Doug Vitale Tech Blog

Latest IT news and commentary

PoSeidon, A Deep Dive Into Point of Sale Malware

Cisco, 20 Mar 2015 – There is a new malware family targeting PoS systems, infecting machines to scrape memory for credit card information and exfiltrate that data to servers, also primarily .ru TLD, for harvesting and likely resale. This new malware family, that we’ve nicknamed PoSeidon, has a few components to it. [More]

Premera Blue Cross Breached, Medical Information Exposed

ReCode, 17 Mar 2015 – Health insurer Premera Blue Cross said on Tuesday it was a victim of a cyber attack that may have exposed medical data and financial information of 11 million customers in the latest case of a health care company reporting a serious breach. [More]

Don’t trust your phone, don’t trust your laptop

Guardian, 8 Mar 2015 – What Snowden did was careful and considered: he identified examples of what he regarded were unconstitutional activities on the part of the NSA and then downloaded documentary evidence of these activities that would corroborate his judgment. Given the staggering scale of the activities revealed, I remember thinking that it would take us a long time to realize the full extent of the surveillance mesh in which we are entangled. So it has proved. [More]

DNS enhancement catches malware sites by understanding sneaky domain names

Ars Technica, 5 Mar 2015 – A researcher at OpenDNS Security Labs has developed a new way to automatically detect and block sites used to distribute malware almost instantaneously without having to scan them. Called NLPRank, the approach uses natural language processing and other analytics to detect malicious domains before they can attack by spotting host names that are designed as camouflage. [More]

FREAK Vulnerability Exposes SSL/TLS Security Hole

Security Week, 4 Mar 2015 – Researchers have released details of a vulnerability (CVE-2015-0204) that makes it possible for hackers to crack HTTPS-protected traffic by forcing vulnerable clients to downgrade to weaker crypto. It was discovered by a group of researchers from Microsoft Research and the French Institute for Research in Computer Science and Automation, who found it was possible to make web browsers use encryption intentionally weakened in order to comply with U.S. government regulations in effect during the 1990s that banned American companies from exporting strong encryption abroad. [More]

Carnegie Mellon faculty, staff fall victim to email scam

Education DIVE, 3 Mar 2015 – About 200 Carnegie Mellon faculty and staff members received an email Saturday that indicated they should log in to the university’s site for more information about a raise. Pittsburgh’s WPXI-TV reports that the hackers linked a very accurate replica of the Carnegie Mellon login site, tricking at least a handful of people into logging in with their personal IDs and passwords. [More]

New Federal Regulation Deters Experts On Road To Security

Tech Crunch, 3 Mar 2015 – Security experts were abuzz last month in anticipation of President Barack Obama’s proposal for new federal regulations that would concentrate on bolstering the nation’s stance on cybersecurity. But despite President Obama’s well-intentioned efforts to strengthen security, as they stand, the proposed regulations have garnered mixed reviews. [More]

The Democratization of Cyberattack

Schneier, 2 Mar 2015 – When I was working with the Guardian on the Snowden documents, the one top-secret program the NSA desperately did not want us to expose was QUANTUM. This is the NSA’s program for what is called packet injection–basically, a technology that allows the agency to hack into computers. Turns out, though, that the NSA was not alone in its use of this technology. The Chinese government uses packet injection to attack computers. The cyberweapons manufacturer Hacking Team sells packet injection technology to any government willing to pay for it. [More]

Archive (search for keywords with site search engine)

January – February 2015

November – December 2014
September – October 2014
July – August 2014
May – June 2014
March – April 2014
January – February 2014

November – December 2013
September – October 2013
July – August 2013
May – June 2013

Written by Doug Vitale

July 31, 2013 at 12:13 PM

%d bloggers like this: