Year 2014 will be a year of cybersecurity after the NSA revelations made in 2013: The headline news is that the NSA has surreptitiously “burrowed its way into nearly all the security architecture” sold by the world’s largest computer networking companies. A lot of people were shocked how NSA monitored and hacked almost everything in Internet. There will still be NSA aftershocks after new material comes out and different parties react to them (and news sources write about them). U.S. cloud services have been put into question for good reason. There will be a lot of NSA spying litigation. Those spying issues will also fuel some haktivism (it has already started to happen).
Security Professionals: Top Cyber Threat Predictions for 2014 article lists the following predictions that seem to pretty propable: Cybersecurity Regulatory Efforts Will Spark Greater Need for Harmonization, Service-Impacting Interruptions for Online Services Will Persist, We Will See an Increase in Cybercrime Activity Related to the World Cup, Rise of Regional Cloud Services, Dev-Ops Security Integration Fast Becoming Critical, Cybercrime that Leverages Unsupported Software will Increase, Increase in Social Engineering and Ransomware will Impact More People.
Ubiquitous mobile computing is all around us, which will lead to increased risks and concerns about social network privacy. Social networks have quickly become the key organizing principle of Internet communication and collaboration. Android anti-virus apps CAN’T kill nasties on sight like normal AV.
2013 was a very hacked year when there was many cases where information on millions or tens of millions of users were stolen from companies. It’s likely that we will see much more of the same in 2014, the way people use passwords and how the on-line services are built have not changed much in one year.
Gartner predicts that through 2014, improved JavaScript performance will begin to push HTML5 and the browser as a mainstream enterprise application development environment. I expect that HTML5 related security issues are increased due the fact that the technology being used more in 2014.
Over 50% of net traffic to web sited made by bots! More Than Half of Internet Traffic Is Just Bots article says that security and cloud service provider Incapsula analyzed and found out that more than 60 percent of internet traffic is computer generated, compared to less than 40 percent of traffic that is driven by human clicks. 31% of Bots Are Still Malicious. SEO link building has always a major motivation for automated link spamming, but it is decreasing due the fact that Google was able to discourage it. There are more advanced hacking and automatic vulnerability searching.
DDoS attacks are evolving from volumetric Layer 3-4 attacks to much more sophisticated and dangerous Layer 7 multi-vector threats.
There will be still many SCADA security issues in 2014. Even though traditional SCADA vulnerabilities have become easier to find, the increased connectivity brought with IoT will cause new issues. And there will still be very many controls systems openly accessible from the Internet for practically everybody who knows how to do that. There was a large number of SCADA systems found open in Internet in the beginning of 2013, and the numbers have not considerably dropped during the year. I expect that very many of those systems are still too open in the end of 2014.
The Internet is expanding into enterprise assets and consumer items such as cars and televisions. The Internet of Things (IoT) will evolve into the Web of Things, increasing the coordination between things in the real world and their counterparts on the Web. There will be many security issues to solve and as the system become more widely used more security issues on them will be found in them.
Cloud security will be talked about. Hopefully there will be some clear-up on the terminology on that area, because cloud security can mean a lot of things like the term cloud computing. Cloud security could mean how secure your cloud provider is, a service that runs on cloud filtering what comes through it (for example e-mails, web traffic), it could mean to product protecting some service running on cloud, or it could be a traditional anti-virus service that connects to cloud to advance it’s operation (for example update in real-time, verify unknown programs based on data on cloud). Research firm Gartner forecasts that cloud security sales will increase dramatically in the next few years. Cloud Security sales have increased over the past year by 2.1 billion to $ 3.1 billion in 2015.
Marketers try to put “cloud” term to security product brochures as much as they can. Cloud made from the traditional information security sound old-fashioned because companies are under pressure to move services to the cloud. Also, mobile devices and information security dispersed users to set new standards. OpenDNS ‘s CTO Dan Hubbard says that “Because of the data and equipment run in the cloud users with the cloud is the best way to protect them.” The Snowden Effect will also bring this year of PRIVATE cloud talk on table for security reasons because U.S. cloud services have been put into question for good reason.
In Finland a new Cyber Security Center started in the beginning of 2014. Security articles and warnings from it will be published at kyberturvallisuuskeskus.fi.
Late addition: Crypto-currencies like Bitcoin and similar are on the rise. Early adopters already use them already actively. Those crypto-currencies have many security related issues related to them. The values of the crypto-currencies vary quite much, and easily the value drops considerably when they get so used that different governments try to limit using them. Bitcoin is increasingly used as ramsonware payment method. Bitcoins have been stolen lately quite much (and I expect that to increase when usage increases), and those are stolen from users, on-line wallets and from exchanges. When more money is involved, more bad guys try to get into to get some of it. Sometimes bad guys do not try to steal your money, bit use resources you pay (your own PC, your server capacity, etc.) to generate money for them without you knowing about it. If you plan to use those crypto-currencies be careful to understand what you are doing with them, there is a real possibility that you can loose your money and there is no way that lost money can be recovered.
3,382 Comments
Tomi Engdahl says:
Belkin patches WeMo bug
Fixes available on AppStore, Google Play
http://www.theregister.co.uk/2014/02/20/belkin_on_wemo_bug_get_the_patch/
Belkin has published fixes for the flaws discovered by IOActive in its WeMo Home Automation system, and is urging users to download updated versions of its control apps from either the AppStore or Google Play.
As discussed by The Register yesterday, the bugs opened a wide range of holes in the kit, including opportunities to spread malicious firmware and gain unauthorised access to the home automation products.
Tomi Engdahl says:
Red Harbinger tests the Cryptocurrency Chassis Market: The DopaMINE
by Ian Cutress on February 19, 2014 5:33 PM EST
http://www.anandtech.com/show/7770/red-harbinger-tests-the-cryptocurrency-chassis-market-the-dopamine
With the ups and downs of cryptocurrencies like Bitcoin, Litecoin and Dogecoin now part of the zeitgeist; notable trends are starting to happen. The software is being probed more and more for weaknesses (such as the recent Mt.Gox issues), and the prices of scrypt mining hardware such as AMD GPUs are going through the roof in the US
Comment: “I completely agree. While the media continue to focus on it as a currency, the truly innovative part of Bitcoin is its usefulness as a protocol, and that is what will cause Bitcoin to grow in popularity.”
Tomi Engdahl says:
Facebook turns 10: Big Brother isn’t Mark Zuckerberg. It’s YOU
How the social network turned us all into secret policemen
http://www.theregister.co.uk/2014/02/04/facebook_10th_birthday_big_brother_is_you/
grosir obat kuat says:
An outstanding share! I have just forwarded this onto a coworker
who has been conducting a little research on this.
And he in fact ordered me dinner because I stumbled upon it for him…
lol. So allow me to reword this…. Thank YOU for the meal!!
But yeah, thanks for spending time to talk about this subject here on your website.
Tomi Engdahl says:
Valve Denies It’s Going Through Your Browser History
http://kotaku.com/valve-denies-its-going-through-your-browser-history-1524699598
original claim is that VAC is monitoring your DNS cache looking for evidence of you having visited a hacking site
In a public response, also on Reddit, Newell denies the claims that VAC is sending your browsing history back to Valve, saying that it only sends back hashes of “non-web” entries that are “matches” for those on its cheat server blacklist.
Tomi Engdahl says:
ICE license-plate tracking plan withdrawn amid outcry about privacy
http://www.cnn.com/2014/02/19/us/ice-license-plate-tracking/index.html?hpt=hp_t3
Homeland security officials on Wednesday abruptly shelved a proposal to build a national database of license-plate scans after criticism from privacy advocates.
Under the proposal, officers in the field would have been able to use their smartphones to look up a license plate and see every time and every place the vehicle had been spotted by a camera.
Tomi Engdahl says:
Debunking four mobile security myths
http://www.networkworld.com/news/tech/2013/092613-mobile-security-myths-274230.html
Even with the rapid adoption of mobile in the enterprise, there are a lot of misconceptions about user privacy, security and compliance. We debunk the most prevalent mobile security myths.
Bursting the top 14 mobile security myths
http://www.appstechnews.com/blog-hub/2013/oct/31/bursting-top-14-mobile-security-myths/
Enterprise mobile security used to be so easy: there were laptops and BlackBerries, both owned by the company and totally locked down. I’m sure there are plenty of security professionals who miss that world, but the era of the true smartphone has opened the Pandora’s Box of security and there’s no way back.
One of the biggest problems facing the enterprise today is that the smartphone, tablet and BYOD revolution has happened so fast that we’re still figuring out how to deal with it. As a result, there are many myths out there, and in this blog I will give you the truth behind fourteen of the most important, whether they are true or false.
Tomi Engdahl says:
Bitcoin slumped from $ 829 to $ 110 at Mt. Goxissa – in two weeks
Bitcoin drawdown began in Japan on technical issues and the lifting of restrictions after. One Bitcoin value has fallen to $ 110, after two weeks earlier Bitcoin was $ 829.
- Because brokers are not allowed out of the Bitcoin Mt. Goxista at the moment, the price will fall, therefore, that there is a possibility that investors can be raised out of the bitcoins ever
Mt. Gox is trying to overcome the technical problems and get the payments to work, bitcoin trading continues on other sites.
The Mt. Gox Bitcoin is one of the largest retail sites for bitcoins
Trading problems are the latest Bitcoin disorder. Recently, many countries have taken a position on Bitcoin.
Source: Tietoviikko
http://www.digitoday.fi/bisnes/2014/02/21/bitcoin-valahti-829-dollarista-110-dollariin-mt-goxissa–kahdessa-viikossa/20142589/66?rss=6
Tomi Engdahl says:
Beware Greeks bearing lists: Bank-raiding nasty Zeus smuggles attack orders in JPEGs
Trojan stashes config files in photos in mythology mash-up
By Iain Thomson, 20th February 2014
http://www.theregister.co.uk/2014/02/20/zeus_bank_hackers_hiding_malware_controls_in_jpg_in_a_nod_to_the_ancients/
A new variant of the bank-account-raiding Zeus malware apparently uses the ancient technique of steganography to update its list of websites to subvert.
JPEG photo of a sunrise was being downloaded by the software
JPEG has a larger-than-expected file size.
end of the image data by the Zeus controllers
Tomi Engdahl says:
Tales from the TSA: Confiscating Aluminum Foil and Watching Out for Solar Powered Bombs
A former TSA agent on why we shouldn’t get (so) mad at the men and women working the security line, when it’s their bosses who send down the ridiculous orders
Read more: Tales from the TSA: Confiscating Aluminum Foil and Watching Out for Solar Powered Bombs | TIME.com http://ideas.time.com/2014/02/20/tales-from-the-tsa-confiscating-aluminum-foil-and-watching-out-for-solar-powered-bombs/#ixzz2twu59oZC
Tomi Engdahl says:
Make a random sample in your organization
1. Log management
– What information is logged?
– The time over which the log data is available
– When and where the logs are used?
2. Certificate management
– Several organizations have been faced with the fact that important certificate “accidentally” outdated
– Is the organization centralized management and process the certificate on the acquisition and management?
3. Security Update Manager
– Security and other appropriate patch testing, and installation
4. Vulnerability scans and audits
– Do you carry a regular vulnerability scanning or more in-depth audit on critical services?
5 Are you getting the service, the requirement specification and the agreements you have agreed?
Source: Tietoviikko
http://www.tietoviikko.fi/blogit/turvasatama/tee+pistokoe+organisaatiossasi/a969308
Tomi Engdahl says:
Data Breach QuickView
An Executive’s Guide to 2013 Data Breach Trends
https://www.riskbasedsecurity.com/reports/2013-DataBreachQuickView.pdf
The goal of this report is to provide an executive level summary of the key findings from RBS’ analysis of the data breach incidents reported during 2013.
Tomi Engdahl says:
It’s time to break up the NSA
By Bruce Schneier
http://www.cnn.com/2014/02/20/opinion/schneier-nsa-too-big/index.html?hpt=hp_t4
The NSA has become too big and too powerful. What was supposed to be a single agency with a dual mission — protecting the security of U.S. communications and eavesdropping on the communications of our enemies — has become unbalanced in the post-Cold War, all-terrorism-all-the-time era.
Putting the U.S. Cyber Command, the military’s cyberwar wing, in the same location and under the same commander, expanded the NSA’s power. The result is an agency that prioritizes intelligence gathering over security, and that’s increasingly putting us all at risk. It’s time we thought about breaking up the National Security Agency.
Computer and network security is hard, and we need the NSA’s expertise to secure our social networks, business systems, computers, phones and critical infrastructure. Just recall the recent incidents of hacked accounts — from Target to Kickstarter. What once seemed occasional now seems routine. Any NSA work to secure our networks and infrastructure can be done openly — no secrecy required.
Tomi Engdahl says:
Once You Use Bitcoin You Can’t Go ‘Back’ — And That’s Its Fatal Flaw
http://www.wired.com/opinion/2013/11/once-you-use-bitcoin-you-cant-go-back-and-that-irreversibility-is-its-fatal-flaw/
Bitcoin is the world’s most popular digital currency — not just a form of money, but a way of moving money around — and the darling topic du jour of the tech industry right now.
bitcoin-the-protocol. It’s an incredibly clever piece of cryptographic engineering,
The flaw? That bitcoin transactions are irreversible. That is, they can never be undone: Once committed, there is no “oops”, no “takeback”, no “control-Z”. Combined with bitcoin’s independence — it is a separate currency with a floating exchange rate — this flaw is arguably lethal to money systems.
Bitcoin advocates will argue that both its irreversibility and independence are benefits.
Without an undo/ back button, it’s only possible to prevent fraud. With an undo, it would also be possible to detect and mitigate fraud; to see that something bad happened and then actually do something about it. Credit cards, bank account transfers, and all other electronic transactions involving a bank all have an “undo” button.
In the current financial system, the only major irreversible transactions involve withdrawing cash.
bitcoins should never be “stored” on an internet-connected device. That includes our computers and our smartphones.
it is theoretically true that stolen coins could be blocked
Yet the bitcoin community strongly resists the idea of blacklists, because it eliminates fungibility
Bitcoin advocates insist that the theft problem is solvable.
Even at a 10 billion dollar market cap
bitcoin is almost irrelevant in financial terms.
Tomi Engdahl says:
Source code for Android iBanking bot surfaces on underground forum
Leaked source code could lead to a larger number of attacks using the mobile malware, security researchers from RSA said
http://www.computerworld.com/s/article/print/9246494/Source_code_for_Android_iBanking_bot_surfaces_on_underground_forum
The source code for an Android mobile banking Trojan app was released on an underground forum, making it possible for a larger number of cybercriminals to launch attacks using this kind of malware in the future.
The malware app, which the RSA researchers call iBanking, is used in conjunction with PC malware to defeat mobile-based security mechanisms used by banking sites.
Tomi Engdahl says:
Update your iThings NOW: Apple splats scary SSL snooping bug in iOS
OS X Mavericks still VULNERABLE, millions at risk of web hijacking
http://www.theregister.co.uk/2014/02/21/apple_patches_ios_ssl_vulnerability/
Apple has updated its mobile operating system iOS to patch a bug that blows apart the integrity of encrypted connections.
Versions 7.0.6 and 6.1.6, available now for download, fixes a vulnerability that could allow “an attacker with a privileged network position” to “capture or modify data in sessions protected by SSL/TLS,” according to the iPhone maker.
Tomi Engdahl says:
Neiman Marcus Hackers Set Off 60,000 Alerts While Bagging Credit Card Data
http://www.businessweek.com/articles/2014-02-21/neiman-marcus-hackers-set-off-60-000-alerts-while-bagging-credit-card-data
The hackers who raided the credit-card payment system of Neiman Marcus Group (NMG) set off alerts on the company’s security systems about 60,000 times as they slunk through the network, according to an internal company investigation.
The hackers moved unnoticed in the company’s computers for more than eight months, sometimes tripping hundreds of alerts daily because their card-stealing software was deleted automatically each day from the Dallas-based retailer’s payment registers and had to be constantly reloaded.
“These 60,000 entries, which occurred over a three-and-a-half month period, would have been on average around 1 percent or less of the daily entries on these endpoint protection logs, which have tens of thousands of entries every day,” Reeder says.
“In an ideal world, your card-data network should be completely segmented from the general-purpose network,” said Robert Sadowski, director of technology solutions at RSA Security, a division of EMC (EMC). “Unfortunately, an ideal world is often different than reality.”
Tomi Engdahl says:
Behind iPhone’s Critical Security Bug, a Single Bad ‘Goto’
http://www.wired.com/threatlevel/2014/02/gotofail/
Like everything else on the iPhone, the critical crypto flaw announced in iOS 7 yesterday turns out to be a study in simplicity and elegant design: a single spurious “goto” in one part of Apple’s authentication code that accidentally bypasses the rest of it.
Tomi Engdahl says:
On the Timing of iOS’s SSL Vulnerability and Apple’s ‘Addition’ to the NSA’s PRISM Program
http://daringfireball.net/2014/02/apple_prism
SSL vulnerability was introduced in iOS 6.0.
iOS 6.0 shipped on 24 September 2012.
According to slide 6 in the leaked PowerPoint deck on NSA’s PRISM program, Apple was “added” in October 2012.
Tomi Engdahl says:
Goldman Sachs Takes On Bitcoin
http://techcrunch.com/2014/02/21/goldman-bitcoin/
Responding to requests from clients, Goldman Sachs has put out an early assessment of Bitcoin
“2013 was the year when Bitcoin became a mainstay in mass media, to the extent that it has become hard to separate the effect of hype surrounding the currency from its fundamentals.”
“there is no liquid derivative market for Bitcoin; nor a large market of B2B suppliers which companies can use for spending Bitcoin”
Without the imprimatur of a big name, Goldman warns, the currency is a bit dangerous to offer to the serious investor.
there are a number of ways to gain exposure to value creation in the Bitcoin ecosystem
— Speculation: Holding Bitcoin with the view that the currency will appreciate over time
— Mining: Purchase computers capable of mining Bitcon, and earn newly minted Bitcoins
— Enterprise: Provide value-add services to participants in the Bitcoin ecosystem, for a fee
value of Bitcoin comes in its use as a payment method that removes credit card processing costs for merchants
For businesses today it is not yet feasible to hold Bitcoin given its volatility, and so merchants must convert into fiat currencies immediately (and incur commission charge)
Tomi Engdahl says:
Most Alarming: IETF Draft Proposes “Trusted Proxy” In HTTP/2.0
http://tech.slashdot.org/story/14/02/23/1528208/most-alarming-ietf-draft-proposes-trusted-proxy-in-http20
February 22, 2014
No, I Don’t Trust You! — One of the Most Alarming Internet Proposals I’ve Ever Seen
http://lauren.vortex.com/archive/001076.html
What they propose for the new HTTP/2.0 protocol is nothing short of officially sanctioned snooping.
Of course, they don’t phrase it exactly that way.
So this dandy proposal offers a dandy solution: “Trusted proxies” — or, to be more straightforward in the terminology, “man-in-the-middle attack” proxies. Oh what fun.
Tomi Engdahl says:
Writing The Snowden Files: ‘The paragraph began to self-delete’
http://www.theguardian.com/books/2014/feb/20/edward-snowden-files-nsa-gchq-luke-harding
Was it the NSA? GCHQ? A Russian hacker? Who was secretly reading his book on Snowden while he wrote it, wonders Luke Harding
Tomi Engdahl says:
Here are some interesting postings related to Bitcoin:
“On the Blockchain Nobody Knows You’re a Fridge” and 9 Other Amazing Things About Bitcoin
http://thoughtinfection.com/2014/02/09/on-the-blockchain-nobody-knows-youre-a-fridge-and-9-other-amazing-things-about-bitcoin/
Cryptocontracts Will Turn Law Into a Programming Language
http://thoughtinfection.com/2014/02/22/we-are-becoming-programmable-society/
Tomi Engdahl says:
The minority report: Chicago’s new police computer predicts crimes, but is it racist?
http://www.theverge.com/2014/2/19/5419854/the-minority-report-this-computer-predicts-crime-but-is-it-racist
Chicago police say its computers can tell who will be a violent criminal, but critics say it’s nothing more than racial profiling
In 2009, the National Institute of Justice (NIJ) made millions of dollars in grants available for any police department with a burgeoning predictive program.
The big winner was Chicago; its combination of headline-making homicide rates and already established data- and tech-focused policing made it a perfect fit. The CPD received more than $2 million to test two phases of its experimental program.
Wernick denies that IIT’s algorithm uses “any racial, neighborhood, or other such information” to assist in compiling the heat list.
Tomi Engdahl says:
It’s time to break up the NSA
By Bruce Schneier
http://www.cnn.com/2014/02/20/opinion/schneier-nsa-too-big/
Tomi Engdahl says:
Mt. Gox Resigns From Bitcoin Foundation
http://online.wsj.com/news/article_email/SB10001424052702303426304579401883794330454-lMyQjAxMTA0MDIwMzEyNDMyWj
The Bitcoin Foundation confirmed in a statement on its website that Mt. Gox had resigned its board seat and thanked Mt. Gox for its efforts in launching the group.
The “discount at Mt Gox reflects the markets ongoing belief that bankruptcy is a high possibility,”
Tomi Engdahl says:
Pics: ‘Bitcoin ATMs’ spring up in the US
Kiosks to fill digital wallets … no cash withdrawals yet
http://www.theregister.co.uk/2014/02/24/bitcoin_atms_spring_up_in_us/
Tomi Engdahl says:
Apple’s ‘Gotofail’ Security Mess Extends To Mail, Twitter, iMessage, Facetime And More
http://www.forbes.com/sites/andygreenberg/2014/02/23/apples-gotofail-security-mess-extends-to-mail-twitter-imessage-facetime-and-more/
First, Apple revealed a critical bug in its implementation of encryption in iOS, requiring an emergency patch. Then researchers found the same bug is also included in Apple’s desktop OSX operating system, a gaping Web security hole that leaves users of Safari at risk of having their traffic hijacked. Now one researcher has found evidence that the bug extends beyond Apple’s browser to other applications including Mail, Twitter, Facetime, iMessage and even Apple’s software update mechanism.
Tomi Engdahl says:
Microsoft enters into new global partnerships in fight against cybercrime
Feb. 12, 2014
http://www.microsoft.com/en-us/news/press/2014/feb14/02-12cybercrimepr.aspx
Company joins forces with the Organization of American States, Europol and FIS to expand efforts to make the Internet safer for consumers worldwide.
Tomi Engdahl says:
Yahoo adverts ‘spreading Bitcoin mining malware’
by CBR Staff Writer| 09 January 2014
http://www.cbronline.com/news/social/yahoo-adverts-spreading-bitcoin-mining-malware-090114-4157714
Two million Yahoo users could have received malware from virus-infected ads on the search engine giant’s homepage that turn the computer into Bitcoin mining tools, according to security researchers.
Tomi Engdahl says:
Malicious Ads: Syndicated Malware Delivery
http://antivirus.about.com/od/securitytips/a/Malicious-Ads-Syndicated-Malware-Delivery.htm
The vast majority of content on the Web seems free, but it’s actually supported through advertising. The largest syndicated ad providers are owned by the search engine vendors.
One rogue or inattentive affiliate and suddenly large numbers of mainstream websites are turned into malware distribution points, potentially impacting tens of millions of Web surfers.
Malicious ads seldom exploit zero day vulnerabilities. Instead, the exploits used are generally for older known vulnerabilities for which patches have long been available. The problem, of course, is that many people put off updating – or only update Windows and not the rest of the programs.
Tomi Engdahl says:
A beginner’s guide to building botnets—with little assembly required
For a few hundred dollars, you can get tools and 24/7 support for Internet crime.
http://arstechnica.com/security/2013/04/a-beginners-guide-to-building-botnets-with-little-assembly-required/
Building successful malware is an expensive business. It involves putting together teams of developers, coordinating an army of fraudsters to convert ill-gotten gains to hard currency without pointing a digital arrow right back to you. So the biggest names in financial botnets—Zeus, Carberp, Citadel, and SpyEye, to name a few—have all at one point or another decided to shift gears from fraud rings to crimeware vendors, selling their wares to whoever can afford them.
So how easy is it to get into the botnet business?
With the market saturated with tools, a community of several thousand known botnet operators, and new ways to profit emerging every day
Tomi Engdahl says:
Nokia smartphone leaks information abroad
http://www.helsinkitimes.fi/finland/finland-news/domestic/9516-nokia-smartphone-leaks-information-abroad.html
Two years ago, trust in the data security of Nokia smartphones was still strong.
Soon after the event, large amounts of Nokia’s Lumia phones were bought for the Finnish government: ministers, MPs and authorities. Prime Minister Jyrki Katainen (National Coalition) also uses Lumia.
At the same time, the data leak began. In the centre of it are Nokia’s Lumia phones and their Windows Phone operating system.
Contrary to what Nokia implied two years ago, Lumia phones do not ensure the user’s privacy – at least no better than the phones of other big manufacturers. Lumia’s operating system transmits the user’s private information to Microsoft in the United States. According to numerous data security companies, Microsoft, for its part, cooperates with the United States Security Agency (NSA).
Finnish authorities began to suspect the security of Nokia’s smartphones last summer.
“What was banned in Europe was allowed in the United States. If the company has significant business activities in the United States, it must cooperate with the security agency. The alternative is withdrawing from the US market, which would prove to be very expensive,”
If the user accepts the settings suggested by the phone, the operating system transmits the user’s confidential information to Nokia and Microsoft serves located in the United States and in other countries.
Tomi Engdahl says:
Google Acquires Spider.io To Help Spot And Stop Online Ad Fraud
http://techcrunch.com/2014/02/21/google-acquires-spider-io-to-help-spot-and-stop-online-ad-fraud/
London-based Spider.io has been acquired by Google, the company’s DoubleClick advertising blog announced
Spider.io’s tech is designed specifically to detect attacks originating from PCs infected by malware. Often these hijacked computers are programmed by their attackers to place a high volume of ad requests, thus skewing the numbers and defrauding online advertisers out of millions of dollars.
Tomi Engdahl says:
“This could be the end of Bitcoin”: leak shows massive theft at Mt. Gox, price falls below $500 amid pleas for calm
http://gigaom.com/2014/02/24/this-could-be-the-end-of-bitcoin-leak-shows-massive-theft-at-mt-gox-price-falls-below-500-amid-pleas-for-calm/
The world of Bitcoin is being rocked by a cascade of events related to the final collapse of Mt. Gox, which a leaked crisis document says could be “the end” of the currency in the public realm for years.
The Bitcoin community is on edge as a leaked document shows that the Mt. Gox exchange, a longtime pillar of the virtual currency, is missing hundreds of millions of dollars worth of customer money, and is heading for bankruptcy.
Tomi Engdahl says:
Breaking – Mt. Gox is dead, long live Mt. Gox
http://mattvukas.com/2014/02/24/breaking-mt-gox-dead-long-live-mt-gox/
“Bitcoin’s Apocalyptic Moment: Mt. Gox may have lost 750,000 bitcoins”,
It should be noted that the document’s source has not been verified.
EDIT (2-25-14 12:59am): At this time, the Mt. Gox website appears to be completely offline.
Tomi Engdahl says:
98% of mobile malware targets Android platform
http://blogs.computerworld.com/mobile-security/23577/98-mobile-malware-targets-android-platform
If you consider all the hot new mobile products coming out of Mobile World Congress 2014, it’s clear that the world as a whole is crazy about mobile devices. While it’s no wonder that cyber crooks are also hot to follow the mobile trend,Samsung Galaxy S5, Mobile World Congress 2014 Kaspersky Labs says the mobile malware sector is growing so rapidly, “It is safe to say that today’s cybercriminal is no longer a lone hacker but part of a serious business operation” that includes “virus writers, testers, interface designers of both the malicious apps and the web pages they are distributed from, owners of the partner programs that spread the malware, and mobile botnet owners.”
Worldwide, 85% of the population owns a smartphone; 96% of us use our phones to take photos and 70% of mobile devices are used to take “selfies.”
Tomi Engdahl says:
Are Disappearing Messages a Permanent Business?
http://slashdot.org/topic/cloud/disappearing-messages-permanent-business/
If a new crop of startups wants to profit, they’ll have to convince users that disappearing messages are secure.
Our lives online come with perils, whether from the NSA checking up on our digital communications, or the possibility of the wrong e-message going viral. Twitter, Facebook, Google, Instagram, and other social networks have collected all sorts of personal data about us, where we’ve been, what we’re saying, what we like, and our friends.
No wonder the idea of ephemeral messages—such as those sent via Snapchat and other services—is beginning to resonate, attracting lots of startups who want to service that very need.
Tomi Engdahl says:
China’s web giants unite to defuse Windows XP bombshell
Tencent, Sogou, Kingsoft and others will provide support for local users
http://www.theregister.co.uk/2014/02/25/windows_xp_hedge_web_tencent_china/
A gaggle of Chinese web firms have come together with a plan to protect Windows XP users in the Middle Kingdom for at least the next two or three years, according to local reports.
The unusual step will see messaging giant Tencent, search engine Sogou, software company Kingsoft and several others offer technical support for XP including system upgrades and security services, said Xinhua.
Tomi Engdahl says:
Prez Obama cyber-guru: Think your data is safe in an EU cloud? The NSA will raid your servers
But US govt shouldn’t be ‘f**king’ with crypto algorithms
http://www.theregister.co.uk/2014/02/24/richard_clarke_csa_comments/
A former White House security advisor has suggested that you, dear reader, are naive if you think hosting data outside of the US will protect a business from the NSA.
“NSA and any other world-class intelligence agency can hack into databases even if they not in the US,” said former White House security advisor Richard Clarke in a speech at the Cloud Security Alliance summit in San Francisco on Monday. “Non-US companies are using NSA revelations as a marketing tool.”
And indeed, European governments are making moves to keep more data within the EU.
But far from protecting against spying, Clarke indicated that these schemes are more about giving EU companies an edge, than protecting Joe Citizen from surveillance.
Tomi Engdahl says:
Once Mighty Bitcoin Exchange Mt. Gox Is Offline, Likely Dead
http://www.forbes.com/sites/ericmack/2014/02/24/once-mighty-bitcoin-exchange-mt-gox-is-offline-likely-dead/
Mt. Gox, the one-time monarch of the Bitcoin kingdom, appears to be dead, or at least in a very serious coma. The troubled exchange for the volatile crypto-currency has been offline since at least 10:30 p.m. Eastern time on Monday.
Mt. Gox not long ago claimed to be the largest of the online Bitcoin exchanges, but began to run into problems in the fall of last year
Tomi Engdahl says:
A document unearthed by Bitcoin enthusiast Ryan Selkis that’s been widely circulated estimated at least 744,408 BTC — about 6% of all coins in existence — are now out of circulation. The document asserts the coins have slowly been stolen over the course of several years.
Read more: http://www.businessinsider.com/reports-mtgox-halts-all-trading-2014-2#ixzz2uL6nu424
Tomi Engdahl says:
Latest iOS 7 bug is embarrassingly simple
http://www.wired.co.uk/news/archive/2014-02/24/gotofail
Like everything else on the iPhone, the critical crypto flaw announced in iOS 7 yesterday turns out to be a study in simplicity and elegant design: a single spurious “goto” in one part of Apple’s authentication code that accidentally bypasses the rest of it.
Apple released iOS 7.0.6 yesterday to patch the bug in its implementation of SSL encryption
Tomi Engdahl says:
The dangers behind Apple’s epic security flaw
How could a serious security issue at a tech giant go unnoticed for 18 months?
http://www.theverge.com/2014/2/24/5442576/inside-apples-epic-security-flaw
Apple’s SSL bug first reared its head on Friday, when a mysterious, urgent update began pouring out to iOS devices. From there, the news just got worse. It wasn’t just an iOS bug, but a problem in Apple’s SecureTransport platform, present in OS X 10.9 for desktop and reaching back to iOS 6 on mobile.
Though a fix has been issued for mobile devices, it’s still a very big and very bad issue for Apple.
The bigger question is how a bug this bad made it through Apple’s security features in the first place.
One insider describes the OS X security framework as a company-wide kitchen sink, an old framework that’s been adapted over and over again across different regimes and different products. New code means new bugs that need to be checked, so large portions of the core apps like SecureTransport can go untouched for huge stretches of time.
Apple may not have been actively encouraging anyone to audit the code
Tomi Engdahl says:
Element 14 Holding Orders Based On US Government Watch List!
http://www.eevblog.com/2014/02/24/element-14-holding-orders-based-on-us-government-watch-list/
So lets see if I have this straight – An Australian subsidiary, owned by a UK parent company, listed on the UK stock exchange, has an ordering system that automatically matches generic names against some secret US Government watch list, and flags those orders and puts them on hold
Element 14 need to provide an official public response. Let’s see how long it takes them
Tomi Engdahl says:
Apparent Theft at Mt. Gox Shakes Bitcoin World
http://www.nytimes.com/2014/02/25/business/apparent-theft-at-mt-gox-shakes-bitcoin-world.html?hp&_r=0
On Monday night, a number of leading Bitcoin companies jointly announced that Mt. Gox, the largest exchange for most of Bitcoin’s existence, was planning to file for bankruptcy after months of technological problems and what appeared to have been a major theft.
The new exchange is being put together by SecondMarket
But plans for any new venture will be tested by the collapse of Mt. Gox, which could shake the faith of early Bitcoin adopters.
Many leading names in the Bitcoin community were still trying to determine the scope and potential consequences of the troubles at Mt. Gox.
Tomi Engdahl says:
CipherCloud launches ‘watch your cloud app’ protection
Compatibility matters
http://www.theregister.co.uk/2014/02/26/ciphercloud_launches/
CipherCloud is rolling out a new iteration of its cloud-based security and data loss prevention (DLP) environment which it says focuses on interoperability with existing environments.
“Existing protections don’t monitor what is going on in the cloud, in apps like SalesForce and Dropbox,” Kothari said.
“ICAP lets us follow enterprise content through existing DLP and malware protection environments,”
Tomi Engdahl says:
Split the NSA in Two, Says Security Firm Embroiled in NSA Scandal
http://www.wired.com/threatlevel/2014/02/rsa-head-discusses-nsa/
In an atmosphere of distrust and anger, the CEO of security giant RSA took the stage this morning to address recent controversies around his company’s work with the NSA, and its years-long support of an algorithm suspected of containing an NSA backdoor.
Coviello didn’t discuss the $10 million contract directly or the issue of the backdoor, instead offering an innocent explanation for why RSA chose the algorithm for its default, reiterating comments the company’s chief technology officer told WIRED last year that elliptic curve algorithms like the Dual_EC_DRBG algorithm were all the rage at the time, and RSA chose it as the default because it provided certain advantages over hash-based random number generators, including better security.
Coviello also said that his company made the algorithm its default at the time because the federal government was its primary encryption customer, and the customer wanted it.
Tomi Engdahl says:
Joint Statement Regarding MtGox
Feb 24th, 2014
http://blog.coinbase.com/post/77766809700/joint-statement-regarding-mtgox
The purpose of this document is to summarize a joint statement to the Bitcoin community regarding Mt.Gox.
Tomi Engdahl says:
Scientists demonstrate first contagious airborne WiFi virus
Read more at http://scienceblog.com/70678/scientists-demonstrate-first-contagious-airborne-wifi-virus/#i7QQzUm4MEUlCSm9.99