Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×

Submission + - Vice Admiral Michael Rogers Named New NSA Chief (securityweek.com)

Submitted by wiredmikey
wiredmikey writes: President Barack Obama has nominated a US Navy officer, Vice Admiral Michael Rogers, to take over as head of the embattled National Security Agency, the Pentagon said Thursday. Rogers, 53, would take the helm at a fraught moment for the spy agency, which is under unprecedented pressure after leaks from ex-intelligence contractor Edward Snowden revealed the extent of its electronic spying.

If confirmed by lawmakers, Rogers would also take over as head of the military's cyber warfare command. Rogers, who trained as an intelligence cryptologist, would succeed General Keith Alexander, who has served in the top job since 2005. He currently heads the US Fleet Cyber Command, overseeing the navy's cyber warfare specialists, and over a 30-year career has worked in cryptology and eavesdropping, or "signals intelligence."

His confirmation hearings in the Senate are likely to be dominated by the ongoing debate about the NSA's espionage, and whether its sifting through Internet traffic and phone records violates privacy rights and democratic values.

Submission + - Hackers Steal Law Enforcement Documents from Microsoft (securityweek.com)

Submitted by wiredmikey
wiredmikey writes: Microsoft on Friday said that attackers breached the email accounts of a “select number” of employees, and obtained access to documents associated with law enforcement inquiries. According to the company, a number of Microsoft employees were targeted with attacks aiming to compromise both email and social media accounts

“..We have learned that there was unauthorized access to certain employee email accounts, and information contained in those accounts could be disclosed,” said Adrienne Hall, General Manager at Microsoft's Trustworthy Computing Group. “It appears that documents associated with law enforcement inquiries were stolen,” Hall said.

Targeted attacks like this are not uncommon, especially for an organization like Microsoft. What’s interesting about this is that the incident was significant enough to disclose, indicating that a fair number of documents could have been exposed, or that the company fears some documents will make their way to the public if released by the attackers—which may be the case if this was a “hacktivist” attack.

Submission + - Hackers Stole Details of 1.1M Payment Cards from Nieman Marcus (securityweek.com)

Submitted by wiredmikey
wiredmikey writes: High-end department store Neiman Marcus said on Thursday that between July 16 and October 30, 2013, hackers using sneaky point-of-sale malware were able to obtain details of roughly 1,100,000 customer payment cards.

So far, Visa, MasterCard and Discover told the retailer that approximately 2,400 unique customer payment cards used at Neiman Marcus and Last Call stores were used fraudulently. Based on the investigation so far, social security numbers and birth dates were not compromised, the company said. Fortunately, Neiman Marcus does not use PIN pads its retail locations, so PINs are not at risk, unlike the recent data breach at Target where attackers obtained PIN data.

On Thursday afternoon, Reuters reported that the had FBI issued a warning to U.S. retailers, saying they should prepare for more cyber attacks after discovering about 20 cases over the past year that involved point of sale malware.

Submission + - CmdrTaco Launches Trove, a Curated News Startup (theverge.com)

Submitted by jigamo
jigamo writes: The Verge reports:

A long list of startups have put forth a Herculean effort to find the best way to suggest new things for people to read, and former Slashdot editor-in-chief Rob Malda, also known as CmdrTaco, just unveiled his: Trove, a people-powered app initially available on the web and for iPhone and iPad.

Trove basically lets users opt in to feeds of stories that align with their interests. Users are encouraged to curate "troves," collections of stories that relate to a particular theme. You could create a trove for "Ukrainian Politics," "Dog Heroes," or "Best of The Verge," for example, to which other Trove users can subscribe.

"The core of the product is that people have many interests and rather than just giving them information through pure algorithms and picking particular publications, we want to connect them with people who share those interests, who can pick the best content in those topical areas," says Vijay Ravindran, CEO of Trove.

Submission + - CrowdStrike Takes On Chinese, Russian Attack Groups in Threat Report (securityweek.com)

Submitted by wiredmikey
wiredmikey writes: Russian attackers targeted energy sector targets and a Chinese nexus intrusion group infected foreign embassies with malware using watering hole tactics in 2013, CrowdStrike researchers found in its first-ever Global Threat Report. CrowdStrike's Intelligence Team tracked more than 50 different threat actor groups believed to be behind the majority of sophisticated threats against enterprises in 2013. These groups operated out of China, Iran, India, North Korea, and Russia. In its Global Threat Report, CrowdStrike identified many of the tactics, techniques, and procedures used by these groups to craft and launch sophisticated attacks against major targets around the world. CrowdStrike outlined details of how these groups carried out their attacks and what tools were used in the report, released Wednesday.

Attackers are human, which means “they make mistakes, and they have habits,” said Adam Meyers, vice-president of Intelligence at CrowdStrike. Attack tools, no matter how sophisticated, have specific “marks” that can be used to track back to the humans who created them, he said. The marks can be something like password reuse, a certain string that appears frequently in code, or even the name of the registrar hosting the domain name. These marks cannot be obfuscated and CrowdStrike researchers rely on these clues to connect different attacks and campaigns to each other.

CrowdStrike believes organizations have an “adversary problem, not a malware problem,” Meyers said. The best way to understand the types of threats the organization is facing is to focus on the tactics and tools used by the adversaries instead of getting bogged down trying to detect and identify every type of malware the group may use.

Submission + - Washington's Challenge: Where to Stockpile Mountains of NSA Data? (securityweek.com) 1

Submitted by wiredmikey
wiredmikey writes: Figuring out where to store massive amounts of data collected by the NSA is a major challenge the US faces in curtailing its massive surveillance program, officials said Sunday.

The president directed CIA chief James Clapper and US Attorney General Eric Holder to give him proposals by the end of March on which entity ought to maintain the sensitive information. Major telecommunications firms have made clear, however, that they are reticent to keep the data.

Key US lawmakers, including Senate Intelligence Committee Chairwoman Dianne Feinstein, have expressed concerns that the information would not be readily available to the officials who need it if held by non-governmental entities. "The whole purpose of this program is to provide instantaneous information, to be able to disrupt any plot that may be taking place," she told NBC television's "Meet the Press" program.

Congressman Michael McCaul, who chairs the House Committee on Homeland Security, agreed that it was key to determine where to house the NSA "metadata." "I think metadata most significantly won't be dismantled, but put in the hands of an outside third party," he told ABC." "It can't be at Target or at any of these places that end up being hacked into," he said, referring to the recent data breach that exposed up to 110 million customers.

Submission + - 20 Million People Exposed in Massive South Korea Data Leak (securityweek.com)

Submitted by wiredmikey
wiredmikey writes: While the recent data breach that hit Target has dominated headlines lately, another massive data breach was disclosed this week that affected at least 20 million people in South Korea. According to regulators, the personal data including names, social security numbers, phone numbers, credit card numbers and expiration dates of at least 20 million bank and credit card users was taken by a temporary consultant working at the Korea Credit Bureau (KCB). The consultant later sold the data to phone marketing companies, but has since been arrested along with mangers at the companies he sold the stolen data to. A similar insider-attack occurred at Vodafone late last year when a contractor made off with the personal data of two million customers from a server located in Germany. According to a study from PwC, organizations have made little progress developing defenses against both internal and external attackers, and insiders pose just as great a security risk to organizations as outside attackers.

Submission + - Target Confirms Point-of-Sale Malware Was Used in Attack (securityweek.com)

Submitted by wiredmikey
wiredmikey writes: According to Target Chairman and CEO Gregg Steinhafel, point-of-sale (POS) malware was used in the recent attack that compromised millions of credit and debit card account numbers of customers across the country. Steinfhafel told CNBC’s Becky Quick in an interview that malware was used in attacks that compromised the company’s point of sale registers.

According to a report from Reuters, Target and Neiman Marcus may not be alone, as other popular U.S. retailers may have been breached during the busy the holiday shopping season.

According sources who spoke to Reuters, attackers used RAM scraper, or Memory parser malware to steal sensitive data from Target and other retail victims. Visa issued alerts about attacks utilizing these types of malware in April 2013 and again in August 2013.

Memory parser malware targets payment card data being processed “in the clear” (unencrypted) in a system’s random access memory (RAM).

“The malware is configured to hook into a payment application binary responsible for processing payment transactions and extracts the systems memory for full track data,” Visa explained in a security advisory.

Submission + - Verizon and AT&T Join The 'Transparency Report" Club (securityweek.com)

Submitted by wiredmikey
wiredmikey writes: Telecommunications giants Verizon and AT&T both announced (separately) this week that they would join a growing list of tech and telecom sector companies in publishing a "transparency report" about demands for information from law enforcement agencies.

Verizon said the first report would come in early 2014, with updates being published semi-annually. AT&T said it would also release a semiannual report starting in early 2014 with information "to the extent permitted by laws and regulations."

The transparency reports will include things such as the total number of law enforcement agency requests in criminal cases, subpoenas, court orders and warrants. However, telecom and tech firms are still barred from releasing data on national security requests from the FBI and US intelligence services.

The announcements come after a period when the telecom firms were notably absent from a debate on disclosures about the scope of US surveillance programs from fugitive former intelligence contractor Edward Snowden.

Submission + - Exclusive: Secret contract tied NSA and security industry pioneer (reuters.com)

Submitted by Lasrick
Lasrick writes: As a key part of a campaign to embed encryption software that it could crack into widely used computer products, the U.S. National Security Agency arranged a secret $10 million contract with RSA, one of the most influential firms in the computer security industry, Reuters has learned.

Submission + - Target Confirms Massive Data Breach Affecting 40 Million Customers (securityweek.com)

Submitted by wiredmikey
wiredmikey writes: Retail giant Target today confirmed rumors that it had fallen victim to a major data breach affecting millions of customers at its U.S. retail stores starting on “Black Friday”, the biggest shopping day of the year. Approximately 40 million credit and debit card accounts may have been impacted between Nov. 27 and Dec. 15, 2013, the company said.

Rumor of the massive data breach was originally reported Wednesday afternoon by security researcher and blogger, Brian Krebs, and quickly picked up by media outlets around the world. The New York Times reported that the US Secret Service is also investigating the incident.

Minneapolis-based Target Corporation operates 1,921 stores—1,797 in the United States. “If guests shopped in US Target stores during this time period, we encourage them to be vigilant in monitoring their accounts, a Target spokesperson told SecurityWeek.

Submission + - Panel Urges Major NSA Spying Overhaul (securityweek.com)

Submitted by wiredmikey
wiredmikey writes: A board set up to review the NSA's vast surveillance programs has called for a wide-ranging overhaul of National Security Agency practices while preserving "robust" intelligence capabilities. The panel, set up by President Obama, issued 46 recommendations, including reforms at a secret national security court and an end to retention of telephone "metadata" by the spy agency.

The 308-page report (PDF) submitted last week to the White House and released publicly Wednesday says the US government needs to balance the interests of national security and intelligence gathering with privacy and "protecting democracy, civil liberties, and the rule of law."

Panel members said the recommendations would not necessarily mean a rolling back of intelligence gathering, including on foreign leaders, but that surveillance must be guided by standards and by high-level policymakers.

Submission + - Nmap team releases 5 gigapixel favicon map 1

Submitted by iago-vL
iago-vL writes: From the creators of Nmap comes the largest survey of this its kind ever performed: the favicon.ico files of over a million Web sites were scanned, compiled, and sorted to create a 5 gigapixel image, blowing their 2010 survey out of the water! It's searchable, zoomable, and incredibly fun to play with! Can you find Slashdot without cheating? (Hint: it's near Facebook)

Slashdot Top Deals

For God's sake, stop researching for a while and begin to think!

Close