53cur!ty 6109

"Such a legacy of problematic programming that violates good architectural and coding practices is called "technical debt," a metaphor that is gaining broader attention. [Read more from computer world]"

"A VULNERABILITY in Android smartphones allows hackers to record phone conversations and monitor location data. According to scientists from North Carolina State University, this can be done on Samsung, Motorola and HTC Google handsets because they contain code that exposes powerful capabilities to untrusted apps. [Read more from the theinquirer]"

"According to a report in Spiegel Online, "remote monitoring software" developed in Germany is designed to exploit a vulnerability in iTunes in order to infect target computers. In an advertising video, German company Gamma International GmbH is reported to have shown its FinFisher spyware application specifically using a vulnerability in the iTunes update system to install itself on target systems. Read more from [h-online]"

"Gamma International UK Ltd. touts its ability to send a “fake iTunes update” that can infect computers with surveillance software, according to one of the company’s marketing videos. Read more from [The Wall Street Journal].

"The feature, a type of key-establishment protocol known as forward secrecy, ensures that each online session is encrypted with a different public key and that corresponding private keys are never kept in long-term storage. That, in essence, means there's no master key that unlocks multiple sessions that may span months or years. Attackers who recover a key will be able to decrypt communications exchanged only during a single session. Read more from [theregister]"

"As Kathy Ishizuka described in this School Library Journal article, this year's Defcon hacker's convention included for the first time a kids’ section, where budding computer nerds as young as eight learned how to pick locks (the physical kind) and hack Google. They also met with agents from the Department of Homeland Security and the National Security Agency to learn about “intelligence gathering, cyber weapons, war strategy, and more. Read more from [PC World] ”

"Anonymous was the first group to build an operational voluntary botnet. By running the LOIC on your computer, you are, essentially, declaring your allegiance to Anonymous. You donate part of your computer’s processing power to the cause. That cause—or, if you prefer, the target—is determined by rough consensus among Anons. Read more from [dmagazine]"

"As hardware devices are almost exclusively produced in countries where controls about who has access to the manufacturing process are non-existent or, at best, pretty lax, government agencies, military organizations and businesses that operate systems critical to a country's infrastructure can never be too careful when checking whether the devices they are planning to use have been tampered with. Read more from [net-security.org]"

"... "Modern warfare will demand the effective use of cyber, kinetic and combined cyber and kinetic means," said DARPA director Regina Dugan, referring to traditional, "kinetic" methods of warfare that involve troops, vehicles, and bombs. Read more from [pcmag]"

"With so many potential exposures -- malware, system threats, new regulations -- Cullinane says a big part of his job is calculating a risk picture and quantifying it to show the residual risk and the ROI of your intended fix. Read more from [infoworld]"

"The largest telecommunications company in the Netherlands has stopped issuing SSL certificates after finding indications that the website used for purchasing the certificates may have been hacked. Read more from [computerworld]"

"Wi-Fi is inherently susceptible to hacking and eavesdropping, but it can be secure if you use the right security measures. Read more from [computerworld]"

"From its origins in 2003, crimeware (also termed financial malware, stealth malware, or banking Trojans) evolved through a series of advancements that outpaced any and all traditional security defenses, including the foundational Internet defense triad of SSL encryption, anti-virus, and two-factor authentication. The result of these advancements is an efficient attack tool--ZeuS and SpyEye being the leading examples--capable of collecting large volumes of highly-sensitive authentication data. Read more from [computerworld]"

"Espionage attempts are expected to increase as more sensitive information moves online. The U.S. can expect more aggressive efforts from countries such as Russia and China to collect information through cyberespionage in areas such as pharmaceuticals, defense and manufacturing, according to a new government report released Thursday. Read more from [computerworld]"

"In this paper, they provide a security analysis pertaining to the control interfaces of a large Public Cloud (Amazon) and a widely used Private Cloud software (Eucalyptus). Their research results are alarming: in regards to the Amazon EC2 and S3 services, the control interfaces could be compromised via the novel signature wrapping and advanced XSS techniques. Similarly, the Eucalyptus control interfaces were vulnerable to classical signature wrapping attacks, and had nearly no protection against XSS." Read more from [marcoramilli]

"On Friday, in response to an inquiry about the reported satellite hacks, TPM received the following information in an email from NASA Public Affairs Officer Trent J. Perrotto, who confirmed two hacks affected its Terra AM-1 satellite, but said that no damage, theft or any other security breaches had taken place" Read more from [talkingpointsmemo]

"Experts from security vendor ESET warn that TDL4, one of the most sophisticated pieces of malware in the world, is being rewritten and improved for increased resilience to antivirus detection."