15.8 C
Friday, August 18, 2017
Home Authors Posts by cyberparse


Our purpose is to provide the right information to our readers. For obvious reasons, our information journey will of couse be ever changing, but from the outset we plan on the following: Break down and communicate knowledge relating to Cyber Crime, Cyber Security, Information Security and Computer Security. Use Risk Management practices to help in translating the technical aspects of the Risks, Threats and Vulnerabilities into business language. Communicate the appropriate Controls necessary to reduce the Impact and Probability. We will do this by: Identifying, collating and providing relevant information. Highlighting relevant News articles. Investigating trends and providing Analysis. Providing How-to tips and tricks to reduce the Threats and Vulnerabilities. Offering Products and Solutions designed to mitigate or defend against the risks. ------ Joe Woods, Editor and CTO

Verizon Transparency Report reveals 164,000 subpoenas, 1,500 wiretaps

The company received about 320,000 requests for customer information in the US, and just a few thousand internationally. January 22, 2014 9:57 AM PST As expected, Verizon has released its 2013 Transparency Report, and the company's data shows th...

Ukraine texts citizens: Hey, we see you’re in a mass disturbance

During the protests in Kiev, the Ukrainian government uses phone technology to identify those anywhere near the antigovernment marches. Many Ukrainians aren't happy. (Credit: NoCommentTVYouTube screenshot by Chris Matyszczyk/CNET) Your government wants...

Pew: Most young Americans support Snowden

Fifty-seven percent of people ages 18 and 29 say Edward Snowden "served the public interest" by leaking NSA data. That figure falls to 35 percent among those older than 65. January 22, 2014 9:31 AM PST (Credit: Pew) Edward Snowden, the famed Nati...

Speech recognition hack turns Google Chrome into advanced bugging device

Bugs were reported to Google in September 2013, remain unpatched.    

5 questions for Snowden that aren’t exactly about the NSA

The NSA leaker will be taking questions via Twitter for a Webcast Q&A session on Thursday. Crave's Eric Mack has five questions for Edward Snowden that have been eating away at him and have little to do with the NSA. January 22, 2014 8:06 AM PST...

Government investment in cyber security awareness “just not enough”

The government needs to invest far more resources into its Cyber Streetwise education campaign about online threats if it's actually going to tackle issues surrounding cyber security. That's according to Mark Brown, director of UK and Ireland Information Security Practice for professional services firm Ernst & Young.

He made the remarks as part of a roundtable discussion about cyber security hosted by IT security firm Websense in London today. Launched earlier this month, the Cyber Streetwise campaign includes a website, radio commercials and adverts on public transport, all of which encourage citizens to take as much care with online security as they would in the real world. But Brown suggested that while the campaign demonstrates the government is going in the right direction, it needs to up its game in order to be truly successful, and that will require a larger pool of resources than the current £860m budget which has been set aside. Suggesting that the "the maths works out at £3 per person, per year in the UK" in terms of government cybersecurity spend on citizens, Brown accused this example of being "symptomatic of the entire government's national cyber security strategy". Brown argued that the total yearly investment of £4m per year for an associated Get Safe Online campaign is "just not enough". A solution, Brown suggested, is to make any campaign designed to improve awareness about cyber threats and cyber security as hard hitting and prevalent as those for drink driving or road safety. "If the UK government is serious about this being a public safety agenda – and that's where they're trying to take it both for a business and individual – how much have they spent on drink driving campaigns? Or crossing the road safely campaigns?" he asked. Brown argued that in order to achieve this, Cyber Streetwise needs more financial clout in order to achieve true awareness about cyber threats. "It's that level of campaign investment that is required and I don't think Cyber Streetwise [matches that].

The concept and idea behind it is right, but is there sufficient investment in it to achieve what its marketing intended?"

Cyber security warning for corporate finance

Online information sharing could put corporate finance deals at risk, with cyber criminals potentially targeting major investment banks, corporate executives, advisers and other parties in a bid to glean sensitive financial data, intellectual property...

iCloud Control Panel 2.1.3 for Windows Vista

The iCloud Control Panel makes it easy to keep your contacts, calendars, and bookmarks up to date automatically between your iPhone, iPad, iPod touch, Mac, and Windows Vista PC.  It also includes Photo Stream, which wirelessly pushes photos you ...

Google “complained at great length” to NSA after snooping revelations

Google chairman Eric Schmidt has denied knowing about the surveillance techniques used by the National Security Agency, despite having high enough clearance with the US government to have been informed. Schmidt said staff at Google had "complained at ...

‘123456’ Overtakes ‘Password’ as Weakest Password

The good news? The word "password" is not the weakest password found on the Internet.

The bad news? It's still number two, and the top one is "123456." That's according to SplashData, a company that makes software for mobile phones and has been keeping the list for at least three years.

The company compiles the annual list by going through the passwords exposed in data breaches during the year and culling out the most popular. The goal is to encourage people to use passwords that are more difficult for hackers to crack, according to SpashData officials. "As always, we hope that with more publicity about how risky it is to use weak passwords, more people will start taking simple steps to protect themselves by using stronger passwords and using different passwords for different websites," CEO Morgan Slain said in a statement. The 25 passwords on the list of the worst of 2013, released Jan. 21, are examples of what users should not do, according to SplashData. Many are easily guessable—think "qwerty" at number four, "iloveyou" at number 9 or "admin," a new word on the list, at number 12.

There are also several passwords that use a small number of numerals, from "111111" at number seven, "1234" at 16, "12345" at 20 and "000000" at 25. A couple of the passwords new on the list stem from the security breach last year at Adobe, where personal information for up to as many as 2.9 million of the company's customers was compromised. Popping up on SplashData's list were "adobe123" at number 10 and "photoshop" at number 15. "Seeing passwords like 'adobe123' and 'photoshop' on this list offers a good reminder not to base your password on the name of the website or application you are accessing," Slain said. The company's entire list can be found on its Website. Security firms and tech vendors alike for years have warned computer users about the need for strong passwords to guard against attackers gaining access to personal information. Data breaches are not uncommon, and cyber-thieves have tools that can quickly break simple and weak passwords. Researchers at Microsoft and Carnegie Mellon in December unveiled a tool called Telepathwords, which models the ways cyber-criminals try to figure out passwords based on common patterns. Telepathwords was created in hopes of encouraging users to opt for stronger passwords. McAfee, Intel's security division, last year rolled out a list of suggestions for creating strong passwords.

Among the suggestions were using long passwords that feature a combination of upper-case and lower-case letters, as well as numbers, spaces and other characters.

The longer the password, the better. In addition, McAfee—as well as most security experts—say users should use different passwords for each Internet site they get into.

Target Breach Involved Two-Stage Cyber-Attack: Security Researchers

Security firms have posted details of the malware used in the Target breach and how the attackers communicated the data outside the company. New details have emerged in the massive compromise of retail giant Target's systems that resulted in the leak of tens of millions of credit- and debit-card accounts. When Target acknowledged a breach of its systems on Dec. 19, the company released few details of the malware and tactics used in the attack. Over the last week, however, security researchers have discovered the likely malware used by attackers as well as the method by which the data thieves retrieved the stolen information from Target's network. On Jan. 16, security firm Seculert revealed that it had found an Internet server that the attacker had used as a communications hub to retrieve information from a drop site within Target's own network.

The attackers apparently collected the stolen data on the compromised Target server and then used a compromised Web site to grab the data starting Dec. 2, Seculert stated in the analysis. "They were able to infiltrate (Target's) network and then setup several machines as part of the data exfiltration," Avi Raff, chief technology officer for Seculert, told eWEEK in an email interview. "As this is a two stage attack—steal PoS data from a machine not connected to the Internet, then move it to another machine which can send the data to an FTP (server)—it does seem to be sophisticated." Starting on Dec. 2, the malware began transmitting the cache of stolen data outside the network to the collection server. Using a virtual private server in Russia, the attackers then downloaded the information.

The stolen data totaled 11GBs, according to Seculert. By the time the company was able to analyze the compromised Web server, the information had been deleted from the server, but the log files still revealed that massive amounts of information had been retrieved from an Internet address within Target's own network. Symantec and other firms identified the program as a derivative of the BlackPOS malware, which among other features can "scr**e" information from a compromised point-of-sale terminal's memory while it is unencrypted. Security researcher and journalist Brian Krebs first reported the Target breach and that security firms had identified the malware on Dec. 15. The Target breach is not an isolated incident: The average retailer has seven infections communicating out from its network, according to an analysis of 1,035 distinct compromises at 139 retailers carried out by security firm BitSight.

The most prevalent malware, known as Neurevt, accounted for nearly 250 of the infections, the company found. Overall, the retail sector appears to have significant problems with malware, Stephen Boyer, co-founder and CEO of BitSight, stated in a blog post. "What is clear is that many U.S. retailers had vulnerabilities that led to compromised systems that were or are currently under the control of a remote adversary," Boyer stated. "Not all of these organizations will be impacted equally and may not begin to rival the scale of the loss at Target; nevertheless, the evidence strongly suggests that Target and Neiman Marcus are not alone."

Microsoft: World Governments’ Turn to Tackle Data Privacy

Roiled by the NSA spying scandal, Microsoft calls on governments to establish an international legal framework that respects individual privacy. Microsoft, like many big technology companies, has a massive user base that crosses more than a few borders.

And that poses a problem for any company that wishes to balance lawful requests for user data and the privacy protections of said users. Brad Smith, Microsoft's vocal General Counsel and executive vice president of the software company's Legal and Corporate Affairs department, called on the world's governments to come to the table and work out a framework that removes the cloud of uncertainty that has gripped the IT industry. With data privacy and government surveillance reform on the agenda at this week's World Economic Forum meeting in Davos, Switzerland, his company is using its clout to push those issues to the forefront. "We need an international legal framework – an international convention – to create surveillance and data-access rules across borders," he wrote in a Jan. 20 Microsoft on the Issues blog post. As recent revelations have shown, not all user data is treated equally by government surveillance and law enforcement agencies, reminded Smith. "The issues of the last year have reminded the world that the strong protections afforded by the U.S. Constitution and in U.S. law seldom apply to other countries' citizens," he said. Smith noted that "surveillance takes place by governments internationally," and unsurprisingly, "governments around the world demand access to customer data." Therefore, he added, "we need to broaden the topic and bring together governments to create a new international legal framework." Under such a framework, privacy protections must be upheld, argued Smith. "The cornerstone of such a convention should be respect for human rights and individual privacy." Whichever agreements governments adopt "should ensure that governments seek information about the private citizens of the other participating countries only pursuant to legal rules and due process," he said. Microsoft, along with other tech giants including Google and Apple, have been rocked by allegations that the National Security Agency's (NSA) surveillance apparatus included privileged access to their systems and unencrypted Internet traffic, granting the United States government practically unfettered access to user data.

The capabilities came to light after Edward Snowden, an ex-NSA contractor, leaked classified information to the press. Following months of controversy, President Barack Obama finally announced NSA reforms in a Jan. 17 policy speech. Reforms include more oversight for the NSA's intelligence-gathering operations and changes to how phone metadata is handled. Smith signaled that while it's a step in the right direction, Microsoft intends to remain vigilant. "We appreciate the steps the President announced, which represent positive progress on key issues including privacy protections for non-U.S. citizens," said Smith. "There is more work to do to define some of the details and additional steps that are needed, so we’ll continue to work with both the administration and Congress to advocate for reforms consistent with the principles our industry outlined in December." Last month, Microsoft joined Google, Apple, Facebook, LinkedIn and Yahoo and published an open letter on a Website called "Reform Government Surveillance" demanding changes to how governments collect user data. "Consistent with established global norms of free expression and privacy and with the goals of ensuring that government law enforcement and intelligence efforts are rule-bound, narrowly tailored, transparent, and subject to oversight, we hereby call on governments to endorse the following principles and enact reforms that would put these principles into action," they wrote.