Doug Vitale Tech Blog

March-April 2014 News Archive

Students Reveal Loophole in DNS Security

Technion, 29 Apr 2014 – Technion students, Roee Hay and Jonathan Kalechstein from the Faculty of Computer Science discovered a new weakness (loophole), which had not been previously documented in the world’s most widely used DNS software – BIND [More]

IT staffers report increased work-related stress, 28 Apr 2014 – Independent research commissioned by GFI Software shows IT personnel suffer startling levels of workplace stress, driving more than ever to look for a change of employment. [More]

Why the social networks are falling apart

ComputerWorld, 26 Apr 2014 – Everything was fine in Facebookland, except for one small problem: Most users were clearly migrating from desktop to mobile, and nobody was making significant ad revenue in mobile. Except Google. How did Google make money in mobile? Instead of harvesting personal data in one place and displaying personalized advertising in that same place, it did both in multiple places. [More]

Major step toward stronger encryption technology announced

Homeland Security News Wire, 25 Apr 2014 – Researchers have announced the first successful trial of Quantum Key Distribution (QKD) technology over a live “lit” fiber network. The trial paves the way for more advanced research into QKD, the next frontier of data encryption technology, which will deliver even greater levels of network security. [More]

Why the ‘Internet of Things’ will fail without IPv6

The Register, 24 Apr 2014 – Now that tech companies are eager to use the phrase “Internet of Things” (IoT) or the “Internet of Everything” (IoE), IPv6 lobbyists are keen to stress the dangers if the IT world does nothing about the looming address shortage. [More]

Malware Attacks against BIOS: is your system vulnerable?

Alexander Borges, 21 Apr 2014 – Malware can attack and infect the BIOS of your machine with a backdoor. [More]

NSA Said to Exploit Heartbleed Bug for Intelligence for Years

Bloomberg, 12 Apr 2014 – The U.S. National Security Agency knew for at least two years about a flaw in the way that many websites send sensitive information, now dubbed the Heartbleed bug, and regularly used it to gather critical intelligence, two people familiar with the matter said. [More]
Related: Heartbleed vulnerability check

Heartbleed Bug Patch Underway, But Was It Really the Problem?

IEEE Spectrum, 11 Apr 2014 – What makes Heartbleed so insidious is the fact that it can allow hackers to snatch data from a server’s memory 64 kilobytes at a time—even if the information is supposedly encrypted—without leaving a trace. While the end user takes comfort in the ability of SSL/TLS encryption to keep his or her data from prying eyes, the “https” in the URL and the closed padlock icon are a cruel trick. [More]

Heartbleed SSL Vulnerability Explained

CNN Money, 9 Apr 2014 – For more than two years now, Heartbleed has allowed outsiders to peek into the personal information that was supposed to be protected from snoopers. The bug allows potential hackers to take advantage of a feature that computers use to see if they’re still online, known as a “heartbeat extension.” But a malicious heartbeat signal could force a computer to divulge secret information stored in its memory. [More]
Related: Notable websites compromised by Heartbleed: Google, YouTube, Gmail, Facebook, Yahoo, Yahoo Mail, Tumblr, Flickr, OKCupid, Wikipedia.

Microsoft issues final Windows XP, Office 2003 patches

ZDnet, 8 Apr 2014 – Today Microsoft released four security updates for Windows and Microsoft Office. These will be the last publicly-released updates for Windows XP and Office 2003. A total of 11 vulnerabilities were addressed by these updates, including seven for Windows XP and four for Office 2003. [More]

‘Heartbleed’ bug in OpenSSL puts encrypted communications at risk

ITworld, 7 Apr 2014 – Computer security experts are advising administrators to patch a severe flaw in a software library used by millions of websites to encrypt sensitive communications. The flaw, nicknamed “Heartbleed,” is contained in several versions of OpenSSL, a cryptographic library that enables SSL (Secure Sockets Layer) or TLS (Transport Security Layer) encryption. [More]

Touchscreen with Fingerprint Sensor

SAP, 4 Apr 2014 – The tablets of the future will be able to identify multiple users by their fingerprints. What makes the Fiberio touchscreen unique is that it can identify different users by their fingerprints within fractions of a second as they tap and swipe the device’s multi-touch screen. And even if several different people use the touchscreen simultaneously, there is no need for them to log on separately, because fingerprint recognition technology ensures that each person can only access the applications that he or she is authorized to use. [More]

Microsoft sniffed blogger’s Hotmail account to trace leak

CNET, 20 Mar 2014 – Microsoft went through a blogger’s private Hotmail account in order to trace the identity of a source who allegedly leaked trade secrets. [More]

Doing the ICANN-can

The Economist, 20 Mar 2014 – America promises to release its grip on the Internet’s phone book — and opens up a debate on how to govern cyberspace. [More]

Important corrections re: U.S. announcement and IANA functions

ICANN, 20 Mar 2014 – On Friday, March 14 the U.S. Government announced its intention to transition its stewardship responsibilities of the Internet Assigned Numbers Authority (IANA) Functions to the global multistakeholder community — a key component of the Internet ecosystem. The IANA functions are the Internet’s technical identifiers, specifically, the top-level domain names of the Domain Name System, IP addresses, and protocol parameter registries. [More]

Google enhances encryption technology for email

Yahoo, 20 Mar 2014 – Google has enhanced the encryption technology for its flagship email service in ways that will make it harder for the National Security Agency to intercept messages moving among the company’s worldwide data centers. Among the most extraordinary disclosures in documents leaked by former NSA systems analyst Edward Snowden were reports that the NSA had secretly tapped into the main communications links that connect Yahoo and Google data centers around the world. [More]

RSA Conference 2014: 8 Top Computer Security Trends

Petri, 20 Mar 2014 – Snowden, the NSA, IT security skills shortage, cloud and mobile security, etc. [More]

25,000 Linux servers spread spam, drop malware and steal credentials

Tech Republic, 19 Mar 2014 – Security company ESET has released a new report, Operation Windigo – The vivisection of a large Linux server-side credential stealing malware campaign. The report talks about two well-known organizations that became victims of Windigo: “This operation has been ongoing since 2011 and has affected high-profile servers and companies, including cPanel and Linux Foundation’s” [More]

Compare the NSA’s Facebook Malware Denial to its Own Secret Documents

Intercept, 15 Mar 2014 – On Wednesday, Glenn Greenwald and I revealed new details about the National Security Agency’s efforts to radically expand its ability to hack into computers and networks across the world. The story has received a lot of attention, and one detail in particular has sparked controversy: specifically, that the NSA secretly pretended to be a Facebook server in order to covertly infect targets with malware “implants” used for surveillance. [More]

Who is winning the ‘crypto-war’?

BBC, 15 Mar 2014 – In the war over encryption between the NSA and privacy activists, who is winning? [More]

Are Russia and Ukraine on the Verge of an All-Out Cyberwar?

Mother Jones, 12 Mar 2014 – Ukraine’s top security agency — the National Security and Defense Council of Ukraine — announced at a briefing that it had been hit by severe denial-of-service (DDoS) attacks, “apparently aimed at hindering a response to the challenges faced by our state.” This comes on the heels of a number of alleged hacks involving Russian and Ukrainian targets, including attacks on news outlets and blocking reception to the cellphones of Ukrainian parliament members. [More]

NSA system designed to attack millions of computers

CNET, 12 Mar 2014 – Through an operation called Turbine, the NSA crafted an automated system designed to hack “millions” of computers, new documents from Edward Snowden’s leaks on government surveillance reveal. [More]

Researchers prove Wi-Fi at risk for malware attacks

Tech Republic, 12 Mar 2014 – Once Chameleon gains a foothold on one AP, it then attempts to infect other Wi-Fi access points. By focusing on the Wi-Fi portion of the network instead of computers and mobile devices, the malware is unlikely to be detected using current antimalware technology. [More]

Cyber Snake plagues Ukraine networks

Financial Times, 7 Mar 2014 – An aggressive cyber weapon called Snake has infected dozens of Ukrainian computer networks including government systems in one of the most sophisticated attacks of recent years. Also known as Ouroboros, after the serpent of Greek mythology that swallowed its own tail, experts say it is comparable in its complexity with Stuxnet, the malware that was found to have disrupted Iran’s uranium enrichment programme in 2010. [More]

Cyber Risk Is World’s Third Corporate-Risk Priority

Wall Street and Technology, 7 Mar 2014 – U.S. financial services companies lost on average $23.6 million from cybersecurity breaches in 2013, which represent the highest average loss across all industries according to the authors of Deloitte’s recent report, ‘Transforming cybersecurity – New approaches for an evolving threat landscape’. [More]

Tor hidden services – a safe haven for cybercriminals

SecureList, 5 Mar 2014 – Cybercriminals have started actively using Tor to host malicious infrastructure. We found Zeus with Tor capabilities, then we detected ChewBacca and finally we analyzed the first Tor Trojan for Android. A quick look at Tor network resources reveals lots of resources dedicated to malware – C&C servers, admin panels, etc. [More]

9 Must-Do’s if you stick with Windows XP

CSO Online, 5 Mar 2014 – Without updates after April 8 Windows XP is expected to fall prey to any number of zero-day attacks for which Microsoft will provide no defense, but there are some things die-hard XP users can do to make their machines safer. [More]

Top 10 IT Trends from the Microsoft Perspective

Petri, 3 Mar 2014 – Software-Defined Networking (SDNs), Software Definied Storage, Hybrid Cloud Services, and more. [More]

China Establishes Presidential Commission to Shore Up Its Cyberdefenses

IEEE Spectrum, 1 Mar 2014 – China revealed the extent of its concern over cybercrime when it announced that President Xi Jinping is chairing a new working group on cybersecurity and information security. Xi will have a direct hand in drafting national policies aimed at improving cyberdefenses. [More]


Written by Doug Vitale

May 10, 2014 at 6:59 PM

%d bloggers like this: