How
easily an organization can convince itself that whatever they want to
do is the ethically proper thing to do.
Who
should have questioned this software? Is there a process that
ensures the right people get to review changes like this? (If not,
will they install one now?)
Lenovo
Rapped for Preinstalling Spyware
…
"Superfish is purposely designed to bypass the security of
HTTPS websites in a manner that would allow malware and attackers to
also bypass the security provided by HTTPS," said Adam Ely,
cofounder of Bluebox.
"Users
are inherently at risk of being directed to malicious sites that
appear valid," he told TechNewsWorld, "making it much
easier for attackers to steal information and further infect
computers with malware."
…
"We have thoroughly investigated this technology and do not
find any evidence to substantiate security concerns," the
company said in a statement provided to TechNewsWorld by spokesperson
Brion Tingler.
Superfish
was installed on some consumer notebooks from September to December
of last year to help customers potentially discover interesting
products while shopping, Lenovo explained.
I
find it amusing that when reporters finally notice what should have
been strategically obvious they seem surprised. Which would you do:
A) hack each phone as it becomes interesting or B) avoid the need to
hack each phone by acquiring all the keys before users get their
phones?
More
likely, they have the software that generates the keys.
Joint
NSA/GCHQ unit hacked SIM card maker, stole just about EVERYONE's keys
America's
NSA and Britain's GCHQ hacked the world's biggest SIM card
manufacturer to harvest the encryption keys needed to silently and
effortlessly eavesdrop on people without a warrant.
That's
according to documents obtained by surveillance whistleblower Edward
Snowden and leaked to the web on Thursday.
"Wow.
This is huge – it's one of the most significant findings of the
Snowden files so far," computer security guru Bruce Schneier
told The Register this afternoon.
"We
always knew that they would occasionally steal SIM keys. But all
of them? The odds that they just attacked this one firm are
extraordinarily low and we know the NSA does like to steal keys where
it can."
…
The Ki keys are also used to generate session keys that encrypt and
decrypt voice calls; due to a lack of forward secrecy, obtaining the
Ki for a phone means session keys can be recovered and intercepted
calls can be decrypted effortlessly – without the need to crack the
actual math behind the encryption algorithm, say experts.
I
doubt this is correct. It suggest that the State Department does not
know who should be on their system and therefore can't
flag the email addresses of thoese who should not.
Hackers
Said to Remain Active in U.S. State Department E-Mails
U.S.
and private security specialists are trying to expel unidentified
hackers from the unclassified portion of the U.S. State Department’s
e-mail system, two officials familiar with the investigation said
Thursday.
The
problem persists three months after the hackers were first discovered
because the intruders’ techniques keep shifting, said the
officials, who asked for anonymity because the inquiry is classified
even though no classified material appears to have been obtained.
Let
the finger pointing begin! OR figure out who needs to know what and
deliver it to them.
Boards
Not Regularly Briefed on Cyber-Security: Survey
…
A
new study from the Ponemon Institute found that 78 percent of the
more than 1,000 CIOs, CISOs and senior IT leaders surveyed had not
briefed their board of directors on cyber-security in the last 12
months. In addition, 66 percent said they don't believe senior
leaders in their organization consider security a strategic priority.
The
findings follow
a recent survey from the National Association of Corporate
Directors (NCD) that found that more than half (52 percent) of the
1,013 corporate directors surveyed were not satisfied with the amount
of information they were receiving about cyber-security. In
addition, 36 percent said they were unsatisfied with the quality of
that information.
…
Less
than half of the respondents believe their organizations take
appropriate steps to comply with leading cyber-security standards,
and just 47 percent said their organizations have sufficient
resources to meet cyber-security requirements.
'Those
who cannot remember the past are condemned to repeat it.' Santayana
"Peace for Our Time" Neville Chamberlain
Russia's
Putin Took European States 'By Surprise' in Ukraine: Report
… "There has been a strong element of 'sleepwalking' into
the current crisis, with [European states] being taken by surprise by
events in Ukraine," the European
Union Committee of the House of Lords said in a report released
Thursday.
European officials "seem to have missed the warning signs"
as the crisis intensified, according to the report. "The EU and
member states lacked good intelligence-gathering capacity on the
ground. The lack of an integrated and coordinated foreign policy was
also evident."
For
my Data Management and Business Intelligence students. Note that
they are doing exactly what we are learning to do.
How
Social Media Is The Newest Military Battleground
…
A number of militaries around the world—including those of the US,
Israel, and the Islamic State (ISIS)—are already using social media
to gather intelligence, spread propaganda, recruit soldiers, control
overarching narratives, and communicate with other military groups.
ISIS has been especially effective in using social and other online
media outlets to its advantage in recruiting.
(Related)
Old, but still viable?
10
Web Tools To Try Out Sentiment Search & Feel the Pulse
No comments:
Post a Comment