judgecorp writes: "Apple has promised two-factor authentication for its online services following an embarrassing incident where it gave out writer Matt Honan's credentials to an imposter over the phone — and all his devices were wiped. Apple is proposing standard 2FA, with unique codes sent for every purchase, and a 14-digit recovery key to gain access to accounts which have been hacked, or whose passwords have been forgotten."
judgecorp writes: "The UK intelligence agency GCHQ has announced a Cyber Research Institute whose job is to find better ways to uncover security flaws. The unit, based at Imperial College London, has a £4.5 million grant to work on automatic detection techniques which will find flaws in software before they can be exposed and exploited."
judgecorp writes: "Weev, the hacker who exposed an AT&T database says he plans to run for Congress on his release from jail. Real name Andrew Auernheimer, Weev was sentenced to 41 months in jail today. Despite saying the government is made up of "seditious thugs", he told TechWeekEurope that he plans to run for Congress, and has a congressional committee assembled. He also spoke of his Mormonism and his trolling activities."
judgecorp writes: "Start-up Bromium thinks it has solved the problem of endpoint security — keeping the rapidly changing zoo of malware off PCs. Its idea: micro-virtualisation which puts every single task into its own virtual machine. The idea comes from the creators of the Xen hypervisor and relies on the fact that VMs do not interact with each other. For every browser tab or document, the user effectively unwraps a new PC which is thrown away after use. The firm has some customers for its still-somewhat-pricey idea (which relies on Intel's hardware support for virtualisation and is only available for Windows 7 right now). It also has to make sure it convinces on issues such as the transfer of files between possibly infected VMs."
judgecorp writes: "Reporters Without Borders has named and shamed the surveillance software vendors who sell to repressive regimes, including Syria, China and Iran. Their software is used to track activists, and has been instrumental in delivering some dissidents over for torture, says RWB. The offending companies include US-based Bluecoat, Germany's Trovicor, France's Amesys, the UK's Gamma International, as well as HackingTeam, based in the US and Italy. HackingTeam is unusual in that it turned up at the recent RSA show to defend its reputation, arguing that it avoided selling to countries on international blacklists."
judgecorp writes: "The Internet of Things needs securing Vint Cerf told the RSA conference this week. The father of the Internet believes that public key cryptography at a very granular level will be required for the host of devices joining the Internet over the next while. He also spoke in defence of "psudonymity", the means by which the likes of Google say they can make use of Web traffic information, without infringing privacy."
judgecorp writes: "The Stuxnet cyber-weapon is older than previously thought, and may have been first used in 2005, long before 2010 when it was revealed to have hit Iran's uranium centrifuges. Symantec has shown. Stuxnet 0.5 was definitely in action in 2007, with an earlier version apparently in use in 2005, according to a presentation at the RSA 2013 show in San Francisco"
judgecorp writes: "The Chinese government has been accused of backing the APT1 hacking group, which appears to be part of the Chinese People's Liberation Army (PLA), according to the security firm which worked with the New York Times when it fell victim to an attack. The firm, Mandiant, says that APT1 is government sponsored, and seems to operate from the same location as PLA Unit 61398."
judgecorp writes: "Burger King's Twitter account was hacked yesterday, by pranksters who rebranded the feed, tweeting nonsense under the name of Mcdonald's. Today, the account is back under Burger King's control, and McDonald's tweeted a denial that it had anything to do with the incident. Although this sort of event is (we presume) down to slack security by the account holder, it could harm Twitter, as big brands lose trust in the service."
judgecorp writes: "Apparently Britain is a world capital of phishing, and it may be because of our marvellous currency. Britain is a worthwhile target because its currency is strong, and a soft one because its people spend a long time online. A lot of the attacks are led from abroad, but many have local accomplices with a British accent, to do the social engineering and get past two-factor authentication"