Welcome Guest | Sign In
LinuxInsider.com
NSA Shares Its Data Wealth
August 26, 2014
The United States National Security Agency secretly shares the communications data it has amassed over the years with nearly 24 U.S. government agencies using a search engine resembling Google Search, according to documents released by Edward Snowden. That's more than 850 billion records of phone calls, emails, cellphone locations and Internet chats.
Sony DDoS Attack May Have Been Smokescreen
August 25, 2014
Sony's PlayStation and Sony Entertainment networks were taken down over the weekend by a distributed denial of service attack. The hackers, who call themselves the "Lizard Squad," also forced authorities to divert a plane Sony Entertainment president was on by tweeting that there might be a bomb on board. A hacker with the handle "FamedGod" later claimed responsibility for the DDoS attack.
OS Flaw Leaves Android Wide Open for App Hack Attacks
August 22, 2014
A flaw in Android's GUI framework let university researchers hack into applications with up to 92 percent success. They tested apps from Gmail, H&R Block, Newegg, WebMD, Chase Bank, Hotels.com and Amazon. "Changes in the shared memory side channel allow an attacker to infer if there is an activity transition going on in the foreground," said researcher Zhiyun Qian, an assistant professor at UCR.
Security Researchers Lay Bare TSA Body Scanner Flaws
August 22, 2014
The U.S. Transportation Security Administration, part of the Department of Homeland Security, has spent more than a billion dollars on full-body scanners designed to strengthen airport security. It turns out that at least one model of scanner in use for four years -- the Rapiscan Secure 1000 full-body scanner -- easily could have been foiled by a savvy bad actor.
Google Gets in a Trusted Stores Encryption Tangle
August 21, 2014
A conflict between Google's push to make the Web more secure and its Trusted Store program may be costing at least one business money. Pegasus Auto Racing Supplies, which encrypts all the pages on its website, reportedly has had its application for Google's Trusted Stores program turned down. Think of the badge as the equivalent of the Good Housekeeping Seal.
Is Open Source an Open Invitation to Hack Webmail Encryption?
August 21, 2014
In a move influenced by Edward Snowden's revelations about the NSA's email snooping, Yahoo and Google last week announced that they were cooperating on end-to-end encrypting their webmail products. While the open source approach has proven its value over and over again, the idea of opening up the code for security features to anyone with eyeballs still creates anxiety in some circles.
The Connected Car, Part 3: No Shortcuts to Security
August 19, 2014
The connected car is becoming a reality, but the gadget-filled roadways it travels will be paved with several options for in-car technologies. These choices pose challenges for carmakers. Whichever technology wins the race, one of the biggest concerns for OEMs is their electronic security. The Linux Foundation wants an open source platform in the pole position.
Mobile App Attacks: No Malware, No Problem
August 19, 2014
Traditional attack methods, like those used with the recent mobile online banking Trojan Svpeng, involve the installation of malware on the device to steal information and commit fraud. However, new techniques are emerging that would enable an attacker to compromise a device and steal private information from the owner -- for example, the typical copycat app on a third-party app store.
Freedom Act Leaves IT Sector at Risk for Spy Program Costs
August 14, 2014
A recent U.S. Senate proposal to curb the impact of electronic surveillance conducted by the NSA could enhance privacy for citizens and benefit businesses as well. However, major information technology companies that help the government collect telecom and Internet data still will be vulnerable to the substantial costs of working with the NSA, even if the proposed bill becomes law.
Snowden Blows NSA's MonsterMind
August 13, 2014
The NSA is working on a new program codenamed "MonsterMind" that will automate the monitoring of traffic patterns on the Internet to look for attacks, whistleblower Edward Snowden revealed. When it detects an attack, MonsterMind will automatically block it from entering the U.S. cyberinfrastructure. It also will automatically fire back at the server from which the attack was launched.
Yahoo, Google Team Up to Fight Email Snoops
August 13, 2014
Yahoo and Google last week announced they'd be teaming up to secure their Web mail systems with encryption by the end of next year. "Our goal is to make end-to-end encryption fully available in 2015," said Yahoo Vice President of Information Security Alex Stamos. Yahoo will be releasing the code for its encryption solution to the open source community.
The Cavalry Rides Into Auto Industry With Security Proposal
August 12, 2014
A grassroots group calling itself "I Am The Cavalry" has published an open letter to the automotive industry offering its services in ensuring security and safety. "Modern vehicles are computers on wheels and are increasingly connected and controlled by software and embedded devices," the letter reads. New technology "introduces new classes of accidents and adversaries," the group pointed out.
Russian Gang's Credentials Theft Exposes Web's Wild, Wild West Side
August 12, 2014
News that a Russian gang has stockpiled more than a billion purloined user name and password combinations has revved up the Internet's reputation as a post industrial Wild, Wild West. Just how much havoc will be raised by the gang remains to be seen. The data thieves so far appear content to use their ill-gotten trove for spamming, according to Hold Security, which discovered the credential cache.
Taking the Temperature of Java App Security
August 11, 2014
Current approaches to Java application protection place security at the application or the network layer, both of which are problematic. The first approach has proven to be too complex, too time consuming and too risky -- in other words, "too hot." Meanwhile, network level security that consists of perimeter devices lacks the intelligence to know what's going on inside the application.
Carrier Software Flaws Imperil Smartphones: Report
August 08, 2014
Wireless carriers pose a threat to mobile phone security, researchers have disclosed. Mathew Solnik and Marc Blanchou of Accuvant this week told an audience at the Black Hat security conference in Las Vegas that Android, BlackBerry and some iOS devices are vulnerable. The problem lies in a device management tool using the OMA Device Management Standard, which carriers embed into mobile devices.
Cyberspies Help Themselves to DHS Contractor's Data
August 08, 2014
USIS, the contractor that did the background checks on Washington Navy Yard shooter Aaron Alexis and NSA leaker Edward Snowden, on Thursday reported that its computer systems have been breached. "Our internal IT security team recently identified an apparent external cyberattack on USIS' corporate network," said US Investigation Services in a statement.
Secure Sites to Get the Google Bump
August 07, 2014
Google on Wednesday announced that it has begun factoring websites' use of HTTPS into its search rankings, resulting in more favorable results for those that use the security-minded protocol. Use of the protocol still is considered just a minor factor, though, affecting fewer than 1 percent of global queries and carrying less weight than high-quality content.
Russian Cybergang Stockpiles 1.2B Unique Stolen Credentials
August 07, 2014
A Russian cybercriminal gang so far has stolen 4.5 billion credentials, of which 1.2 billion appear to be unique, Hold Security has announced. The credentials belong to more than 500 million email addresses. Two reports released Tuesday may help explain why the cybergang was so successful. About 92 percent of the 800 top consumer websites evaluated failed the OTA's 2014 Email Integrity Audit.
WiFi Insecurity: Crying Wolf or Big Bad Wolf?
August 07, 2014
Can a hacker take over a passenger jet by sneaking in through its WiFi or in-flight entertainment system? The possibility of that occurring, as suggested by cybersecurity firm IOActive, has security experts hot under the collar. Ruben Santamarta, principal security consultant at IOActive, is scheduled to present the team's findings Thursday at the Black Hat security conference.
Wikimedia Blasts Europe's 'Right to Be Forgotten'
August 06, 2014
The Wikimedia Foundation has released its first-ever transparency report -- and along with it a protest against Europe's "right to be forgotten" law. Wikimedia is the nonprofit owner of Wikipedia and other sites. "Denying people access to relevant and neutral information runs counter to the ethos and values of the Wikimedia movement," wrote Wikimedia attorneys Geoff Brigham and Michelle Paulson.
Retailers Harassed by Backoff Malware
August 05, 2014
The U.S. Department of Homeland Security last week sounded an alarm warning retailers of a family of malicious programs aimed at compromising point-of-sale systems. Attackers used such software last year in massive data breaches that nicked millions of consumer records at Target and Nieman Marcus. Variants of the Backoff family have turned up in at least three forensic investigations.
Cops Snag Child Pornography Suspect, Thanks to Gmail Scan
August 04, 2014
A routine scan of a Texas man's Gmail by Google has led to his arrest on child pornography possession and promotion charges. John Henry Skillern, 41, of Houston was arrested by police July 30 following a tip by Google to the National Center for Missing and Exploited Children. He has been charged with one count each of child pornography possession and child pornography promotion.

See More Articles in Security Section >>
Facebook Twitter LinkedIn Google+ RSS