Grant Gross

Author Archives: Grant Gross

FBI director: Apple encryption ruling could lead to more requests

If a U.S. court grants the FBI's request for Apple to help it unlock a terrorism suspect's iPhone, the case will likely open the door to many similar law enforcement requests, the agency's director said Thursday. A ruling in favor of the FBI by a California judge "will be instructive for other courts," FBI Director James Comey said during a congressional hearing. A decision in the San Bernardino mass shooting case "will guide how other courts handle similar requests," he added. Lawmakers questioned the broader impact of the FBI's request, and a judge's initial ruling in favor of the agency, during a hearing on worldwide security threats before the House of Representatives Intelligence Committee.To read this article in full or to leave a comment, please click here

Lawmakers push for encryption commission to find compromise

The U.S. Congress should allow an expert commission to recommend ways to resolve the contentious debate over police access to encrypted communications before passing "knee-jerk" legislation, one lawmaker said.Even as Apple and the FBI fight in court over access to a terrorist suspect's iPhone, a 9/11 Commission-style digital security panel should try to find a compromise between smartphone users' privacy and law enforcement access to encrypted devices, Representative Michael McCaul, a Texas Republican, said Wednesday.To read this article in full or to leave a comment, please click here

BlackBerry eyes IoT, diversifies with new cybersecurity practice

Struggling smartphone vendor BlackBerry is looking to diversify its business by launching a cybersecurity consulting service, focusing in part on the Internet of Things, and providing related tools to customers.The Ontario smartphone vendor, an early standard bearer for multifunction mobile phones, announced Wednesday it has acquired U.K. cybersecurity consulting firm Encription. The company did not disclose the terms of the deal, which was completed last week.BlackBerry's move into cybersecurity consulting isn't a huge leap, as the company has long positioned itself as a security-minded smartphone vendor. Late last year, the company launched the Priv, a security- and privacy-focused smartphone running a modified version of Android.To read this article in full or to leave a comment, please click here

Asus settles charges over insecure routers and cloud services

Critical security flaws in routers and cloud computing services offered by Asus put hundreds of thousands of customers at risk, the U.S. Federal Trade Commission has charged.Taiwan-based Asus has agreed to settle an FTC complaint that it failed to take reasonable steps to secure the software on its routers, the agency said Tuesday. In addition to well-documented vulnerabilities in the routers, its cloud services led to thousands of customers' storage devices being compromised and exposed their personal information, the agency said.To read this article in full or to leave a comment, please click here

Asus settles charges over insecure routers and cloud services

Critical security flaws in routers and cloud computing services offered by Asus put hundreds of thousands of customers at risk, the U.S. Federal Trade Commission has charged.Taiwan-based Asus has agreed to settle an FTC complaint that it failed to take reasonable steps to secure the software on its routers, the agency said Tuesday. In addition to well-documented vulnerabilities in the routers, its cloud services led to thousands of customers' storage devices being compromised and exposed their personal information, the agency said.To read this article in full or to leave a comment, please click here

Apple’s fight with the FBI could go all the way to the US Supreme Court

Apple may have taken on the fight of its life in standing up to the FBI, which is demanding that it help break into an iPhone used by one of the perpetrators in December's San Bernardino mass shooting. Apple has promised to fight a U.S. magistrate judge's order Tuesday requiring it to assist the FBI, and legal experts say the case could go all the way up to the Supreme Court. Apple needs to tread carefully, however. A divisive presidential election has further polarized the country around issues including how to respond to terrorists, and Apple needs to be careful the public doesn't turn against it.To read this article in full or to leave a comment, please click here

IBM goes all in on blockchain, offers cloud-based service

IBM is betting big on blockchain secure-records technology taking off beyond its traditional use in bitcoin and other financial transactions. The company is now offering a cloud-based service to allow developers to set up blockchain networks and test and deploy related apps.IBM announced a flurry of blockchain-related initiatives Tuesday, including developer services hosted on its Bluemix cloud. Developers can access DevOps tools to create, deploy and monitor blockchain applications on the IBM cloud, the company said.To read this article in full or to leave a comment, please click here

Russia, China said to use hacked databases to find US spies

Foreign spy agencies, including those from Russia and China, are cross-checking hacked databases to identify U.S. intelligence operatives, according to a news report.One secret network of U.S. engineers and scientists providing technical assistance to the country's overseas undercover agencies has been compromised, according to a story Monday in the Los Angeles Times.Foreign intelligence agencies are cross-referencing several compromised databases, whose information includes security clearance applications and airline records, to identify U.S. intelligence agents, the report said.To read this article in full or to leave a comment, please click here

US agency to seek consensus on divisive, volatile topic of security vulnerability disclosures

A U.S. agency hopes to gather security researchers, software vendors and other interested people to reach consensus on the sticky topic of how to disclose cybersecurity vulnerabilities.Beginning in September, the U.S. National Telecommunications and Information Administration (NTIA) will host a series of meetings intended to improve collaboration among security researchers, software vendors and IT system operators on the disclosure of, and response to, vulnerabilities.The first NTIA-hosted meeting will be Sept. 29 at the University of California, Berkeley, School of Law. Registration is open to all who want to participate, and the meeting will also be webcast, NTIA said.To read this article in full or to leave a comment, please click here

US agency tells electric utilities to shore up authentication

U.S. electric utilities should pay close attention to their authentication systems and access controls to reduce data breaches, a government agency says in a new cybersecurity guide.About 5 percent of all cybersecurity incidents that the U.S. Department of Homeland Security's industrial control cyber team responded to in 2014 were tied to weak authentication, said the U.S. National Institute of Standards and Technology (NIST). Another four percent of industrial control incidents were related to abuses of access authority, the agency said.The new cybersecurity guide, released in draft form by NIST's National Cybersecurity Center of Excellence (NCCoE) Tuesday, focuses on helping energy companies reduce their cybersecurity risks by showing them how they can control access to facilities and devices from a single console.To read this article in full or to leave a comment, please click here

Court: FTC can bring down the hammer on companies with sloppy cybersecurity

The U.S. Federal Trade Commission has the authority to take action against companies that fail to protect customer data, an appeals court ruled Monday.The U.S. Court of Appeals for the Third Circuit upheld the FTC's 2012 lawsuit against hotel and time-share operator Wyndham Worldwide. The FTC filed a complaint against Wyndham for three data breaches in 2008 and 2009 that led to more than US $10.6 million in fraudulent charges. The appeals court ruling, upholding a 2014 district court decision, suggests the FTC can hold companies responsible for failing to use reasonable security practices.To read this article in full or to leave a comment, please click here

Court: FTC can bring down the hammer on companies with sloppy cybersecurity

The U.S. Federal Trade Commission has the authority to take action against companies that fail to protect customer data, an appeals court ruled Monday.The U.S. Court of Appeals for the Third Circuit upheld the FTC's 2012 lawsuit against hotel and time-share operator Wyndham Worldwide. The FTC filed a complaint against Wyndham for three data breaches in 2008 and 2009 that led to more than US $10.6 million in fraudulent charges. The appeals court ruling, upholding a 2014 district court decision, suggests the FTC can hold companies responsible for failing to use reasonable security practices.To read this article in full or to leave a comment, please click here

DOJ calls for encryption balance that includes law enforcement needs

It’s possible for companies to design their encryption systems to allow law enforcement agencies to access customer data with court-ordered warrants while still offering solid security, U.S. Department of Justice officials said.When DOJ and FBI officials raised recent concerns over end-to-end encryption on Android and iOS mobile phones, some security experts suggested it was difficult or unsafe to build in provider access to encrypted consumer data. But many companies already offer encryption while retaining some access to user information, two senior DOJ officials said Wednesday.To read this article in full or to leave a comment, please click here

DOJ calls for encryption balance that includes law enforcement needs

It’s possible for companies to design their encryption systems to allow law enforcement agencies to access customer data with court-ordered warrants while still offering solid security, U.S. Department of Justice officials said.When DOJ and FBI officials raised recent concerns over end-to-end encryption on Android and iOS mobile phones, some security experts suggested it was difficult or unsafe to build in provider access to encrypted consumer data. But many companies already offer encryption while retaining some access to user information, two senior DOJ officials said Wednesday.To read this article in full or to leave a comment, please click here

SEC charges 32 in press release hacking, stock trading scheme

The U.S. Securities and Exchange Commission has charged 32 defendants with fraud in an international scheme that used stolen, yet-to-be-published press releases from hacked websites to conduct stock trades.The SEC’s charges are on top of wire fraud conspiracy and other charges announced by the U.S. Department of Justice on Tuesday. The nine DOJ defendants also face SEC charges. The other SEC defendants are eight people and 15 companies.Indictments unsealed Tuesday in the district courts for New Jersey and Eastern New York accused the DOJ defendants of stealing approximately 150,000 confidential press releases from the servers of Marketwired, PR Newswire Association and Business Wire.To read this article in full or to leave a comment, please click here

Nine charged in press release breaches, stock trading scheme

Nine people face criminal charges in the U.S. for allegedly hacking three press release distributors and stealing yet-to-be-published announcements in a stock trading scheme that authorities say generated about US$30 million in illegal profits.Indictments unsealed Tuesday in the district courts for New Jersey and Eastern New York accused the defendants of stealing approximately 150,000 confidential press releases from the servers of Marketwired, PR Newswire Association and Business Wire. The defendants allegedly used the information from more than 800 stolen press releases to conduct stock trades, according to the U.S. Department of Justice.To read this article in full or to leave a comment, please click here

University technology program launched to give peace a chance

Computer science and engineering students at Drexel University will have a new opportunity to use their skills for good with the launch of a technology program for promoting world peace.The Young Engineers Program, a partnership between the private university in Philadelphia and PeaceTech Lab in Washington, D.C., will give computer science and engineering students and researchers at Drexel a chance to focus on conflict zones around the world.The goal of the program is to use technology, media and data to prevent violent conflict in hot spots like Afghanistan, Sudan and Colombia, said Sheldon Himelfarb, president and CEO of the PeaceTech Lab.To read this article in full or to leave a comment, please click here

FCC rejects proposal favoring small carriers in spectrum auction

Small mobile carriers lost a battle Thursday when the U.S. Federal Communications Commission declined to make it easier for them to get access to a reserved slice of spectrum during a 2016 auction of television spectrum.The FCC, in a 3-2 vote, approved a wide-ranging set of rules for the upcoming incentive auction in which U.S. TV stations have the option of giving up their current spectrum and moving to other channels or stop broadcasting over the air in exchange for a piece of the auction proceeds. The world’s first, two-way spectrum auction, with TV stations selling spectrum and mobile carriers buying, will begin March 29, 2016, the FCC announced.To read this article in full or to leave a comment, please click here

Senate heads toward vote on CISA cyberthreat info sharing bill

The U.S. Senate could take a preliminary vote as soon as Wednesday on a controversial bill intended to encourage businesses to share cyberthreat information with each other and with government agencies, despite concerns that the legislation would allow the widespread sharing of personal customer data.Senate leaders are attempting to iron out compromise language to address privacy concerns in the Cybersecurity Information Sharing Act (CISA), but if no compromise is reached Senate Majority Leader Mitch McConnell will schedule a so-called cloture vote on Wednesday morning, said a spokesman for McConnell, a Kentucky Republican.A cloture vote would limit debate on the bill and move the Senate toward final passage, potentially before the Senate leaves for a four-week summer recess this weekend.To read this article in full or to leave a comment, please click here

Counterterrorism expert says it’s time to give companies offensive cybercapabilities

The U.S. government should deputize private companies to strike back against cyberattackers as a way to discourage widespread threats against the nation’s businesses, a former government official says.Many U.S. businesses have limited options for defending their IP networks, and the nation needs to develop more “aggressive” capabilities to discourage cyberattacks, said Juan Zarate, the former deputy national security advisor for counterterrorism during President George W. Bush’s administration.The U.S. government should consider allowing businesses to develop “tailored hack-back capabilities,” Zarate said Monday at a forum on economic and cyberespionage hosted by think tank the Hudson Institute. The U.S. government could issue cyberwarrants, giving a private company license “to protect its system, to go and destroy data that’s been stolen or maybe even something more aggressive,” he added.To read this article in full or to leave a comment, please click here

1 25 26 27 28 29 35