Tuesday, July 30, 2013

Sim Card Encryption Flaw, Phones Vulnerable

Encryption Flaw Makes Phones Possible Accomplices in Theft - NYTimes.com" . . . A German mobile security expert says he has found a flaw in the encryption technology used in some SIM cards, the chips in handsets, that could enable cyber criminals to take control of a person’s phone. Karsten Nohl, founder of Security Research Labs in Berlin, said the encryption hole allowed outsiders to obtain a SIM card’s digital key, a 56-digit sequence that opens the chip up to modification. With that key in hand, Mr. Nohl said, he was able to send a virus to the SIM card through a text message, which let him eavesdrop on a caller, make purchases through mobile payment systems and even impersonate the phone’s owner. . . ."

more news below

Saturday, July 27, 2013

Universities Under Cyberattack

Universities Face a Rising Barrage of Cyberattacks - NYTimes.com: " . . . Analysts can track where communications come from — a region, a service provider, sometimes even a user’s specific Internet address. But hackers often route their penetration attempts through multiple computers, even multiple countries, and the targeted organizations rarely go to the effort and expense — often fruitless — of trying to trace the origins. American government officials, security experts and university and corporate officials nonetheless say that China is clearly the leading source of efforts to steal information, but attributing individual attacks to specific people, groups or places is rare. The increased threat of hacking has forced many universities to rethink the basic structure of their computer networks and their open style, though officials say they are resisting the temptation to create a fortress with high digital walls. . . . ." (read more at link above)

more news below

Thursday, July 25, 2013

Salting Passwords For Tighter Security (video)

Break Out The Shaker – Salting Passwords For Tighter Security - The Official Rackspace Blog: " . . . .In this video, I’ll explain the differences between two common password protection methods, encryption and hashing, and I’ll show why they alone are not enough to protect your password database. Hackers have sophisticated ways to crack encryption keys; once they get that key it is like they have a combination to a safe and can loot everything inside. While hashing is a one-way function and offers a level of protection, rainbow tables and pre-computed tables enable hackers the opportunity compromise your application. . . ."

more news below

Tuesday, July 23, 2013

Nations Buying as Hackers Sell Code Exploits

A never-ending market--

Nations Buying as Hackers Sell Flaws in Computer Code - NYTimes.com: "“Governments are starting to say, ‘In order to best protect my country, I need to find vulnerabilities in other countries,’ ” said Howard Schmidt, a former White House cybersecurity coordinator. “The problem is that we all fundamentally become less secure.” A zero-day bug could be as simple as a hacker’s discovering an online account that asks for a password but does not actually require typing one to get in. Bypassing the system by hitting the “Enter” key becomes a zero-day exploit. The average attack persists for almost a year — 312 days — before it is detected, according to Symantec, the maker of antivirus software. Until then it can be exploited or “weaponized” by both criminals and governments to spy on, steal from or attack their target." (read more at link above)

more news below

Saturday, July 20, 2013

Obama and NSA surveillance programs

Probably a pipe dream . . . but dream on . . . .

Obama considers ending NSA surveillance programs, Democratic senator says — RT USA: "The long-time member of the Senate Intelligence Committee said Thursday that privacy and civil liberties advocates could be on the verge of “making a comeback” due to the blowback caused by recent leaked national security documents. Speaking to the New York Times this week on the effect leaked documents attributed to former National Security Agency contractor Edward Snowden have had on the United States, Sen. Wyden said he imagines the White House is willing to reconsider the current surveillance policies in place that have sparked widespread protest and criticism in recent weeks."

more news below

Thursday, July 18, 2013

US government access to global cable networks for surveillance

Agreements with private companies protect U.S. access to cables’ data for surveillance - The Washington Post: ". . . .Negotiating leverage has come from a seemingly mundane government power: the authority of the Federal Communications Commission to approve cable licenses. In deals involving a foreign company, say people familiar with the process, the FCC has held up approval for many months while the squadron of lawyers dubbed Team Telecom developed security agreements that went beyond what’s required by the laws governing electronic eavesdropping. The security agreement for Global Crossing, whose fiber-optic network connected 27 nations and four continents, required the company to have a “Network Operations Center” on U.S. soil that could be visited by government officials with 30 minutes of warning. Surveillance requests, meanwhile, had to be handled by U.S. citizens screened by the government and sworn to secrecy — in many cases prohibiting information from being shared even with the company’s executives and directors. “Our telecommunications companies have no real independence in standing up to the requests of government or in revealing data,” said Susan Crawford, a Yeshiva University law professor and former Obama White House official. “This is yet another example where that’s the case.” The full extent of the National Security Agency’s access to fiber-optic cables remains classified. . . ." (read more at the link above)

more news below

Tuesday, July 16, 2013

South Korea beefs up cyber security

South Korea beefs up cyber security - SpaceDaily
Seoul (AFP) July 04, 2013 - South Korea on Thursday said it would double its cyber-security budget and train 5000 experts amid growing concern over its ...

Wan Junaidi calls for proactive MCMC to counter 'national security' threat ...
The Malaysian Insider
The Malaysian Communications and Multimedia Commission (MCMC) has to develop a mechanism to monitor and address cyber security challenges, said deputy home minister Datuk Dr Wan Junaidi Tuanku . . .\
British defence giant blames Chinese hackers for wave of cyber attacks
This is Money
The revelation shows for the first time the scale of serious cyber attack on Britain's defence industry.On Friday, BAE was among nine UK-based defence firms that joined forces with the Government in the Defence Cyber Protection Partnership to boost ...

more news below

Saturday, July 13, 2013

UK Signs Cyber Security Deal With 9 Defense and Tech firms

UK Government Signs Cyber Security Deal With 9 Defence, Tech firms
The UK government has signed in a deal involving nine of the major defence contractors and telecommunication companies to prevent further cyber security attacks, said a recent post on BBC. The partnership can be broadly viewed as a startup for the ...

Cyber Security JWG for casting the net wide to rope in professionals
The Hindu
With India becoming more vulnerable to cyber attacks, the Joint Working Group on Cyber Securityhas said shortage of professionals in the sector should be tackled in a mission mode, with innovative recruitment and placement procedures. According to ...

Cyber strikes
The News International
The fact remains, though, that in the event of a sustained cyber attack on business, security forces and agencies, the armed forces or the various arms of governance all of which rely heavily on the internet, they would be almost defenceless. There ...

more news below

Thursday, July 11, 2013

Ex-FBI Chief on Risk of Cyber Terror

AP Interview: Ex-FBI Chief on Risk of Cyber Terror
ABC News
United States intelligence officials must do a better job analyzing the mountains of global internet, telephone and financial data they already collect to thwart the cyber terrorists of tomorrow, according to former FBI director Louis Freeh. Speaking ...

Cyber crime fears over internet in Irish prisons
The Irish Sun
But an IT expert told the Irish Sun criminals will be able to break any Firewalls or monitoring put in place. Cyber security expert Paul Dwyer said: “The reality is nothing is 100 per cent secure. They could try to monitor what prisoners are doing, but ...

Talking to China on the cyber threat
Financial Times
Tom Donilon, the former White House national security adviser, has complained that cyber attacks are “emanating from China on an unprecedented scale”. General Keith Alexander, director of the National Security Agency and commander of US Cyber ...

more news below

Tuesday, July 9, 2013

SEC identity theft rule

Stock brokerages, mutual funds and investment advisers will be required to establish programs to help detect identity theft under new rules adopted by U.S. securities regulators--

SEC adopts identity theft rule in first act by new chairman | Fox Business: "The SEC and CFTC first jointly proposed the rules in February 2012. They require firms to create programs to set up red flags to spot potential identity theft, respond to cases of ID theft and periodically update their programs. The joint rules become final after both the SEC and CFTC sign off. The CFTC's rules would apply to such firms as futures brokerages and commodity trading advisers. "These rules are a common sense response to the growing threat of identity theft to all Americans," White said." (read more at link above)

more news below

Saturday, July 6, 2013

FBI Smartphone Surveillance Tool

Secrets of FBI Smartphone Surveillance Tool Revealed in Court Fight | Threat Level | Wired.com: "Although a number of companies make stingrays, including Verint, View Systems, Altron, NeoSoft, MMI, Ability, and Meganet, the Harris line of cell site emulators are the only ones that are compatible with CDMA2000-based devices. Others can track GSM/UMTS-based communications, but the Harris emulators can track CDMA2000, GSM and iDEN devices, as well as UMTS. The Harris StingRay and KingFish devices can also support three different communication standards simultaneously, without having to be reconfigured. Rigmaiden was arrested in 2008 on charges that he was the mastermind behind an operation that involved stealing more than $4 million in refunds from the IRS by filing fraudulent tax returns. He and others are accused of using numerous fake IDs to open internet and phone accounts and using more than 175 different IP addresses around the United States to file the fake returns, which were often filed in bulk as if through an automated process. Rigmaiden has been charged with 35 counts of wire fraud, 35 counts of identify theft, one count of unauthorized computer access and two counts of mail fraud." (read more at link above)

more news below

Thursday, July 4, 2013

Whistleblowers will continue to leak state secrets and protect our liberty

Security paradox: our security and liberty are now dependent on whistleblowers a/k/a "leakers" as "congressional oversight" is a joke and secret courts are nothing but "rubber-stamps"--

Whistleblowers will continue to leak state secrets, warns AP chief | Media | guardian.co.uk: "Gary Pruitt, the head of the global news agency, warned Washington that it cannot control the "inevitable" flow of information to the media in the wake of Snowden's disclosures about classified surveillance programs in the US and UK. . . . "The Obama administration has made it clear that it will aggressively pursue leakers and whistleblowers. I think there will inevitably be leakers and whistleblowers, however, because there are so many people who have access to classified information." Obama's government has "gone after leakers in a way that no other has", Pruitt said, adding that the pursuit of whistleblowers has "become a much bigger issue than I believe they thought it would be"."

more news below

Tuesday, July 2, 2013

Sorry NSA - Terrorists Don't Use Verizon, Skype, or Gmail

All that money wasted--or as Bloomberg more bluntly puts it, the "infrastructure set up by the National Security Agency ... may only be good for gathering information on the stupidest, lowest-ranking of terrorists. The Prism surveillance program focuses on access to the servers of America’s largest Internet companies, which support such popular services as Skype, Gmail and iCloud. These are not the services that truly dangerous elements typically use"--

Sorry, NSA, Terrorists Don't Use Verizon. Or Skype. Or Gmail. | Motherboard: "The NSA has to collect the metadata from all of our phone calls because terrorists, right? And the spy agency absolutely must intercept Skypes you conduct with folks out-of-state, or else terrorism. It must sift through your iCloud data and Facebook status updates too, because Al Qaeda. Terrorists are everywhere, they are legion, they are dangerous, and, unfortunately, they don't really do any of the stuff described above. Even though the still-growing surveillance state that sprung up in the wake of 9/11 was enacted almost entirely to "fight terrorism," reports show that the modes of communication that agencies like the NSA are targeting are scarcely used by terrorists at all. A recent Bloomberg piece points to a 2012 report on terrorism which found that most serious terrorists steer clear of the most obvious platforms—major cell networks, Google, Skype, Facebook, etc. . . . "

more news below

Cybersecurity - Google News

Malware - Google News

National Security - Google News

"Security Threats" - Google News

Maritime security - Google News

The State of Security

TSA - Google News

Homeland Security - Google News