Posts Tagged network security

Pushing Back Against Surveillance Tech

From Electronic Frontier Foundation:

At work, employee-monitoring “bossware” puts workers’ privacy and security at risk with invasive time-tracking and “productivity” features that go far beyond what is necessary and proportionate to manage a workforce. At school, programs like remote proctoring and social media monitoring follow students home and into other parts of their online lives. And at home, stalkerware, parental monitoring “kidware” apps, home monitoring systems, and other consumer tech monitor and control intimate partners, household members, and even neighbors. In all of these settings, subjects and victims often do not know they are being surveilled, or are coerced into it by bosses, administrators, partners, or others with power over them.

, , , , ,

No Comments

Chinese Hack Government Networks

From ZDNet:

According to the New York Times, senior American officials said hackers gained access to the system in March before the infiltration was detected and blocked.

The hackers appeared to be targeting files “on tens of thousands of employees who have applied for top-secret security clearances,” and data including employment records, personal information — such as drug use — and the foreign contacts of security applicants may have been placed at risk.

, , , ,

No Comments

The Cyber Security Industrial Complex

From: MIT

A claim by Wikileaks that documents it released last week provide evidence of a “secret new industry” of mass surveillance was as breathless as previous pronouncements from Julian Assange’s organization. But the material does provide a stark reminder that our online activities are easily snooped upon, and suggests that governments or police around the world can easily go shopping for tools to capture whatever information they want from us.

The take-home for ordinary computer users is that the privacy and security safeguards they use—including passwords and even encryption tools—present only minor obstacles to what one researcher calls the “cyber security industrial complex.”

“There is no true privacy in any computing systems against determined government-level surveillance,” says Radu Sion, a computer scientist at Stony Brook University who directs its Network Security and Applied Cryptography Laboratory. He says that as computing systems become more complex, and reliant on components from many different suppliers, the number of vulnerabilities that can be exploited by attackers and surveillance tools will grow.

more

 

, , , , ,

No Comments

Computer Virus Hits U.S. Drone Fleet

From: Danger Room

A computer virus has infected the cockpits of America’s Predator and Reaper drones, logging pilots’ every keystroke as they remotely fly missions over Afghanistan and other warzones.

Computer Virus Hits U.S. Drone Fleet

, , ,

No Comments

Citi Credit Card Information Stolen

Information on 200,000 Citi Credit Card Customers was stolen in an attack on their network.

Citi said no birth dates, Social Security numbers or card security codes were accessed by the hackers last month. They got away with account numbers and e-mail addresses. The financial institution said it would provide new cards to affected customers.

From Wired’s Threat Level

, , , ,

No Comments

Cyber combat: act of war

From: WSJ via Kurzweil AI

Cyber combat: act of war

June 1, 2011

Source: Wall Street Journal — May 31, 2011

The Pentagon has concluded that computer sabotage coming from another country can constitute an act of war, opening the door for the U.S. to respond using traditional military force.

Pentagon officials believe the most sophisticated computer attacks require the resources of a government. For instance, the weapons used in an assault such as taking down a power grid would likely have been developed with state support.

Defense officials refuse to discuss potential cyber adversaries, although military and intelligence officials say they have identified previous attacks originating in Russia and China.

Read original article

Topics: Computers/Infotech/UI | Survival/Defense

, , , , ,

No Comments

Iranian hackers obtain fraudulent HTTPS certificates

From: EFF

Iranian hackers obtain fraudulent HTTPS certificates: How close to a Web security meltdown did we get?

On March 15th, an HTTPS/TLS Certificate Authority (CA) was tricked into issuing fraudulent certificates that posed a dire risk to Internet security. Based on currently available information, the incident got close to – but was not quite – an Internet-wide security meltdown. These events show why we urgently need to start reinforcing the system that is currently used to authenticate and identify secure websites and email systems.

more

 

 

, , , , , , ,

No Comments

RSA compromise: Impacts on SecurID

From: Dell SecureWorks

RSA SecurIDRSA is the security division of EMC software, best known for the popular SecurID two-factor authentication tokens used in high-security environments including some government networks. RSA announced that a cyberattack resulted in the compromise and disclosure of information “specifically related to RSA’s SecurID two-factor authentication products”. The full extent of the breach remains publicly unknown. RSA states that “this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack.” Organizations that make use of SecurID should be alert for attempts at circumventing their authentication infrastructure, though no specific attacks are known to be occurring at the time of this publication.

RSA’s breach disclosure

On March 17, 2011, RSA announced [1] that a cyberattack on its systems was successful and resulted in the compromise and disclosure of information “specifically related to RSA’s SecurID two-factor authentication products”. While the full extent of the breach remains publicly undisclosed, RSA states that “this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack.”

more

, , ,

No Comments

Sophisticated Attacks Threaten Major Energy Firms

From: Dark Reading

New advanced persistent threat (APT) attack combines a variety of vectors, seeks to steal sensitive data, McAfee researchers say

By Tim Wilson

Researchers at McAfee yesterday revealed details of a new advanced persistent threat attack that uses a combination of methods in an effort to steal sensitive operations, exploration, and financial data from petroleum and energy companies.The new series of attacks, dubbed “Night Dragon,” may have begun as long ago as 2008, McAfee says in its report about the threat. “Now, new Night Dragon attacks are being identified every day,” the report says. Night Dragon’s creators “appear to be highly organized and motivated in their pursuits,” McAfee says.

The attack is “a combination of social engineering and well-coordinated, targeted, cyber attacks using Trojans, remote control software, and other malware.” The report says McAfee has seen evidence of the attacks in virtually every region of the globe, and that it has “identified tools, techniques, and network activities utilized … that point to individuals in China as the primary source. ”

more

, , , ,

No Comments

Cyber-Threat Whitepapers

From: SC Magazine

, , , ,

No Comments

Zeus Trojan Targets Government and Military Workers

From: Angela Moscaritolo

A new campaign of the password-stealing Zeus trojan is targeting workers from government and military departments in the United States and United Kingdom, according to security researchers at Websense. The trojan is being distributed through spoofed emails claiming to come from the U.S. National Intelligence Council. The bogus messages contain subject lines such as “Report of the National Intelligence Council.” The emails aim to lure users into downloading a document about the “2020 project,” which actually is Zeus. — AM

, , , , ,

No Comments

Smartphones, Jailbreaking and the New Battle Front for Enterprise Security

From: IDGA

… So why is this so bad? First and foremost jailbreaking is a hack! Users are inviting a third party developer to hack your device. Plain and simple. Most recent versions of these tools are able to run over a simple webpage that is exploiting a few unpatched vulnerabilities in the smart phone operating system code. This risk was exposed last year when a worm “rick rolled” jailbroken iPhone users, exploiting a default password setting in secure shell daemon installed as part of the jailbreaking process.

more

, , , ,

No Comments