Doug Vitale Tech Blog

September-October 2013 News Archive

“Dark Mail Alliance” Plans to Keep NSA Out of Your Inbox

Slate, 30 Oct 2013 – On Wednesday, two American companies with a track record of offering encrypted private communications are set to join forces in an unprecedented bid to counter dragnet Internet spying. [More]

Is An Identity Thief’s Dream Come True?

Forbes, 30 Oct 2013 – It is self-evident from the fiasco that best practices vis-à-vis the development of secure software were not followed, to put it mildly. It is obvious that proper testing was not done; clearly, a system that was never properly tested to ensure that it works was never tested to ensure that it works securely. [More]

What’s Changed in Security Technologies in Windows 8.1

Microsoft Technet – Malware resistance, Secure Boot, Dynamic Access Control, BitLocker, etc. [More]

NSA infiltrates links to Yahoo, Google data centers

Washington Post, 30 Oct 2013 – The National Security Agency has secretly broken into the main communications links that connect Yahoo and Google data centers around the world, according to documents obtained from former NSA contractor Edward Snowden and interviews with knowledgeable officials. [More]
Additional reference: Meet ‘Muscular’: NSA accused of tapping links between Yahoo, Google datacenters (ZDNeT)

Microsoft releases new Security Intelligence Report Vol. 15

Microsoft Technet, 29 Oct 2013 – The report analyzes malware, exploits and more based on data from more than a billion systems worldwide and some of the Internet’s busiest online services. [More]

Departing Employees Are Security Horror

Wall Street Journal, 21 Oct 2013 – Workers who wanted to take confidential corporate information with them when they left a company used to have to sneak paper documents out the door. Now, in a few clicks, corporate secrets can be downloaded to a mobile device or uploaded to an online storage service. [More]

Cyber defenders are in short supply as hacking wars escalate

NBC News, 14 Oct 2013 – For the governments and corporations facing increasing computer attacks, the biggest challenge is finding the right cyber warriors to fight back. [More]

Backdoor found in D-Link router firmware code

PC World, 14 Oct 2013 – A backdoor found in firmware used in several D-Link routers could allow an attacker to change a device’s settings, a serious security problem that could be used for surveillance. [More]

Core Internet institutions abandon US government

Internet Governance Project, 11 Oct 2013 – In Montevideo, Uruguay this week, the Directors of all the major Internet organizations – ICANN, the Internet Engineering Task Force, the Internet Architecture Board, the World Wide Web Consortium, the Internet Society, all five of the regional Internet address registries – turned their back on the US government. With striking unanimity, the organizations that actually develop and administer Internet standards and resources initiated a break with 3 decades of U.S. dominance of Internet governance. [More]

Xbox One online gaming over IPv6

Deploy360, 10 Oct 2013 – Microsoft’s Chris Palmer explained that the Xbox One gaming console uses IPv6 for the peer-to-peer (p2p) communication between gamers. His slides are now available from the NANOG site and they walk through the IPv6 support and the rationale for the continued use of the Teredo transition technology so that Xbox One will work over IPv4. [More]

Can NIST Be Trusted?

IEEE Spectrum, 9 Oct 2013 – The National Institute of Standards and Technology has an image problem. Revelations that the NSA undermined NIST has left cryptographers feeling uneasy. [More]

Top 10 Countries With the Most Internet Freedom

Mashable, 9 Oct 2013 – Iceland has the fewest barriers to Internet freedom, according a recent study ranking countries based on obstacles to access, limits on content and violations of user rights. [More]

Changes to Google Chrome and Chrome OS certificate handling

Tech Republic, 8 Oct 2013 – This past month we’ve seen one such discussion thread happening on the mailing list of Chromium, which hints at some certificate handling changes that Chrome and Chrome OS users may expect in the coming year. [More]

Microsoft awards $100,000 to researcher for attack technique

ZDnet, 8 Oct 2013 – Microsoft has awarded $100,000 to researcher James Forshaw for a new attack technique which bypasses an attack mitigation in Windows 8.1. The reward $100,000 is the maximum payout in Microsoft’s Mitigation Bypass Bounty program. [More]

CMU Researchers Claim Messaging App Even NSA Can’t Crack

CBS, 8 Oct 2013 – Carnegie Mellon University researchers claim they have created a smartphone messaging app with security that not even the National Security Agency can break. The app is called SafeSlinger, and is free on the iTunes store, and Google Play store for Android phones. [More]

13 Anonymous members indicted over ‘Operation Payback’

ZDNet, 4 Oct 2013 – Suspected members of the hacktivist collective Anonymous have been indicted in connection to cyberattacks on targets including Visa, Mastercard and the MPAA as part of “Operation Payback.” [More]

Enterprise Architecture: The Key to Cybersecurity

Techdirt, 4 Oct 2013 – If a building had 20 exterior doors and you locked 19 of them, would you be 95% secure? The answer to this 20-doors problem, of course, is absolutely not – you’d be 0% secure since the bad guys are generally smart enough to find the unlocked door. [More]

How The NSA Pulls Off Man-In-The-Middle Attacks: With Help From The Telcos

Techdirt, 4 Oct 2013 – Buried in one of the earlier Snowden leaks was the news that the GCHQ and NSA were likely running man-in-the-middle attacks on Google. The latest leaks show why those work. [More]

NSA and GCHQ target Tor network

The Guardian, 4 Oct 2013 – The National Security Agency has made repeated attempts to develop attacks against people using Tor, a popular tool designed to protect online anonymity, despite the fact the software is primarily funded and promoted by the US government itself. [More]

How the FBI tracked down Silk Road’s ‘Dread Pirate Roberts’

Daily Dot, 2 Oct 2013 – The big question on everyone’s mind is how law enforcement got Dread Pirate Roberts, the site’s mysterious founder, who had managed to remain anonymous since launching Silk Road in 2011. [More]

2013 Norton Report: Cost per Cybercrime Victim Up 50 Percent

Symantec, 1 Oct 2013 – Symantec (NASDAQ:SYMC) today released findings from the 2013 Norton Report, which shows that while the number of online adults who have experienced cybercrime has decreased, the average cost per victim has risen by 50 percent. [More]

Introduction to online identity protection and management

Internet Society, 1 Oct 2013 – Informative videos to share with your less technically savvy friends and family members. [More]

Linux is more secure, but not invulnerable

Tech Republic, 1 Oct 2013 – Back in the day, I would have looked you in the face and said squarely, “There’s no way anyone is going to hack a Linux server!” My tune now is a bit more somber, sober, and far more realistic. [More]

Government shutdown could test IT security at federal agencies

Network World, 1 Oct 2013 – Several agencies, over the past few days, have released contingency plans showing that they will have to heavily scale down their IT teams to maintain, manage and protect IT infrastructure during a shutdown. [More]

BitTorrent experiments with secure chat

CNET, 30 Sep 2013 – The aftermath of the NSA spying revelations has people and companies scrambling for ways to create more secure communications, which has led BitTorrent to build a instant-message chat client that follows the torrenting principle of decentralized data transfer. [More]

IPv6 gathering momentum

ZDnet, 27 Sep 2013 – Fortunately, we are slowly, ever so slowly, moving to IPv6. In no small part, that’s because of the growth of 4G phones and tablets. [More]

U.S. Says Iran Hacked Navy Computers

Wall Street Journal, 27 Sep 2013 – U.S. officials said Iran hacked unclassified Navy computers in recent weeks in an escalation of Iranian cyberintrusions targeting the U.S. military. [More]

Google tightening SSL security in Chrome

ZDnet, 25 Sep 2013 – In a post to the CA/Browser Forum Public Discussion List, Google has set out plans to enforce high standards for security of SSL/TLS certificates in Chrome and products built on it. [More]

Researchers create nearly undetectable hardware backdoor

Tech Republic, 25 Sep 2013 – Even though hardware backdoors are rare and notoriously difficult to pull off, they are a cause of concern because the damage they could cause could be much greater than software-based threats. [More]

F-Secure 1st Half 2013 Threat Report released

F-Secure, 24 Sep 2013 – F-Secure summarizes the most prominent and damaging cyber security threats of H1 2013, including Java exploits, BitCoin mining, ransomware, mobile device malware, and phishing. [More]

Four new ways to smuggle messages across the Internet

IEEE Spectrum, 23 Oct 2013 – SkyDE, StegTorrent, StegSuggest, and WiPad offer steganographic options for improving online privacy. [More]

How a Crypto ‘Backdoor’ Pitted the Tech World Against the NSA

Wired, 24 Sep 2013 – Early this month the New York Times drew a connection between a talk by Microsoft security employees and memos leaked by Edward Snowden, classified Top Secret, that apparently confirms that the weakness in the standard ‘Dual_EC_DRBG’ algorithm was indeed a backdoor. The Times story implies that the backdoor was intentionally put there by the NSA as part of a $250-million, decade-long covert operation by the agency to weaken and undermine the integrity of a number of encryption systems used by millions of people around the world. [More]

Google IPv6 traffic passes 2%

Deploy360, 24 Sep 2013 – This week the percentage of users reaching Google services over IPv6 crossed the 2% threshold, according to Google’s regularly published statistics. [More]

SteamOS: The Linux for games is coming

ZDnet, 23 Sep 2013 – In its next move in making Linux the top gaming operating system, Valve is releasing its own Linux distribution, SteamOS. [More]

Let Windows XP die with dignity

ZDnet, 20 Sep 2013 – XP is a relic of a bygone era. It’s time to let it go. It is ridiculous to think that a software company should support a product indefinitely. [More]

Federal Networks Can’t Handle Planned IT Upgrades

Tech News World, 18 Sep 2013 – More than 80 percent of federal network managers saw major bottlenecks ahead as a result of implementing programs related to major IT initiatives. They expected their agencies’ total network load to increase by 79 percent as a result of pursuing those initiatives. [More]

The NSA tried to backdoor Linux

eWeek, 18 Sep 2013 – Torvalds was asked if he had ever been approached by the U.S. government to insert a backdoor into Linux. Torvalds responded “no” while nodding his head “yes,” as the audience broke into spontaneous laughter. [More]

Who writes Linux? Almost 10,000 developers

ZDNet, 16 Sep 2013 – The largest collaborative project in the history of computing is growing larger than ever with over 10,000 developers contributing to Linux in the last eight years. [More]

Encryption Still Works – It’s How You Implement It

CA Security Council, 16 Sep 2013 – The September 5th joint article by the New York Times and Guardian newspapers on NSA’s and GCHQ’s efforts to circumvent encryption implementation have left many people speculating on the security of the data they are transmitting over the Internet. The articles point out that the primary means of attacking SSL/TLS do not exploit a vulnerability in the protocol itself but instead aim to exploit poor implementations of the protocol, insecure servers, and weak cryptography. [More]

What’s better than creating your own DDoS attack? Renting one

Tech Republic, 16 Sep 2013 – Interested in denying someone access to the Internet? For a nominal fee, anyone can easily wreak havoc on someone else’s Internet experience. Ten dollars provides a very nice DDoS platform, featuring one 60-second long attack that can be used as often as needed for an entire month. [More]

How Search Engines Work — Really!

Search Engine Land, 16 Sep 2013 – Here is a high level explanation of how one search engine (Google) works. While the terminology and order of operations may change slightly, Bing and Yahoo use a similar protocol. [More]

Valve founder: Linux is the future of gaming, new hardware coming soon

ArsTechnica, 16 Sep 2013 – Gabe Newell, the co-founder and managing director of Valve, said today that Linux is the future of gaming despite its current minuscule share of the market. [More]

Report: NSA mimics Google to monitor targeted Web users

Mother Jones, 12 Sep 2013 – Buried in a Brazilian television report was the disclosure that the NSA has impersonated Google and possibly other major internet sites in order to intercept, store, and read supposedly secure online communications. The spy agency accomplishes this using what’s known as a “man-in-the-middle (MITM) attack. [More]

Did the FBI Lean On Microsoft for Access to Its Encryption Software?

Mashable, 11 Sep 2013 – The FBI, concerned about its ability to fight crime apparently repeatedly asked Microsoft to put a backdoor in its Bitlocker software. [More]

The outrageous costs of data center downtime

Tech Republic, 9 Sep 2013 – Google’s recent 5-minute outage is reported to have cost over $500,000 and led to a 40% drop in worldwide Internet traffic. [More]

What the experts say about encryption

Tech Republic, 9 Sep 2013 – “The recent exposure of the dragnet-style surveillance of Internet traffic has provoked a number of responses that are variations of the general formula, ‘More encryption is the solution.’ This is not the case. In fact, more encryption will probably only make the privacy crisis worse than it already is.” [More]

The real problem blocking Linux support for apps and games

Network World, 9 Sep 2013 – “Until we can figure out a better way to automate testing and building games for, there’s no way that the economics of Linux support make sense for us. That said, we do know that there are plenty of people who want to be able to play their games with Linux-native support from us, and we continue to look for ways where we can automate this until it reaches a point where it is something that we believe we can do and not lose money at it.” [More]

Google encrypts data amid backlash against NSA spying

Washington Post, 9 Sep 2013 – Google is racing to encrypt the torrents of information that flow among its data centers around the world in a bid to thwart snooping by the NSA and the intelligence agencies of foreign governments. [More]

Steganography: How To Send Messages That Even The NSA Cannot Read

Forbes, 8 Sep 2013 – Reports that the NSA has developed mechanisms for reading data encrypted with many of today’s standard encryption mechanisms raise the question: Is there any way to send a message across the Internet that nobody other than the intended recipient can read? One solution is literally in plain sight – steganography. [More]

Middle East’s Upheaval Breeds Hacktivists

IEEE Spectrum, 6 Sep 2013 – McAfee told Reuters this week that more than half of the cybercrime activity now occurring in the Middle East can be characterized as “hacktivism” by politically motivated programmers looking to sabotage opposition institutions or groups. [More]

The NSA’s Secret Campaign to Crack, Undermine Internet Security

ProPublica, 5 Sep 2013 – The NSA has circumvented or cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems, protects sensitive data like trade secrets and medical records, and automatically secures the e-mails, Web searches, Internet chats and phone calls of Americans and others around the world, newly released documents show. [More]
Reference 2: New York Times
Reference 3: Internet Society response

Who’s Got the Best (and Worst) Internet Connections in America

Gizmodo, 5 Sep 2013 – In the digital age, access to high speed Internet is fundamentally important. But some regions of the country are still left out in the cold. [More]

Vinton Cerf decries government Internet surveillance, urges IPv6 adoption by ISPs

Tech Week, 4 Sep 2013 – Vint Cerf has called on the general public to get their ISPs to hurry up with IPv6 deployments. [More]

Computer World, 5 Sep 2013 – The main threat to the future of the Internet lies in attempts to control the Internet through governance policy, according to Google executive and ‘god-father’ of the Internet, Vint Cerf. [More]

Is There a U.S. IT Worker Shortage?

IEEE Spectrum, 4 Sep 2013 – Peter Sondergaard, senior vice president at Gartner, stated in October 2012 that, “By 2015, 4.4 million IT jobs globally will be created to support Big Data, generating 1.9 million IT jobs in the United States.” [More]

COBIT 5 for information security: The underlying principles

Tech Republic, 4 Sep 2013 – COBIT 5, a governance model for enterprise IT, introduces a framework that is better focused on information security. [More]
COBIT: reference 1, reference 2


Written by Doug Vitale

November 9, 2013 at 11:20 AM

%d bloggers like this: