September 28, 2011
"A hacker gained access to digital certificate supplier DigiNotar this summer and began issuing forged certificates for dozens of marquee companies.
Unable to cope with the fallout, the Dutch company filed for bankruptcy last week. Two other digital certificate companies, New Jersey-based Comodo and Japanese-owned GlobalSign, were similarly hacked this summer, exposing a glaring weakness in the Internet's underpinnings."
Read more:
usatodayLabels: digital certificate
There's now a tool that exploits a flaw in SSL and TLS. Will the industry respond fast enough?
"Only a handful of exploits per decade reveal a vulnerability that is truly significant. Thai Duong and Juliano Rizzo's BEAST (Browser Exploit Against SSL/TLS) attack will rank among them because it compromises the SSL and TLS browser connections hundreds of millions of people rely on every day."
Read more:
infoworld
September 27, 2011
"Pleshchuk and seven other hackers took money from 2,100 ATMs in 280 cities using the data.
Security researchers were stunned not by the acquisition of personal data but rather by the fact that the hackers had so many people to physically extract the cash from ATMs. Kaspersky Lab's Alex Gostev said, "They had to find more than 150 people in [numerous] cities, give each one of them the instructions and the fake cards, organise synchronised withdrawal - all of this shows that it was a group of highly skilled professionals.""
Read more:
theinquirer
"CIO - In September 2007, in a remote laboratory in Idaho, researchers working on a project dubbed "Aurora" demonstrated the ability of a cyber hacker to destroy physical equipment -- in this case a generator used to create electricity for the power grid. The Aurora research brought the question of physical safety and the ability for a nation to defend itself from attack in the cyber world to the forefront. For the next three years, this difficult discussion would largely remain just a discussion, contemplated, if passionately, in corners of Washington and at wonk-ish meetings across the U.S."
Read more:
ComputerWorld
"Langner says as they dug deeper into the Stuxnet code, each new discovery left them more impressed and wondering what was coming next. He says he couldn't imagine who could have created the worm, and the level of expertise seemed almost alien. But that would be science fiction, and Stuxnet was a reality.
"Thinking about it for another minute, if it's not aliens, it's got to be the United States," he says.
The sophistication of the worm, plus the fact that the designer had inside intelligence on the Iranian facility, led Langner to conclude that the United States had developed Stuxnet, possibly with the help of Israeli intelligence."
Read more:
nprLabels: stuxnet
1. The Rise of Big Data.
2. Ill-Conceived Regulations from Law Enforcement.
3. The Cyberwar Arms Race. ... I worry about cyberweapons being triggered by accident, cyberweapons getting into the wrong hands and being triggered on purpose, and the inability to reliably trace a cyberweapon leading to increased distrust.
Source:
Schneier
