Saturday, September 28, 2013

Hackers attempt to rob bank with £10 device

Santander 'hackers' attempt to rob bank with £10 device - Telegraph: " . . . “It sounds like an inside job, and I guess the attraction of using a KVM (keyboard video mouse) is it makes it a lot less obvious what’s going on,” said Ferguson. “If the computer in question is in the data centre – or a server room even – it’s not the kind of place where you’d see people standing around tapping away on keyboards. So installing the KVM means you can go back to your desk and look like you’re just going about your normal business.” The only way to prevent this kind of attack is to step up the amount of physical security in the building. However, if the person in question is authorised to access the data centre and install KVMs, then there is very little the organisation can do. . . ." (read more at link above)

more news below

Thursday, September 26, 2013

Fingerprints and other biometric authentication tokens

Why fingerprints make lousy authentication tokens - Boing Boing: "This is the paradox of biometric authentication. The biometric characteristics of your retinas, fingerprints, hand geometry, gait, and DNA are actually pretty easy to come by without your knowledge or consent. Unless you never venture into public without a clean-room bunny-suit, mirrorshades, and sharp gravel in your shoes, you're not going to be able to stop dedicate strangers from capturing these measurements. And as with Schauble's fingerprints, you can't revoke your DNA and replace it with new DNA once a ripoff artist has used it to clean out your bank-account or break into your workplace."

more news below

Tuesday, September 24, 2013

NSA sabotage foil

How to foil NSA sabotage: use a dead man's switch | Technology | " . .  .It doesn't really matter if you trust the "good" spies of America and the UK not to abuse their powers (though even the NSA now admits to routine abuse, you should still be wary of deliberately weakened security. It is laughable to suppose that the back doors that the NSA has secretly inserted into common technologies will only be exploited by the NSA. There are plenty of crooks, foreign powers, and creeps who devote themselves to picking away patiently at the systems that make up the world and guard its wealth and security (that is, your wealth and security) and whatever sneaky tools the NSA has stashed for itself in your operating system, hardware, applications and services, they will surely find and exploit. . . . "

more news below

Saturday, September 21, 2013

NSA Spooks, Internet crypto, Backdoors

Spooks break most Internet crypto, but how? | Ars Technica: "...The short answer is almost certainly by compromising the software or hardware that implements the encryption or by attacking or influencing the people who hold the shared secrets that form one of the linchpins of any secure cryptographic system. The NYT alludes to these techniques as a combination of "supercomputers, technical trickery, court orders, and behind-the-scenes persuasion." The paper went on to refer to technologies that had been equipped with backdoors or had been deliberately weakened. Snowden put it slightly differently when he said: "Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around" encryption. Exploiting the implementations or the people behind these systems can take many forms. What follows are some of the more plausible scenarios...."

more news below

Thursday, September 19, 2013

NSA Spying fallout, India Bans Use of Google

NSA Spying: Indian Gov't Bans Employee use of Google as European Parliament Weighs Law Fining Firms that Cooperate | Informed Comment: "The rest of the world is much more appalled at the spying of the National Security Agency on telephone, email, web browsers and other personal information than is the US public. As new revelations come out almost daily about the cavalier way in which the NSA has spied on the world’s presidents, parliaments and ordinary citizens it is natural that the rest of the world should begin responding to what they see as a dire threat to government and personal privacy."

more news below

Tuesday, September 17, 2013

NSA sabotage, electronic locks

Latest Snowden revelation: NSA sabotaged electronic locks - "In short, the implication of the mass of documents leaked thus far is that the NSA is not just monitoring seemingly every utterance on the planet, it is planting weaknesses in the security technology that protects legitimate online communications for the sake of decrypting illegitimate ones."

more news below

Saturday, September 14, 2013

Melbourne IT, overseas reseller, NY Times domain name breach

Melbourne IT blames overseas reseller for New York Times domain name breach - new york times, spear phishing, twitter, Melbourne IT, Syrian Electronic Army - ARN: "Melbourne IT has revealed one of its overseas resellers was a victim of a “spear phishing” attack which allowed the Syrian Electronic Army to hijack the New York Times (NYT) and some Twitter websites. A Melbourne spokesperson said staff of an overseas-based reseller “unwittingly” responded to a spear phishing attack which allowed attackers to access sensitive information, including usernames and passwords. This was used to access the reseller's account on Melbourne IT systems. “This resulted in unauthorized changes to the DNS records of two domain names associated with providing news related to the Syrian conflict,” he said."

more news below

Thursday, September 12, 2013

Email, Tracking, Privacy

The NSA Isn’t the Only One Tracking You | McManis Faulkner - JDSupra: "ReadNotify is a paid service. There are similar services, like SpyPig and WhoReadMe, offered at no cost. Once you sign up, you create an email that is sent to the service’s server and then sent to your recipient. The emails appear to the recipient as if they are coming directly from you, but they are actually processed through ReadNotify, Spypig, WhoReadMe, etc. The service provides the sender a report that lets the sender know the date and time the recipient opened the email. In addition, the service can also report if the recipient forwarded the email and the approximate location where the email was opened. " (read more at link above)

more news below

Tuesday, September 10, 2013

US Army Computer Security Flaws

Exclusive: How An Army Computer Security Flaw Got Swept Under The Rug: "...Big private tech companies like Google, Facebook, and Microsoft routinely seek out and sometimes pay people like Mark who expose security flaws. Some have set up bounty systems giving any member of the public who finds and reports a bug up to $20,000. The military has no such system. If reporting to a superior goes nowhere, then in reality, there is little recourse for soldiers who discover computer security problems. They could report a bug to the Department of Defense Inspector General, which handles complaints about fraud, waste, and abuse. But that’s not an obvious avenue for computer issues. Moreover, if their superiors found out, they could face retaliation...." (more at link above)

more news below

Saturday, September 7, 2013

Researchers reverse-engineer Dropbox client

Researchers reverse-engineer the Dropbox client: What it means - TechRepublic: "In their paper Looking inside the (Drop) box, Dhiru and Przemyslaw get right to the point: "We describe a method to bypass Dropbox’s two-factor authentication and hijack Dropbox accounts. Additionally, generic techniques to intercept SSL data using code injection techniques and monkey patching are presented."" (read more at link above)

more news below

Thursday, September 5, 2013

Amazon, GAO, IBM, $600 million CIA contract

A redacted version of a lawsuit Amazon filed against the federal government became public, offering a look at the company’s effort to block rebidding of its lucrative CIA deal.

Amazon blasts GAO and IBM over $600 million CIA contract | Business & Technology | The Seattle Times: ". . . So when AWS won the contract to build the Web-based infrastructure for the CIA in January, IBM, a losing bidder, protested. IBM took its case to the GAO, which can review contract-bidding processes at government agencies. The GAO agreed, in part, with IBM in June. The GAO found that Amazon’s bid was technically superior, even though IBM’s bid to build the technology was significantly lower. But the GAO also agreed with IBM that the CIA did not properly evaluate IBM’s bid in a few narrow, technical matters. The CIA decided to follow the GAO’s recommendations. “In response to the GAO decision, the CIA has taken corrective action and remains focused on awarding a cloud contract for the intelligence community,” said agency spokesman Christopher White. That determination triggered Amazon’s suit against the United States last month, a suit that was sealed until Tuesday. Amazon’s central argument is that IBM’s complaints regarding the Agency’s evaluation of its pricing on one piece of the contract were untimely. And Amazon argues that IBM doesn’t have the capability to deliver the type of Web-based computing that the CIA seeks. So even if IBM’s arguments had merit, they wouldn’t affect the outcome of the contract. For its part, IBM said, Amazon had its chance to defend its bid before the GAO and lost. . . ." (read more at link above)

more news below

Tuesday, September 3, 2013

White House Taps McAfee CTO for Cybersecurity Post

White House Taps McAfee CTO for Cybersecurity Post - Digits - WSJ: "Phyllis Schneck, a vice president and chief technology officer for the public sector at McAfee, a unit of Intel, will start in early September as the deputy undersecretary for cybersecurity, a DHS official said. Homeland Security takes a leading role in protecting U.S. networks from foreign and domestic hackers. She steps into a position that has had an active revolving door lately. Her predecessor, cybersecurity veteran Mark Weatherford, stayed in the job for less than 18 months and left in April. His interim replacement, Bruce McConnell, announced his departure in July."

more news below

Cybersecurity - Google News

Malware - Google News

National Security - Google News

"Security Threats" - Google News

Maritime security - Google News

The State of Security

TSA - Google News

Homeland Security - Google News