This is very interesting. Stuxnet was
considered really sophisticated for 2010, if it really dates back to
2007 it is 4 or 5 generations more sophisticated than we
thought! (Counted in Internet years)
Stuxnet
Missing Link Found, Resolves Some Mysteries Around the Cyberweapon
As Iran met in Kazakhstan this week
with members of the UN Security Council to discuss its nuclear
program, researchers announced that a new variant of the
sophisticated cyberweapon known as Stuxnet had been found, which
predates other known versions of the malicious code that were
reportedly unleashed by the U.S. and Israel several years ago in an
attempt to sabotage Iran’s nuclear program.
The new variant was designed for a
different kind of attack against centrifuges used in Iran’s uranium
enrichment program than later versions that were released, according
to Symantec, the U.S-based computer security firm that
reverse-engineered
Stuxnet in 2010 and also found the latest variant.
The new variant appears to have been
released in 2007, two years earlier than other variants of the code
were released, indicating that Stuxnet was active much earlier than
previously known. A command-and-control server used with the malware
was registered even earlier than this, on Nov. 3, 2005.
… The new finding, described in a
paper
released by Symantec on Tuesday (.pdf), resolves a number of
longstanding mysteries around a part of the attack code that appeared
in the 2009 and 2010 variants of Stuxnet but was incomplete in those
variants and had been disabled by the attackers.
So, this is the hackers watching the
bank talk to some third-party security types about watching the
hackers watch the bank?
Michael Kelley and Geoffrey Ingersoll
report:
Anonymous
hackers have released 14 gigabytes of information allegedly
related to Bank of America and a web intelligence firm it hired to
spy on hackers and social activists last year.
Emails
detail how employees of TEKSystems actively watched hacker forums
and social media sites for anyremotely relevant pieces of
“intelligence.”
Read more on Business
Insider.
Cyber War News has some additional
details on the data dump here
and here.
There hasn’t been much mainstream media coverage of this data leak
yet and BofA has not confirmed claims yet, nor responded to a claim
in the press release that no hacking was involved:
The source of this
release has confirmed that the data was not acquired by a hack but
because it was stored on a misconfigured server and
basically open for grabs.
Even more
alarming, the data was retrieved from an Israeli
server in Tel Aviv – neither the source nor we have any
idea what the data was doing there in the first place.
I guess the Pentagon has finally looked
around and noticed that the average Afgani has a Smartphone that
could be used to talk to the bad guys, photograph the good guys, set
off roadside bombs, even fly homemade drones. NOTE: This is similar
to the BYOD we are seeing in some organizations.
Pentagon
Wants a ‘Family of Devices’ as It Makes Big Move Into Mobile
Market
The next big customer for smartphones
and tablets? The U.S. military. Finally.
The military has begun talks with
device and mobile operating-system manufacturers, as well as the
major carriers, to supply troops with secured mobile devices. The
idea is for the manufacturers to offer the Pentagon an already-secure
device and OS, rather for the military to laboriously
build a bespoke mobile suite that inevitably won’t keep pace with
commercial innovation. [,,,we have plenty of examples of how poorly
that turns out. Bob]
… The architects of the Pentagon’s
new Commercial Device Mobile Implementation Plan, unveiled
Tuesday, want to be clear they’re not talking about soldiers,
sailors, airmen and Marines all buying, say, an iPhone 5 — and
being stuck with it for years after the companies come out with
improved, upgraded mobile products. And they’d
prefer to let the troops pick from a selection of secured, approved
smartphones and tablets, not issue everyone a mobile
device like they issue rifles.
“We’re device-agnostic,” Air
Force Maj. Gen. Robert Wheeler, the Pentagon’s deputy chief
information officer, told reporters. “What we’re looking for is
a family of devices that are available depending on the operator. …
And we’re going to continue to update as they update.”
Meanwhile, here on the home front...
February 26, 2013
ACLU
- New Document Sheds Light on Government’s Ability to Search
iPhones
"Cell
phone searches are a common law enforcement tool, but up until
now, the public has largely been in the dark regarding how much
sensitive information the government can get with this invasive
surveillance technique. A document submitted to court in connection
with a drug investigation, which we recently discovered, provides a
rare inventory of the types of data that federal agents are able to
obtain from a seized iPhone using advanced forensic analysis tools.
The list, available here,
starkly demonstrates just how invasive cell phone searches are—and
why law enforcement should be required to obtain a warrant before
conducting them."
I'd like a bit more than the raw
numbers.
February 26, 2013
FTC
Releases Top 10 Complaint Categories for 2012
- "Identity theft is once more the top complaint received by the Federal Trade Commission, which has released its 2012 annual report of complaints. 2012 marks the first year in which the FTC received more than 2 million complaints overall, and 369,132, or 18 percent, were related to identity theft. Of those, more than 43 percent related to tax- or wage-related fraud. The report gives national data, as well as a state-by-state accounting of top complaint categories and a listing of the metropolitan areas that generated the most complaints. This includes the top 50 metropolitan areas for both fraud complaints and identity theft complaints."
(Related)
Penny Crosman reports:
A report released
by KPMG on Tuesday finds that globally, there’s been a 40% increase
in the number of publicly disclosed data loss incidents in the past
two years. However, financial services firms have seen an 80%
decrease in number of incidents in the past five years.
Read more on American
Banker. You can find the KPMG report here
(pdf). Haven’t had time to read it yet, but it will be
interesting to see how their findings compare with QuickView report
and other analyses.
[From the article:
One reason the reporting of data
breaches has increased is because of an SEC order in October 2011
that required more transparency over cyber risk and disclosure of the
impact of data breaches. "That was the first time publicly
traded organizations were obligated to disclose information about
data breaches that did not pertain to personally identifiable
information," Bell observes.
With linesd like, “A
society that permits the unchecked ascendancy of surveillance
infrastructures cannot hope to remain a liberal democracy.”
you know I'ver got to read this closely.
Jathan Sadowski writes:
… Privacy should
have a deeper purpose than the one ascribed to it by those who treat
it as a currency to be traded for innovation, which in many
circumstances seems to actually mean corporate interests. To protect
our privacy, we need a better understanding of its purpose and why it
is valuable.
That’s where
Georgetown University law professor Julie
E. Cohen comes in. In a forthcoming article for the Harvard
Law Review, she lays out a strong argument that addresses the
titular concern “What
Privacy Is For.” Her approach is fresh, and as technology
critic Evgeny Morozov rightly
tweeted,
she wrote “the best paper on privacy theory you’ll get to read
this year.” (He was referring to 2012.)
Read more on The Atlantic.
Curious. Is this an indication of a
screw-up? Something made their “slam dunk” a lot less probable?
Should Kim Dotcom's lawyers talk to this guy?
Feds
strike a deal with alleged illegal streaming site operator
After taking down Channelsurfing.net
and arresting its alleged owner in 2011, the feds now seem to be
easing up. Before going to trial, the government struck a deal
earlier this month with the alleged site owner Brian McCarthy.
In a "Deferred
Prosecution" memo filed on February 11, which was obtained
by TorrentFreak,
U.S. Attorney Preet Bharara writes that "after a thorough
investigation, it has been determined that the interest of the United
States and your own interest will best be served by deferring
prosecution in this District.
… It's unclear why the feds are
letting McCarthy off the hook. Under the terms of the deal he came
to with the government, he has to show good behavior, find a legal
job, not violate any laws, and steer clear of anything to do with
illegal Internet streaming. He also has to pay back $351,033, which
he allegedly made via Channelsurfing.net, according to TorrentFreak
An interesting question. Since not all
users are equally valuable, who would flee and how would Google price
“freedom” to compensate for their loss?
"I've been thinking a lot about
how much information I give to technology companies like Google and
Facebook and how I'm not super comfortable with what I even dimly
know about how
they're handling and selling it. Is it time for major companies
like this, who offer arguably utility-like services for free in
exchange for info, to start giving customers a choice about how to
'pay' for their service? I'd much rather pony up a monthly fee to
access all the Google services I use, for example, and be assured
that no tracking or selling of my information is going on. I'm not
aware of how much money these companies might make from selling data
about a particular individual, but could it possibly be more than the
$20 or $30 a month I'd fork over to know that my privacy is a little
more secure? Is this a pipe dream, or are there other people who
would happily pay for their private use of these services? What
kinds of costs or problems could be involved with companies
implementing this type of dual business model?"
Perspective. Can anyone remember when
it was unusual to hear anyone talk about “a billion” anything?
Dropbox
clears 1 billion file uploads per day
People save 1 billion files every day
to Dropbox's online storage service, Chief Executive Drew Houston
said today at the Mobile World Congress show here.
… When the company started, Dropbox
could synchronize people's data among PCs, but now of course it helps
bridge the gaps to smartphones, tablets,
and presumably other Internet-connected devices of the future. The
company has been gradually expanding the abilities of its software to
make it more of a central hub for people's data with features such as
graphics viewers and automatic photo uploads from phones.
Perspective Convergence means industry
techniques are getting smarter and easier for individuals to use...
Now every Computer Design major can “print” their own car...
3-D
Printed Car Is as Strong as Steel, Half the Weight, and Nearing
Production
Picture an assembly line not that isn’t
made up of robotic arms spewing sparks to weld heavy steel, but a
warehouse of plastic-spraying printers producing light, cheap and
highly efficient automobiles.
If Jim
Kor’s dream is realized, that’s exactly how the next
generation of urban runabouts will be produced. His creation is
called the Urbee 2 and it could revolutionize parts manufacturing
while creating a cottage industry of small-batch automakers intent on
challenging the status quo.
Good news for my Computer Security
majors...
Mike Millard reports:
The sixth Global
Information Security Workforce Study, conducted by (ISC)² shows that
a shortage of information security professionals
is having an adverse impact on healthcare and other industries, even
as vulnerabilities such as mobile devices and social media are on the
rise.
The (ISC)² study,
conducted in partnership with Booz Allen Hamilton and Frost &
Sullivan, examined security practices across many industries. One of
its key findings is that more than two-thirds of
chief information security officers say they’re short-staffed
– leading to an increased threat of expensive breaches.
Read more on HealthcareIT
News
[The report:
No comments:
Post a Comment