Skip Links

Network World

Security

Privacy about to punted again when 'balanced' against need for govt spying

There was talk about balancing privacy against the online spying needs of governments and that this surveillance and tracking should not bother you if you've done nothing wrong and have nothing to hide. Balance? Bite me.
Submitted by Ms. Smith on Mon, 11/28/11 - 3:34pm.

With the cyber-world such as it is now, constant breaches because companies are careless and lax about protecting our personal information, it might be true what the Office of Inadequate Security pointed out, "Maybe all companies should add 'check Pastebin' to their daily security to-do list." As if there's not enough personal info dumped about us all to invade privacy, any time there is talk about security and you hear the word 'balance' being used, citizens' privacy is about to be punted. This time it was in regard to online spying

Read more

Feds nuke 150 website domains for selling fake goods

FBI, DoJ part of Cyber Monday counterfeiting crackdown
Submitted by Layer 8 on Mon, 11/28/11 - 12:37pm.

In its second annual Cyber Monday bust-fest, US law enforcement today said it seized 150 domain names from commercial websites it said engaged in the sale and distribution of counterfeit goods and copyrighted works.

The 150 seized domains are now custody of the federal government and site visitors will see a banner that notifies them that the domain name has been grabbed by federal authorities.  

Read more

DARPA to banish “geeky, formal” way code defects are eradicated

DARPA program seeks to make complicated software code verification process into a game
Submitted by Layer 8 on Tue, 11/22/11 - 1:44pm.

For every 1,000 lines of code, one to five bugs are introduced. And getting those bugs out of the millions of lines of software code that run today's complex systems is costly and only performed by highly specialized researchers with deep knowledge of software and mathematical theorem-proving techniques. 

Read more

Nine successful, effective IT project tips

GAO looks at some successful government projects and finds nine best practices others could emulate
Submitted by Layer 8 on Tue, 11/22/11 - 11:18am.

Most often when the watchdogs at the Government Accountability Office are called into to check out an agency, process or project they are looking for something that has gone wrong.  This week, however the group took a look at some government IT projects that have gone right and came up with some best practices other government agencies  or in public corporations could emulate to achieve success in their own IT projects.

Read more

Google, Facebook part of FTC facial recognition technology assessment

FTC holding a workshop to examine facial recognition privacy, security concerns
Submitted by Layer 8 on Mon, 11/21/11 - 3:30pm.

The Federal Trade Commission has set the lineup for its workshop next month that will examine the privacy and security impact of facial recognition technology.

Read more

MalCon: Malware Hacking Conference for Twisted Pen Testers

Twisted pen testers (hackers) and malcoders are meeting at a malware conference to release malware for the Kinect so it secretly spies on you, exploit exploit kits, show off invisible malware for Apple and to get root on Windows 8 with a bootkit.
Submitted by Ms. Smith on Mon, 11/21/11 - 3:03pm.

While most Americans will be lulled into a Turkey coma, or perhaps fighting Black Friday crowds, a MalCon conference in Mumbai will be kicking off with a wicked 'muhahaha' from malware and information security researchers as they dive into twisted pen testing. It's a bit like the anti-antivirus crowd. While MalCon said it does not promote malware creation, it also laughs and answers "no" to the question of if it's a trap to profile malcoders.

Read more

Monkey, Dragon, football and the rest of 2011's worst passwords

Predictably bad passwords reign again in 2011, security company says
Submitted by Alpha Doggs on Sun, 11/20/11 - 12:53pm.

Maybe people go with passwords like 123456 and the very tricky 12345678 because they think they're so obvious that hackers won't guess them?

Anyway, SplashData, a maker of password management and other mobile apps, has released its list of the 25 worst passwords of 2011 (in other words, most common) and they're mostly predictable, with a few oddballs tossed in.

Read more

Raytheon gets $10.5M to develop "serious games"

US intelligence group wants games that eliminate bias, improve decision-making
Submitted by Layer 8 on Fri, 11/18/11 - 3:18pm.

These aren't your basic video gaming systems here.  The US government gave Raytheon BBN Technologies a $10.5 million today to develop what it called "serious games" that result in better decision-making by teaching players to recognize and diminish the effects of their own biases when analyzing information used to make decisions.   

Read more

Hacker takes aim at Homeland, posts 'proof' of hacking SCADA for Houston's water supply

DHS selects Online Trust Alliance for cyber training to increase awareness and to stem the flood of spear phishing attacks on government agencies meant to steal secrets or wreak havoc on critical U.S. infrastructure. Cyber mayhem strikes as hackers launch digital attack that destroyed a water pump in real time and the physical world of Springfield, Illinois. Unhappy with Homeland Security's response, a hacker took aim at the SCADA system behind Houston's water supply network and posted 'proof of concept' hack.
Submitted by Ms. Smith on Fri, 11/18/11 - 1:21pm.

What would make you nibble, take the bait, and open an email? Because you think you know the sender is trusted, or because it appears to be related to something that happened in real time in our physical world like an earthquake or a hurricane?

Read more

Too much social media networking: Paranoia of Big Brother surveillance may destroy ya

The biggest cybersecurity agency in Europe peeked at the future, 2014, to predict the effects of online social media connectivity 24/7 and concluded that too much social networking could make you paranoid and feel like you are constantly under surveillance by Big Brother.
Submitted by Ms. Smith on Wed, 11/16/11 - 12:34pm.

If you think 24/7 connectivity is nothing new for you, and you constantly check in on Foursquare, use location-aware apps, update Facebook or other social media statuses with your geo-tagged photos, then you probably have no location-awareness sharing issues and are not overly concerned if you lose locational privacy. In the year 2014, your futuristic automated smart home can update statuses for you; even more personal data will be logged coming from emerging technology; interaction with the power grid, smart meters, IP TVs, smart appliances, movie theaters harvesting emotions, robots, GPS in cars and smartphones, and products that stalk you will create a life-log. By 2014 there will be a plethora of programs, mobile apps and devices to track you that will create and store records of your movements, activities and behaviors; this is the scene that Europe's biggest cybersecurity agency studied "to predict positive and negative effects of online 'life-logging' on citizens and society."

Read more

"There Would Be No Cloud Without Open Source" - Simon Crosby

XenSource pioneer talks about cloud, security and open source
Submitted by Alan Shimel on Wed, 11/16/11 - 8:20am.

I first became aware of cloud security issues listening to Simon Crosby, fresh off of taking in millions and millions of Citrix dollars when they bought XenSource, speak with my friend Chris Hoff at several conferences, podcasts and blog posts. In many ways Crosby and Hoff brought cloud security and even cloud computing itself to the forefront in many peoples minds.

Read more

Busted! DOJ says you might be a felon if you clicked a link or opened email

People don't always tell the truth online, imagine that, and if the Department of Justice has its way then that would be a criminal offense. In fact, a law professor says that under the Justice Department's interpretation of the Computer Fraud and Abuse Act, you could be convicted for "Routine and entirely innocent conduct such as visiting a website, clicking on a hyperlink, or opening an e-mail." You also might be a felon under the anti-hacking law if...
Submitted by Ms. Smith on Tue, 11/15/11 - 3:32pm.

We may be doomed and you are probably a felon if you ever used a fake name online, used a bogus birthday to register on a site, or fibbed about your height or weight on an online dating profile, named a different town or city in a profile, or basically didn't tell the exact truth anywhere online. Never done that?

Read more

IBM: Analytics, mobile, cloud, social applications will drive future IT development

IBM survey says cloud applications will outpace virtualization as the top cloud development in the next 24 months
Submitted by Layer 8 on Tue, 11/15/11 - 11:45am.

It's clear by the increasing use of analytics software that companies are struggling to get their hands around the huge amounts of data it takes to run a successful business.  But  developing social, mobile, cloud computing and other applications are also driving the need for new technical skills.

Read more

Do you give up a reasonable expectation of privacy by carrying a cell phone?

As seen at a secret conference open only to law enforcement and intelligence agencies, vendors offered cell phone capturing equipment and lessons about location tracking via mobile phones. Does it, however, violate the Fourth Amendment? Do you give up a reasonable expectation of privacy and freedom from being tracked by carrying a cell phone?
Submitted by Ms. Smith on Mon, 11/14/11 - 2:02pm.

Tracking via mobile devices continues to be a popular, yet extremely invasive means of electronic location surveillance with law enforcement. We looked at secret sessions that teach government and law enforcement how to hack and conduct surveillance on the masses. At that same ISS World Americas conference, there were several teaching sessions devoted to mobile devices and vendors promoting surveillance tech and cell phone capturing equipment.

Read more

Shipping-related spam rises as holidays near

According to no less of an authority than our IT department
Submitted by Paul McNamara on Mon, 11/14/11 - 10:48am.

I just received this alert from my company's IT department, and, while I'm sure all of you regular readers are already on your toes regarding this stuff, it might be a good time to offer a reminder to your end users ... at work and at home:

Read more

Secret Snoop Conference for Gov't Spying: Go Stealth, Hit a Hundred Thousand Targets

Forget passive monitoring; go stealth to hit your target says the Hacking Team which sells hacking techniques and tools for invasive surveillance of the masses. Better yet, hit a hundred thousand targets. As the Police once sang, "Every breath you take and every move you make...I'll be watching you," and that seems to sum up the Italian vendor Hacking Team and what it pimps at Intelligence Support Systems (ISS) conferences.
Submitted by Ms. Smith on Thu, 11/10/11 - 3:21pm.

Forget passive monitoring for government spying; go stealth to hit your target says the Hacking Team which sells hacking techniques and tools for invasive surveillance of the masses. Better yet, hit a hundred thousand targets. We looked at legal means, with a Trojan horse warrant for remote computer searches. But what about those areas of mass surveillance without a warrant that seem shaded grey and lawfully questionable to many of us concerned about privacy? There are interesting conferences in which the doors are locked to Joe and Jane Doe, but thrown wide open for intelligence agencies and law enforcement. So what goes on behind those doors that are shut to the general public? IIS World Americas is open only to "law enforcement, intelligence, homeland security analysts and telecom operators responsible for lawful interception, electronic investigations and network intelligence." There are many vendors of products that assist the government in spying, but the Hacking Team should send an eerie eavesdropping chill up your spine.

Read more

DARPA to detail program that radically alters security authentication techniques

DARPA wants technology that jumps beyond strong password protection
Submitted by Layer 8 on Thu, 11/10/11 - 12:17pm.

Researchers from the Defense Advanced Research Projects Agency will next week detail a new program it hopes will develop technology to dramatically change computer system security  authorization.

Read more

US snapshot of broadband world finds disparity and dial-up

Census data points to increased broadband use, but social, economic differences exist
Submitted by Layer 8 on Thu, 11/10/11 - 9:36am.

Almost seven of 10 households in the United States subscribe to broadband service while 68% of American households used broadband Internet in 2010, up from 64% in 2009 and only 3% of households still rely on dial-up access to the Internet in 2010, down from 5 percent in 2009.

Those were but a few of the interesting facts found in a snapshot of broadband use in the US released this week by the Department of Commerce and National Telecommunications and Information Administration (NTIA).

Read more

FBI takes out $14M DNS malware operation

NASA computers amongst 4 million infected by DNS-based malware scam
Submitted by Layer 8 on Wed, 11/09/11 - 3:28pm.

US law enforcement today said it had smashed what it called a massive, sophisticated Internet fraud scheme that injected malware  in more than four million computers in over 100 countries while generating $14 million in illegitimate income. Of the computers infected with malware, at least 500,000 were in the United States, including computers belonging to U.S. government agencies, such as NASA. 

Read more

4th Amendment vs Virtual Force by Feds, Trojan Horse Warrants for Remote Searches?

Can the government legally deploy malware for eavesdropping and remote searches, in order to investigate and control potential criminal activity? Here's a look at the future of the Fourth Amendment if the Feds lawfully use virtual force to remotely search computers and how such Trojan horse warrants would work. Part two of looking at Susan Brenner's paper, Fourth Amendment Future: Remote Computer Searches and the Use of Virtual Force.
Submitted by Ms. Smith on Wed, 11/09/11 - 7:57am.

If you missed part one, Fourth Amendment's Future if Gov't Uses Virtual Force and Trojan Horse Warrants, then please go catch up with the rest of us. This time we'll look at Remote Access Trojans (RAT) which are nothing new, yet assume that this government-injected malware/spyware was not detected by antivirus. Also in this case, we are not assuming the target is a SE (social engineering) victim who opens an email or clicks on a link that installs the backdoor into their digital life. This isn't about if I agree or if I think that sort of privacy invasion is right (if you are wondering, then you've never read this blog huh?); this is about an interesting paper that discussed if the government/law enforcement can legally get around your Fourth Amendment rights and secretly install software for remote searches.

Read more