Doug Vitale Tech Blog

January-February 2014 News Archive

Why experts are nervous about the ‘Internet of Things’

TechRepublic, 26 Feb 2014 – What is the Internet of Things? One definition is: “A world where physical objects are seamlessly integrated into the information network, and where physical objects can become active participants in business processes. Services are available to interact with these ‘smart objects’ over the Internet, query, and change their state and any information associated with them.” [More]


Companies Wrestle With the Cost of Cybersecurity

Wall Street Journal, 25 Feb 2014 – Few know the costs of hacking better than Robert Carr. Since cybercriminals gained access to more than 100 million credit- and debit-card numbers from Heartland Payment Systems in 2007, Mr. Carr, its chief executive, has quadrupled his security budget. Heartland also paid $150 million in fines and legal costs from the breach and suffered damage to its reputation as a payment processor. [More]


Removing admin rights mitigates 92% of critical Microsoft vulnerabilities

Avecto, 25 Feb 2014 – 92% of all vulnerabilities reported by Microsoft with a critical severity rating can be mitigated by removing admin rights, according to new research from Avecto. [More]


Sleeper servers lurking in data centers

TechRepublic, 18 Feb 2014 – Two reports announce that a significant number of business networks, including retailers, have sleepers, also known as compromised servers, that are in contact with remote command and control servers. [More]


Asus routers get pwned

Ars Technica, 17 Feb 2014 – The vulnerability affects a variety of Asus router models, including the RT-AC66R, RT-AC66U, RT-N66R, RT-N66U, RT-AC56U, RT-N56R, RT-N56U, RT-N14U, RT-N16, and RT-N16R. Asus reportedly patched the vulnerabilities late last week. [More]


Bruce Schneier: NSA Surveillance and What To Do About It

ISOC-NY, 15 Feb 2014 – On February 6 2014 security analyst and cryptographer Bruce Schneier gave a talk “NSA Surveillance and What To Do About It” as part of the Massachusetts Institute of Technology’s Big Data Lecture series. Click link for video. [More]


Third of Internet Explorer users at risk

ComputerWorld, 14 Feb 2014 – Microsoft on Friday said that both Internet Explorer 10 and its predecessor, IE9, contained an unpatched vulnerability, but that hackers were currently exploiting only the newest, IE10. The extension of the vulnerability to IE9 followed confirmation earlier yesterday that active attacks are compromising the newer IE10 and hijacking PCs running the browser. [More]


Google’s IPv6 Traffic Passes 3%

ZDnet, 12 Feb 2014 – This morning [February 10, 2014] Google’s IPv6 measurements crossed the 3 percent milestone just under five months from when the 2 percent milestone was crossed. Prior to that it had taken 11 months to go from 1 percent to 2 percent. [More]


Android malware hatches in wake of Flappy Bird

PC World, 12 Feb 2014 – According to security firm Sophos, it has discovered several applications claiming to be Flappy Bird in third-party Android app marketplaces. The trouble, however, is that the games in some cases contain malware and in others force users to send a text message to a given number, effectively giving the malware creators all they need to potentially exploit users. [More]


ICANN’s cosy relationship with the US must end, says EU

PC World, 12 Feb 2014 – The exclusive relationship of ICANN with the U.S. must end, said the European Union’s digital agenda chief on Wednesday. ICANN is responsible for the assignment of top-level domains and has a long-standing operating agreement with the U.S. However, following the revelations by Edward Snowden of widespread surveillance of the Internet by the National Security Agency, many countries have questioned the arrangement. [More]


PayPal President’s credit card hacked for shopping spree

USA Today, 10 Feb 2014 – PayPal President David Marcus said on Monday that his credit card details were stolen and the information was used to finance a fraudulent spending spree. Marcus said the card was probably “skimmed” at the hotel he was staying at, or at a merchant he visited, during a recent trip to the U.K. [More]


Experts warn of coming wave of serious cybercrime

Washington Post, 9 Feb 2014 – The rash of attacks against Target and other top retailers is likely to be the leading edge of a wave of serious cybercrime, as hackers become increasingly skilled at breaching the nation’s antiquated payment systems, experts say. [More]


The Federal Government’s Track Record on Cybersecurity and Critical Infrastructure

HSGAC.Senate.gov, 4 Feb 2014 – In the past few years, we have seen significant breaches in cybersecurity which could affect critical U.S. infrastructure. Data on the nation’s weakest dams, including those which could kill Americans if they failed, were stolen by a malicious intruder. Nuclear plants’ confidential cybersecurity plans have been left unprotected. Blueprints for the technology undergirding the New York Stock Exchange were exposed to hackers. Those failures aren’t due to poor practices by the private sector. All of these examples were real lapses by the Federal government. [More]


Former NSA employee looks to make email more secure

PC World, 3 Feb 2014 – Following disclosures of large-scale spying by the U.S. as well as other nations over the last several years, a variety of companies see commercial opportunities in making encrypted messaging products that are easier to use. Joining those companies is Washington, D.C.-based Virtru, co-founded by the Ackerly brothers. [More]


Malicious Java app infects Mac and Linux

PC World, 1 Feb 2014 – Criminals are once again using Java’s cross-platform design to add Linux and Mac users to their usual Windows target list, Kaspersky Labs researchers have discovered. [More]


Facebook May Disappear By 2017

Yahoo, 31 Jan 2014 – A fascinating paper from Princeton’s Department of Mechanical and Aerospace Engineering claims that Facebook may disappear – and is likely to lose 80 percent of its users by 2017. [More]


ARIN Allocates IPv4 Addresses From Last /8 Block

ARIN, 30 Jan 2014ARIN has recently begun to issue address space from its last contiguous /8, 104.0.0.0 /8. The minimum allocation size for this /8 will be a /24. [More]


Security Suite Showdown 2014

PC World, 30 Jan 2014 – Free programs will take you only so far in protecting against viruses, malware, ransomware, especially now that phones and tablets are as commonly targeted as PCs. Our security showdown evaluates the 2014 versions of 10 major suites. [More]


OWASP Statement on the Security of the Internet 2014

OWASP, 28 Jan 2014 – The reports about large-scale intelligence activities targeting Internet communication and applications and possible attempts to undermine cryptographic algorithms leave us deeply concerned. We knew about the interception of targeted individuals and other monitoring activities, however, the scale of recently reported activities and the possibility of active undermining of the security of deployed applications are alarming. [More]


Banking apps on Android phones most at risk of virus

Chicago Tribune, 27 Jan 2014 – Banking applications on Android phones are most vulnerable to cyber crime, the chief executive and co-founder of Russian anti-virus software maker Kaspersky Lab said on Monday. [More]


After Target, Neiman Marcus breaches, does PCI compliance mean anything?

Computer World, 24 Jan 2014 – The recent data breaches at Target and Neiman Marcus have once again shown that compliance with the Payment Card Industry Data Security Standard (PCI DSS) is no guarantee against an intrusion. [More]


Open Letter from US Researchers in Crypto and Info Security

Mass Surveillance, 24 Jan 2014 – Media reports since last June have revealed that the US government conducts domestic and international surveillance on a massive scale, that it engages in deliberate and covert weakening of Internet security standards, and that it pressures US technology companies to deploy backdoors and other data-collection features. [More]


Former NSA employee looks to make email more secure

Information Week, 21 Jan 2014 – New mandates around datacenter virtualization, enterprise apps, and BYOD will stretch IT security staffs and budgets to the max in 2014. [More]


IPv6 Decision Time

Information Week, 17 Jan 2014 – You can disagree about timelines but you can’t ignore IPv6 anymore. Why? Because we’ve come to the end of IPv4 address space. IANA ran out of IPv4 in 2011, APNIC and RIPE effectively ran out in 2011 and 2012 respectively, and ARIN is due to run out in 2014. This isn’t an end-of-the-world event (IPocalypse) because the service providers that get the IPv4 addresses from these organizations still have an inventory of IPv4 to use. The real question is, what happens when they do run out of IPv4? [More]


Linux: The clear choice for security

Tech Republic, 16 Jan 2014 – Recently, the United Kingdom’s Communications-Electronics Security Group (CESG) ran a series of tests to find out which operating system would be the most secure platform for the UK government. The winner, Ubuntu 12.04, was far ahead of both Windows 8 and Mac OS X. [More]


Months later, HealthCare.gov still riddled with potential security issues

NBC News, 16 Jan 2014 – Cybersecurity researchers slammed HealthCare.gov’s security during a House hearing on Thursday, saying the site is still riddled with problems that could put consumers’ sensitive health details at risk. [More]


Proofpoint Uncovers Internet of Things (IoT) Cyberattack

Proofpoint, 16 Jan 2014 – Proofpoint, Inc., a leading security-as-a-service provider, has uncovered what may be the first proven Internet of Things (IoT)-based cyberattack involving conventional household “smart” appliances. [More]
Tech Republic: Internet of Things botnet includes TV and fridge


ATMs Face Deadline to Upgrade From Windows XP

Bloomberg, 16 Jan 2014 – There are 420,000 ATMs in the U.S., and on April 8, a deadline looms for nearly all of them that underscores how sluggishly the nation’s cash delivery system moves forward. That’s the day Microsoft (MSFT) cuts off tech support for Windows XP, meaning that ATMs running the software will no longer receive regular security patches and won’t be in compliance with industry standards. [More]


SERT Q4 2013 Intelligence Report

Solutionary, 15 Jan 2014 – The Solutionary Security Engineering Research Team (SERT) Quarterly Threat Intelligence Report for Q4 2013 contains research focused on the distribution and analysis of malware. Report findings include: the U.S. accounts for 44% of hosted malware, malicious actors are turning to the cloud for malware distribution, and over 40 antivirus engines fail to detect malware. [More]


Is quantum cryptography the key to thwarting the NSA?

Daily Dot, 13 Jan 2014 – One lingering uncertainty in the future of encryption is quantum physics. It has already been proven that when the quantum computer is realized it will be able to easily break RSA encryption, one of the fundamental means of protection for bank transactions as well as many other forms of communication online. However, quantum physics may offer hope for privacy advocates as well. Some scientists believe quantum cryptography may soon offer Internet users privacy protections that even the NSA won’t be able to skirt. [More]


IEEE announces new 802.11ac WLAN standard

CNBC, 7 Jan 2014 – IEEE, the world’s largest professional organization dedicated to advancing technology for humanity, today announced approval of IEEE 802.11ac-2013, which is intended to achieve higher multi-user throughput in wireless local area networks (WLANs). The new amendment is intended to improve WLAN user experience by providing data rates up to 7 Gbps in the 5 GHz band, more than 10 times the speed that was previously standardized. [More]


Seagate Crams 500 GB of Storage into Prototype Tablet

IEEE Spectrum, 7 Jan 2014 – For a few years now, Seagate has offered wireless traditional hard drives to give mobile devices a storage boost, but at CES this year, they’re showing off a prototype tablet that skips the peripheral completely. Seagate doesn’t have a name for this prototype tablet, and they don’t intend to jump into the tablet game. It’s more of a design concept, intended to illustrate the feasibility of stuffing an old-school magnetic platter hard drive into a slim tablet. [More]


The ‘Internet of Things’ Is Wildly Insecure And Often Unpatchable

Wired, 6 Jan 2014 – We’re at a crisis point now with regard to the security of embedded systems, where computing is embedded into the hardware itself — as with the ‘Internet of Things’. These embedded computers are riddled with vulnerabilities, and there’s no good way to patch them. [More]


Will the NSA’s activities handicap IT in the US?

Tech Republic, 6 Jan 2014 – 2013 was a good year for the technology industry, particularly in the US. Silicon Valley experienced a strong resurgence on all fronts, with innovative new startups at the consumer and enterprise level and venture funding and new ideas reminiscent of the heady dotcom days of the late 1990s. But has the NSA created the ultimate marketing campaign for non-U.S. technology and products? [More]


NSA seeks to build quantum computer that could crack most types of encryption

Washington Post, 2 Jan 2014 – In room-size metal boxes ­secure against electromagnetic leaks, the National Security Agency is racing to build a computer that could break nearly every kind of encryption used to protect banking, medical, business and government records around the world. According to documents provided by former NSA contractor Edward Snowden, the effort to build “a cryptologically useful quantum computer” — a machine exponentially faster than classical computers — is part of a $79.7 million research program titled “Penetrating Hard Targets.” Much of the work is hosted under classified contracts at a laboratory in College Park, MD. [More]


How the NSA hacks PCs, phones, routers, hard disks ‘at speed of light’

The Register, 1 Jan 2014 – A leaked NSA cyber-arms catalog has shed light on the technologies US and UK spies use to infiltrate and remotely control PCs, routers, firewalls, phones and software from some of the biggest names in IT. The exploits, often delivered via the web, provide clandestine backdoor access across networks, allowing the intelligence services to carry out man-in-the-middle attacks that conventional security software has no chance of stopping. [More]

Written by Doug Vitale

March 7, 2014 at 3:49 PM

%d bloggers like this: