PhoneSecurity. Heartbleed. Internet Explorer. UK new cyber security website. End of WinXP support. Huawei. UK established permanent cybersexurity team. Computer security. Password security. Internet of things. A safe, secure online space. Online trust and security are often in the news these days. This week there were three events which remind us of this – and what we in Europe are doing to ensure it. First, the CEBIT conference in Hanover: where I saw a lot of political commitment to making the EU the world's safest online space – and a lot of the technological tools that could help in practice.
Including the many projects the EU is investing in to give you a safer time online. Second, on Thursday the European Parliament voted on our legislation for more secure network and information systems (the "NIS Directive"). That vote is a very positive move for every European: a non-committal approach to online security is no longer enough to tackle the many threats we face; not any more. And I hope that the final legislation can have an ambitious scope – we are only as strong as our weakest link – so I now turn to the Council of Ministers. All together these are a big step forwards. Free Remote Control, Remote Access & Online Meetings.
The Silver Lining Of The NSA Scandal. It’s hard to imagine an organization of any kind having to deal with the level of backlash the NSA has had to since the spring of 2013. Between revelations about backdoor links into Internet giants like Google and Yahoo to the mass data collection program known as PRISM, and, more recently, spying via gaming platforms such as Second Life and World of Warcraft, it’s understandable that a majority of the public—68% according to recent polls—believe the NSA violates the privacy of some Americans with its intelligence-gathering techniques. The public outcry may be warranted, as Bruce Schneier has well documented, and many concerns related to these egregious (and likely unconstitutional) privacy and security violations certainly need to be addressed.
But the truth is that for enterprise security folks, the threat to our privacy and data is not the NSA. If there is a silver lining to the NSA story, it’s that it brings visibility to the issue of data security. A Mandate For Encryption. IT Pro Q2 Report : Is Big Brother watching you? - IT Pro White Paper Library. Snowden social-engineered co-workers to share their passwords. Posted on 11 November 2013. The revelations stemming from the documents exfiltrated by former NSA contractor Edward Snowden have changed the way we look at many things, but the details that have been trickling out about the way he went about getting access to those documents have also shown us how serious the insider threat can be. According to a report by Reuters based on disclosures from unnamed sources within the government, Snowden misused his status as a systems administrator to convince 20 to 25 NSA employees and his colleagues at the NSA regional operations center in Hawaii to hand over their login details for internal agency systems and networks.
It is reported that “a handful” of these employees have already been identified and questioned about it, then removed from their jobs - whether temporary or permanently is yet unknown. Tim Berners-Lee: encryption cracking by spy agencies 'appalling and foolish' | World news. Sir Tim Berners-Lee, the computer scientist who created the world wide web, has called for a "full and frank public debate" over internet surveillance by the National Security Agency and its British counterpart, GCHQ, warning that the system of checks and balances to oversee the agencies has failed.
As the inventor of the global system of inter-connectivity known as the web, with its now ubiquitous www and http, Berners-Lee is uniquely qualified to comment on the internet spying revealed by the former NSA contractor Edward Snowden. In an interview with the Guardian, he expressed particular outrage that GCHQ and the NSA had weakened online security by cracking much of the online encryption on which hundreds of millions of users rely to guard data privacy.
"Whistleblowers, and responsible media outlets that work with them, play an important role in society. The damning assessment was given as the heads of GCHQ, MI5 and MI6 prepared to face questioning by MPs in the Commons on Thursday. Citigroup Acknowledges Massive Data Breach. FDA asks hackers to expose holes in medical devices, but many researchers fear CFAA & jail. With back-to-back hacker conferences about to kick off in Las Vegas, it’s an extremely exciting time for people interested in security and interested in insecurity by knowing what exactly can be done via hacking. Black Hat USA, which normally has 80-90 talks, will feature a record-breaking number of 110 talks this year. SC Magazine wrote about how the fear of being sued or worse—going to prison—makes some security researchers edgy about disclosing vulnerabilities. And every year after Black Hat and Def Con, some red-faced company whose product was hacked will point fingers and make nasty accusations.
Such was the case after security researcher Jay Radcliffe explained [pdf] how wireless attacks on an insulin pump could potentially be lethal enough to kill diabetics. He heard “from parents terrified that he had given evildoers a blueprint to kill their children.” Radcliffe will present “Fact and Fiction: Defending your Medical Devices” at Black Hat. Rooting SIM cards | Security Research Labs. SIM cards are the de facto trust anchor of mobile devices worldwide. The cards protect the mobile identity of subscribers, associate devices with phone numbers, and increasingly store payment credentials, for example in NFC-enabled phones with mobile wallets. With over seven billion cards in active use, SIMs may well be the most widely used security token in the world. Through over-the-air (OTA) updates deployed via SMS, the cards are even extensible through custom Java software. While this extensibility is rarely used so far, its existence already poses a critical hacking risk.
Cracking SIM update keys. OTA commands, such as software updates, are cryptographically-secured SMS messages, which are delivered directly to the SIM. While the option exists to use state-of-the-art AES or the somewhat outdated 3DES algorithm for OTA, many (if not most) SIM cards still rely on the 70s-era DES cipher. To derive a DES OTA key, an attacker starts by sending a binary SMS to a target device. Sim Card Cloning Hack affect 750 millions users around the world. SIM cards are among the most widely-deployed computing platforms with over 7 billion cards in active use. Cracking SIM cards has long been the Holy Grail of hackers because the tiny devices are located in phones and allow operators to identify and authenticate subscribers as they use networks. A German cryptographer Karsten Nohl, the founder of Security Research Labs claims to have found encryption and software flaws that could affect millions of SIM cards, and allows hackers to remotely gain control of and also clone certain mobile SIM cards.
This is the first hack of its kind in a decade. Nohl will be presenting his findings at the Black Hat security conference this year. He and his team tested close to 1,000 SIM cards for vulnerabilities, exploited by simply sending a hidden SMS. According to him, Hackers could use compromised SIMs to commit financial crimes or engage in espionage. The exploit only works on SIMs that use an old encryption technology known as DES.
The Tweeted Times - personal newspaper generated from your Twitter account. YouTube. Zero-day attacks are meaner, more rampant than we ever thought. Computer attacks that target undisclosed vulnerabilities are more common and last longer than many security researchers previously thought. The finding comes from a new study that tracked the number and duration of so-called zero-day exploits over three years. The typical zero-day attack, by definition, exploits software flaws before they are publicly disclosed. It lasts on average 312 days, with some lasting as long as two and a half years, according to the study by researchers from antivirus provider Symantec. Of the 18 zero-day attacks the researchers found between 2008 and 2011, 11 of them previously went undetected.
Recent revelations that the Stuxnet malware that sabotaged Iranian nuclear facilities relied on five zero days already underscored the threat posed by such attacks. But the researchers said their findings suggest the menace may be even greater. Of the 18 attacks studied, 15 targeted 102 or fewer of the 11 millions hosts that were monitored. Apple Warns Customers to be Cautious of SMS After 'Flaw' Cited. Apple has a message for texters: Don't trust SMS. The consumer electronics heavyweight has advised iPhone users concerned about secure messaging to use the company's iMessage service instead of their carrier's SMS network.
While SMS is a relatively mature technology, in recent years it has attracted the interest of security researchers as an attack vector for smartphones. Apple made its recommendation in a statement Saturday after a well-known iPhone jailbreaking artist explained in a posting on the Internet how a "flaw" in Apple's implementation of SMS in its mobile operating system, iOS, could be used to spoof SMS messages. The flaw is in all versions of iOS, including the latest beta of the next release of the operating system, version 6.0, beta 4, according to the security researcher known as pod2g. "Apple takes security very seriously," the company says in its statement. "When using iMessage instead of SMS, addresses are verified which protects against these kinds of spoofing attacks. " Tips to keep kids safe online. Malware is just a step-away when children click on games, free shoes, Justin Bieber videos or gift cards offered on social networks. Hackers use social engineering techniques to exploit kids’ curiosity and easily convince them to click on appealing surveys and videos.
These may expose computers to malware, which grabs sensitive information and sends it to a remote machine controlled by cyber criminals. Kids could also be lured to click on a malware-infected link if they try to install applications to check out their profile or photo visitors. With children keeping in touch with friends they rarely see over the school holidays, activity on Facebook, Twitter and other social networks increases. So does the danger of clicking on a malicious link unwittingly distributed by a friend.
Android malware is another danger for children this summer and usually spreads in rogue applications that pose as legitimate. Identity Theft is another danger for kids on the Internet this summer. What Does Skype's Architecture Do? In the last few days we have seen reports in the media we believe are inaccurate and could mislead the Skype community about our approach to user security and privacy. I want to clear this up. At Skype, we continue to be humbled and grateful for the commitment to our product that we see from our truly global user community. We focus every day on building the best possible product for sharing experiences whenever people are apart. We want Skype to be reliable, fast, easy to use, and in most cases – free.
It works for Moms and Dads, teachers, soldiers, kids and sisters, brothers, grandparents, lovers and old friends all over the world. Our growth during the last nine years shows we are on the right path, and to our entire community, we say “thank you.” We are privileged to serve 250 million active users each month and support 115 billion minutes of person to person live communications in the last quarter alone.
Of course, this doesn’t happen by magic. False. - Mark. I Know What You Tweeted Last Summer... I Know What You Tweeted Last Summer... And All the Way Back to 2008 We have mentioned before that Twitter will send every tweet to the National Archives and the Library of Congress, so watch what you tweet. But now the access to past tweets is just a few clicks away and you don’t have to get out of your pajamas to access it. New tools are popping up and they can unleash a treasure trove of data in moments. For the 140 million and growing user base that tweets over 400 million tweets per day this might be a little more than alarming.
Cyber Expert Theresa Payton, explains... When tools are new, people love to experiment with all the features available. In the early days, people were tweeting, uploading pictures with geocodes, doing location check ins. But these tweets leave behind clues that tell bad guys, potential employers, people you might date, people you might want to forget a lot about you. What you may not realize is, that all Twitter accounts are searchable. Tips to Stay Safe: 1. 2. 6.5 Million LinkedIn Passwords Reportedly Leaked, LinkedIn Is “Looking Into” It. If you’re a LinkedIn user, do yourself a favor and change your password right now — according to a new report from Dagens IT, nearly 6.5 million encrypted LinkedIn passwords were recently dumped onto a Russian hacker forum. The news comes right on the heels of yet another user security kerfuffle, as the most recent LinkedIn for iOS update was found to transmit users’ meeting notes back to LinkedIn servers without their permission.
Of the millions of passwords dumped, Dagen IT claims that nearly 300,000 of them have been decrypted so far and that number seems sure to grow as users spread that hefty file around. The passwords are stored as unsalted SHA-1 hashes, and multiple reports on Twitter indicate that users have found their own hashes buried in the massive text dump. While unsalted hashes are much less secure than their salted brethren, it still takes a non-trivial amount of time to decrypt unless a user opted to use a common dictionary word as their password. Romanian authorities dismantle hacker group targeting government websites. IDG News Service - Twelve individuals were detained by Romanian authorities on Tuesday, suspected of being members of a cybercriminal group that hacked into the websites of various Romanian and foreign public institutions and government agencies.
Prosecutors from the Romanian Directorate for Investigating Organized Crime and Terrorism (DIICOT) have dismantled a criminal group consisting of 14 members, who engaged in cybercriminal activities that included accessing computer systems without authorization, copying confidential data stored on them and publishing the captured information online, DIICOT said on Tuesday. Supported by the Romanian Police forces and the Romanian Gendarmerie, the DIICOT prosecutors executed 12 search warrants at residential addresses in 10 different cities and detained 12 suspects. The detained individuals will be taken to DIICOT's central office in Bucharest for questioning.
Reprinted with permission from IDG.net. Story copyright 2014 International Data Group. Lawmaker wants to clarify Pentagon’s authority for cyber operations - Defense - Nextgov. Ex-TSA Chief Calls Airport Security Screenings 90 Percent "Clutter" Cocoon and Cocoon+ Now Approved as a Download on Mozilla's Firefox. Hacker exposes 40,000 Credit Cards from Digital Playground. Hacker exposes 40,000 Credit Cards from Digital Playground A new hacking group called The Consortium has hit the scene and their first take down is the porn site Digital Playground deface it and Mirror is available here.
Everything, including credit card information, was stored in plain text. "The Consortium" claim to have broken into the servers of DigitalPlayground.com last weekend and stolen 72,000 usernames and passwords and 40,000 credit-card numbers. In addition to the theft of credit card numbers, the hackers also claim that they made off with the personal information of 72,000 other users. The Consortium, which claims affiliation to hacktivist group Anonymous, claims the Digital playground site was so riddled with security holes that it acted as a irresistable target.
All of the 100 user passwords given as examples were in plaintext, not encrypted as security best practices demand. Deutsche Telekom: simko: "Fort Knox" in the Telephone. Sopa / pipa - Page 2 - Dynamic Drive Forums. Trendnet home security camera feeds accessible to anyone. FBI will Monitor Social Media using Crawl Application. Technolog - Facebook scam threatens to delete your account. Hotel booking confirmation emails aim to infect your computer. Watch out!
Beware Adobe Software Upgrade Notification – malware attached! Twitter Scam Betrays Users' Lack of Savvy - PCWorld Business Center. National : Facebook, Google face prosecution. Apple Crash Reports Help Hackers to create a jailbreak exploit. HP Printer Hack Video Shows Sensitive Data Tweet Too. Security Job Openings: Jacadis looking for Security Analysts - Secure Value.
Documentary: Secret CIA Prisons in Europe. How Do I Securely Wipe a Computer? Researchers Find LinkedIn Spam Downloads Trojan. BART Police Database Hacked #OpBART.