Doug Vitale Tech Blog

May-June 2014 News Archive

Microsoft Unveils Interflow, a Security Information Exchange Platform

Petri, 23 June 2014 – Effective and timely information-sharing about security threats is essential to combating them. That’s the impetus behind Interflow, a new service by Microsoft that provides a feed of security threats and other information which is intended to be shared in real-time with security professionals. Microsoft also claims that Interflow will help automate time-consuming security processing that is performed manually, therefore helping IT security professionals respond more quickly to threats. [More]


LinkedIn called out on slow implementation of default SSL

PCWorld, 18 June 2014 – LinkedIn said it is making progress implementing default encryption of data exchanged with its users after a security company alleged some users are still at risk of account takeovers. San Francisco-based Zimperium, a mobile security company, wrote on its blog on Wednesday that it is still possible to hijack some LinkedIn users’ account networks using a technique called SSL stripping. [More]


The Shadow Internet That’s 100 Times Faster Than Google Fiber

Wired, 17 June 2014 – While the rest of us send data across the public internet, NASA uses a shadow network called ESnet, short for Energy Science Network, a set of private pipes that has demonstrated cross-country data transfers of 91 gigabits per second – the fastest of its type ever reported. [More]


How to Anonymize Everything You Do Online

Wired, 17 June 2014 – One year after the first revelations of Edward Snowden, cryptography has shifted from an obscure branch of computer science to an almost mainstream notion. But it’s also possible to go a step closer toward true privacy online. Mere encryption hides the content of messages, but not who’s communicating. Use cryptographic anonymity tools to hide your identity, on the other hand, and network eavesdroppers may not even know where to find your communications, let alone snoop on them. [More]


Take secret photos by exploiting Android’s camera app

TechRepublic, 16 June 2014 – By manipulating Android’s camera app, pictures can be taken without the user even knowing. This is a boon for secretly taking a photo of the thief who stole your camera, but could easily backfire. [More]


With the Americas running out of IPv4, it’s official: The Internet is full

ArsTechnica, 12 June 2014 – In April, ARIN, the (North) American Registry for Internet Numbers, announced that it had reached “phase 4” of its IPv4 countdown plan, with fewer than 17 million IPv4 addresses remaining. There is no phase 5. [More]


5 Myths of Virtualization Security: You May Be More Vulnerable Than You Think

Ecommerce Times, 11 June 2014 – Virtual machines are just gateways to a server, and the cybercriminals want access to the data on those servers. An attacker who compromises one virtual machine and finds a way to jump to the hypervisor then has access to every virtual machine on that host. In addition to virtual desktops, the attacker potentially could gain access to any virtual data backup or storage. [More]


The Promise of a New Internet

The Atlantic, 10 June 2014 – People tend to talk about the Internet the way they talk about democracy—optimistically, and in terms that describe how it ought to be rather than how it actually is. But increasingly, another question comes up: What if there were a technical solution instead of a regulatory one? What if the core architecture of how people connect could make an end run on the centralization of services that has come to define the modern net? [More]


Journalists can safely use TrueCrypt, for now

CPJ, 10 June 2014 – Journalists who use the popular encryption tool TrueCrypt can relax–at least for now. There is no evidence of any new or dangerous vulnerability in TrueCrypt, despite a recent scare over its integrity. [More]


Heartbleed Redux: Another Wound in Web Encryption Uncovered

Wired, 5 June 2014 – On Thursday, the OpenSSL Foundation published an advisory warning to users to update their SSL yet again, this time to fix a previously unknown but more than decade-old bug in the software that allows any network eavesdropper to strip away its encryption. [More]


Days After a Federal Seizure, Another Type of Ransomware Gains Ground

New York Times, 5 June 2014 – It has been mere days since federal agents seized control of computer networks used by hackers to infect victims with CryptoLocker, a piece of malware known as “ransomware,” which encrypts the contents of computing devices so hackers can demand a ransom to decrypt it. Now security researchers are seeing an influx of another form of ransomware, called Cryptowall. [More]


Fat Finger Flub Takes Down Cloud Datacenter

IEEE, 2 June 2014 – According to a post-mortem note by a clearly embarrassed Joyent, “Due to an operator error, all us-east-1 API [application programming interface] systems and customer instances were simultaneously rebooted at 2014-05-27T20:13Z (13:13PDT). The command to reboot the select set of new systems that needed to be updated was mis-typed, and instead specified all servers in the datacenter.” [More]


Top 10 Health Data Breaches

Healthcare Info Security, 30 May 2014 – The federal tally of major health data breaches has hit a new milestone; it now lists more than 1,000 incidents affecting 500 or more individuals. The 10 largest breaches affected about 18.4 million individuals, more than half of the 31.5 million that have been affected by all 1,010 major breaches reported since federal regulators began keeping track in September 2009 as a result of the HITECH Act. [More]


Will NIST-NSA Cooperation Continue?

Gov Info Security, 29 May 2014 – Legislation before the House to expunge from federal law the requirement that the National Institute of Standards and Technology work with the National Security Agency on cybersecurity standards wouldn’t likely stop the two federal agencies from continuing to collaborate. Experts at both agencies have developed close working relationships over the years, and a change in federal law wouldn’t necessarily stop NIST computer scientists from cooperating with NSA cryptography mavens. [More]


Cybercriminals extorting money from Android users

IEEE, 22 May 2014 – Android users are now at risk from Koler ransomware, which is a type of malware that threatens victims with action from legal authorities unless they pay a steep fine. [More]


The Internet’s Not Finished Yet

IEEE, 22 May 2014 – Last year’s revelations about the US government’s surveillance of online traffic were a wake-up call to provide better protection of user privacy and confidentiality — including the regular use of end-to-end cryptography at multiple levels in the protocol architecture. Vint Cerf, IEEE Fellow and vice president and chief Internet evangelist for Google, says that’s only the first step — an important caution from someone whose word is considered guru wisdom. [More]


eBay Breach: 145 Million Users Notified

Data Breach Today, 21 May 2014 – eBay is urging its 145 million customers to change their passwords following a cyber-attack that compromised encrypted passwords and other personal information. The attack, which occurred between late February and early March, originated after a small number of employee log-in credentials were compromised, which enabled cyber-attackers to gain access to eBay’s corporate network [More]
Related: How to Protect Your Company From an eBay-like Breach


The latest on the Heartbleed bug

Tech Republic, 21 May 2014 – The Heartbleed threat was discovered exactly six weeks ago. How have things fared since then? Has the tech community responded by taking the threat seriously or has the security atmosphere become a case of crying “Wolf!” so often that admins have been slow to mobilize on this? Well, it’s a bit of both, it seems. [More]


Remaining IPv4 Addresses to be Redistributed to Regional Internet Registries

ICANN, 20 May 2014 – ICANN announced today that it has begun the process of allocating the remaining blocks of Internet Protocol version 4 (IPv4) addresses to the five Regional Internet Registries (RIR). The activation of this procedure was triggered when Latin America and Caribbean Network Information Centre’s (LACNIC) supply of addresses dropped to below 8 million. This move signals that the global supply of IPv4 addresses is reaching a critical level. As more and more devices come online, the demand for IP addresses rises, and IPv4 is incapable of supplying enough addresses to facilitate this expansion. [More]


Behind Blackshades: a closer look at the latest FBI cyber crime arrests

We Live Security, 19 May 2014 – The FBI made big headlines yesterday with its announcement of a high profile malware takedown related to a RAT called Blackshades. [More]
Related: Blackshades Trojan Users Had It Coming


Schneier: Should U.S. Hackers Fix Cybersecurity Holes or Exploit Them?

The Atlantic, 19 May 2014 – There’s a debate going on about whether the U.S. government—specifically, the NSA and United States Cyber Command—should stockpile Internet vulnerabilities or disclose and fix them. It’s a complicated problem, and one that starkly illustrates the difficulty of separating attack and defense in cyberspace. [More]


Electronic Frontier Foundation ‘Who Has Your Back?’ 2014 report released

EFF, 16 May 2014 – We entrust our most sensitive, private, and important information to technology companies like Google, Facebook, and Verizon. Collectively, these companies are privy to the conversations, photos, social connections, and location data of almost everyone online. The choices these companies make affect the privacy of every one of their users. So which companies stand with their users, embracing transparency around government data requests? Which companies have resisted improper government demands by fighting for user privacy in the courts and on Capitol Hill? In short, which companies have your back? [More]


Experts to Assess NIST Cryptography Program

Healthcare Info Security, 16 May 2014 – A group of noted cryptographers, academics and business leaders will provide an independent assessment of the way the National Institute of Standards and Technology develops cryptographic standards and guidelines. The Visiting Committee on Advanced Technology, NIST’s primary advisory committee known as VCAT, on May 14 named seven prominent individuals to a Committee of Visitors to examine Interagency Report 7977, NIST Cryptographic Standards and Guidelines Development Process, which proposes revisions of how NIST develops cryptographic standards. [More]


IETF Issues RFC 7258 Declaring That Pervasive Monitoring Is An Attack Against The Internet

Internet Society, 14 May 2014 – Large-scale pervasive monitoring (PM) of Internet traffic represents a clear attack against Internet privacy. That is the view stated in a new document from the Internet Engineering Task Force (IETF) representing the consensus of the IETF technical community that the type of widespread (and often covert) surveillance through intrusive collection of communication data we have learned about over the last year represents an attack against the Internet. [More]


Internet Subversion

Schneier on Security, 12 May 2014 – In addition to turning the Internet into a worldwide surveillance platform, the NSA has surreptitiously weakened the products, protocols, and standards we all use to protect ourselves. By doing so, it has destroyed the trust that underlies the Internet. We need that trust back. [More]


Microsoft Security Intelligence Report v16: Cybercriminal tactics trend toward deceptive measures

Microsoft Technet, 7 May 2014 – Microsoft’s Security Intelligence Report volume 16 (SIRv16) was released today, providing threat trends on malware encounter rates, infection rates, vulnerabilities, exploits, and more for 110 countries/regions worldwide. The report is designed to help IT and security professionals better protect themselves and their organizations from cyberattacks. [More]


Slow IPv6 adoption a good thing as IETF plans privacy boost

The Register, 7 May 2014 – The glacial pace of the worldwide IPv6 rollout might cause hand-wringing among ‘net boffins, but at least it’s leaving time for engineers to pry around for possible problems before the whole world’s on the protocol. With its new-found desire to NSA-proof the Internet, it’s no surprise that there’s an RFC that looks back at IPv6 to propose how addresses could be made more private. [More]


Privacy alliance calls for Internet ‘reset’

ComputerWeekly, 6 May 2014 – An alliance of technology firms, Internet sites, civil liberties groups and other organisations has launched a campaign to block mass surveillance of the internet by government agencies. More than 20 groups, including Fight for the Future, Demand Progress, Reddit, DuckDuckGo and BoingBoing, have set 5 June as the day to reset the ‘Net’ by deploying new privacy tools. [More]


Five U.S. ISPs accused of ‘deliberately harming’ broadband speeds

NetworkWorld, 6 May 2014 – Five major ISPs in the U.S. and one in Europe are intentionally allowing broadband performance to degrade for some customers, communications company Level 3 alleged in a recent company blog post. [More]


Wi-Fi Camera Dropcam Can Now ‘See’ Humans

Mashable, 6 May 2014 – Dropcam announced Tuesday that Dropcam Cloud Recording subscribers will receive a software update to support people detection. In other words, the software can tell the difference between your dog running across the room or a human walking through an open door. [More]


Symantec Develops New Attack on Cyberhacking

Wall Street Journal, 4 May 2014 – Antivirus “is dead,” says Brian Dye, Symantec’s senior vice president for information security. “We don’t think of antivirus as a moneymaker in any way.” Mr. Dye estimates antivirus now catches just 45% of cyberattacks. [More]

Written by Doug Vitale

July 15, 2014 at 1:16 PM

%d bloggers like this: