Doug Vitale Tech Blog

November-December 2013 News Archive

Neverquest banking malware set to replace Zeus

Tech Republic, 30 Dec 2013 – Security experts are sounding the alarm about a new piece of malware that makes Zeus look like a simpleton. Neverquest significantly raises the bar for online banking malware. [More]

RSA in secret contract with NSA

Reuters, 20 Dec 2013 – As a key part of a campaign to embed encryption software that it could crack into widely used computer products, the NSA arranged a secret $10 million contract with RSA, one of the most influential firms in the computer security industry. [More]

Windows XP: Microsoft’s ticking time bomb

PC Pro, 19 Dec 2013 – The final deadline for Windows XP support will act as a starting pistol for hackers, as they target hundreds of millions of users on unpatched systems. Microsoft has already granted the 12-year-old OS several stays of execution, but the firm has said it will finally end extended support on 8 April 2014 – despite the fact that XP remains the second-most popular OS, with almost a third of PCs running it. [More]

Get an inside look at a secure data center

Tech Republic, 17 Dec 2013 – What’s it really like inside a fortified colo? This virtual tour will give you an idea. [More]

Mass surveillance prompts IETF work on SSL deployment guidelines

Network World, 17 Dec 2013 – A newly created working group within the IETF has set out to develop best practices for deploying SSL encryption for Internet communications. The group’s creation follows revelations in recent months about mass Internet surveillance programs run by the NSA, GCHQ, and other intelligence agencies. [More]

Security in 2014: What are the experts predicting?

ZDNet, 17 Dec 2013 – At the end of every year security writers get lots of pitches from vendors for stories about their security predictions for the next year. Here are the good (The Interesting), the bad (The Bogus), and the ugly (in this case The Obvious – move on, nothing to see here). [More]

Cisco Top Ten Cyber Trends for 2014

Cisco, 16 Dec 2013 – We offer the following unofficial 2014 guide to trends for cyber security practitioners. [More]

Botnet Enlists Firefox Users to Hack Web Sites

ZDNet, 13 Dec 2013 – The botnet, dubbed “Advanced Power” by its operators, appears to have been quietly working since at least May 2013. It’s not clear yet how the initial infection is being spread, but the malware enslaves PCs in a botnet that conducts SQL injection attacks on virtually any Web sites visited by the victim. [More]

Top Cyber Threat Predictions for 2014 from Security Pros

Microsoft TechNet, 13 Dec 2013 – We have seen some significant shifts in the threat landscape and in the industry in 2013. But basic security fundamentals continue to be effective at mitigating the risks; keeping all software up-to-date, running anti-malware software from a trusted source, and demanding software that has been developed using a security development lifecycle will continue to be best practices in 2014. [More]

Top mobile security concerns: Blacklisted apps and password protection

Tech Republic, 11 Dec 2013 – Password protection and application security are high on the list of security concerns as more organizations move to mobile first and Bring Your Own Device (BYOD) strategies. [More]

US Government to Spend $6.1 Billion on IT Security in 2014

Security Week, 11 Dec 2013 – According to new market research from IDC Government Insights, overall IT security spending by the U.S. Federal Government will rise from $5.9 billion in 2012 to over $7.3 billion in 2017. In 2014, IT security spending by the Federal Government is expected to top $6.1 billion. [More]

Researchers Discover 64-bit Bit Version of banking ZeuS Trojan with Tor

Security Week, 11 Dec 2013 – Researchers from Kaspersky Lab have discovered what they say is milestone in the evolution of the Zeus banking Trojan: a 64-bit version of Zeus that communicates with its command and control servers over the Tor anonymity network. [More]

NSA uses Google cookies to pinpoint targets for hacking

Washington Post, 10 Dec 2013 – The National Security Agency is secretly piggybacking on the tools that enable Internet advertisers to track consumers, using “cookies” and location data to pinpoint targets for government hacking and to bolster surveillance. [More]

Microsoft Disrupts Botnet Hijacking Search Results

Microsoft TechNet, 5 Dec 2013 – Microsoft’s Digital Crimes Unit (DCU), in partnership with law enforcement and industry partners, announced the successful disruption of the Sirefef botnet, also known as ZeroAccess. This dangerous botnet is responsible for hijacking people’s search results and taking them to potentially dangerous websites that could install malware. [More]

Someone’s Been Siphoning Data Through a Huge Security Hole in the Internet

Wired, 5 Dec 2013 – Earlier this year, researchers say, someone mysteriously hijacked Internet traffic headed to government agencies, corporate offices and other recipients in the U.S. and elsewhere and redirected it to Belarus and Iceland, before sending it on its way to its legitimate destinations. They did so repeatedly over several months. [More]

Microsoft to encrypt data in its services in bid to prevent snooping

Washington Post, 4 Dec 2013 – Microsoft plans to encrypt data flowing through all of its communication, productivity and other services as it seeks to reassure users in the United States and beyond that it will guard their personal information from snooping governments. [More]

Data security laws and penalties: Pay IT now, or pay out later

Tech Republic, 4 Dec 2013 – The federal and state laws governing data privacy exact severe penalties on organizations that do not implement appropriate data security measures. The price of IT compliance may be high, but the price of non-compliance is even higher. [More]

Protecting customer data from government snooping

Microsoft TechNet, 4 Dec 2013 – Many of our customers have serious concerns about government surveillance of the Internet. We share their concerns. That’s why we are taking steps to ensure governments use legal process rather than technological brute force to access customer data. [More]

Amazon, drones, and package delivery

IEEE Spectrum, 2 Dec 2013 – Amazon promises package delivery by drone, but is it for real? [More]

Security is network professionals’ top priority for 2014

Computer Weekly, 29 Nov 2013 – The main priority for networking professionals in the coming 12 months is to ensure their network is secure, according to research by TechTarget and Computer Weekly. [More]

Linux.Darlloz worm targeting Internet-enabled devices

Symantec, 27 Nov 2013 – The worm is capable of attacking a range of small, Internet-enabled devices in addition to traditional computers. Variants exist for chip architectures usually found in devices such as home routers, set-top boxes and security cameras. [More]

Why Australia decided to abort an ambitious $44 billion fiber-to-the-home plan

IEEE Spectrum, 26 Nov 2013 – The National Broadband Network (NBN), as the project is known, would extend high-speed optical fiber directly into the homes, schools, and workplaces of 93 percent of Australians. The remaining 7 percent, living out of fiber’s reach in rural areas and remote pockets of the vast outback in the middle of the continent, would be linked to the Internet via state-of-the-art wireless and satellite technology. [More]

Domain Name System (DNS) Turns 30

Internet Society, 26 Nov 2013 – In November 1983, two RFCs, RFC 882 and RFC 883, authored by Paul Mockapetris, defined the Domain Name System, DNS. While the basic architecture of the system has remained the same, DNS has evolved enormously, both in its scale and functionality over these 30 years. [More]

Microsoft Cybersecurity Report: Top 10 Most Wanted Enterprise Threats

Microsoft TechNet, 26 Nov 2013 – When we look at the top 10 enterprise threats worldwide, it gives us insight into the most common ways in which enterprise organizations are coming into contact with malware today. Based on this list, there are three primary methods in which enterprises are encountering malware. [More]

IEEE Computer Society Top Tech Trends for 2014

IEEE, 25 Nov 2013 – In the coming year, Mobile Cloud convergence will lead to an explosion of new services, the “Internet of Things” will evolve into the “Web of Things”, new analytics tools will be introduced to handle the Big Data deluge, and innovative business models will emerge for 3D printing. [More]

The Internet mystery that has the world baffled

Telegraph, 25 Nov 2013 – For the past two years, a mysterious online organization has been setting the world’s finest code-breakers a series of seemingly unsolvable problems. But to what end? Welcome to the world of Cicada 3301. [More]

Where Linux rules: Supercomputers

ZDnet, 25 Nov 2013 – The latest Top 500 Supercomputer list is out. At the very top, you’ll find Tianhe-2 which runs Linux. This supercomputer is once more the world’s fastest supercomputer with a performance of 33.86 petaflop/s (quadrillions of calculations per second) on the Linpack benchmark. [More]

NSA infected 50,000 networks with malware, 23 Nov 2013 – A management presentation dating from 2012 explains how the NSA collects information worldwide. The presentation shows that the intelligence service uses ‘Computer Network Exploitation’ (CNE) in more than 50,000 locations. CNE is the secret infiltration of computer systems achieved by installing malware. [More]

Introduction to the Surveillance Industry Index

IFEX, 20 Nov 2013 – Privacy International has been gathering information from various sources that details how the private surveillance sector sells its technologies, what the technologies are capable of and in some cases, which governments a technology has been sold to. [More]

How antivirus vendors handle state-sponsored malware

European Digital Rights, 20 Nov 2013 – ESET, F-Secure, Kaspersky, Panda, and Trend Micro respond to questionnaire re: state-sponsored malware. [More]

Google moves forward towards a more perfect SSL

ZDnet, 20 Nov 2013 – Google’s enthusiasm two years ago for Forward Secrecy makes a lot of sense considering all the revelations in the last several months about NSA monitoring of everyone and everything. Google has eliminated the last SSL certificate with a 1024-bit key from their network. Now they are all-2048-bit. [More]

Stuxnet’s Secret Twin

Foreign Policy, 19 Nov 2013 – Stuxnet is not really one weapon, but two. The vast majority of the attention has been paid to Stuxnet’s smaller and simpler attack routine — the one that changes the speeds of the rotors in a centrifuge, which is used to enrich uranium. But the second and “forgotten” routine is about an order of magnitude more complex and stealthy. [More]
Related: Hardcore Malware: Stuxnet, Duqu, and Flame

Internet Engineers Plan a Fully Encrypted Internet

MIT Technology Review, 18 Nov 2013 – In response to the public outcry over mass Internet surveillance by the NSA, the engineers who develop the protocols that underpin the Internet are deep into an effort to encrypt all Web traffic, and expect to have a revamped system ready to roll out by the end of next year. [More]

Internet architects propose encrypting all Web traffic

Ars Technica, 14 Nov 2013 – A vastly larger percentage of the world’s Web traffic will be encrypted under a near-final recommendation to revise the Hypertext Transfer Protocol (HTTP) that serves as the foundation for all communications between websites and end users. [More]

The Cost of Cryptography

Nautilus, 14 Nov 2013 – Today, a set of encryption schemes standardized in 2001 (built around AES) allows movies to be encrypted and streamed in real time, even on relatively small devices, such as tablets and smartphones, at almost no computing cost. [More]

Microsoft pushes crypto standards forward

ZDnet, 14 Nov 2013 – Microsoft announced Tuesday that they would be ending support for the SHA-1 protocol in certificates, de-prioritizing the RC4 cipher and turning TLS 1.2 on by default in Internet Explorer v11. [More]

Moving forward on improving HTTP’s security – HTTP 2.0

World Wide Web Consortium, 13 Nov 2013 – There seems to be strong consensus to increase the use of encryption on the Web, but there is less agreement about how to go about this. [More]

What NSA spying on Google means for your business

Tech Republic, 11 Nov 2013 – The NSA has been revealed to be collecting data from the communication links used by Google and Yahoo data centers. What does this mean for you and your business? [More]

Web browser automation helps purveyors of malware

Tech Republic, 11 Nov 2013 – The risks of DNS prefetching, page prefetching, session cookies, and plugins. [More]

Internet security besieged

The Economist, 9 Nov 2013 – Stung by revelations of ubiquitous surveillance and compromised software, the Internet’s engineers and programmers ponder how to fight back. [More]

Porn-viewing bosses infect corporate networks

CNN Money, 8 Nov 2013 – According to a recent survey by software firm ThreatTrack Security, 40% of tech support employees admit they’ve had to clean an executive’s corporate device after the boss visited an infected porn website. [More]

Snowden persuaded other NSA workers to give up passwords

Reuters, 7 Nov 2013 – Snowden may have persuaded between 20 and 25 fellow workers at the NSA regional operations center in Hawaii to give him their logins and passwords by telling them they were needed for him to do his job as a computer systems administrator. [More]

Google engineers rage at NSA

ZDnet, 6 Nov 2013 – Google engineers are taking to their Google+ pages to vent their fury at the NSA for the violation of their back-end security systems committed by the NSA. [More]

Despite technical controls, social engineering still effective

Tech Republic, 6 Nov 2013 – A security researcher says there is a 100-percent success rate any time pen-testing uses social engineering to target victims. [More]

IETF responds to NSA spying revelations

IETF, 6 Nov 2013 – Reports about pervasive surveillance have been the big discussion topic in the Internet community in the last couple of months. Our commerce, business, and personal communications all depend on the Internet being secure and trusted, so the situation is disturbing. [More]
YouTube: IETF 88 Technical Plenary: Hardening The Internet

Online activity shrinks, changes post-Snowden

WeLiveSecurity, 4 Nov 2013 – How could the Snowden/NSA news damage GDP and profits? How about a reduction in online shopping and online banking. Our survey data suggests this reduction is not hypothetical, it is real, and not just a few percentage points. [More]


Written by Doug Vitale

January 7, 2014 at 10:35 AM

%d bloggers like this: