One of the most nervewracking and tedious parts of developing a Web site is making sure that it is safe from data theft and other security breaches. Taipei-based startup Lucent Sky‘s mission is to make cyber security easier for developers. The company says its software CLEAR is the first commercially available program for automatic application vulnerability mitigation.
TechCrunch
Tag Archives: security
Cyber Security Startup Lucent Sky’s CLEAR Makes Securing Web Sites A Breeze
Posted by Gsurface
on May 14, 2013
No comments
PayPal wants to get rid of passwords in favor of biometric security
Posted by Gsurface
on May 12, 2013
No comments
While passwords are the way of the land on the internet, PayPal’s chief information security officer Michael Barrett says that passwords and PINs are obsolete and we need a new standard for security on computers and the internet. Barrett thinks that the next step is fingerprint scanners, which he believes will debut on smartphones at
Watch Dogs game true-to-life hacking developed with real security pros
Posted by Gsurface
on May 12, 2013
No comments
The development team at Ubisoft have been working on the game Watch Dogs for an unusually long time. This hacker-themed game has been in development for 4.5 years, long enough for the original concept to have gotten so close to real life that its developers have been able to easily consult with a team of
PayPal’s chief information security officer says passwords’ days are numbered
Posted by Gsurface
on May 11, 2013
No comments
Recently speaking at the Interop IT conference, PayPal’s chief information security officer, Michael Barrett, stated that passwords and PINs were operating on borrowed time. Barrett hopes to replace online security keys with a setup that’s a blend of software and hardware-based identification. He also serves as president of the Fast Identity Online Alliance (FIDO) — the organization’s focus is to combine an effective mix of software (passwords and plugins) and hardware (USB drives and fingerprint scanners) for user authentication.
PayPal’s technology boss didn’t allude to his company adopting these new types of security systems for its customers anytime soon. Instead he announced that FIDO-enabled devices will be hitting the market sometime this year. Progress, yes, but until this hardware becomes more widely available, it’s likely that you’ll be spending more time getting acquainted with two-step logins.
Filed under: Internet, Software
Via: SlashGear
Source: Macworld
Bank security weaknesses led to cyber looting of $45M from ATMs
Posted by Gsurface
on May 10, 2013
No comments
Alberto Yusi Lajud Pena, found dead in the Dominican Republic two weeks ago, was the leader of the New York cell of an international gang of cyber thieves that authorities allege stole a staggering $ 45 million from ATM machines around the world.
Computerworld News
Syria 'disappears' from the Internet, security firm says
Posted by Gsurface
on May 8, 2013
No comments
Internet traffic to and from Syria, which is in the midst of a civil war, appears to have dried up.
Computerworld News
Samsung Galaxy S4 wins Pentagon security approval
Posted by Gsurface
on May 3, 2013
No comments
The Pentagon has given the official nod to any Samsung device protected by the Knox security software, which for now includes just the Galaxy S4. [Read more]
     |
Following Best Coding Practices Doesn’t Always Mean Better Security
Posted by Gsurface
on May 3, 2013
No comments
wiredmikey writes “While some best practices such as software security training are effective in getting developers to write secure code, following best practices does not necessarily lead to better security, WhiteHat Security has found. Software security controls and best practices had some impact on the actual security of organizations, but not as much as one would expect, WhiteHat Security said in its Website Security Statistics Report. The report correlated vulnerability data from tens of thousands of Websites with the software development lifecycle (SDLC) activity data obtained via a survey. But there is good news — as organizations introduced best practices in secure software development, the average number of serious vulnerabilities found per Website declined dramatically over the past two years. ‘Organizations need to understand how different parts of the SDLC affects how vulnerabilities are introduced during software development,’ Jeremiah Grossman, co-founder and CTO of WhiteHat said. Interestingly, all the Websites tested under the study, 86 percent had at least one serious vulnerability exposed to attack every single day in 2012, and on average, resolving vulnerabilities took 193 days from the time an organization was first notified of the issue.”
Read more of this story at Slashdot.
National Security Draft For Fining Tech Company “Noncompliance” On Wiretapping
Posted by Gsurface
on April 30, 2013
No comments
Jeremiah Cornelius writes with what looks to be part of CISPA III: Children of CISPA. From the article: “A government task force is preparing legislation that would pressure companies such as Facebook and Google to enable law enforcement officials to intercept online communications as they occur. … ‘The importance to us is pretty clear,’ says Andrew Weissmann, the FBI’s general counsel. ‘We don’t have the ability to go to court and say, “We need a court order to effectuate the intercept.” Other countries have that.’ Under the draft proposal, a court could levy a series of escalating fines, starting at tens of thousands of dollars, on firms that fail to comply with wiretap orders, according to persons who spoke on the condition of anonymity to discuss internal deliberations. ‘This proposal is a non-starter that would drive innovators overseas and cost American jobs,’ said Greg Nojeim, a senior counsel at the Center for Democracy and Technology. ‘They might as well call it the Cyber Insecurity and Anti-Employment Act.’”
Read more of this story at Slashdot.
Honda recalls 44,000 Honda Fit Sport vehicles to upgrade security systems
Posted by Gsurface
on April 28, 2013
No comments
Honda has issued a recall for 43,782 of its 2012-2013 Honda Fit Sport vehicles all across the United States. The recalls has been issued so that the company can upgrade the vehicles’ Vehicle Stability Assist (VSA) software. The current software on the 2012-2013 Honda Fits may function improperly, allowing Honda Fits with certain tires to
Living with Google Glass, Day Three: Security Checkpoint
Posted by Gsurface
on April 28, 2013
No comments
You might be inclined to think that airport security is not the best place to wear Google Glass. You’d probably be right, but given the amount that I travel it was pretty-well inevitable that I’d cross through some security checkpoint before the course of this testing would be through.
More Info
I’m honored to be part of the X-Prize Visioneering conference this week, a gathering of incredible minds putting their considerable brainpower behind the creation of competitions to make the world a better place. But, to take part I’d have to get out to California, and that meant yet another long flight across the country — and another trip through the full-body scanner. The question is, how would the folks at airport security react to it?
AT&T rolls out home security and monitoring service
Posted by Gsurface
on April 26, 2013
No comments
AT&T is launching its Digital Life security and monitoring service in 15 markets and has made pricing available. [Read more]
| |
Amazon looks to move security appliances to the cloud
Posted by Gsurface
on April 24, 2013
No comments
Amazon Web Services is looking to expand its security offerings with hosted intrusion protection appliances and more extensive encryption features, as it seeks to increase the level of protection users can get in its cloud.
Computerworld News
Twitter to roll out new password security control?
Posted by Gsurface
on April 24, 2013
No comments
Word has it that the social network is planning to debut two-factor authentication to cut down on user account hacking. [Read more]
| |
Verizon security report itemizes annual data breaches
Posted by Gsurface
on April 23, 2013
No comments
Verizon has published its latest Data Breach Investigations Report, which is released annually and looks at the instances of data breaches that happened over the course of a year. According to the report, 2012 saw 621 data breaches – those that were confirmed, that is – in addition to a much higher approximately 47,000 so-called
Java 8 Delayed To Fix Security
Posted by Gsurface
on April 19, 2013
No comments
mikejuk writes “Java Development Kit 8, planned for September 2013, is being delayed until next year because of ‘a renewed focus on security.’ Java has been having security publicity problems recently, but Oracle now seems to be taking them more seriously. Mark Reinhold, chief architect of the Java platform group, said, ‘Maintaining the security of the Java Platform always takes priority over developing new features, and so these efforts have inevitably taken engineers away from working on Java 8.’ The major change still to be made to Java 8 is Project Lambda, which Reinhold says is ‘the sole driving feature of the release.’ He laid out alternatives, such as dropping Lambda from this release, but said Oracle has decided instead to wait until Lambda is ready. The revised schedule for JDK 8 has a developer preview scheduled for September, a release candidate scheduled for January 2014, and general availablity scheduled for March 2014. The delay means that Java SE 9 will probably be released in early 2016, rather than late 2015.”
Read more of this story at Slashdot.
Oracle Fixes 42 Security Vulnerabilities In Java
Posted by Gsurface
on April 19, 2013
No comments
wiredmikey writes “Oracle released its quarterly Critical Patch Update (CPU) for April, which addressed a whopping 128 security issues across multiple product families. As part of its update, Oracle released a Java SE Critical Patch Update to plug 42 security holes in Java, 19 with base CVE score of 10 (the highest you can go) and 39 related to the Java Web Start plugin which can be remotely exploited without authentication. According to security analyst Wade Williamson, organizations need to realize that Java will continue to pose a significant risk. ‘The first step is for an organization to understand precisely where and why Java is needed,’ Williamson wrote. ‘Based on the rate of newly discovered vulnerabilities, security teams should assume that Java is and will continue to be vulnerable.’ Organizations should to take a long, hard look at Java and answer for themselves if it’s worth it, Williamson added. Due to the threat posed by a successful attack, Oracle is strongly recommending that organizations apply the security fixes as soon as possible.”
Read more of this story at Slashdot.
Botched Security Update Cripples Thousands of Computers
Posted by Gsurface
on April 18, 2013
No comments
girlmad writes “Thousands of PCs have been crippled by a faulty update from security vendor Malwarebytes that marked legitimate system files as malware code. The update definition meant Malwarebytes’ software treated essential Windows.dll and .exe files as malware, stopping them running and thus knocking IT systems and PCs offline, leaving lots of unhappy users and one firm with 80% of its servers offline.”
Read more of this story at Slashdot.
ACLU to FTC: Mobile carriers fail to provide good Android security
Posted by Gsurface
on April 17, 2013
No comments
The civil liberties group claims AT&T, Verizon, T-Mobile, and Sprint aren’t doing enough to protect users’ private data because they’re not sending out timely Android security updates. [Read more]
| |
NSA Data Center Brings Concerns Over Security and Privacy and Jobs
Posted by Gsurface
on April 14, 2013
No comments
chamilto0516 writes “Twenty-five miles due south of Salt Lake City, a massive construction project is nearing completion. The heavily secured site belongs to the National Security Agency. The NSA says the Utah Data Center is a facility for the intelligence community that will have a major focus on cyber security. Some published reports suggest it could hold 5 zettabytes of data. Asked if the Utah Data Center would hold the data of American citizens, Alexander [director of the NSA] said, ‘No…we don’t hold data on U.S. citizens,’ adding that the NSA staff ‘take protecting your civil liberties and privacy as the most important thing that they do, and securing this nation.’ But critics, including former NSA employees, say the data center is front and center in the debate over liberty, security and privacy.” According to University of Utah computing professor Matthew Might, one thing is clear about the Utah Data Center, it means good paying jobs. “The federal government is giving money to the U.’s programming department to develop jobs to fill the NSA building,” he says.
Read more of this story at Slashdot.
New Bird Shaped Drone Shown at Security and Defense Trade Show
Posted by Gsurface
on April 14, 2013
No comments
garymortimer writes “SHEPHERD-MIL, a UAV which looks like a native bird with the same flight performance, will be featured at HOMSEC 2013. This UAV is characterized by the glide-ratio and noiseless motor that make it invisible, silent and unobtrusive in sensitive missions. SHEPHERD-MIL is equipped with cameras and geolocation software. The system is especially suitable for border surveillance missions, firefighting, and anti-drug trafficking operations amongst others.”
Read more of this story at Slashdot.
NSA data center front and center in debate over liberty, security and privacy
Posted by Gsurface
on April 13, 2013
No comments
TJX Hacker Gives Keynote At ‘Offensive’ Security Conference
Posted by Gsurface
on April 13, 2013
No comments
An anonymous reader writes “Two hundred hackers from around the world gathered at a Miami Beach hotel Thursday and Friday for the Infiltrate Security conference, which focuses on systems hacking from the ‘offensive’ perspective (with slides) . In a keynote address, Stephen Watt, who served two years in prison for writing the software used by his friend Alberto Gonzalez to steal millions of credit card numbers from TJX, Hannaford and other retailers, acknowledges he was a ‘black hat’ but denies that he was directly involved in TJX or any other specific job. Watt says his TCP sniffer logged critical data from a specified range of ports, which was then encrypted and uploaded to a remote server. Brad ‘RenderMan’ Haines gave a presentation on vulnerabilities of the Air Traffic Control system, including the FAA’s ‘NextGen’ system which apparently carries forward the same weakness of unencrypted, unauthenticated location data passed between airplanes and control towers. Regarding the recent potential exploits publicized by Spanish researcher Hugo Teso, Haines says he pointed out similar to the FAA and its Canadian counterpart a year ago, but received only perfunctory response.”
Read more of this story at Slashdot.
House committee votes in favor of pro-business cyber security bill
Posted by Gsurface
on April 11, 2013
No comments
Ask Slashdot: Dealing With Unwanted But Official Security Probes?
Posted by Gsurface
on April 6, 2013
No comments
An anonymous reader writes “I manage a few computers for an independent private medical practice connected to a hospital network. Recently I discovered repeated attempts to access these computers. After adjusting the firewall to drop connections from the attacking computers, I reported the presumed hacker IP to hospital IT. I was told that the activity was conducted by the hospital corporation for security purposes. The activity continues. It has included attempted fuzzing of a web server, buffer overrun attacks, attempts to access a protected database, attempts to get the password file, etc. The doctors want to maintain a relationship with the hospital and are worried that involving law enforcement would destroy the relationship. What would you advise the doctors to do next?”
Read more of this story at Slashdot.
Microsoft to patch IE10 Pwn2Own bugs next week, says security expert
Posted by Gsurface
on April 5, 2013
No comments
Microsoft will ship nine security updates next week, two rated “critical,” to patch Internet Explorer, Windows, SharePoint Server, Office Web Apps and the company’s anti-malware software in Windows 8 and RT.
Computerworld News
D-Link unveils extremely rugged DSC-6210 security camera
Posted by Gsurface
on April 3, 2013
No comments
D-Link is a company that many probably relate more to home networking gear than anything else. The manufacturer also has a full line of cameras designed to connect directly to computer networks for video surveillance and other needs. D-Link has unveiled its latest professional grade security IP camera line featuring a new full HD resolution
The War Z player data compromised after security breach
Posted by Gsurface
on April 2, 2013
No comments
Those of you who play Hammerpoint’s The War Z may want to change your passwords. Hackers have breached databases in The War Z that held personal player info. Players’ email addresses, passwords, in-game names, IP addresses, and game log-in credentials have all been compromised. Hammerpoint has temporarily shut down its servers for The War Z
South Korea defense ministry reportedly crafts a cyber policy group to unify its security
Posted by Gsurface
on April 2, 2013
No comments
If you hadn’t heard, South Korea’s under a lot of pressure lately, including a spate of internet-based attacks against banks and broadcasters on March 20th that some worry (though can’t confirm) was the result of a large-scale hacking campaign. The country won’t simply stand idle and brace for another hit, according to the Yonhap News Agency. It understands from an unnamed senior official that South Korea’s Ministry of Defense is complementing its Cyber Command division with a policy group, not unlike a UK equivalent, that would coordinate online security across different military sections, including the refinement of a defensive cyberwarfare strategy and recruiting more people to bulk up the digital front lines. Provided the claim is accurate, the division would be up and running before the first half of the year is over — and likely not a moment too soon.
[Image credit: John Pavelka, Flickr]
Filed under: Networking, Internet
Via: The Next Web
Source: Yonhap News Agency
Heroku Forces Customer Upgrade To Fix Critical PostgreSQL Security Hole
Posted by Gsurface
on April 1, 2013
No comments
Heroku customers are getting first access to a critical update to the PostgreSQL database system that will patch a major security hole. The overall PostgreSQL community will get access to an update on Thursday. Here’s the statement from Heroku: Heroku Postgres databases will be undergoing a brief but important update between today Monday (April 1st) and Wednesday (April 3rd). During the update, your database will be offline for roughly sixty seconds, and will then be restarted. Due to the nature of this update, a scheduled time is not possible. Individual notifications will not be sent for databases that require maintenance. Last Thursday, the PostgreSQL site issued a statement saying it would be issuing the update on April 4 to include a fix for a high-exposure security vulnerability. They strongly urged customers to apply the update as soon as it is available. No word back yet, but I’ve asked Heroku’s public relations team for comment about why they are making the forced update and the reason they are getting first access. Hacker news commenters are saying the early access may be due to the sheer number of Heroku customers using the PostgreSQL database. The privilege also raises questions about PostgreSQL policy toward security and who gets early access and who does not. One Hacker News commenter said: Meanwhile they are holding back a security fix for numerous other companies that also take security extremely seriously. This creates a situation where companies considering posgresql will now have to ask “will I get security fixes as soon as they are ready or will I intentionally be left vulnerable while more privileged users get early access?” Not a good precedent as far as I’m concerned. It’s an unusual move by Heroku and a striking example of how cloud security is a major issue. Companies like Heroku rarely issue these forced updates. Most often they are for major updates to the platform. But a security vulnerability such as this could have consequences to the entire platform.
TechCrunch
Why Your Next Phone Will Include Biometric Security
Posted by Gsurface
on March 30, 2013
No comments
An anonymous reader sends this quote from Forbes: “… it is an almost certainty that within the next few years, three biometric options will become standard features in every new phone: a fingerprint scanner built into the screen, facial recognition powered by high-definition cameras, and voice recognition based off a large collection of your vocal samples. … We store an enormous amount of our most intimate and personal information on cell phones. Businesses today are already struggling with policies regarding bringing devices from home, and it’s only going to get more difficult. A study by Symantec highlighted the depth of the problem – around the world, all different types of companies consider enterprise mobile device security to be one of their largest challenges. … Ever since Apple purchased Authentec Inc in July of last year, there has been an endless stream of news stories obsessing over whether Apple will include a fingerprint scanner in their next release. In reality, Apple is one among many players, and whether they include a biometric sensor in the 5S or wait till the 6 is largely irrelevant, the entire mobile industry has been headed this way for years now. … There are separate questions as to whether these technologies are ready for such a wide-scale deployment.”
Read more of this story at Slashdot.
Newfound iMessage security issue spams, crashes app
Posted by Gsurface
on March 30, 2013
No comments
A reported attack method can target Apple’s iMessage service and flood it with messages. So far it remains highly isolated. [Read more]
CNET News
Payleven, The Samwers’ Square/PayPal Rival, Ramps Up Security With FSA Authorization, MasterCard mPOS Scheme
Posted by Gsurface
on March 27, 2013
No comments
There is no single mobile payment company in Europe that has reached the scale and stature that Square has in the U.S., where the Jack Dorsey-led startup processed $ 1 billion in transactions in 2012. Payleven, one of the many mobile payment startups that want to take that crown on the other side of the pond, is today announcing two more steps in its strategy to convince businesses and consumers to sign on. Payleven, part of the Samwer brothers’ Rocket Internet stable, has been authorized as a payment institution by the UK’s Financial Services Authority; and it is also now part of MasterCard’s mPOS program – two moves to improve its credibility as a secure payment provider.
Amazon Web Services Launches CloudHSM, A Dedicated Hardware Security Appliance For Managing Cryptographic Keys
Posted by Gsurface
on March 26, 2013
No comments
Amazon just announced the launch of CloudHSM, a new service that provides Amazon Web Services users who need to meet corporate, contractual and regulatory compliance requirements for data security a way to do so by using a dedicated Hardware Security Module (the ‘HSM’ in CloudHSM) within the Amazon cloud. Until now, Amazon argues, the only option for many companies that use its cloud services was to store their most sensitive data – or the encryption keys to it – in their own on-premise data centers. This, of course, made it hard for these companies to fully migrate their applications to the cloud. The new service, Amazon writes, can be used to support “a variety of use cases and applications, such as database encryption, Digital Rights Management (DRM), and Public Key Infrastructure (PKI) including authentication and authorization, document signing, and transaction processing.” The actual appliances are Luna SA modules from SafeNet, Inc. The new CloudHSM service uses Amazon’s Virtual Private Cloud (VPC) and the appliances are provisioned inside the user’s VPC with an IP address the user specifies. The service, Amazon says, provides businesses with secure key storage and protects these keys with “tamper-resistant HSM appliances that are designed to comply with international (Common Criteria EAL4+) and U.S. Government (NIST FIPS 140-2) regulatory standards for cryptographic modules.” Because the HSMs are located close to the user’s EC2 cloud computing instances, network latency should be very low. All of this, however, doesn’t come cheap. The upfront cost to provision a CloudHSM is $ 5,000 and the hourly cost are $ 1.88 per hour, which comes out to $ 1,373 on average per month. For businesses that need this kind of security, that’s probably a small price to pay, but this is clearly not a service that’s geared toward startups that just want to ensure their encryption keys and data are stored safely. The HSM client software can load balance requests across two or more CloudHSMs, though Amazon notes that it can take “several weeks” to provision more than two HSMs.
TechCrunch
OpenDNS Raises Cash From Sutter Hill Ventures As It Looks To Build Out Enterprise Network Security As A Service
Posted by Gsurface
on March 26, 2013
No comments
Fast growing enterprise network security company OpenDNS is announcing a new investment this morning, raising an undisclosed amount of Series B funding from Sutter Hill Ventures. New managing partner and former Juniper Network Systems executive Stefan Dyckerhoff is joining the company’s board. While OpenDNS is not releasing the exact amount of the funding, founder and CEO David Ulevitch tells us it’s a “meaningful round and a very large check,” that will enable the cash flow positive company to ramp up expansion in the next few years. Prior to this round, Open DNS had raised $ 7 million from Minor Ventures, Sequoia Capital and Greylock Partners.
Apple ID security issue fixed, password page back online
Posted by Gsurface
on March 24, 2013
No comments
The page was taken down yesterday, after reports of an exploit that could let hackers with a user’s e-mail address and birth date change the user’s Apple ID password. The company has fixed the issue. [Read more]
CNET News
Security experts applaud Apple’s new two-factor authentication
Posted by Gsurface
on March 23, 2013
No comments
Apple this week followed the lead of rivals like Facebook, Google and Microsoft, offering two-step authentication to help customers secure their Apple IDs against hacking.
Computerworld News
NASA locks out foreigners, orders security review following concerns of Chinese spying
Posted by Gsurface
on March 20, 2013
No comments
Apple sued for alleged security patent infringement
Posted by Gsurface
on March 20, 2013
No comments
Intertrust, a company backed by Sony and Phillips, says Apple needs to license its security patents. [Read more]
CNET News
British government disputes reports that it rejected BlackBerry 10 for security reasons
Posted by Gsurface
on March 20, 2013
No comments
A British government security group said Wednesday said it hasn’t yet evaluated the security of BlackBerry 10 devices such as the Z10.
Computerworld News
Schneier: Security Awareness Training ‘a Waste of Time’
Posted by Gsurface
on March 20, 2013
No comments
An anonymous reader writes “Security guru Bruce Schneier contends that money spent on user awareness training could be better spent and that the real failings lie in security design. ‘The whole concept of security awareness training demonstrates how the computer industry has failed. We should be designing systems that won’t let users choose lousy passwords and don’t care what links a user clicks on,’ Schneier writes in a blog post on Dark Reading. He says organizations should invest in security training for developers. He goes on, ‘… computer security is an abstract benefit that gets in the way of enjoying the Internet. Good practices might protect me from a theoretical attack at some time in the future, but they’re a bother right now, and I have more fun things to think about. This is the same trick Facebook uses to get people to give away their privacy. No one reads through new privacy policies; it’s much easier to just click “OK” and start chatting with your friends. In short: Security is never salient.’”
Read more of this story at Slashdot.
DHS shifting to cloud, agile development to boost homeland security
Posted by Gsurface
on March 20, 2013
No comments
The U.S. Department of Homeland Security (DHS) has moved to agile development and is shifting to cloud platforms in an effort to improve its IT operations.
Computerworld News
Hackers use Crown Casino’s own security cameras to beat the house
Posted by Gsurface
on March 18, 2013
No comments
An Australian casino called Crown Casino was hit by a group of high-tech hackers. The hackers co-opted the casinos own security cameras for the heist that saw them to make off with about $ 33 million. The hackers broke into the casino’s surveillance camera network and used the cameras to gain an advantage during some high-stakes
Security Vulnerability Found On US Federal Government Contractors Site
Posted by Gsurface
on March 17, 2013
No comments
dstates writes “SAM (Systems for Awards Management) is a financial management system that the US government requires all contractors and grantees to use. This system has recently been rolled out to replace the older CCR system. Friday night, thousands of SAM users received the following message: ‘Dear SAM user, The General Services Administration (GSA) recently has identified a security vulnerability in the System for Award Management (SAM), which is part of the cross-government Integrated Award Environment (IAE) managed by GSA. Registered SAM users with entity administrator rights and delegated entity registration rights had the ability to view any entity’s registration information, including both public and non-public data at all sensitivity levels.’ From March 8 to 10, any registered user who searched the system could view confidential information including account and social security numbers for any other user of the system. Oops! The Government Services administration says that they have fixed the problem.”
Read more of this story at Slashdot.
Security reporter hit by ‘swatting’ attack
Posted by Gsurface
on March 17, 2013
No comments
A well-respected computer security reporter says he was the target of a con that sent an armed SWAT team to his front door. [Read more]
CNET News
3G and 4G USB modems are a security threat, researcher says
Posted by Gsurface
on March 16, 2013
No comments
The vast majority of 3G and 4G USB modems handed out by mobile operators to their customers are manufactured by a handful of companies and run insecure software, according to two security researchers from Russia.
Computerworld News
Formula One team under cyberattack in Cyber Security Challenge UK
Posted by Gsurface
on March 14, 2013
No comments
Security pros pan and praise Microsoft’s plans on updating Modern apps in Windows 8, RT
Posted by Gsurface
on March 14, 2013
No comments
Microsoft will issue security fixes for its Windows Store apps on the fly, not just on the familiar monthly Patch Tuesday, the company said this week.
Computerworld News
How the First Bitcoin Hedge Fund Approaches Security
Posted by Gsurface
on March 9, 2013
No comments
An anonymous reader writes with a link to a story at Forbes about what’s said to the first Bitcoin hedge fund; the article goes into some of the details of how the (literally) valuable data is kept. A selection: “The private key itself is AES-256 encrypted. After exporting Bitcoin private keys from wallet.dat file, data is stored in a TrueCrypt container on three separate flash drives. Using Shamir’s Secret Sharing algorithm, the container password is then split into three parts utilizing a 2-of-3 secret sharing model. Incorporating physical security with electronic security, each flash drive from various manufacturers is duplicated several times and, together with a CD-ROM, those items are vaulted in a bank safety deposit box in three different legal jurisdictions. To leverage geographic distribution as well, each bank stores only part of a key, so if a single deposit box is compromised, no funds are lost.”
Read more of this story at Slashdot.
Minor security flaw found in Samsung’s Galaxy Note 2
Posted by Gsurface
on March 4, 2013
No comments
A flaw finds that select apps and widgets can be briefly accessed from the lock screen. [Read more]
CNET News
Recent Comments