ancientribe - Slashdot User

Submission + - Red Team, Blue Team: The Only Woman On The Team (darkreading.com)

Submitted by ancientribe on Thursday January 30, 2014 @11:04AM

ancientribe writes: Cyber security pro Kerstyn Clover in this Dark Reading post shares some rare insight into what it's like to be a woman in the field. She ultimately found her way to her current post as a member of the incident response and forensics team at SecureState, despite the common societal hurdles women face today in the STEM field: "I taught myself some coding and computer repair in probably the most painstaking ways possible, but my experiences growing up put me at a disadvantage that I am still working to overcome," she writes.

Submission + - How Snowden Did It (darkreading.com)

Submitted by ancientribe on Thursday November 14, 2013 @09:44AM

ancientribe writes: Key clues are emerging that provide a clearer picture of how Edward Snowden may have pulled off the most epic insider leak in history. Security firm Venafi says it has figured out how it all went down: Snowden fabricated SSH keys and self-signed digital certificates to access and ultimately steal the NSA documents, Venafi has concluded based on public information on the breach and their analysis. Venafi is also publicly challenging the NSA and Snowden to prove its conclusion wrong.

Submission + - DDoS Attack Used 'Headless' Browsers In 150-Hour Siege (darkreading.com)

Submitted by ancientribe on Friday October 18, 2013 @09:02AM

ancientribe writes: It sounds like a Halloween horror flick, but it's actually a real case of a rare form of a distributed denial-of-service attack (DDoS). The attackers pummeled a trading platform's website this past week in an attack what went on for a whopping 150 hours using a malicious version of a stripped-down browser simulation tool (aka Phantom JS, a headless browser), a tool for website developers to test apps and website loads. Marc Gaffan, co-founder of Incapsula, which fought the attack for the victim (its customer) says: "No one has 180,000 IPs at their disposal unless it's an amalgamation of separate botnets they are using interchangeably. This was a sophisticated and thought-out process."

Submission + - Stuxnet Expert Dismisses NIST Cyber Security Framework, Proposes Alternative (darkreading.com)

Submitted by Anonymous Coward on Thursday September 05, 2013 @10:43AM

An anonymous reader writes: Ralph Langner, the security expert who deciphered how Stuxnet targeted the Siemens PLCs in Iran's Natanz nuclear facility, has come up with a cybersecurity framework for industrial control systems (ICS) that he says is a better fit than the U.S. government's Cyber Security Framework. Langner's Robust ICS Planning and Evaluation, or RIPE, framework takes a different approach to locking down ICS/SCADA plants than the NIST-led one, focusing on security capabilities rather than risk. He hopes it will help influence the final version of the U.S. government's framework.

Submission + - Consumer Device Hacking Getting Lost In Translation (darkreading.com)

Submitted by ancientribe on Thursday August 08, 2013 @05:58PM

ancientribe writes: Hackers who hack insulin pumps, heart monitors, HVAC systems, home automation systems, and cars are finding some life-threatening security flaws in these newly networked consumer devices, but their work is often dismissed or demonized by those industries and the policymakers who govern their safety. A grass-roots movement is now under way to help bridge this dangerous gap between the researcher community and consumer product policymakers and manufacturers. The security experts driving this effort appealed to the DEF CON 21 hacking conference audience to help them recruit intermediaries who can speak both hacker and consumer product and policy.

Submission + - Dropbox, WordPress Used As Cloud Cover In New APT Attacks (darkreading.com)

Submitted by ancientribe on Wednesday July 10, 2013 @05:44PM

ancientribe writes: The cyberespionage gang out of China that recently hacked into The New York Times and other media outlet networks is now using Dropbox and WordPress in its attacks rather than traditional email phishing and server compromise, researchers say. Dropbox is being used to distribute malware, and WordPress, for the initial stage of command-and-control to the infected machine--all as a way to remain under the radar. "They are hiding in the noise of cloud computing," said researcher Adam Vincent, CEO of Cybersquared.

Submission + - How Lockheed Martin's 'Kill Chain' Stopped An Attacker Already Inside (darkreading.com)

Submitted by ancientribe on Tuesday February 12, 2013 @08:39PM

ancientribe writes: Lockheed Martin's director of cybersecurity provided a rare inside look at how the Defense contractor was able to stop sophisticated attackers who had gotten inside its network from actually stealing anything. Lockheed's multi-million dollar Cyber Kill Chain framework, a combination of security intelligence tools and manpower was built to prevent determined attackers who inevitably gain a foothold in the network from taking anything with them. This Dark Reading article highlights an incident where an attacker posed as one of Lockheed's business partners, using legitimate credentials and a stolen RSA SecurID token.

Submission + - Researcher Proves Repurposed Flame, Duqu Attacks Possible (darkreading.com)

Submitted by ancientribe on Monday February 11, 2013 @10:46AM

ancientribe writes: The burning question dogging security experts since the discovery of Stuxnet, Flame and Duqu was whether those sophisticated cyberespionage weapons could be retooled and turned on other targets. A researcher has now tested that theory and found that they are recyclable--with some limitations--and that the Flame authors may have purposely limited the scope of their malware to avoid its being abused by other attackers. Boldizsar Bencsath, a member of the CrySys Lab that was instrumental in studying Duqu, shared his findings at the invitation-only Kaspersky Security Analyst Summit last week.

Submission + - Customers Pressuring Software Vendors To Clean Up Their Apps (darkreading.com)

Submitted by ancientribe on Wednesday November 14, 2012 @10:33AM

ancientribe writes: Many large companies under regulatory pressures have been working on writing more secure code for their internal applications, but not all software vendors are doing the same. New data from Veracode and BSIMM shows that buyers are putting the squeeze on their software vendors to produce more secure applications. And guess what: the vendors are going along with it and having their apps vetted.

Submission + - RATs Are Found Riddled With Bugs And Weak Encryption (darkreading.com)

Submitted by ancientribe on Friday October 12, 2012 @10:00AM

ancientribe writes: A couple of college interns have discovered that remote administration tools (RATs) often used for cyberspying and targeted cyberattacks contain common flaws that ultimately could be exploited to help turn the tables on the attackers. RATs conduct keylogging, screen and camera capture, file management, code execution, and password-sniffing,and give the attacker a foothold in the infected machine as well as the targeted organization. This new research opens the door for incident responders to detect these attacker tools in their network and fight back.

Submission + - AT&T Sponsors Zero-Day Hacking Contest For Kids (darkreading.com)

Submitted by yahoi on Tuesday July 17, 2012 @08:33AM

yahoi writes: AT&T has teamed up with an 11-year-old hacker and DefCon Kids to host a hacking contest during the second annual conference that runs in conjunction with the adult Def Con hacker show later this month in Las Vegas. The kid who finds the most zero-day bugs in mobile apps wins $1,000 and an IPad, courtesy of DefCon Kids. The contest was inspired by the mini-hacker's discovery last year of a whole new class of mobile app vulnerabilities.

Submission + - Apple Hacker To Demo Dangers Of Near-Field Communications (darkreading.com)

Submitted by Anonymous Coward on Thursday July 12, 2012 @08:34AM

An anonymous reader writes: Apple's hacker nemesis Charlie Miller, who the company banned from its app store developer program, apparently hasn't been waiting around for his suspension to be lifted. His latest pet project is hacking near-field communications (NFC), and at Black Hat USA in Vegas this month, he will demonstrate the dangers of using your smartphone to pay your cabfare. (But when his Apple "sentence" is up, look out).

Submission + - Why Machines Still Infected With DNSChanger Are A Danger (darkreading.com)

Submitted by ancientribe on Tuesday July 10, 2012 @12:24PM

ancientribe writes: When the FBI yesterday shut down the safety net DNS servers for users infected with the DNSChanger Trojan, just over 210,000 unique IP victims around the globe — a far cry from the initial headcount of millions of victims hit by the malware — still remained infected. Paul Vixie, chairman and founder of the Internet Security Consortium (ISC), says the strategy of some ISPs to "pull the BandAid off slowly" and to continue to keep still-infected users from losing their DNS in the aftermath of yesterday's deadline isn't helping. "Every one of those still-infected machines is a danger to its owner and to the rest of us. Given how easily targetable they are, I'm worried about the 210,000 still out there," says Vixie, whose organization ran the temporary DNS servers for the FBI.

Submission + - Security Expert Fools And Records Fake Antivirus Scammers (darkreading.com)

Submitted by ancientribe on Thursday May 24, 2012 @04:24PM

ancientribe writes: Phony AV scammers posing as Microsoft dialed the wrong number when they inadvertently phoned a security researcher at home. He lured them into a honeypot to study their actions, and posted the video online here. His main takeaway: they were "Stone Age" when it came to their tech know-how.

Submission + - Google Lifts The Veil On Copyright Takedowns: Reveals Detailed Data On Who Reque (techdirt.com)

Submitted by

TheGift73

on Thursday May 24, 2012 @03:12PM

TheGift73 writes: "As part of Google's ongoing Transparency Report efforts, today the company has released a whole new section on copyright takedowns, containing a huge amount of information on the many takedown requests Google receives. It focuses specifically on the takedowns for search links, but I wouldn't be surprised to see them add other areas later. As you may recall, we were among those who were victimized by a bogus takedown, and a key post about SOPA that we had written was missing from Google search for about a month.

The new transparency platform lets you dig in and see quite a few details about exactly who is issuing takedowns and what they're removing from search. It's using data since last July (when Google set up an organized web-form, so the data is consistent). It may be a bit surprising, but at the top of the list? Microsoft, who has apparently taken down over 2.5 million URLs from Google's search results. Most of the the others in the top 10 aren't too surprising. There's NBC Universal at number two. The RIAA at number three (representing all its member companies). BPI at number five. Universal Music at number seven. Sony Music at number eight. Warner Music doesn't clock in until number 12.

There's also data on which sites are most frequently targeted, which (not surprisingly) lists out a bunch of torrent search sites and file lockers and such. Don't be surprised to see some try to claim that this is an accurate list of "rogue sites" that Google should block entirely. However, if you look carefully at the data, Google also highlights the percentage of pages on those sites for which they've received takedowns, and the vast majority of them are well below 1%. In other words, no one has complained about well over 99% of the pages on these sites. It seems pretty drastic to suggest that these sites are obviously nothing but evil, when so many of their pages don't seem to receive any complaints at all."

Slashdot Top Deals