Welcome Guest | Sign In
LinuxInsider.com
From the Olympic Non-Robbery to Ford Getting Out of Cars, to Evil NSA: A Strange Week
August 22, 2016
There were three stories that caught my eye last week that I think deserve some additional discussion. One is the alleged robbery of U.S. Olympians followed by questions of whether it really happened because their phones weren't stolen. There may be a legitimate reason for that, and it's one that suggests a lot of folks will be getting huge cellphone bills next month.
To Protect Enterprise Data, Secure the Code
August 20, 2016
Responsibility for securing enterprise applications has been moving down the development lifecycle, and for good reason. It not only makes the enterprise more secure, but also saves companies time and money. For example, the average time to fix a vulnerability in IBM's application security solution has dropped from 20 hours to 30 minutes, according to Forrester Consulting.
Russian Gang Suspected of Hacking Oracle's POS System
August 20, 2016
Oracle has been investigating a point-of-sale system breach that may be the work of Russian cyberthieves. Hackers compromised at least 700 computers on the MICROS POS system, used by hundreds of thousands of hotels, restaurants and retail outlets worldwide to process credit card transactions, Krebs on Security reported earlier this month. More than 330,000 cash registers worldwide use MICROS.
Edward Snowden Sheds Light on Shadow Brokers
August 18, 2016
Edward Snowden has injected himself into an escalating cyberstruggle that could affect the U.S. presidential election. The reported hack of The Equation Group might have been a warning shot from Russia, Snowden claimed. The group, which is widely believed to be a front operation for the NSA, apparently was hacked over the weekend by a previously unknown outfit called the "Shadow Brokers."
Super-Sophisticated Spyware Spotted After 5-Year Run
August 16, 2016
Symantec and Kaspersky Lab last week separately announced the discovery of a highly sophisticated APT that had eluded security researchers for at least five years. A previously unknown group called "Strider" has been using Remsec, an advanced tool that seems to be designed primarily for spying. Its code contains a reference to Sauron, the main villain in The Lord of the Rings.
The Big Tech Election Stories No One Else Is Covering
August 15, 2016
Most analysts earn their daily bread by focusing on a particular subject area and following that direction. However, I rebelled against that established pattern. I tend to look between the lines more than many of my peers do. That means when major news media outlets focus on a story, I'm more likely to see what they missed. What interests me isn't what's been covered but what hasn't been covered.
Hackability of Volkswagen's Keyless Entry System Exposed
August 12, 2016
Hackers using cheap wireless devices pose a threat to millions of cars equipped with Volkswagen's keyless entry system, according to a study from the University of Birmingham. Scheduled for presentation Friday at the USENIX security conference in Austin, Texas, the study shows that thieves can use a simple wireless device to unlock the doors of millions of cars remotely.
TCP Flaw Opens Linux Systems to Hijackers
August 11, 2016
A flaw in the RFC 5961 specification the Internet Engineering Task Force developed to protect TCP against blind in-window attacks could threaten Android smartphones, as well as every Linux computer on the planet. The flaw is described in a paper a team of researchers presented at the 25th Usenix Security Symposium, ongoing in Austin, Texas, through Friday.
Russia Plays the Cybervictim Card
August 11, 2016
Russia's FSB recently reported that it found a cyberspying virus in the computer networks of more than 20 state authorities and defense contractors. The claim that malware has infected various government and defense companies came in the midst of a flurry of accusations that Russia has engaged in cyberattacks against U.S. targets in an effort to impact the presidential election.
DARPA Rewards Best Bug-Bombing Bots
August 11, 2016
The code warriors of the future literally might be computer code acting as warriors to defend against attackers on computer networks. DARPA gave us a glimpse into that future last Sunday, when it announced the winners of its Cyber Grand Challenge at DEF CON. Seven teams participated in the challenge to create systems that used bots to find and fix software problems without human intervention.
900 Million Androids Could Be Easy Prey for QuadRooter Exploits
August 9, 2016
Four newly identified vulnerabilities could affect 900 million Android devices, Check Point researchers disclosed. The vulnerabilities, which the researchers dubbed "QuadRooter," affect Android devices that use Qualcomm chipsets. They exist in the chipset software drivers. The drivers, which control communications between chipset components, are incorporated into Android builds.
Apple to Enlist the Aid of a Few Good Hackers
August 6, 2016
Apple has introduced its first bug bounty program, set to launch in September. Ivan Krstic, head of Apple security engineering and architecture, announced the program at the Black Hat security conference in Las Vegas. The focus reportedly is on an exceptionally high level of service, and on quality over quantity. Participation in the program initially will be by invitation only.
Linux Botnets on a Rampage
August 5, 2016
Linux-operated botnet Distributed Denial of Service attacks surged in this year's second quarter, due to growing interest in targeting Chinese servers, according to a Kaspersky Lab report released this week. South Korea kept its top ranking for having the most command-and-control servers. Brazil, Italy and Israel ranked among the leaders behind South Korea for hosting C&C servers, according to Kaspersky Lab.
Old Tech Can Create New Security Woes
August 3, 2016
"Patch your systems in a timely manner" is a mantra of security experts, but what happens when the patch well runs dry because a product's maker no longer supports it? That is a situation facing many large enterprises, and it's one that poses security risks. Between 30 percent and 50 percent of the hardware and software assets in the average large enterprise have reached their end-of-life date.
Gadget Ogling: Pokémon Go Drones, New Old Nintendo, and Snowden-Secured Smartphones
August 2, 2016
Pokémon Go, the augmented-reality smartphone game that's been eating away at the fabric of society in recent weeks, is enormously fun. I enjoy the mechanics, and that it pushes me to go on longer walks. That's all well and good in the nicer weather, but when there's two feet of snow, I don't really want to traipse around so much. That's why Pokédrone might be my new favorite thing.
Federal Agencies Seek Cyberdefenders
August 2, 2016
The U.S. government is in the process of hiring a small army of IT specialists to bolster its efforts to protect data held at federal agencies from cybersecurity threats. The feds hired 3,000 new cybersecurity and IT professionals in the first six months of the current fiscal year. The hiring spree is just one component of a "first ever" Federal Cybersecurity Workforce Strategy.
Clinton Campaign Latest Target of Hackers Linked to Russia
July 30, 2016
The campaign of Democratic presidential nominee Hillary Clinton is the latest possible victim of a series of hack attacks some cybersecurity experts have linked to the Russian government. Campaign officials reportedly acknowledged that an analytics program it uses, which is maintained by the DNC, was accessed in a breach discovered earlier this month.
KeySniffer Follows the Scent of Cheap Wireless Keyboards
July 29, 2016
A vulnerability in inexpensive wireless keyboards lets hackers steal private data, Bastille reported this week. The vulnerability lets hackers use a new attack the firm dubbed "KeySniffer" to eavesdrop on and capture every keystroke typed from up to 250 feet away. The stolen data is rendered in clear text. It lets hackers search for victims' credit card information, passwords and more.
Trump Tries to Walk Back Comments on Clinton Emails
July 28, 2016
Republican presidential nominee Donald Trump on Thursday attempted to walk back some of his remarks at a Wednesday morning press briefing during the Democratic National Convention, including his suggestion that Russian intelligence services should look for more than 30,000 deleted emails belonging to former Secretary of State Hillary Clinton and reveal them to the world.
Public-Private Team Leads Assault on Ransomware
July 28, 2016
Ransomware has become a scourge on the Internet -- but two information security companies, along with a pair of law enforcement agencies, this week launched an initiative to do something about it. No More Ransom is the centerpiece of a collaborative effort involving Kapersky Lab, Intel Security, the Dutch National Police and Europol. The new portal aims to educate the public about ransomware.
BlackBerry Offers Android Users a Secure New Smartphone
July 27, 2016
BlackBerry on Tuesday made a play for security-conscious Android users with the announcement of its new DTEK50. Running Android 6.0 Marshmallow and BlackBerry security software, the new unit is the "most secure Android smartphone" in the world, the company claimed. Many Android users have concerns about the their phone's security, according to a recent survey.
FBI Launches Probe Into DNC Email Hack
July 26, 2016
The FBI on Monday confirmed it has opened an investigation into allegations that the Wikileaks email dump of nearly 20,000 DNC emails over the weekend might be linked to the Russian government. Hackers connected to Russian intelligence agencies allegedly have been working to help tilt the U.S. presidential election. "The FBI is investigating a cyber intrusion involving the DNC," the agency said.
Snapchat's Curious About-Face
July 23, 2016
Fleeting memories will be a thing of the past with a new Snapchat feature currently rolling out. "Memories," introduced earlier this month, allows users of the app to save photos and photo stories to their phones, as well as share them with friends. Finding snaps or stories can be done with a simple text search. Protecting snaps and stories on a phone is easy, too.
Civil Rights Office Issues Ransomware Guidance
July 22, 2016
Ransomware infections are on the rise, and healthcare organizations are ripe targets, which may be why the federal government addressed the subject last week. Ransomware attacks have risen from about 1,000 a day last year to 4,000 a day this year, Symantec has reported. Many of those attacks are for small change, but some of the larger ones have been directed at healthcare providers.
Snowden Puts His Mind to Designing Spy-Proof Smartphone Cases
July 21, 2016
NSA whistle-blower Edward Snowden and noted hacker Andrew "Bunnie" Huang on Thursday published a paper on their collaboration to design a smartphone case that will protect user privacy. The pair developed a prototype compatible with the 4.7-inch iPhone 6, as it's "driven primarily by what we understand to be the current preferences and tastes of reporters," the paper states.
Google Transparency Report Shows Government Data Demands Rising
July 20, 2016
The number of government requests to Google for citizens' personal data rose in the second half of 2015, according to the company's latest Transparency Report, released Monday. The number has been trending upward for the past few years as the number of people connected to the Internet has increased. The growth also coincides with almost-daily reports of terrorist attacks.
The Internet of Medical Things, Part 3: Safety First
July 20, 2016
Though quick to capitalize on connected health devices and the coming Internet of Medical Things, hardware manufacturers may be moving too slowly when it comes to building the necessary protections into the back end. The National Security Agency last month told participants in a defense technology summit in Washington that it was looking into hacking connected medical devices.
Hackers Claim Credit for Pokemon Go No-Go
July 19, 2016
Pokemon Go, the augmented reality overnight sensation, experienced sluggish performance over the weekend, possibly from a hacker attack on its login servers. Shortly after Pokemon Go devs tweeted that the game was rolling out to 26 additional countries, this tweet appeared: "Trainers! We have been working to fix the server issues. ... We'll post an update soon."
Congressional Committee Report Finds Something Rotten at FDIC
July 18, 2016
Officials at the U.S. Federal Deposit Insurance Corporation, which insures deposits in U.S. banks, made false statements to Congress and failed to make timely notification of serious cybersecurity breaches, according to a U.S. House of Representatives Committee on Science, Space and Technology's interim staff report. FDIC CIO Lawrence Gross has created a toxic work environment, it also says.
Microsoft Wins Legal Victory in Fight Over Email Stored Abroad
July 15, 2016
Microsoft has won its nearly four-year battle against a warrant requiring it to turn over customer emails held on a server in Ireland. Microsoft had complied with demands to turn over account information stored on its servers in the U.S., but it had refused to give up the emails themselves, contending a U.S. judge did not have the authority to issue warrants for information stored abroad.
See More Articles in Security Section >>
Facebook Twitter LinkedIn Google+ RSS
What do you think of politically inspired Internet memes?
They tend to be brutally honest about their targets.
They're usually cheap shots based on lies.
They're often stupid but amusing.
They can have a dangerous influence on uninformed people.
They don't impress me one way or the other.