Twitter's Two-Factor Authentication: "We've pointed out some problems with Twitter's new two-factor authentication. For example, since just one phone number can be associated with an account, Twitter's two-factor authentication won't work for organizations like the Associated Press, The Onion, or The Guardian. They were hacked; they could still be hacked again in the same way. However, security experts indicate that the problem is worse than that, a lot worse."

more news below

Thursday, May 30, 2013

App scans Android phones for privacy leaks

New 'Clueful' app scans Android phones for privacy leaks - NBC "Anti-virus firm Bitdefender Tuesday launched Clueful, a free Android app that tells you how much other Android apps invade your privacy."

more news below

Wednesday, May 29, 2013

Chinese Hackers Resume Attacks on US Targets

Chinese Hackers Resume Attacks on U.S. Targets - A cyberunit of the People’s Liberation Army in China appears to have resumed its attacks using different techniques, hitting several of the same victims it has gone after in the past.

Chinese Hackers Resume Attacks on U.S. Targets - "It is not clear precisely who has been affected by the latest attacks. Mandiant, a private security company that helps companies and government agencies defend themselves from hackers, said the attacks had resumed but would not identify the targets, citing agreements with its clients. But it did say the victims were many of the same ones the unit had attacked before. The hackers were behind scores of thefts of intellectual property and government documents over the past five years, according to a report by Mandiant in February that was confirmed by American officials. They have stolen product blueprints, manufacturing plans, clinical trial results, pricing documents, negotiation strategies and other proprietary information from more than 100 of Mandiant’s clients, predominantly in the United States."

more news below

Tuesday, May 28, 2013

Cyber attacks hit more businesses

Cyber attacks hit more businesses | National News Headlines, Latest UK News & International News Updates: "The number of cyber attacks hitting businesses has soared in the past year, Government-commissioned research has revealed. The survey showed 87% of small firms - up 10% - experienced a security breach last year and 93% of large organisations had also been targeted."

more news below

Saturday, May 25, 2013

Cybersecurity starts in high school

Cybersecurity starts in high school with tomorrow's hires | The News Journal |"Internships start as young as 16 at Northrop Grumman Corp., which reserves 20 spots for participants in the Air Force Association’s contest. “We’re the largest provider of cybersecurity solutions to the federal government, so we know that we’ve got to help build that talent pipeline,” said Diane Miller, Northrop’s program director for the CyberPatriot contest, on the sidelines of the March event. “We just have a shortage of people applying” for the 700 positions currently open. Security breaches experienced by institutions ranging from Facebook Inc. to the Federal Reserve are spurring spending on cybersecurity."

more news below

Thursday, May 23, 2013

Rush to download 3-D gun blueprint

Internet rushes to download 3-D gun blueprint - Technology on "For as many people who hit up to download "The Liberator," even more came to look. At peak traffic, around 7 p.m. ET, received approximately 35,000 hits per hour, Wilson said. (Normally, a new blueprint attracts 1,300 hits per hour on average.) The Web administrator had to add mirror sites to keep the main site from crashing."

more news below

Tuesday, May 21, 2013

FBI's idea for device backdoors a really bad idea

Computer scientists to FBI: don't require all our devices to have backdoors for spies - Boing Boing: "it doesn't matter if you can intercept someone else's phone calls or network traffic if the data you're captured is unbreakably scrambled. In response, the FBI has floated the idea of "CALEA II": a mandate to put wiretapping capabilities in computers, phones, and software. As Felten points out, this is a terrible idea. If your phone is designed to secretly record you or stream video, location data, and messages to an adverse party, and to stop you from discovering that it's doing this, it puts you at huge risk when that facility is hijacked by criminals. It doesn't matter if you trust the government not to abuse this power (though, for the record, I don't -- especially since anything mandated by the US government would also be present in devices used in China, Belarus and Iran) -- deliberately weakening device security makes you vulnerable to everyone, including the worst criminals:"

more news below

Saturday, May 18, 2013

Cyberattacks Against US Corporations Rise

Officials said the aim in a new wave of attacks was not espionage but sabotage, and that the source seemed to be in the Middle East. (source infra)

Cyberattacks on Rise Against U.S. Corporations - "A new wave of cyberattacks is striking American corporations, prompting warnings from federal officials, including a vague one issued last week by the Department of Homeland Security. This time, officials say, the attackers’ aim is not espionage but sabotage, and the source seems to be somewhere in the Middle East. The targets have primarily been energy companies, and the attacks appeared to be probes, looking for ways to seize control of their processing systems. The attacks are continuing, officials said. . . ." (read more at link above)

more news below

Thursday, May 16, 2013

US government now the biggest buyer of malware

US government is now the biggest buyer of malware, Reuters reports | The Verge: " . . . The US government won't say anything about the scope or details of its cyber warfare efforts, but vendors and former defense contractors say the US has become a top buyer in the burgeoning malware market. Former officials worry that this shift in priorities is luring skilled hackers and researchers away from defense and toward the more lucrative business of building weaponized malware for government use. "There has been a traditional calculus between protecting your offensive capability and strengthening your defense," said former NSA director Michael Hayden. "It might be time now to readdress that at an important policy level, given how much we are suffering."" (read more at link above)

more news below

Tuesday, May 14, 2013

FBI Proposal for Wiretap-Ready Internet - "misguided"

FBI's Latest Proposal for a Wiretap-Ready Internet Should Be Trashed | Wired Opinion | "The FBI’s misguided proposal would impose costly burdens on thousands of companies (and threaten to entirely kill those whose business model centers on providing highly secure encrypted communications), while making cloud solutions less attractive to businesses and users. It would aid totalitarian governments eager to spy on their citizens while distorting business decisions about software design. Perhaps worst of all, it would treat millions of law-abiding users with legitimate security needs as presumed criminals — while doing little to hamper actual criminals."

more news below

Saturday, May 11, 2013

Google Chairman Eric Schmidt on cyberwarfare

Google's Eric Schmidt zeroes in on new digital age | Internet & Media - CNET News: ". . . .But even more troublesome is the scenario he paints for nations: a future where virtual armies become as important as real ones, to cope with a new era of permanent cyberwarfare which, he says, the Chinese are already waging. "There's evidence that China is busy stealing the intellectual property of American firms to help compete with them," Schmidt said. "And there's also evidence that they're stealing into government, our newspapers and so forth, for various human rights violations."

"Is there anything that can be done about this?" asked Braver.

"It's always going to happen. And the best thing to do is to strengthen your defenses," Schmidt said. "I worry about the U.S. government because it's so large, and many of its computers are 'down rev' -- not up to date.". . ." (read more at link above)

more news below

Thursday, May 9, 2013

Electronic Mail Protection Systems

Email protection--

Overview of Electronic Mail Protection Systems | MIT Technology Review: " . . . All systems protect messages from interception by means of encryption, and some systems also provide protection from unauthorized distribution. As a rule, the greater the degree of protection from unauthorized distribution, the fewer types of mobile devices are supported. The reason is that this type of protection relies on client applications that are difficult to create for a large number of different mobile platforms. . . ." (read more at link above)

more news below

Tuesday, May 7, 2013

China Cyberspies Stealing US Military Secrets

So-called "cybersecurity expert" QinetiQ was hacked repeatedly!--

China Cyberspies Outwit U.S. Stealing Military Secrets - Bloomberg: "QinetiQ’s espionage expertise didn’t keep Chinese cyber- spies from outwitting the company. In a three-year operation, hackers linked to China’s military infiltrated QinetiQ’s computers and compromised most if not all of the company’s research. At one point, they logged into the company’s network by taking advantage of a security flaw identified months earlier and never fixed." (read more at link above)

more news below

Saturday, May 4, 2013

AT&T getting secret immunity from wiretapping laws

AT&T getting secret immunity from wiretapping laws for government surveillance | The Verge: "Internal government documents obtained by the Electronic Privacy Information Centerhave revealed that the US Department of Justice is secretly helping AT&T and other service providers evade wiretapping laws so that the US government can conduct surveillance on parts of their networks. The legal immunity comes from authorizations granted by the Justice Department through special "2511" letters that absolve carriers in the event that the surveillance is found to run afoul of federal law. The authorization program began as a narrow cybersecurity effort to monitor government defense contractors, but has been expanded to cover critical infrastructure like energy, finance, and health care, CNET reports. Normally, the Wiretap Act prohibits such eavesdropping, unless it's necessary to the functioning of the service or unless the user gives his or her consent to be monitored. EPIC's executive director Mark Rotenberg says "Alarm bells should be going off." . . ."

more news below

Thursday, May 2, 2013

Bomb Suspect Was Put on Two Watch Lists

Bomb Suspect Was Put on Two Watch Lists - "U.S. authorities put alleged Boston bomber Tamerlan Tsarnaev on two separate watch lists in 2011 after Russian security agencies twice reached out to their American counterparts, raising new questions about missed opportunities to prevent the attack."

more news below

Cybersecurity - Google News

Malware - Google News

National Security - Google News

"Security Threats" - Google News

Maritime security - Google News

The State of Security

TSA - Google News

Homeland Security - Google News