Feed aggregator

How to stop the NSA spying on your data

Security blogs - Jue, 06/13/2013 - 22:10

BIG BROTHER really is watching you. A series of revelations over the past week has revealed the extent of the US government's snooping. But there are ways that the average citizen can avoid the prying eyes of the state.

Last week, whistleblower Edward Snowden – a former contractor with the National Security Agency (NSA) – told UK newspaper The Guardian that the NSA not only has details of phone calls made by millions of Verizon customers, it also has some form of access to its citizens' internet activity as part of a programme named Prism.

Tags: NSAPrivacySecurityl33tdawg
Categorías: Bundle Security blogs

Trading Privacy for Convenience

Security blogs - Jue, 06/13/2013 - 19:06

Ray Wang makes an important point about trust and our data:

This is the paradox. The companies contending to win our trust to manage our digital identities all seem to have complementary (or competing) business models that breach that trust by selling our data.

...and by turning it over to the government.

The current surveillance state is a result of a government/corporate partnership, and our willingness to give up privacy for convenience.

If the government demanded that we all carry tracking devices 24/7, we would rebel. Yet we all carry cell phones. If the government demanded that we deposit copies of all of our messages to each other with the police, we'd declare their actions unconstitutional. Yet we all use Gmail and Facebook messaging and SMS. If the government demanded that we give them access to all the photographs we take, and that we identify all of the people in them and tag them with locations, we'd refuse. Yet we do exactly that on Flickr and other sites.

Ray Ozzie is right when he said that we got what we asked for when we told the government we were scared and that they should do whatever they wanted to make us feel safer. But we also got what we asked for when we traded our privacy for convenience, trusting these corporations to look out for our best interests.

We're living in a world of feudal security. And if you watch Game of Thrones, you know that feudalism benefits the powerful -- at the expense of the peasants.

Last night, I was on All In with Chris Hayes (parts one and two). One of the things we talked about after the show was over is how technological solutions only work around the margins. That's not a cause for despair. Think about technological solutions to murder. Yes, they exist -- wearing a bullet-proof vest, for example -- but they're not really viable. The way we protect ourselves from murder is through laws. This is how we're also going to protect our privacy.

schneier
Categorías: Bundle Security blogs

Vast array of medical devices vulnerable to serious hacks, feds warn

Security blogs - Jue, 06/13/2013 - 18:54

A vast array of heart defibrillators, drug infusion pumps, and other medical devices contain backdoors that make them vulnerable to potentially life-threatening hacks, federal officials have warned.

The devices, which also include ventilators, patient monitors, and surgical and anesthesia devices, contain hard-coded password vulnerabilities, according to an advisory issued Thursday by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), a liaison group between the US Department of Homeland Security and private industry. Attackers who know the default passwords of the devices can exploit these backdoors and change critical settings or replace the authorized firmware altogether.

The advisory came the same day that the Food and Drug Administration released its own notice on the same topic. Both warnings said there was no indication attacks were being carried out in the wild, and neither warning disclosed the affected device models or the manufacturers. But Terry McCorkle, one of the researchers who uncovered the vulnerabilities, said few if any are immune.

Read 4 remaining paragraphs | Comments

Categorías: Bundle Security blogs

Cloud Security Corporation Files U.S. Patent Application for One-Time Password System And Methods On A Mobile Computing Device

Security blogs - Jue, 06/13/2013 - 17:32
Process reduces several risk factors related to current one-time password technology(author unknown)
Categorías: Bundle Security blogs

S&ET Executive Breakfast - Featuring Dr. Patricia Falcone, OSTP

Security blogs - Jue, 06/13/2013 - 17:15
06/28/2013 - Dr. Patricia Falcone is the Associate Director for National Security and International Affairs in the Office of Science and Technology Policy (OSTP...(author unknown)
Categorías: Bundle Security blogs

Trusted Microelectronics Workshop

Security blogs - Jue, 06/13/2013 - 17:11
06/28/2013 - The NDIA is pleased to offer a workshop designed to identify ways in which Trusted Microelectronics can contribute to compliance with DoD Instructi...(author unknown)
Categorías: Bundle Security blogs

Phishing attacks on Iranian Gmail users jump before Iranian election

Security blogs - Mié, 06/12/2013 - 22:32

Google researchers have detected phishing attacks originating inside Iran that target tens of thousands of Gmail users from that country, a company official said in a blog post published Wednesday. The attacks appear to come from the same group that pulled off a much more sophisticated attack in 2011 involving a forged secure sockets layer certificate for the Google domain name.

“The timing and targeting of the campaigns suggest that the attacks are politically motivated in connection with the Iranian presidential election on Friday,” Eric Grosse, Google's VP of Security Engineering, wrote.

He said the attacks were aimed at Iranian-based account holders who were sent an e-mail purporting to be from Google asking the user to add an alternative e-mail address to their accounts. When users clicked on a URL provided in the e-mail, they were taken to a fake Google sign-in page that collected the victim’s username and password.

Read 2 remaining paragraphs | Comments

Categorías: Bundle Security blogs

Edward Snowden: US government has been hacking Hong Kong and China for years

Security blogs - Mié, 06/12/2013 - 22:19

US whistle-blower Edward Snowden yesterday emerged from hiding in Hong Kong and revealed to the South China Morning Post that he will stay in the city to fight likely attempts by his government to have him extradited for leaking state secrets.

In an exclusive interview carried out from a secret location in the city, the former Central Intelligence Agency analyst also made explosive claims that the US government had been hacking into computers in Hong Kong and on the mainland for years.

Tags: USChinaHong KongSecurityl33tdawg
Categorías: Bundle Security blogs

US charges eight with multimillion-dollar cybercrime

Security blogs - Mié, 06/12/2013 - 22:06

U.S. federal prosecutors charged eight people on Wednesday in connection with a multimillion-dollar fraud that siphoned money from hacked accounts at banks and financial institutions, laundered it and sent it overseas.

Four of the eight have been arrested by authorities, one as he arrived at New York's John F. Kennedy Airport on Tuesday afternoon, while four remain at large. Prosecutors unsealed details of the case on Wednesday.

Tags: Law and Orderl33tdawg
Categorías: Bundle Security blogs

NSA: "Dozens of attacks" prevented by our snooping

Security blogs - Mié, 06/12/2013 - 22:04

The National Security Agency has defended its slurping of phone records and other business data on the grounds the information contained has helped it fight terrorism.

In a congressional hearing on cybersecurity and government surveillance on Tuesday, NSA Director General Keith Alexander said the NSA's data slurping had let it avert terror attacks.

Tags: SecurityNSAl33tdawg
Categorías: Bundle Security blogs

Chinese piracy ring operator sentenced after selling military-related software

Security blogs - Mié, 06/12/2013 - 22:00

On Tuesday, a Chinese national was sentenced to 12 years in federal prison for conspiracy to commit wire fraud and criminal copyright infringement. The sentencing is part of a plea deal with federal prosecutors over a massive software piracy ring. Once the prison term is complete, Xiang Li will be deported back to China.

Tags: ChinaLaw and Orderl33tdawg
Categorías: Bundle Security blogs

Facebook now lets users include hashtags in posts

Security blogs - Mié, 06/12/2013 - 21:58

Facebook is setting itself up to introduce the hashtag to status posts, per a press release from the company Wednesday. The company acknowledges that the feature is “similar to other services like Instagram, Twitter, Tumblr, or Pinterest,” and will in fact integrate with the hashtags used on Instagram.

Tags: FacebookIndustry Newsl33tdawg
Categorías: Bundle Security blogs

Does the Big Bang necessarily mean we're part of a multiverse?

Security blogs - Mié, 06/12/2013 - 21:46

For most of its history, the idea of a multiverse was the domain of science fiction and some rare speculation from physicists. In recent years, though, the idea that our Universe may be just one among many has gained traction in two different areas.

Tags: Sciencel33tdawg
Categorías: Bundle Security blogs

Scientists investigate dark lightning threat to aircraft passengers

Security blogs - Mié, 06/12/2013 - 21:44

US Navy scientists are going to rig aircraft with radiation detectors to check if a phenomenon known as dark lightning could be killing aircraft passengers.

Dark lightning is the product of the electrical activity caused by thunderstorms and produces intense bursts of omnidirectional terrestrial gamma-ray flashes (TGFs) up to half a mile wide, as electrons and positrons are forced to interact by the atmospheric disturbance such storms produce.

Tags: Sciencel33tdawg
Categorías: Bundle Security blogs

Big Brother needs a data privacy policy

Security blogs - Mié, 06/12/2013 - 21:43

"NO ONE is listening to your calls," soothed President Barack Obama last week, following the revelation that the US National Security Agency (NSA) had been collecting data about telephone and online communications on a truly epic scale. But Obama's pledge is nothing like as reassuring as it might sound.

Tags: PrivacyIndustry Newsl33tdawg
Categorías: Bundle Security blogs

iOS 7 design changes remain in flux, likely to see major revisions before release

Security blogs - Mié, 06/12/2013 - 21:41

Much has been said, both positive and negative, about the look of Apple's iOS 7, though new information reveals the design showed off at WWDC on Monday was merely a work in progress, meaning those initial impressions are likely to change in the months ahead.

According to The Next Web, people familiar with Apple's latest mobile operating system said the iOS 7 beta, as well as the preview shown at the WWDC keynote on Monday, is a "mid-stride" snapshot of the work being done behind closed doors.

Tags: AppleiOS7l33tdawg
Categorías: Bundle Security blogs

Google buys Waze and puts the squeeze on Facebook and Apple

Security blogs - Mié, 06/12/2013 - 21:40

With Google set to buy app-maker Waze, the question is whether Google actually needs the crowd-sourced traffic app or is simply trying to stick it to its competitors.

On Tuesday, Google confirmed weeks of rumors that it is buying Waze. The company did not disclose the terms of the deal, but early reports put the price between $1 billion and $1.3 billion.

Tags: GoogleWazeIndustry Newsl33tdawg
Categorías: Bundle Security blogs

Iranian phishing on the rise as elections approach

Security blogs - Mié, 06/12/2013 - 20:00
Posted by Eric Grosse, VP Security Engineering

For almost three weeks, we have detected and disrupted multiple email-based phishing campaigns aimed at compromising the accounts owned by tens of thousands of Iranian users. These campaigns, which originate from within Iran, represent a significant jump in the overall volume of phishing activity in the region. The timing and targeting of the campaigns suggest that the attacks are politically motivated in connection with the Iranian presidential election on Friday.


Our Chrome browser previously helped detect what appears to be the same group using SSL certificates to conduct attacks that targeted users within Iran. In this case, the phishing technique we detected is more routine: users receive an email containing a link to a web page that purports to provide a way to perform account maintenance. If the user clicks the link, they see a fake Google sign-in page that will steal their username and password.

Protecting our users’ accounts is one of our top priorities, so we notify targets of state-sponsored attacks and other suspicious activity, and we take other appropriate actions to limit the impact of these attacks on our users. Especially if you are in Iran, we encourage you to take extra steps to protect your account. Watching out for phishing, using a modern browser like Chrome and enabling 2-step verification can make you significantly more secure against these and many other types of attacks. Also, before typing your Google password, always verify that the URL in the address bar of your browser begins with https://accounts.google.com/. If the website's address does not match this text, please don’t enter your Google password.
Categorías: Bundle Security blogs

First Edition Of SIA Technology Insights Released

Security blogs - Mié, 06/12/2013 - 18:17
Publication provides exclusive vendor-neutral analyses of emerging security technologies(author unknown)
Categorías: Bundle Security blogs