Saturday, November 30, 2013

Stuxnet, Its Secret Twin, Sabotage

Fascinating read at the link below (excerpt follows) --

Stuxnet's Secret Twin - By Ralph Langner | Foreign Policy: "....In other words, blowing the cover of this online sabotage campaign came with benefits. Uncovering Stuxnet was the end of the operation, but not necessarily the end of its utility. Unlike traditional Pentagon hardware, one cannot display USB drives at a military parade. The Stuxnet revelation showed the world what cyberweapons could do in the hands of a superpower. It also saved America from embarrassment. If another country -- maybe even an adversary -- had been first in demonstrating proficiency in the digital domain, it would have been nothing short of another Sputnik moment in U.S. history. So there were plenty of good reasons not to sacrifice mission success for fear of detection. We're not sure whether Stuxnet was disclosed intentionally. As with so many human endeavors, it may simply have been an unintended side effect that turned out to be critical. One thing we do know: It changed global military strategy in the 21st century..."

more news below

Thursday, November 28, 2013

3 Ways Malicious Hacking Occurs

11 sure signs you've been hacked: "The hope of an anti-malware program that can perfectly detect malware and malicious hacking is pure folly. ... And if you are risk-adverse, as I am, always perform a complete computer restore with the event of a breach. Because once your computer has been compromised, the bad guys can do anything and hide anywhere. It's best to just start from scratch. Most malicious hacking originates from one of three vectors: unpatched software, running Trojan horse programs, and responding to fake phishing emails. Do better at preventing these three things, and you'll be less likely to have to rely on your antimalware software's accuracy -- and luck." (read more at link above)

more news below

Tuesday, November 26, 2013

Kevin Mitnick shows how easy it is to hack a computer

Kevin Mitnick: 'The only thing McAfee is good at is making videos' - 16 Oct 2013 - Computing News: ". . . . Mitnick demonstrated how easy it is to hack a computer, even when secured by the latest McAfee AV client, which he claimed was fully patched. He explained that the simplest form of attack is to identify a specific individual target in a firm, then research them on social media in order to tailor a message to them that will make them more likely to open an infected attachment.
"The attacker only has to find one person to open a PDF, so you do the attacks surgically. LinkedIn is the best tool - you search for networks and positions. You might want to target sales and marketing, because they're the most likely to comply with my request. So you find out who they communicate with, their partners, customers and suppliers. You can then spoof communications that appear to come from a trusted source. . . ." (read more at the link above)

more news below

Saturday, November 23, 2013

Pentagon Secret Backbone Hardly Secret

Kevin Mitnick: 'The only thing McAfee is good at is making videos' - 16 Oct 2013 - Computing News: "He showed the audience a detailed network topology map, which included all the switches and routers on the network, and all of the internal and external IP addresses. The network in question was the Pentagon Secret Backbone. Mitnick explained that someone at the Pentagon had installed a peer-to-peer client at some point, and not realised that various important documents, such as this map, had been leaked as a direct result."

(ed. note): And yet people in government still think the Chinese and Russians wanted Snowden's documents. Truth is, they probably had already obtained all of those documents themselves before Snowden ever thought about it.

more news below

Thursday, November 21, 2013

Tim Berners-Lee calls encryption cracking by spy agencies 'appalling and foolish'

Tim Berners-Lee: encryption cracking by spy agencies 'appalling and foolish' | World news | The Guardian: " . . . In an interview with the Guardian, he expressed particular outrage that GCHQ and the NSA had weakened online security by cracking much of the online encryption on which hundreds of millions of users rely to guard data privacy. He said the agencies' decision to break the encryption software was appalling and foolish, as it directly contradicted efforts of the US and UK governments to fight cybercrime and cyberwarfare, which they have identified as a national security priority. Berners-Lee also said it was a betrayal of the technology industry. In contrast to several senior British politicians – including the prime minister, David Cameron – who have called for the Guardian to be investigated over reporting of the Snowden leaks, Berners-Lee sees the news organisation and Snowden as having acted in the public interest. . . ." (read more at link above)

more news below

Tuesday, November 19, 2013

NSA revelations cause NIST Review of Guidance Methods

NIST Launches Review of Guidance Methods - GovInfoSecurity: "Noting that its integrity has been questioned, the National Institute of Standards and Technology has launched a formal review on how it develops cryptographic standards because of concerns that the National Security Agency might have corrupted its cryptography guidance. "Our mission is to protect the nation's IT infrastructure and information through strong cryptography," NIST says in a statement issued late Nov. 1. "We cannot carry out that mission without the trust and assistance of the world's cryptographic experts. We're committed to continually earning that trust.". . ." (read more at link above)

more news below

Saturday, November 16, 2013

Cybersecurity a trillion dollar market

World cybersecurity leaders call for cooperation - CBS News: "Governments and businesses spend $1 trillion a year for global cybersecurity, but unlike wartime casualties or oil spills, there's no clear idea what the total losses are because few will admit they've been compromised. Cybersecurity leaders from more than 40 countries are gathering at Stanford University this week to consider tackling that information gap by creating a single, trusted entity that would keep track of how much hackers steal. . . ." (read more at link above)

more news below

Thursday, November 14, 2013

Unbreakable encryption

Unbreakable encryption comes to the U.S. - Fortune Tech: " . . . . QKD stood out to Battelle's researchers as the best technically feasible means of generating secure encryption that wasn't just a solution that works now and that won't leave data exposed in the future. But QKD also has some drawbacks, including a limited range and potential difficulties in sharing keys. So Battelle turned to ID Quantique, a Geneva-based quantum technology company with extensive experience in quantum communications, to help smooth out those issues. QKD works by tapping some of quantum physics' stranger phenomena to make it virtually impossible for a third party to steal an encryption key without sender and receiver being aware. Using a standard encryption algorithm, the sender encrypts the data and transmits it to the receiver. But instead of sending along the key by conventional means, it is encoded into a single photon -- the elementary particle of light -- which is then placed into a correlated state with a second photon. Physicists call this "entanglement" (Einstein called it "spooky") and under the laws that govern the quantum world any attempt to observe or measure one photon affects the other correlated photon regardless of whether they are in the same room or on opposite sides of the planet. . . ." (read more at link above)

more news below

Tuesday, November 12, 2013

Google's Chrome Browser to automatically block malware

Google's Chrome will automatically block malware | PCWorld: "A developer version of Google’s Chrome browser will automatically flag and block malware that the user’s anti-malware system wouldn’t otherwise detect, Google said. The “Canary” version of Chrome, designed for early testing by developers and others, will show a small warning note in the area of the screen reserved for downloads, notifying the user that it had prevented malware from being downloaded, Google said in a blog post. The new technology is in addition to Google’s existing “Safe Browsing” capability, which blocks up to 10,000 new websites per day, based on a reputation score that Google develops and assigns. . . ."

more news below

Saturday, November 9, 2013

BackDoors, Security

How to Design — And Defend Against — The Perfect Security Backdoor | Wired Opinion | "Since BULLRUN became public last month, the security community has been examining security flaws discovered over the past several years, looking for signs of deliberate tampering. The Debian random number flaw was probably not deliberate, but the 2003 Linux security vulnerability probably was. The DUAL_EC_DRBG random number generator may or may not have been a backdoor. The SSL 2.0 flaw was probably an honest mistake. The GSM A5/1 encryption algorithm was almost certainly deliberately weakened. All the common RSA moduli out there in the wild: We don’t know. Microsoft’s _NSAKEY looks like a smoking gun, but honestly, we don’t know. . . ." (read more at link above)

more news below

Thursday, November 7, 2013

FTC, Mobile, Scareware

FTC Takes Tough Action Against ‘Scareware’ Tactics | Jeff Ifrah - JDSupra: " . . . . Jesta (which also does business as Jamster) is known mostly for its marketplace of ringtones, photos, videos and apps. Starting in 2011, it ran a scareware campaign, purportedly for anti-virus software, that the FTC asserts crossed the line into deceptive advertising. The ads ran on the free version of the Angry Birds app for Android. Using a graphic that looks like the Android robot logo, the banner ad displayed a warning that viruses had been detected on the device – even though no virus scan was conducted. According to the FTC, when the consumers clicked on the “remove [virus]” button, or similar “warning” buttons, Jesta directed them through a number of pages about virus protection that left to very fine print a monthly service fee for ringtones and other content. . . ." (read more at link above)

more news below

Tuesday, November 5, 2013

Experian, Consumer Data, ID Theft Service

Experian Sold Consumer Data to ID Theft Service — Krebs on Security: "An identity theft service that sold Social Security and drivers license numbers — as well as bank account and credit card data on millions of Americans — purchased much of its data from Experian, one of the three major credit bureaus, according to a lengthy investigation by KrebsOnSecurity. . . ."

more news below

Saturday, November 2, 2013

US government, draft cybersecurity framework

US government, cybersecurity? --

US government releases draft cybersecurity framework | Security & Privacy - CNET News: " . . . The National Institute of Standards and Technology released its draft cybersecurity framework for private companies and infrastructure networks on Tuesday. These standards are part of an executive order that President Obama proposed in February. The aim of NIST's framework (PDF) is to create guidelines that companies can use to beef up their networks and guard against hackers and cybersecurity threats. Adopting this framework would be voluntary for companies. NIST is a non-regulatory agency within the Department of Commerce. The framework was written with the involvement of roughly 3,000 industry and academic experts, according to Reuters. It outlines ways that companies could protect their networks and act fast if and when they experience security breaches. "The framework provides a common language for expressing, understanding, and managing cybersecurity risk, both internally and externally," reads the draft standards. . . .

more news below

Cybersecurity - Google News

Malware - Google News

National Security - Google News

"Security Threats" - Google News

Maritime security - Google News

The State of Security

TSA - Google News

Homeland Security - Google News