Encryption Flaw Makes Phones Possible Accomplices in Theft - NYTimes.com: " . . . A German mobile security expert says he has found a flaw in the encryption technology used in some SIM cards, the chips in handsets, that could enable cyber criminals to take control of a person’s phone. Karsten Nohl, founder of Security Research Labs in Berlin, said the encryption hole allowed outsiders to obtain a SIM card’s digital key, a 56-digit sequence that opens the chip up to modification. With that key in hand, Mr. Nohl said, he was able to send a virus to the SIM card through a text message, which let him eavesdrop on a caller, make purchases through mobile payment systems and even impersonate the phone’s owner. . . ."
Universities Face a Rising Barrage of Cyberattacks - NYTimes.com: " . . . Analysts can track where communications come from — a region, a service provider, sometimes even a user’s specific Internet address. But hackers often route their penetration attempts through multiple computers, even multiple countries, and the targeted organizations rarely go to the effort and expense — often fruitless — of trying to trace the origins. American government officials, security experts and university and corporate officials nonetheless say that China is clearly the leading source of efforts to steal information, but attributing individual attacks to specific people, groups or places is rare. The increased threat of hacking has forced many universities to rethink the basic structure of their computer networks and their open style, though officials say they are resisting the temptation to create a fortress with high digital walls. . . . ." (read more at link above)
Break Out The Shaker – Salting Passwords For Tighter Security - The Official Rackspace Blog: " . . . .In this video, I’ll explain the differences between two common password protection methods, encryption and hashing, and I’ll show why they alone are not enough to protect your password database. Hackers have sophisticated ways to crack encryption keys; once they get that key it is like they have a combination to a safe and can loot everything inside. While hashing is a one-way function and offers a level of protection, rainbow tables and pre-computed tables enable hackers the opportunity compromise your application. . . ."
Nations Buying as Hackers Sell Flaws in Computer Code - NYTimes.com: "“Governments are starting to say, ‘In order to best protect my country, I need to find vulnerabilities in other countries,’ ” said Howard Schmidt, a former White House cybersecurity coordinator. “The problem is that we all fundamentally become less secure.” A zero-day bug could be as simple as a hacker’s discovering an online account that asks for a password but does not actually require typing one to get in. Bypassing the system by hitting the “Enter” key becomes a zero-day exploit. The average attack persists for almost a year — 312 days — before it is detected, according to Symantec, the maker of antivirus software. Until then it can be exploited or “weaponized” by both criminals and governments to spy on, steal from or attack their target." (read more at link above)
Obama considers ending NSA surveillance programs, Democratic senator says — RT USA: "The long-time member of the Senate Intelligence Committee said Thursday that privacy and civil liberties advocates could be on the verge of “making a comeback” due to the blowback caused by recent leaked national security documents. Speaking to the New York Times this week on the effect leaked documents attributed to former National Security Agency contractor Edward Snowden have had on the United States, Sen. Wyden said he imagines the White House is willing to reconsider the current surveillance policies in place that have sparked widespread protest and criticism in recent weeks."
Agreements with private companies protect U.S. access to cables’ data for surveillance - The Washington Post: ". . . .Negotiating leverage has come from a seemingly mundane government power: the authority of the Federal Communications Commission to approve cable licenses. In deals involving a foreign company, say people familiar with the process, the FCC has held up approval for many months while the squadron of lawyers dubbed Team Telecom developed security agreements that went beyond what’s required by the laws governing electronic eavesdropping. The security agreement for Global Crossing, whose fiber-optic network connected 27 nations and four continents, required the company to have a “Network Operations Center” on U.S. soil that could be visited by government officials with 30 minutes of warning. Surveillance requests, meanwhile, had to be handled by U.S. citizens screened by the government and sworn to secrecy — in many cases prohibiting information from being shared even with the company’s executives and directors. “Our telecommunications companies have no real independence in standing up to the requests of government or in revealing data,” said Susan Crawford, a Yeshiva University law professor and former Obama White House official. “This is yet another example where that’s the case.” The full extent of the National Security Agency’s access to fiber-optic cables remains classified. . . ." (read more at the link above)
UK Government Signs Cyber Security Deal With 9 Defence, Tech firms iDigitalTimes.co.uk The UK government has signed in a deal involving nine of the major defence contractors and telecommunication companies to prevent further cyber security attacks, said a recent post on BBC. The partnership can be broadly viewed as a startup for the ...
Cyber strikes The News International The fact remains, though, that in the event of a sustained cyber attack on business, security forces and agencies, the armed forces or the various arms of governance all of which rely heavily on the internet, they would be almost defenceless. There ...
AP Interview: Ex-FBI Chief on Risk of Cyber Terror ABC News United States intelligence officials must do a better job analyzing the mountains of global internet, telephone and financial data they already collect to thwart the cyber terrorists of tomorrow, according to former FBI director Louis Freeh. Speaking ...
Cyber crime fears over internet in Irish prisons The Irish Sun But an IT expert told the Irish Sun criminals will be able to break any Firewalls or monitoring put in place. Cyber security expert Paul Dwyer said: “The reality is nothing is 100 per cent secure. They could try to monitor what prisoners are doing, but ...
Talking to China on the cyber threat Financial Times Tom Donilon, the former White House national security adviser, has complained that cyber attacks are “emanating from China on an unprecedented scale”. General Keith Alexander, director of the National Security Agency and commander of US Cyber ...
Stock brokerages, mutual funds and investment advisers will be required to establish programs to help detect identity theft under new rules adopted by U.S. securities regulators--
SEC adopts identity theft rule in first act by new chairman | Fox Business: "The SEC and CFTC first jointly proposed the rules in February 2012. They require firms to create programs to set up red flags to spot potential identity theft, respond to cases of ID theft and periodically update their programs. The joint rules become final after both the SEC and CFTC sign off. The CFTC's rules would apply to such firms as futures brokerages and commodity trading advisers. "These rules are a common sense response to the growing threat of identity theft to all Americans," White said." (read more at link above)
Secrets of FBI Smartphone Surveillance Tool Revealed in Court Fight | Threat Level | Wired.com: "Although a number of companies make stingrays, including Verint, View Systems, Altron, NeoSoft, MMI, Ability, and Meganet, the Harris line of cell site emulators are the only ones that are compatible with CDMA2000-based devices. Others can track GSM/UMTS-based communications, but the Harris emulators can track CDMA2000, GSM and iDEN devices, as well as UMTS. The Harris StingRay and KingFish devices can also support three different communication standards simultaneously, without having to be reconfigured. Rigmaiden was arrested in 2008 on charges that he was the mastermind behind an operation that involved stealing more than $4 million in refunds from the IRS by filing fraudulent tax returns. He and others are accused of using numerous fake IDs to open internet and phone accounts and using more than 175 different IP addresses around the United States to file the fake returns, which were often filed in bulk as if through an automated process. Rigmaiden has been charged with 35 counts of wire fraud, 35 counts of identify theft, one count of unauthorized computer access and two counts of mail fraud." (read more at link above)
Security paradox: our security and liberty are now dependent on whistleblowers a/k/a "leakers" as "congressional oversight" is a joke and secret courts are nothing but "rubber-stamps"--
Whistleblowers will continue to leak state secrets, warns AP chief | Media | guardian.co.uk: "Gary Pruitt, the head of the global news agency, warned Washington that it cannot control the "inevitable" flow of information to the media in the wake of Snowden's disclosures about classified surveillance programs in the US and UK. . . . "The Obama administration has made it clear that it will aggressively pursue leakers and whistleblowers. I think there will inevitably be leakers and whistleblowers, however, because there are so many people who have access to classified information." Obama's government has "gone after leakers in a way that no other has", Pruitt said, adding that the pursuit of whistleblowers has "become a much bigger issue than I believe they thought it would be"."
All that money wasted--or as Bloomberg more bluntly puts it, the "infrastructure set up by the National Security Agency ... may only be good for gathering information on the stupidest, lowest-ranking of terrorists. The Prism surveillance program focuses on access to the servers of America’s largest Internet companies, which support such popular services as Skype, Gmail and iCloud. These are not the services that truly dangerous elements typically use"--