84770153
submission
ancientribe writes:
Researchers from Sandia National Labs are experimenting with a new more secure form of data storage that--get this--is based on DNA. The project is for a long-term archival technology that could securely store records for the National Archives, government personnel records, research findings at the national labs, or other sensitive classified information. (Paging the US State Department). How does The Bard fit in? The researchers got the idea from the European Bioinformatics Institute's experiment that recorded all of Shakespeare’s sonnets into 2.5 million base pairs of DNA. Welcome to the future.
78612217
submission
ancientribe writes:
Microsoft over the past year has invested $1 billion in security and doubled its number of security executives, the company's CISO Bret Arsenault told Dark Reading. CEO Satya Nadella today officially announced the launch of a new managed security services group and a new cyber defense operations center — all part of its new strategy of holistic and integrated security across its products and services. Microsoft execs rarely detail the company's strategy so publicly, so that in itself underlines how security is a major element in its strategy.
76962583
submission
ancientribe writes:
Two models of Virginia State Police cruisers were hacked in an experiment to expose vulnerabilities in the vehicles and to come up with ways to protect the cars from hackers. Mitre, the Virginia Dept. of Motor Vehicles, the University of Virginia, and other organizations in cooperation with DHS and the DOT demonstrated the attacks on an unmarked 2012 Chevrolet Impala and a marked patrol car, a 2013 Ford Taurus. GM and Ford even provided their comments to the press in the wake of the experiment.
71306597
submission
ancientribe writes:
Once again, SSL/TLS encryption is getting dogged by outdated and weak options that make it less secure. This time, it's the weak keys in the older RC4 crypto algorithm, which can be abused such that an attacker can sniff credentials or other data in an SSL session, according to a researcher who revealed the hack today at Black Hat Asia in Singapore.
63297029
submission
ancientribe writes:
If you're wondering whether the most tech-loaded vehicles are also the most vulnerable to hackers, there is now research that shows it. Charlie Miller, a security engineer with Twitter, and Chris Valasek, director of security intelligence at IOActive, studied modern auto models and concluded that the 2014 Jeep Cherokee, the 2014 Infiniti Q50, and the 2015 Escalade are the most likely to get hacked. The key is whether their networked features that can communicate outside the vehicle are on the same network as the car's automated physical functions. They also name the least-hackable cars, and will share the details of their new findings next week at Black Hat USA in Las Vegas.
56181651
submission
ancientribe writes:
Cyber security pro Kerstyn Clover in this Dark Reading post shares some rare insight into what it's like to be a woman in the field. She ultimately found her way to her current post as a member of the incident response and forensics team at SecureState, despite the common societal hurdles women face today in the STEM field: "I taught myself some coding and computer repair in probably the most painstaking ways possible, but my experiences growing up put me at a disadvantage that I am still working to overcome," she writes.
49370543
submission
ancientribe writes:
Hackers who hack insulin pumps, heart monitors, HVAC systems, home automation systems, and cars are finding some life-threatening security flaws in these newly networked consumer devices, but their work is often dismissed or demonized by those industries and the policymakers who govern their safety. A grass-roots movement is now under way to help bridge this dangerous gap between the researcher community and consumer product policymakers and manufacturers. The security experts driving this effort appealed to the DEF CON 21 hacking conference audience to help them recruit intermediaries who can speak both hacker and consumer product and policy.
38719283
submission
ancientribe writes:
A couple of college interns have discovered that remote administration tools (RATs) often used for cyberspying and targeted cyberattacks contain common flaws that ultimately could be exploited to help turn the tables on the attackers. RATs conduct keylogging, screen and camera capture, file management, code execution, and password-sniffing,and give the attacker a foothold in the infected machine as well as the targeted organization. This new research opens the door for incident responders to detect these attacker tools in their network and fight back.
33307139
submission
ancientribe writes:
Phony AV scammers posing as Microsoft dialed the wrong number when they inadvertently phoned a security researcher at home. He lured them into a honeypot to study their actions, and posted the video online here. His main takeaway: they were "Stone Age" when it came to their tech know-how.
20604626
submission
ancientribe writes:
Jeff Moss, aka "The Dark Tangent," and founder of the Black Hat security conference and DEFCON, the world's largest hacker conference, has been named vp and CSO of the Internet Corporation for Assigned Names and Numbers (ICANN). Moss will take on the position of Black Hat Conference Chair, where he will continue to play a key role in the development of conference and training content.
20446984
submission
ancientribe writes:
Those low-cost embedded tracking devices in your smartphone or those personal GPS devices that track the whereabouts of your children, your car, your pet, or a shipment can easily be intercepted by hackers, who can then pinpoint their whereabouts, impersonate them, and spoof their physical location. A researcher demonstrated at SOURCE Boston how he was able to hack Zoombak's popular personal tracking devices.
17349466
submission
ancientribe writes:
The attackers behind a recent Zeus Trojan exploit that targeted quarterly federal taxpayers who file electronically also set up a trap for researchers investigating the attack as well as their competing cybercrime gangs. They fed them a phony administrative panel with fake statistics on the number of Zeus-infected machines, as well as phony "botnet" software that actually gathers intelligence on the researcher or competitor who downloads it.
14036584
submission
ancientribe writes:
A social networking experiment of a phony female military security professional known as"Robin Sage" (named after a U.S. Army Special Forces training exercise) worked way too well, fooling even the most security-savvy professionals on LinkedIn, Facebook, and Twitter. It also led to the leakage of sensitive military information after an Army Ranger accepted "Robin's" friend request on Facebook and his photos from Afghanistan exposed geolocation information accessible to "Robin." The researcher who conducted the experiment will show off his findings at the upcoming Black Hat USA conference in Las Vegas, where the real woman pictured in the profiles is scheduled to introduce him for his presentation.
13360224
submission
ancientribe writes:
That's the reason renowned researcher Dan Kaminsky says he came up with a brand-new way to prevent pervasive SQL injection, cross-site scripting and other injection-type flaws in software — a framework that lets developers continue to write code the way they always have, but with a tool that helps prevent them from inadvertently leaving these flaws in their apps. The tool, which he released today for input from the development and security community, basically takes the security responsibility off the shoulders of developers. Putting the onus on them hasn't worked well thus far, he says. Kaminsky's new tool is part of his new startup, Recursive Ventures.
9473376
submission
ancientribe writes:
The targeted attacks out of China that hit Google, Adobe, and other U.S. organizations are still ongoing and have affected many more companies than the original 20- to 30 or so reported by Google and others. And security experts now say they are getting closer to identifying the author or authors of the malware used to breach Google and other organizations.
