wiredmikey - Slashdot User

Submission + - Verizon and AT&T Join The 'Transparency Report" Club (securityweek.com)

Submitted by wiredmikey on Saturday December 21, 2013 @11:35AM

wiredmikey writes: Telecommunications giants Verizon and AT&T both announced (separately) this week that they would join a growing list of tech and telecom sector companies in publishing a "transparency report" about demands for information from law enforcement agencies.

Verizon said the first report would come in early 2014, with updates being published semi-annually. AT&T said it would also release a semiannual report starting in early 2014 with information "to the extent permitted by laws and regulations."

The transparency reports will include things such as the total number of law enforcement agency requests in criminal cases, subpoenas, court orders and warrants. However, telecom and tech firms are still barred from releasing data on national security requests from the FBI and US intelligence services.

The announcements come after a period when the telecom firms were notably absent from a debate on disclosures about the scope of US surveillance programs from fugitive former intelligence contractor Edward Snowden.

Submission + - Exclusive: Secret contract tied NSA and security industry pioneer (reuters.com)

Submitted by Lasrick on Friday December 20, 2013 @07:22PM

Lasrick writes: As a key part of a campaign to embed encryption software that it could crack into widely used computer products, the U.S. National Security Agency arranged a secret $10 million contract with RSA, one of the most influential firms in the computer security industry, Reuters has learned.

Submission + - RSA took NSA money to make broken cryptography the default

Submitted by wjr on Friday December 20, 2013 @06:26PM

wjr writes: A Reuters story says that the NSA paid RSA $10 million to make the cryptographic RNG that the NSA designed (and knew to be flawed) the default in RSA's software.

Submission + - Target Confirms Massive Data Breach Affecting 40 Million Customers (securityweek.com)

Submitted by wiredmikey on Thursday December 19, 2013 @09:58AM

wiredmikey writes: Retail giant Target today confirmed rumors that it had fallen victim to a major data breach affecting millions of customers at its U.S. retail stores starting on “Black Friday”, the biggest shopping day of the year. Approximately 40 million credit and debit card accounts may have been impacted between Nov. 27 and Dec. 15, 2013, the company said.

Rumor of the massive data breach was originally reported Wednesday afternoon by security researcher and blogger, Brian Krebs, and quickly picked up by media outlets around the world. The New York Times reported that the US Secret Service is also investigating the incident.

Minneapolis-based Target Corporation operates 1,921 stores—1,797 in the United States. “If guests shopped in US Target stores during this time period, we encourage them to be vigilant in monitoring their accounts, a Target spokesperson told SecurityWeek.

Comment Re:Skip the Middleman (Score 1) 2

by wiredmikey on Wednesday December 18, 2013 @09:57PM (#45732561) Attached to: Target has major credit card breach

Agreed, Brian Krebs who Broke the story should get the credit here and his story is better than the Tribune piece. -=M

Submission + - Panel Urges Major NSA Spying Overhaul (securityweek.com)

Submitted by wiredmikey on Wednesday December 18, 2013 @06:18PM

wiredmikey writes: A board set up to review the NSA's vast surveillance programs has called for a wide-ranging overhaul of National Security Agency practices while preserving "robust" intelligence capabilities. The panel, set up by President Obama, issued 46 recommendations, including reforms at a secret national security court and an end to retention of telephone "metadata" by the spy agency.

The 308-page report (PDF) submitted last week to the White House and released publicly Wednesday says the US government needs to balance the interests of national security and intelligence gathering with privacy and "protecting democracy, civil liberties, and the rule of law."

Panel members said the recommendations would not necessarily mean a rolling back of intelligence gathering, including on foreign leaders, but that surveillance must be guided by standards and by high-level policymakers.

Submission + - Nmap team releases 5 gigapixel favicon map 1

Submitted by iago-vL on Wednesday December 18, 2013 @03:53PM

iago-vL writes: From the creators of Nmap comes the largest survey of this its kind ever performed: the favicon.ico files of over a million Web sites were scanned, compiled, and sorted to create a 5 gigapixel image, blowing their 2010 survey out of the water! It's searchable, zoomable, and incredibly fun to play with! Can you find Slashdot without cheating? (Hint: it's near Facebook)

Submission + - Massive Android Mobile Botnet Hijacking SMS Data (securityweek.com) 1

Submitted by wiredmikey on Tuesday December 17, 2013 @10:53AM

wiredmikey writes: A mobile botnet called MisoSMS is wreaking havoc on the Android platform, stealing personal SMS messages and exfiltrating them to attackers in China. Researchers at FireEye lifted the curtain off the threat on Monday, describing MisoSMS as "one of the largest advanced mobile botnets to date" and warning that it is being used in more than 60 spyware campaigns.

FireEye tracked the infections to Android devices in Korea and noted that the attackers are logging into command-and-controls in from Korea and mainland China, among other locations, to periodically read the stolen SMS messages. FireEye's research team discovered a total of 64 mobile botnet campaigns in the MisoSMS malware family and a command-and-control that comprises more than 450 unique malicious e-mail accounts.

Comment Didn't Wasn't Only Investor (Score 1) 1

by wiredmikey on Monday December 16, 2013 @07:45PM (#45709491) Attached to: Dell Bets $16M on Security Firm Invincea

Just a note to clarify this -- While Dell was a lead investor in the $16 million round, it wasn't all from the pockets of Dell Ventures. The total $16m funding round was led by new investors Aeris Capital and Dell Ventures, and existing investors Grotech Ventures, Harbert Ventures, and New Atlantic Ventures participated.

Submission + - US and China Distrust Each Other, But Mildly: Survey (securityweek.com)

Submitted by wiredmikey on Saturday December 14, 2013 @01:12PM

wiredmikey writes: Chinese and Americans widely distrust each other but few among the public or elite see the other power as an enemy, according to a study billed as one of the most comprehensive looks at the views of influential Chinese.

The study found that China's elite mostly described their opinions about the US as mild, despite the frequent disagreements between the nations. The survey found that strong majorities in both countries, especially in China, doubted that the other power could be highly trusted. Most Americans and Chinese elites, as well as 45 percent of the Chinese public, characterized the other nation as a competitor.

But only 15 percent of the US public and 12 percent of the Chinese public saw the other nation as an enemy, the study said. In one sharp disparity, 27 percent of Chinese government elites said they considered the United States an enemy — while a mere two percent of US government elites said likewise about China.

Even those generally sympathetic to China — voiced growing alarm over Beijing's alleged campaign of cyber hacking that has stolen US intellectual property.

Most of the Chinese public described Americans as aggressive, arrogant and greedy; majorities in the United States actually agreed with those characterizations of themselves but did not assign the same negative traits to Chinese.

Submission + - Cybercrime Marketplace Mastermind Faces 18 Years in Prison (securityweek.com)

Submitted by wiredmikey on Thursday December 12, 2013 @06:53PM

wiredmikey writes: A Ukrainian national, Roman Vega, who pleaded guilty in 2009 to creating a popular online marketplace for selling stolen financial account data has been sentenced to 18 years in prison. Called one of the world’s “most prolific cybercriminals” by the Department of Justice, Vega, 49, will serve significant time in prison for his role in co-founding the notorious website CarderPlanet.

In the early 2000s, Vega co-founded and became a high-ranking administrator of the notorious website, which became one of the first and busiest online marketplaces for the sale of stolen financial information, computer hacking services and money laundering. At its height, CarderPlanet had more than 6,000 members and had a hierarchical leadership structure that borrowed its leadership titles from La Cosa Nostra, US authorities said.

Submission + - JetBlue launches satellite-based inflight Wi-Fi (orlandosentinel.com)

Submitted by spineas on Thursday December 12, 2013 @03:49PM

spineas writes: JetBlue is rolling out a new form of inflight Wi-Fi operating from satellites instead of ground-based cell towers. Up to eight times faster than traditional inflight Wi-Fi, it will enable users to stream video whilst in the air, something that is nearly impossible to do with current dial-up speed access in aircraft.

Submission + - Switzerland Wants to Become the World's Data Vault (securityweek.com)

Submitted by wiredmikey on Wednesday December 11, 2013 @09:35AM

wiredmikey writes: Business for Switzerland's 55 data centers is booming. They benefit from the Swiss reputation for security and stability, and some predict the nation already famous for its super-safe banks will soon also be known as the world's data vault. For example, housed in one of Switzerland's numerous deserted Cold War-era army barracks, one high-tech data center is hidden behind four-ton steel doors built to withstand a nuclear attack — plus biometric scanners and an armed guard. Such tight security is in growing demand in a world shaking from repeated leaks scandals and fears of spies lurking behind every byte.

Revelations from former NSA contractor Edward Snowden of widespread spying by the agency has served as "a wake-up call" to the dangers in this era of electronic espionage. While the global data storage industry is ballooning, companies in Switzerland, which has some of the world's strictest data protection laws, are especially reaping the benefits of the paranoia. Under Swiss law, personal data is defined as a "precious good" that can under no circumstances be handed over to governments or authorities without authorization from a judge.

While Switzerland's reputation as the land of tight-lipped confidentiality has taken a bit of a hit with the ongoing erosion of its bank secrecy practices, it remains miles ahead of most other countries in terms of data protection, according to Peter Gruter, the head of the Swiss Telecommunications Association.

One Swiss data center operator said business has more than tripled since the NSA leaks by Snowden began earlier this year.

Submission + - Google Finds Fraudulent Certificates Used by French Government (securityweek.com)

Submitted by wiredmikey on Monday December 09, 2013 @02:26PM

wiredmikey writes: Google announced on Saturday that it detected a French government agency using unauthorized digital certificates for several Google domains to perform man-in-the-middle attacks on a private network.

Google security engineer Adam Langley said the company traced the fraudulent certificates to Agence nationale de la sécurité des systèmes d’information (ANSSI), a French certificate authority that falls under the government's cyber-security agency. "ANSSI has found that the intermediate CA certificate was used in a commercial device, on a private network, to inspect encrypted traffic with the knowledge of the users on that network," Langley noted in a blog post.

In a separate statement, ANSSI blamed "human error" for the incident.

Google's Langley described the incident as a "serious breach" and warned that the company is considering additional actions.

Submission + - Obama Not Allowed an iPhone for Security Reasons (securityweek.com) 1

Submitted by wiredmikey on Wednesday December 04, 2013 @11:31PM

wiredmikey writes: President Barack Obama admitted Wednesday he was not allowed to have an iPhone owing to security fears — explaining why he is sometimes seen with a bulky super secure BlackBerry. "I'm not allowed for security reasons to have an iPhone," Obama told a group of young people at the White House for an event promoting his health care law.

Within days of being inaugurated president, Obama won his battle with the Secret Service to hang on to his BlackBerry, despite fears that it was vulnerable to being hacked. The White House says the president's personal email address was strictly limited to a small list of senior officials and personal friends, but will not detail the encryption devices that are used to secure his communications.

Obama did say that his daughters Sasha and Malia spend a lot of time on their iPhones.

Slashdot Top Deals