Doug Vitale Tech Blog

Latest IT news and commentary

Security automation: Are humans still relevant?

GCN, 25 July 2014 – Cybersecurity is being pushed in two directions. On the one hand, the growing complexity of information systems and the onslaught of threats facing them are putting a premium on speed. Automation is the future of security, said Matt Dean, vice president of product strategy at FireMon. On the other hand, Randy Hayes, who leads Booz Allen’s global predictive intelligence business, said more humans are needed in the loop. [More]

Russia offers 4 million to crack Tor

Global Voices, 24 July 2014 – The Russian government is offering almost 4 million rubles (about USD $100,000) to anyone who can devise a reliable way to decrypt data sent over the Tor anonymity network. A mounting campaign by the Kremlin against the open Internet, not to mention revelations in the United States about government spying, have made Tor increasingly attractive to Russian Internet users seeking to circumvent state censorship. [More]

How Hackers Hid a Money-Mining Botnet in the Clouds of Amazon and Others

Wired, 24 July 2014 – At the Black Hat conference in Las Vegas next month Ragan and Salazar plan to reveal how they built a botnet using only free trials and freemium accounts on online application-hosting services—the kind coders use for development and testing to avoid having to buy their own servers and storage. The hacker duo used an automated process to generate unique email addresses and sign up for those free accounts en masse, assembling a cloud-based botnet of around a thousand computers. [More]

Hackers bypass online security at 34 banks

WSJ Market Watch, 23 July 2014 – Cybercriminals are sneaking past security protections to access online accounts across 34 banks in Switzerland, Sweden, Austria and Japan. The attack can get past two-factor authentication, which requires customers to type in a code sent to their cellphone or inbox to ensure the user is who he or she claims to be, by convincing customers to download a malicious smartphone app, according to a report released Tuesday by the security firm Trend Micro. [More]

‘Share’ button may share your browsing history, too

Science Daily, 22 July 2014 – One in 18 of the world’s top 100,000 websites track users without their consent using a previously undetected cookie-like tracking mechanism embedded in ‘share’ buttons. The researchers traced 95 percent of canvas fingerprinting scripts back to a single company. [More]

Forensic scientist identifies suspicious ‘back doors’ running on every iOS device

ZDNet, 21 July 2014 – During his talk at HOPE/X Jonathan Zdziarski detailed several undocumented services (with names like ‘lockdownd,’ ‘pcapd,’ ‘mobile.file_relay,’ and ‘house_arrest’) that run in the background on over 600 million iOS devices. [More]

New technique could boost Internet speeds 10x

GizMag, 21 July 2014 – Researchers at Aalborg University, MIT and Caltech have developed a new mathematically-based technique that can boost internet data speeds by up to 10 times, by making the nodes of a network much smarter and more adaptable. The advance also vastly improves the security of data transmissions, and could find its way into 5G mobile networks, satellite communications and the Internet of Things. [More]

Verizon FiOS getting faster upload speeds to match downloads

PC World, 21 July 2014 – In a rare show of generosity from an Internet service provider, Verizon plans to boost FiOS upload speeds to match customers’ download speeds at no extra charge. [More]

EFF invites hackers to crack Open Wireless Router

EFF, 20 July 2014 – EFF is releasing an experimental hacker alpha release of wireless router software specifically designed to support secure, shareable Open Wireless networks. We are offering this hacker alpha release to engage enthusiastic technical users who would like to help us test, develop, improve, and harden the Open Wireless Router. [More]

Leaked British Spy Catalog Reveals Tools to Manipulate Online Information

IEEE Spectrum, 17 July 2014 – No online communication is “for your eyes only” in the age of Internet surveillance by government spy agencies. But a leaked British spy catalog has revealed a wide array of online tools designed to also control online communication by doing everything from hacking online polls to artificially boosting online traffic to a particular website. [More]

Criminal Software, Government-Grade Protection

New York Times, 16 July 2014 – Researchers at a software security company say they have found a popular type of criminal software inside an extremely sophisticated “evasion code,” which they say was previously used by Russia to spy on one or more Eastern European governments. The researchers named the malware Gyges. [More]

The Changing Perception of Amazon Web Services (AWS) in the Hosting Industry

Web Host Industry Review, 15 July 2014 – Two years ago at HostingCon Boston, the majority of attendees dismissed AWS so I was excited to explore how opinions may have changed. Industry leader AWS accounted for 37 percent of the $9 billion infrastructure as a service (IaaS) market in 2013, according to analysts from equity research firm Evercore. The IaaS market is growing by 45 percent, but AWS has a growth rate of 60 percent. [More]

Critical flaw in Active Directory could allow for password change

CSO, 15 July 2014 – Aorato used public information to craft a proof-of-concept attack that shows how an attacker can change a person’s network password. The company’s research focuses on NTLM, an authentication protocol that Microsoft has been trying to phase out for years. [More]

Bell Labs Sets New Record for Internet Over Copper

IEEE Spectrum, 14 July 2014 – Traditional copper telephone lines can now run ultra-fast broadband service, at least in the lab. Bell Labs, the research arm of Alcatel-Lucent, has developed a prototype technology that can deliver upload and download speeds of up to 10Gbps simultaneously. The technology, XG-FAST, is an extension of a new broadband standard,, which will be commercially available next year. [More]

Pentagon: Missile defenses vulnerable to cyber attack

Flash Critic, 14 July 2014 – The director of the Pentagon’s Missile Defense Agency told Congress last week that U.S. missile defenses are vulnerable to cyber attacks that could disrupt its sophisticated networks of sensors and guidance systems use in targeting enemy missiles. [More]

Beware Keyloggers at Hotel Business Centers

Krebs On Security, 14 July 2014 – The U.S. Secret Service is advising the hospitality industry to inspect computers made available to guests in hotel business centers, warning that crooks have been compromising hotel business center PCs with keystroke-logging malware in a bid to steal personal and financial data from guests. [More]

‘Dragonfly’ Prompts Lockdown Of Windows-Based Industrial Control Systems

Water Online, 10 July 2014 – With the most recent cyber espionage campaign of the “Dragonfly” group publicly identified as having used various malware tools including Havex (Backdoor.Oldrea) and the Energetic Bear RAT (Remote Access Tool), now is the perfect opportunity to harden those Microsoft Windows-based industrial control systems (ICS). [More]

GameOver Zeus Mutates, Launches Attacks

Malcovery, 10 July 2014 – Today Malcovery’s analysts identified a new trojan based heavily on the GameOver Zeus binary. It was distributed as the attachment to three spam email templates, utilizing the simplest method of infection through which this trojan is deployed. [More]

Chinese Hackers Switched Targets to U.S. Experts on Iraq

CIO, 8 July 2014 – A sophisticated Chinese hacker group that had been stealing information from U.S. policy experts on nearby Southeast Asia suddenly changed targets last month to focus on the Middle East — Iraq, in particular — security researchers said. The group, called “Deep Panda,” switched from exploiting one area of expertise to another because of the march of the Islamic State of Iraq and the Levant (ISIS) towards Baghdad. [More]

How your local library can help you resist the surveillance state

Waging Nonviolence, 8 July 2014 – It’s often said that most people nowadays have given up on privacy and simply accept the loss of control over their data. But the fact is that 86 percent of adult Internet users in the United States have taken some sort of step to protect their identity or activity online. Libraries have also tended to take a strong stand on privacy. The third principle in the American Library Association’s Code of Ethics is, “We protect each library user’s right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired or transmitted.” [More]

Archive (search for keywords with site search engine)

May – June 2014
March – April 2014
January – February 2014
November – December 2013
September – October 2013
July – August 2013
May – June 2013

Written by Doug Vitale

July 31, 2013 at 12:13 PM

%d bloggers like this: