Doug Vitale Tech Blog

November – December 2015 News Archive

Recently Bought a Windows Computer? Microsoft Probably Has Your Encryption Key

The Intercept, 28 Dec 2015 – ONE OF THE EXCELLENT FEATURES of new Windows devices is that disk encryption is built-in and turned on by default, protecting your data in case your device is lost or stolen. But what is less well-known is that, if you are like most users and login to Windows 10 using your Microsoft account, your computer automatically uploaded a copy of your recovery key — which can be used to unlock your encrypted disk — to Microsoft’s servers, probably without your knowledge and without an option to opt out. [More]

Feds Scrambling to Close Backdoor in Widely Purchased IT Gear

Defense One, 23 Dec 2015 – The Department of Homeland Security and federal agencies are in incident-response mode as they work to remove listening posts in software planted by suspected cyberspies. The unauthorized code can allow attackers to invisibly decrypt communications passing through widely-used Juniper Networks firewalls, according to the company. The existence of the three-year old bug was disclosed on Dec. 17. The government has spent about $13 million on Juniper products since 2012. [More]

Attack of the health hackers

Financial Times, 21 Dec 2015 – Last January an administrator at health insurer Anthem noticed an unusually complex query running on the computer network. It looked like a colleague was responsible, but a quick check revealed that it was coming from somewhere else. Minutes later, Anthem was in crisis mode. Investigators believe the hackers were from China and had been operating undetected inside the company’s network for months. They gained access by tricking the employee to click on a phishing email that was disguised to look like an internal message. [More]

Social Engineering: How an Email Becomes a Cyber Threat

Security Week, 16 Dec 2015 – As data moves online, social engineering techniques, where cyber thieves perform reconnaissance, collecting personal information of company employees and then attempting to get those employees to take an action, have become far more personalized, technologically advanced and ultimately successful. [More]

Network Engineers Becoming System Administrators

Network Computing, 10 Dec 2015 – No two IT support groups are set up exactly the same, and some degree of functional overlap has always been common. But now we’re seeing a lot of technical cheese being moved in a way that frequently puts network support folks squarely in the roles of system administrators. [More]

Feinstein Bill Would Require Social Media Companies To Report Online ‘Terrorist Activity’

CBS, 8 Dec 2015 – Lawmakers have introduced a bill that would require technology companies to report online “terrorist activity” they become aware of to law enforcement. The “Requiring Reporting of Online Terrorist Activity Act” introduced by Democratic Sen. Dianne Feinstein and Republican Sen. Richard Burr is modeled on a law requiring reporting of online child pornography. [More]

Why Network Engineers Need To Learn Linux

Network Computing, 8 Dec 2015 – I’m going to suggest that one of the most important areas we as network engineers can focus on is Linux. First off, it’s becoming more and more apparent that most network operating systems are based on some variation of Linux. Different vendors offer varying degrees of access to the underlying Linux operating system with the trend being to give the user more and more access into system internals. Secondly, we can’t ignore the proliferation of Linux-based projects such as OpenStack, Docker, and Kubernetes and the impact they are having in the IT space. [More]

Microsoft assists law enforcement to help disrupt Dorkbot botnets

Microsoft TechNet, 3 Dec 2015 – Law enforcement agencies from around the globe, aided by Microsoft security researchers, have today announced the disruption of one of the most widely distributed malware families – Win32/Dorkbot. This malware family has infected more than one million PCs in over 190 countries. Dorkbot spreads through USB flash drives, instant messaging programs, and social networks. It steals user credentials and personal information, disabling security protection, and distributing several other prevalent malware families. [More]

Encryption and law enforcement: aiming for trust

Internet Society, 2 Dec 2015 – What would a world of pervasive encryption look like? How would it change the ways in which we use the Internet? How do we get to that world? And how would law enforcement work? These were some of the questions that we asked to a set of international experts (including law enforcement, private sector, civil society, technical community, intergovernmental agency). While all panelists agreed there is both a need to ensure the security of citizens and to protect the confidentiality of online communications, views diverged on whether exceptional access for governments to encrypted material would be effective, technically feasible and proportionate. [More]

Countries with the Best Internet Connections in the World

Science Alert, 2 Dec 2015 – According to the study, which took into account Internet speed and the percentage of people who have access to a connection, we all need to move to South Korea if we want to be better connected – it just topped the list for the second time in a row. Other developed countries, however, didn’t fare as well as you might expect. [More]

2015: Year of the healthcare security breach

Fierce Health IT, 1 Dec 2015 – IBM is calling 2015 the year of the healthcare security breach, noting in a report that five of the eight largest security breaches in the sector occurred in the first half of the year. Nearly 100 million healthcare records were compromised in those five incidents, according to an article at Security Intelligence. [More]

3.2B People Online Globally, Mobile Overtakes Home Internet Use

TechCrunch, 30 Nov 2015 – Overall there are now 3.2 billion people online, but mobile networks continue to lead the way when it comes to connecting people for the next generation of communications: Mobile subscriptions are now at 7.1 billion globally, and more than 95% of the world’s population are now within reach of a mobile network signal. [More]

Embedded Devices at Risk After Research Uncovers Industry-Wide Flaws

InfoSecurity Mag, 27 Nov 2015 – Security researchers have uncovered industry-wide reuse of the same cryptographic keys “baked” into the firmware of routers, modems and other embedded devices. Security firm SEC Consult studied the firmware images of more than 4,000 such devices—including internet gateways, routers, modems, IP cameras, VoIP phones—and found 580 private keys distributed across them. What’s more, around 230 of these are actively being used on the Web. [More]

Nuclear Exploit Kit Spreading Cryptowall 4.0 Ransomware

Threat Post, 25 Nov 2015 – The SANS Internet Storm Center said on Tuesday that an attacker working off domains belonging to Chinese registrar BizCN has been moving the ransomware via the Nuclear Exploit Kit. SANS ISC handler and Rackspace security engineer Brad Duncan said that until recently, Cryptowall 4.0 has been moved almost exclusively via malicious spam and phishing emails. He said this is the first time Cryptowall 4.0 has been infecting machines via an exploit kit. [More]

Li-Fi has just been tested in the real world, 100 times faster than Wi-Fi

Science Alert, 24 Nov 2015 – Expect to hear a whole lot more about Li-Fi – a wireless technology that transmits high-speed data using visible light communication (VLC) – in the coming months. With scientists achieving speeds of 224 gigabits per second in the lab using Li-Fi earlier this year, the potential for this technology to change everything about the way we use the Internet is huge. [More]

Average Cost per Lost Health Care Record is $363

HIE Answers, 18 Nov 2015 – A recent study by the Ponemon Institute calculated the cost of a healthcare related data breach to be $363 per record. This was the highest amount across all industries. A financial data breach cost $215 per record and a retail data breach cost $165 per record. [More]

FBI accused of paying US university for dark net attack

BBC, 12 Nov 2015 – Anonymity network Tor, notorious for illegal activity, has claimed that researchers at US Carnegie Mellon university were paid by the FBI to launch an attack on them. Tor claimed that the FBI was “outsourcing police work” and paid the university “at least $1m (£675,000)”. [More]

Internet of Things: The Enterprise Impact

Network Computing, 11 Nov 2015 – Preparing enterprise networking infrastructure for IoT isn’t just a matter of pulling more cables, putting in more WiFi access points and WAN links, and it’s not like supporting BYOD. It requires addressing increased DNS demands, new protocols, and different management requirements. [More]

Microsoft will host data in Germany to hide it from US spies

The Verge, 11 Nov 2015 – Microsoft is opening new data centers in Germany to allow European customers to hide their digital information from US government surveillance. The new data centers will open in late 2016 and will be operated by a subsidiary of Deutsche Telekom. [More]

The Internet Lives in a Huge Hotel in Manhattan

Wired, 11 Nov 2015 – At a carrier hotel, AT&T’s network can hook up with Verizon’s network. Verizon’s network can connect with Google’s network. And so on. Mostly, it’s a place for connecting big Internet service providers like AT&T and Verizon—the organizations that give homes and business their Internet connections—but increasingly, the companies that run massive applications over the Internet—like Google and Microsoft—are starting to run their own networks as well. [More]

In our Wi-Fi world, the Internet still depends on undersea cables

The Conversation, 3 Nov 2015 – Not many people realize that undersea cables transport nearly 100% of transoceanic data traffic. These lines are laid on the very bottom of the ocean floor. They’re about as thick as a garden hose and carry the world’s internet, phone calls and even TV transmissions between continents at the speed of light. A single cable can carry tens of terabits of information per second. [More]

Microsoft Admits Windows 10 Automatic Spying Cannot Be Stopped

Forbes, 2 Nov 2015 – Speaking to PC World, Microsoft Corporate Vice President Joe Belfiore explained that Windows 10 is constantly tracking how it operates and how you are using it and sending that information back to Microsoft by default. More importantly he also confirmed that, despite offering some options to turn elements of tracking off, core data collection simply cannot be stopped. [More]


Written by Doug Vitale

January 16, 2016 at 8:14 AM

%d bloggers like this: