Friday, February 20, 2015
How easily an organization can convince itself that whatever they want to do is the ethically proper thing to do.
Who should have questioned this software? Is there a process that ensures the right people get to review changes like this? (If not, will they install one now?)
Lenovo Rapped for Preinstalling Spyware
… "Superfish is purposely designed to bypass the security of HTTPS websites in a manner that would allow malware and attackers to also bypass the security provided by HTTPS," said Adam Ely, cofounder of Bluebox.
"Users are inherently at risk of being directed to malicious sites that appear valid," he told TechNewsWorld, "making it much easier for attackers to steal information and further infect computers with malware."
… "We have thoroughly investigated this technology and do not find any evidence to substantiate security concerns," the company said in a statement provided to TechNewsWorld by spokesperson Brion Tingler.
Superfish was installed on some consumer notebooks from September to December of last year to help customers potentially discover interesting products while shopping, Lenovo explained.
I find it amusing that when reporters finally notice what should have been strategically obvious they seem surprised. Which would you do: A) hack each phone as it becomes interesting or B) avoid the need to hack each phone by acquiring all the keys before users get their phones?
More likely, they have the software that generates the keys.
Joint NSA/GCHQ unit hacked SIM card maker, stole just about EVERYONE's keys
America's NSA and Britain's GCHQ hacked the world's biggest SIM card manufacturer to harvest the encryption keys needed to silently and effortlessly eavesdrop on people without a warrant.
That's according to documents obtained by surveillance whistleblower Edward Snowden and leaked to the web on Thursday.
"Wow. This is huge – it's one of the most significant findings of the Snowden files so far," computer security guru Bruce Schneier told The Register this afternoon.
"We always knew that they would occasionally steal SIM keys. But all of them? The odds that they just attacked this one firm are extraordinarily low and we know the NSA does like to steal keys where it can."
… The Ki keys are also used to generate session keys that encrypt and decrypt voice calls; due to a lack of forward secrecy, obtaining the Ki for a phone means session keys can be recovered and intercepted calls can be decrypted effortlessly – without the need to crack the actual math behind the encryption algorithm, say experts.
I doubt this is correct. It suggest that the State Department does not know who should be on their system and therefore can't flag the email addresses of thoese who should not.
Hackers Said to Remain Active in U.S. State Department E-Mails
U.S. and private security specialists are trying to expel unidentified hackers from the unclassified portion of the U.S. State Department’s e-mail system, two officials familiar with the investigation said Thursday.
The problem persists three months after the hackers were first discovered because the intruders’ techniques keep shifting, said the officials, who asked for anonymity because the inquiry is classified even though no classified material appears to have been obtained.
Let the finger pointing begin! OR figure out who needs to know what and deliver it to them.
Boards Not Regularly Briefed on Cyber-Security: Survey
… A new study from the Ponemon Institute found that 78 percent of the more than 1,000 CIOs, CISOs and senior IT leaders surveyed had not briefed their board of directors on cyber-security in the last 12 months. In addition, 66 percent said they don't believe senior leaders in their organization consider security a strategic priority.
The findings follow a recent survey from the National Association of Corporate Directors (NCD) that found that more than half (52 percent) of the 1,013 corporate directors surveyed were not satisfied with the amount of information they were receiving about cyber-security. In addition, 36 percent said they were unsatisfied with the quality of that information.
… Less than half of the respondents believe their organizations take appropriate steps to comply with leading cyber-security standards, and just 47 percent said their organizations have sufficient resources to meet cyber-security requirements.
'Those who cannot remember the past are condemned to repeat it.' Santayana
"Peace for Our Time" Neville Chamberlain
Russia's Putin Took European States 'By Surprise' in Ukraine: Report
… "There has been a strong element of 'sleepwalking' into the current crisis, with [European states] being taken by surprise by events in Ukraine," the European Union Committee of the House of Lords said in a report released Thursday.
European officials "seem to have missed the warning signs" as the crisis intensified, according to the report. "The EU and member states lacked good intelligence-gathering capacity on the ground. The lack of an integrated and coordinated foreign policy was also evident."
For my Data Management and Business Intelligence students. Note that they are doing exactly what we are learning to do.
How Social Media Is The Newest Military Battleground
… A number of militaries around the world—including those of the US, Israel, and the Islamic State (ISIS)—are already using social media to gather intelligence, spread propaganda, recruit soldiers, control overarching narratives, and communicate with other military groups. ISIS has been especially effective in using social and other online media outlets to its advantage in recruiting.
(Related) Old, but still viable?
10 Web Tools To Try Out Sentiment Search & Feel the Pulse