Thursday, October 31, 2013

NSA delayed anti-leak software where Snowden worked

Greatest threats are always from the inside. NSA found out the hard way.

Exclusive: NSA delayed anti-leak software at base where Snowden worked -officials | Reuters: " . . . . Snowden was assigned by Booz Allen Hamilton to the Hawaii facility in late March or early April 2013, after first attending training sessions near NSA's Maryland headquarters. He was only there for a few weeks before he told his employers that he needed time off because of health problems. Snowden then disappeared and turned up several weeks later in Hong Kong. There, he gave a TV interview and a trove of secrets from the NSA and its British counterpart, Government Communications Headquarters, to writer Glenn Greenwald, filmmaker Laura Poitras, and journalists from Britain's Guardian newspaper. Reuters reported in August that Snowden began downloading documents describing the U.S. government's electronic spying on an earlier job working for Dell Inc in April 2012. One official said Congressional oversight committees had repeatedly expressed concerns to the administration that agencies across the government, including spy units, had moved too slowly to install updated security software. Another official said that U.S. agencies were still not positive they knew the details of all the material which Snowden had downloaded and turned over to journalists."

more news below

Tuesday, October 29, 2013

Cyber Attacks, Business Cybersecurity, a decade out of date

Out of date security is no security --

Business understanding of cyber attacks a decade out of date
The Australian Financial Review
Business understanding of cyber attacks a decade out of date ... old as civilisation itself: espionage, sabotage, crime, terrorism, warfare and protest,” ... In a survey of IT security professionals last year, ISACA found that one in five worked in an organisation that had been the subject of an APT attack and 63 per cent said they ... (read more at link above)

The Australian Financial Review

more news below

Saturday, October 26, 2013

Most secure browser is Chrome on Chrome OS

If you care about security, the most secure browser is Chrome on a Chrome OS computer (Chromebook or Chromebox) --

Google defends Chrome browser's security features: "Chrome is the most secure browser and offers you control over how it uses and stores data. Chrome asks for permission before storing sensitive information like credit card details, and you don't have to save anything if you don't want to. Furthermore data stored locally by Chrome will be encrypted, if supported by the underlying operating system. For example, Chrome OS encrypts all data stored locally by default. We recommend people use the security measures built into their operating system of choice." (read more at links above)

more news below

Thursday, October 24, 2013

DNS poisoning, Malaysia

Beware who manages and controls your Domain Name Servers --

Google Malaysia hit by DNS poisoning (Updated) - Tech News | The Star Online: "It is believed that it is not the Google Malaysia search page that has been hacked, but it is the domain name servers that translates the name "" into actual web address that has been compromised. In this "DNS poisoning" attack, anyone trying to visit the Google Malaysia website will instead be redirected to the hacker's page." (read more at link above)

more news below

Tuesday, October 22, 2013

Android, Myths, Malware, Mobile Security

Like most irrational tirades against Google these days (and governmental investigations), there's more myth than truth involved when it comes to Android and "security" --

Google's perspective on the real-world threat posed by Android malware -- and by extension, the effectiveness to date of its choice of app review and distribution model -- has been echoed in other quarters. A study released Monday by researchers at the Georgia Institute of Technology and security firm Damballa, "The Core of the Matter: Analyzing Malicious Traffic in Cellular Carriers," found that mobile malware "appears in a minuscule number of devices" in the two networks they studied. (source infra)

Google: Don't Fear Android Malware - Security - Mobile Security -: "Ludwig continued by likening Android's security model to how the Centers for Disease Control and Prevention (CDC) tackles real-world infections. "The CDC knows that it's not realistic to try to eradicate all disease. Rather, it monitors disease with scientific rigor, providing preventative guidance and effective responses to harmful outbreaks," he said." (read more at links above)

more news below

Saturday, October 19, 2013

Security, NSA, Stasi, China, Employment

Future make-work jobs coming from our Big Brother NSA? --

The Future For Middle Class Jobs? China Employs 2 Million To Browse The Web -SVW: "Security is a growing market and there's lots of jobs to be done that still can't be done well by software. It's not the best paid job in the world but it's a steady job with wonderful growth prospects. There are estimates that one-third of East Germany's population worked for the Stasi security organization either as informers or agents. In my dystopian fantasies it's easy to see a future in which most people work in security, scanning and patting each other down, at every doorway. . . ."

more news below

Thursday, October 17, 2013

DNS spoofing, DNS-Based Hacker Attack

DNS-Based Attack Brings Down New Victim: WhatsApp – ReadWrite: "The WhatsApp home page has since been returned to normal, but during the attack, it was noted that the Domain Name Service records for the WhatsApp site had been changed. This would suggest that the attackers had not actually cracked into WhatsApp, but had instead used DNS spoofing to hijack the web site's address.DNS spoofing is an increasingly popular way for malicious hackers to effectively obtain access to a web site. The attack is remarkably simple, and was instrumental in this summer's hacks of the Twitter and New York Times home pages. While it is not known if this was indeed how WhatsApp was attacked this morning, details from the August 29 attack on the New York Times web site would support the theory. . . ."

more news below

Tuesday, October 15, 2013

Hosting Provider DNS hijacking

Hosting provider LeaseWeb falls victim to DNS hijacking | PCWorld: " . . . LeaseWeb is still investigating how attackers managed to change the DNS records for its domain name, but it appears that they gained access to the domain administrator password at the domain registrar from which LeaseWeb bought its domain. Spear phishing might have been a part of the attack, but at this point the investigation is ongoing so there’s no definitive answer, Alex de Joode, senior legal counsel of LeaseWeb, said (last) Monday via email. . . ." (read more at link above)

more news below

Saturday, October 12, 2013

US Intelligence, Tor, Anonymity

U.S. Intelligence Defends Attempts to Break Tor Anonymity Network - Arik Hesseldahl - News - AllThingsD: " . . . .It was all legal and appropriate, Clapper argues, because, “Within our lawful mission to collect foreign intelligence to protect the United States, we use every intelligence tool available to understand the intent of our foreign adversaries so that we can disrupt their plans and prevent them from bringing harm to innocent Americans. … Our adversaries have the ability to hide their messages and discussions among those of innocent people around the world. They use the very same social networking sites, encryption tools and other security features that protect our daily online activities.” The ironic part is that Tor was invented at the U.S. Naval Academy as a project meant to help activists overseas evade surveillance by officials of repressive regimes. A good amount of its funding has come from the NSA’s parent agency, the U.S. Department of Defense."

more news below

Thursday, October 10, 2013

FBI shuts alleged online drug marketplace Silk Road

FBI shuts alleged online drug marketplace Silk Road - Orlando Sentinel: "In a corresponding civil asset forfeiture action, prosecutors claimed Silk Road and Ulbricht were liable to the government for the value of all transactions involving drug tracking and computer hacking, as well as for money laundering penalties, and a final amount would be determined at trial." (read more at link above)

more news below

Tuesday, October 8, 2013

NSA "undermined the fundamental trust in the internet"

How a Crypto 'Backdoor' Pitted the Tech World Against the NSA | Threat Level |" . . . Even without more explicit confirmation that the weaknesses in the algorithm and standard constitute a backdoor, Kocher and Schneier believe they do. “It is extraordinarily bad cryptography,” says Kocher. “If you look at the NSA’s role in creating standards [over the years] and its general cryptographic sophistication, none of it makes sense if there isn’t a backdoor in this.” Schneier agrees and says the NSA has done too many other things for him to think, when he sees government-mandated crypto that’s weak, that it’s just by accident. “If we were living in a kinder world, that would be a plausible explanation,” he says. “But we’re living in a very malicious world, it turns out.” He adds that the uncertainty around the algorithm and standard is the worst part of the whole matter. “This is the worst problem that the NSA has done,” Schneier says. “They have so undermined the fundamental trust in the internet, that we don’t know what to trust. We have to suspect everything. We’re never sure. That’s the greatest damage.”. . ."

more news below

Saturday, October 5, 2013

Closing Back Doors, NSA, Security

The National Security Agency undermines confidence in communication by weakening encryption (source infra)

Close the N.S.A.'s Back Doors - "The back doors also strip away the expectations of privacy that individuals, businesses and governments have in ordinary communications. If back doors are built into systems by the N.S.A., who is to say that other countries’ spy agencies — or hackers, pirates and terrorists — won’t discover and exploit them? The government can get a warrant and break into the communications or data of any individual or company suspected of breaking the law. But crippling everyone’s ability to use encryption is going too far, just as the N.S.A. has exceeded its boundaries in collecting everyone’s phone records rather than limiting its focus to actual suspects." (read more at link above)

more news below

Thursday, October 3, 2013

China, Top Secret Military Site, Visible on Google

China’s Latest Top Secret Military Site Is Visible on Google | "Imagine, then, what his response might have been to the latest upheaval in intelligence gathering, whereby high-definition pictures of secret military installation turn up online, on obscure corners of the web, for anyone to see. “The grainy photos that they were getting from those spy satellites were nothing compared to what you can get from Google Earth,” says Peter Singer, director of the Center for 21st Century Security and Intelligence at the Brookings Institution. Singer and his co-researcher, Jeffrey Lin, recently wrote an analysis of China’s latest covert project, its first home-made aircraft carrier, based on nothing but photos pulled from blogs. With a little Googling, anyone can find them." (read more at link above)

more news below

Tuesday, October 1, 2013

NIST Says Drop Its Own Encryption Standard

Government Standards Agency “Strongly” Suggests Dropping its Own Encryption Standard - ProPublica: " in a little-noticed footnote, NIST went a step further, saying it is “strongly” recommending against even using one of the standards. The institute sets standards for everything from the time to weights to computer security that are used by the government and widely adopted by industry."

more news below

Cybersecurity - Google News

Malware - Google News

National Security - Google News

"Security Threats" - Google News

Maritime security - Google News

The State of Security

TSA - Google News

Homeland Security - Google News