Security blogs

Distribuir contenido
Some security blogs I followCNXriv2VjbgCfgont2013-07-01T21:55:27Z
Actualizado: hace 4 años 24 semanas

Latest NSA leak details PRISM's bigger picture

Dom, 06/30/2013 - 23:03

New "top secret" slides released by The Washington Post on Saturday shed further light on the U.S. National Security Agency's (NSA) PRISM program, which was first publicly disclosed through a series of leaks by former government contractor turned whistleblower Edward Snowden earlier this month.

Tags: NSAPRISMIndustry NewsPrivacyl33tdawg
Categorías: Bundle Security blogs

Mark Dowd's next target? Attacking crypto phones and weaknesses in ZRTPCPP

Dom, 06/30/2013 - 23:02

In the wake of the recent NSA / Prism debacle, there has been a large push for secure, encrypted communications for the average user. This essentially means employing cryptography solutions in order to protect private communications from eavesdroppers (government or otherwise).

Tags: EncryptionSecurityIndustry Newsl33tdawg
Categorías: Bundle Security blogs

Facebook slurped phone numbers says Norton

Dom, 06/30/2013 - 22:59

Norton has pinged Facebook for slurping Android users' phone numbers without their consent. The findings, posted here, were announced along with a new version of the company's Android security app.

Norton, which once famously blocked Facebook as a phishing site, says the updated Mobile Insight flagged Facebook for Android as leaking the device phone numbers, affecting a “significant portion” of the hundreds of millions of people who have downloaded the app from Google Play.

Tags: FacebookPrivacyl33tdawg
Categorías: Bundle Security blogs

Snowden's ex-employer seeks quantum info. physicist

Dom, 06/30/2013 - 22:58

 Booz Allen Hamilton, the United States company that employed NSA bulk surveillance whistleblower Edward Snowden, is looking for a quantum information physicist.

Quantum information technology is currently intensely researched, among other things, to provide secure encryption that is capable of discovering eavesdropping when wiretapping changes the state of the communications link.

Tags: Industry Newsl33tdawg
Categorías: Bundle Security blogs

BlackBerry hits bump in turnaround road, shares plunge

Dom, 06/30/2013 - 22:55

BlackBerry's total market value plunged by more than one-fourth on Friday after the smartphone maker reported dismal quarterly results, prompting ever-deeper skepticism about a long-promised turnaround.

BlackBerry, which has struggled to claw back market share from the likes of Apple Inc's iPhone, Samsung Electronics Co Ltd's Galaxy phones and other devices powered by Google Inc's Android operating system, reported a loss in the fiscal first quarter ended June 1, and sales of its make-or-break new line of devices were softer than expected.

Tags: BlackBerryRIMIndustry Newsl33tdawg
Categorías: Bundle Security blogs

Nintendo Loses Appeal For WiiU.com Domain

Dom, 06/30/2013 - 22:52

Expect to see a number of unhappy faces at Nintendo headquarters this weekend – at least, wherever Nintendo's legal team sits – as the company has officially lost an appeal with the World Intellectual Property Organization over the rights to the domain name wiiu.com.

Didn't expect to see that one coming, eh?

Tags: NintendoIndustry NewsLaw and Orderl33tdawg
Categorías: Bundle Security blogs

Der Spiegel says US bugged EU offices in Washington

Dom, 06/30/2013 - 22:50

Today, German magazine Der Spiegel reported that it got a look at slides detailing the systematic bugging of European Union offices in the US. The news from the paper cited top-secret documents “that Spiegel has in part seen,” which were dated from 2010 and were recently obtained by Edward Snowden. The paper did not publish any of the documents it claims to have reviewed.

Tags: USGermanyPrivacyl33tdawg
Categorías: Bundle Security blogs

5 Tech Trends That Explain the Evolution of Online Threats

Sáb, 06/29/2013 - 21:15

Information security professionals need to keep an eye on the always-evolving cyber threat landscape. Accomplishing this involves understanding how changes in people’s use of technology influence the opportunities and techniques pursued by criminals on-line. Below are 5 tech trends that have affected the evolution of threats.

Mainstream adoption of the Internet into daily activities. The Internet has become so interwoven into our lives that we often don’t notice when activities make use of Internet-connected resources. Technology that allows people and businesses to utilize Internet connectivity has become so convenient, that even non-technical people, old and young, are able to harness the power of the web. As the result:

  • The increase in numbers of non-techies present on and accessible via the Internet made social engineering more fruitful. It’s often easier to target people who aren’t technology specialists.
  • Simplification of user interfaces, necessitated by the need to service non-techies, eliminated some of the details that could assist people in spotting malicious activities or intentions.
  • Commerce and other critical activities moved online, so the criminals followed. To paraphrase the famous saying, criminals are online “because that’s where the money is."

The increase in usefulness and popularity of mobile devices. Powerful pocket-sized computers with always-on Internet connectivity, also known as phones„ have become so common, that we rarely make a distinction between a regular and a “smart" phone. Overall, mobile devices have become as integral to the modern way of life as glasses, wallets and shoes. As the result:

  • The critical role of mobile devices, which act as a wallets, authentication tools and a communication portals, made them attractive targets. A criminal with access to someone’s mobile device has significant insights into and control over the victim’s life.
  • User interface limitations of small screens conceal visual elements that could aid people in making informed information security decisions. Mobile apps often omit security indicators such as SSL icons that have become staples of the traditional desktop browsing experience.
  • The use of personal devices for work purposes (BYOD) increased the attack surface available to criminals looking to compromise information security safeguards of enterprises. Attackers can use employee-owned mobile devices as portals into the organization’s network, systems and applications.

The popularity and acceptance of online social networking. While initially seen as serving the needs of niche groups, websites such as Twitter, Facebook and LinkedIn, have been joined by numerous others to support new ways in which people socialize online. Social networking sites have become the backbone of modern interactions. As the result:

  • The ease with which people can be reached through online social networks provided criminals with easy access to potential victims. While people might conceal their email addresses, they often allow strangers to contact them through online social networks.
  • The curation culture of online social networks, which encourages people to share links to videos, articles and other items of interest, provided scammers and malware operators convenient ways to distribute malicious links.
  • The wealth of personal data available on people’s social networking profiles provided criminals with the details for executing targeted attacks and social engineering scams.

The connectivity between “physical" and “virtual" worlds. Objects, tools and other constructs (e.g., thermostats, industrial control systems, home automation devices) in the “physical" world are increasingly connected to the web, giving rise to the concept of the "Internet of things." As the result:

  • The popularity of digital currencies, such as Bitcoin, and game currencies World of Warcraft gold, offered criminals new financial targets and monetization schemes that took them beyond standard currencies such as Dollar, Pound and Euro.
  • The ease of connectivity between VoIP and traditional telephone networks gave rise to new forms of telephone-based scams and denial-of-service attacks (TDoS) that target companies’ phone systems.
  • The addition of online access features to sensors such as video cameras provided attackers with new ways to observe victims remotely, compromising privacy and exposing people and organizations to espionage and other risks.

The acceptance of cloud computing. The use of external, virtualized and/or outsourced IT resources has gained mainstream adoption for not only personal, but also enterprise applications. The cloud is permeating all aspects of modern life. It is becoming increasingly difficult and unnecessary to make a distinction between traditional and cloud-based technologies. As the result:

  • Consolidated data stores outside of the traditional security perimeter of the individual’s PC or the organization’s network established attractive targets. For instance, compromising the email database of a mass-marketing service provider, the attacker can gain access to information useful for further criminal activities.
  • Greater reliance on third-party service providers blurred the line between the roles and responsibilities related to safeguarding data. With each party assuming that the other provides information security oversight and governance, the vulnerabilities available to attackers have increased in number.
  • The proliferation of online cloud-based services has increased the number of passwords that people need to manage, increasing the likelihood that people will select easy-to-remember and, therefore, easy-to-guess logon credentials.

Though I’ve broken out technology trends as distinct observations, they are interrelated within a system that comprises the modern way of life, which incorporates phones, social exchanges, interconnectedness and cloud services into its very fabric. Similarly, the trends in attack strategies, targets and rewards are intertwined to create the reality that infosec professionals need to understand and safeguard.

Lenny Zeltser

(author unknown)
Categorías: Bundle Security blogs

It’s not all code: A walk-through of goodies from Microsoft Build 2013

Vie, 06/28/2013 - 19:29

This week, you've joined us for the liveblogs and heard the many different announcements from Microsoft's Build developer conference. We got an extensive hands-on look at the new features in Windows 8.1 and its many interface changes. We also touched on Windows' new out-of-the-box 3D printing capabilities and took a stroll through the vastly improved Windows Store. After all that, we perused the miniature show floor, which was mostly a showcase of some of the latest Windows products. Take a peek.

Build had a show floor with all sorts of the latest hardware running Microsoft software.

23 more images in gallery

Read on Ars Technica | Comments

Categorías: Bundle Security blogs

Friday Squid Blogging: Man Pulled Under by Squids

Vie, 06/28/2013 - 19:07

Video story on Animal Planet.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

schneier
Categorías: Bundle Security blogs

Leak of powerful malware tool like “handing a bazooka to a child”

Vie, 06/28/2013 - 18:37
Some of the goodies included with Carberp. https://blogs.rsa.com/wp-content/uploads/2013/06/Untitled2.png

The recent leak of source code for a powerful piece of bank-fraud malware may spawn a surge of advanced botnet attacks carried out by copycat hackers who previously didn't have the skill to pull off such feats, security researchers warned.

Carberp, as the botnet-creation toolkit is known, previously sold in underground crime forums for as much as $40,000 a license. In the last week, source code for the crimeware began circulating online for free and can now be acquired by many people who have a few hours to poke around. While the leak is a boon for researchers who want to know as much as possible about the inner workings of sophisticated malware, it also comes with a dark side: it isn't that hard for malware newcomers to get their hands on the 1.88 GB package of code.

"In short, it does not take a genius to get a copy of the leaked source code, which makes this whole thing dangerous," Christopher Elisan, principal malware scientist in security firm RSA's FirstWatch department, wrote in a blog post published Friday. "Any script kiddie, who probably does not understand the technology, can use this which may result in dire consequences. It's like handing a bazooka to a child."

Read 1 remaining paragraphs | Comments

Categorías: Bundle Security blogs

Impermium Study Unearths Consumer Attitudes Toward Internet Security

Vie, 06/28/2013 - 18:24
Study explored Americans' limited adoption of two-factor authentication(author unknown)
Categorías: Bundle Security blogs

Me on EconTalk

Vie, 06/28/2013 - 17:44

Another audio interview; this one is mostly about security and power.

schneier
Categorías: Bundle Security blogs

My Talk at Google

Vie, 06/28/2013 - 17:42

Last week, I gave a talk at Google. It's another talk about power and security, my continually evolving topic-of-the-moment that could very well become my next book. This installment is different than the previous talks and interviews, but not different enough that you should feel the need to watch it if you've seen the others.

There are things I got wrong. There are contradictions. There are questions I couldn't answer. But that's my process, and I'm okay with doing it semi-publicly. As always, I appreciate comments, criticisms, reading suggestions, and so on.

schneier
Categorías: Bundle Security blogs

Hard drive-wiping malware part of new wave of threats targeting South Korea

Vie, 06/28/2013 - 16:54
Simon Yeo

Amid a new wave of attacks hitting government and media networks in South Korea, researchers have uncovered yet another piece of malware that destroys sensitive hard drive data and renders computers unusable.

Trojan.Korhigh, as the new wiper program is called by security firm Symantec, contains the same kind of functionality that simultaneously shut down the networks of a half-dozen banks and broadcasters in March. Like the earlier Jojka malware, Korhigh can permanently destroy stored data and overwrite a hard drive's master boot record, which contains information required for computers to reboot.

Korhigh accepts several commands that allow attackers to inflict additional damage. One "switch" changes passwords on compromised computers to "highanon2013" according to a blog post published Thursday by Symantec. Another wipes specific types of files, including those that end in .gif, .php, .dll, and 21 other extensions. Korhigh's discovery on Thursday came a day after Symantec researchers said they had identified the hacking group responsible for the March attacks. The newly identified DarkSeoul group is also responsible for a new wave of attacks that hit South Korea on Tuesday and were timed to coincide with the 63rd anniversary of the state of the Korean War.

Read 5 remaining paragraphs | Comments

Categorías: Bundle Security blogs

Preventing Cell Phone Theft through Benefit Denial

Vie, 06/28/2013 - 16:37

Adding a remote kill switch to cell phones would deter theft.

Here we can see how the rise of the surveillance state permeates everything about computer security. On the face of it, this is a good idea. Assuming it works -- that 1) it's not possible for thieves to resurrect phones in order to resell them, and 2) that it's not possible to turn this system into a denial-of-service attack tool -- it would deter crime. The general category of security is "benefit denial," like ink tags attached to garments in retail stores and car radios that no longer function if removed. But given what we now know, do we trust that the government wouldn't abuse this system and kill phones for other reasons? Do we trust that media companies won't kill phones it decided were sharing copyrighted materials? Do we trust that phone companies won't kill phones from delinquent customers? What might have been a straightforward security system becomes a dangerous tool of control, when you don't trust those in power.

schneier
Categorías: Bundle Security blogs

DEF-CON 21 Entertainment Featured Artist Posting: Round 1

Vie, 06/28/2013 - 15:55

There's more to be announced very shortly, but we thought we'd kick things off with a taster on some extraordinarily talented acts we've managed to get a hold of. These are in no particular order. There should be something for eeeeveryone here.

****************************************************************
First up: Left/Right

Video: Santogold - L.E.S. Artistes (Left/Right Remix)
https://www.youtube.com/watch?v=_j-evh5FiKM

Chris Lund aka Left/Right has spent over 12 years working from Dallas as a dj, producer, and teacher... and even longer as a musician. His music has garnered support from Rolling Stone, DJ Mag, BT, The Crystal Method, Excision, and DJ Icey, charted in the top 10 at Beatport, Juno, TrackItDown, Hype Machine, and received airplay in scores of countries around the world.

With degrees in both music composition and audio engineering, Chris loves to create music. His exciting singles, remixes, and dj mixes feature his signature broken beat, future garage, and unique bass sound and drive his energetic performances. L/R is regularly booked coast to coast and internationally to move dancefloors- including sets at Fabric (London), Burning Man, SXSW, Meltdown festivals, and his resident FUTURE events.

Site link: http://www.facebook.com/leftrightmusic

****************************************************************
Next: Bil Bless (a.k.a. Son of the Electric Ghost a.k.a. SOTEG)

Video: Bil Bless - Nas Says
https://www.youtube.com/watch?v=ThnDMl2oP5w

I'm going to make up a bio for him. If you took Richard D. James/Aphex Twin, gave him an American accent, demanded he use more dance-floor-oriented beats, had him master for a number of well-known stateside heavies, and shoved him into some dark dank underground lair where no one could possibly ever find him or hear of him except the most dedicated of cool-hunters, you'd get out the ever so enigmatic Bil Bless a.k.a. Son of the Electric Ghost a.k.a. SOTEG. We don't know how we pulled it off, but we got him to agree to come thread some of the most technical and yet beautiful bassy glitchy music through your head. I'm going to insert a personal bias here, and say that he put on the best live show I've ever seen or heard. Ever. (Sorry everyone else).

PS: No one has apparently yet found his real tune from our DCXX compilation last year (it's supposed to be a scavenger hunt...).

Site link: http://bilbless.bandcamp.com/

****************************************************************
Next: BlakOpz

Video: BlakOPz - Hunted
https://www.youtube.com/watch?v=f9_ndeqcnug

BlakOPz.....

Clandestine.
Covert.
Their shadowy presence on our roster has been confirmed only to a select few up to now – but with their first major mission alongside AESTHETIC PERFECTION and X-RX about to take place across America, the time has come for us to publicly identify BLAKOPZ as the new tactical unit in DWA's ever-more-powerful army of artists.

With collective field experience of over 20 years in the rave, industrial and related music scenes, veteran DJ/producer Mike Weir (codename "Mindbender") and producer Alex King (codename "Kill The Alex") joined forces in just 2010 to form the BLAKOPZ unit – yet have already been deployed in surgical strikes throughout America opening for the likes of FGFC820, GOD MODULE, HANZEL UND GRETYL, IMPERATIVE REACTION and AYRIA.

Site link: https://www.facebook.com/BlakOPzBAND

****************************************************************
Next: Psymbionic

Video: Beastie Boys - Intergalactic (Psymbionic Remix)
https://www.youtube.com/watch?v=vks7Yfq3cT0

As a part of the upcoming generation of electronic music producers, Psymbionic creates aural experiences that demonstrate the possibility for multi-tempo Bass Music and culture to exist within a range of more divergent influences. Passion and innovation drives this young producer, facilitating his forthcoming and past releases on labels such as Muti Music, MalLabel, and Gravitas Recordings, just to name a few.

With this latest project, John Burcham has been moving bodies and turning heads for several years, playing with acts such as Bassnectar, STS9, Beats Antique, ill.Gates, Excision, EOTO, and Tipper. In addition to festival appearances that include Nocturnal, Wakarusa, and Sonic Bloom, Psymbionic demonstrates heavy involvement both on the stage and behind the scenes at electronic showcases such as his local SXSW in Austin, TX. Burcham's work informs his repertoire with roots in the furthest reaches of the electronic music scene, and grants him a unique perspective on each crowd through the latest developments of the industry.

In a live show context, Psymbionic confronts mixes that are limited to the scope of the build and release, avoiding an industry epidemic of drop-monotony that overpowers the flow of music. Burcham seeks to prove that there are more powerful influences in moving a crowd than simple anticipation, providing an interwoven dynamic that relies on the strength of his blend, rather than the sole force or familiarity of the apex.

Psymbionic's theory of music is a journey that doesn't visit the same place twice, building excitement for what's next not because you can anticipate it, but because you've never been there before.

Site link: http://psymbionicmusic.com/

****************************************************************
Next: Au5 & Fractal

Video: Au5 & Fractal - Halcyon
https://www.youtube.com/watch?v=HXhTKddTt0o

What happens when you take trance music and merge it with glitch-hop? With a proper execution, you get the upstarts Au5 + Fractal, an east-coast duo from New Jersey + Maryland. You know how everyone has that older relative who talks about having seen The Stones, or The Beatles, etc before they got massively huge? If you see them at DEF-CON, you'll be the one telling your future kids/grand-kids that same old story about these guys. Site links: https://soundcloud.com/au5 and https://soundcloud.com/officialfractal

(author unknown)
Categorías: Bundle Security blogs

TEDx, Great security challenges in Smart Grids

Vie, 06/28/2013 - 10:03
El pasado 20 de junio, tuvo lugar TEDx Basque Country en la preciosa costa de Biarritz. En el mismo participaron distintos expertos innovadores del País Vasco, Navarra y Aquitania y compartieron bajo los lemas de la cultura, la seguridad y la felicidad su visión, ideas, conocimiento y curiosidad.



TEDx Basque Country_Great Security Challenges S21secElyoenai Egozcue, ICS and Smart Grid Security Manager de S21sec tuvo la oportunidad de participar y expuso los retos de seguridad de las Smart Grids. Tras una introducción sobre la importancia que la electricidad tiene en nuestras vidas introdujo el concepto de las Smart Grids, clave de las Smart Cities y ciudades inteligentes. Y, cómo no, los retos de seguridad a los que las compañías tendrán que enfrentarse dado el impacto de estos dispositivos inteligentes en la sociedad y en la Seguridad Nacional.

Te animamos a seguir su exposición en la sección “Are We Safe” a partir del minuto 14.

Marketing S21secnoreply@blogger.com (S21sec Labs)
Categorías: Bundle Security blogs

Malware that Foils Two-Factor Authentication

Vie, 06/28/2013 - 08:31

This is an interesting article about a new breed of malware that also hijack's the victim's phone text messaging system, to intercept one-time passwords sent via that channel.

schneier
Categorías: Bundle Security blogs

Hackers in Africa are building their own aircraft

Vie, 06/28/2013 - 02:12

While you’re trying to come up with an idea for your next project this guy’s been building his own helicopter from whatever parts he can find. He’s just one of the aeronautical hackers featured in a story in the Daily Mail. The article’s narrative leaves us with many questions, but there’s enough info to make it worth a look.

Tags: HackersHardwareAfricaIndustry Newsl33tdawg
Categorías: Bundle Security blogs