If the FBI can hack the iPhone, others can, too, which means the encrypted content on countless phones is no longer secure.
Owners of these phones who care about securing their content should think about upgrading to something else. Newer iPhones, for example, might not have the same weakness and so would be less vulnerable, at least for a while.
The FBI has dropped its court action that might have forced Apple to help undermine security that blocked a brute-force attack against the passcode on the iPhone 5c used by a terrorist in San Bernardino. That’s because the FBI found someone else - reportedly Israeli mobile-forensics company Cellebrite – to do it for them.To read this article in full or to leave a comment, please click here
The U.S. Department of Justice has indicted seven Iranian hackers in connection with cyberattacks on U.S. banks, the New York Stock Exchange, AT&T and a water facility in New York.The seven live outside the U.S. and it’s questionable whether they will ever be apprehended and tried, according to reports by Reuters, the New York Times and the Washington Post.To read this article in full or to leave a comment, please click here
It’s good if the FBI has found a way to crack into the iPhone used by the San Bernardino terrorist for two reasons.First, the FBI can find out what’s on it. Maybe it’s important to the investigation of the shootings and maybe it’s not, but cracking the phone is the only way to find out.And second, it’s giving Apple (and the tech industry in general), the FBI (and law enforcement in general), and Congress the breathing room to sort out the issues rationally.The latter is the more important of the two. Yes, it’s important to wring every bit of evidence out of the terrorism investigation, but it’s one incident. The course being set by the lawsuit between the FBI and Apple could have legal implications far beyond the one case.To read this article in full or to leave a comment, please click here
A Johns Hopkins team has decrypted iMessage photos by guessing character-by-character the key used to encrypt it, and Apple plans to release a new iOS version today that will fix the flaw.Upgrading to iOS 9.3 should fix the problem for users of the operating system and iMessage, says Matthew Green, a computer science professor at Johns Hopkins who led a team of grad students that broke the encryption, according to a story in the Washington Post.The story says he discovered a flaw in the encryption last fall and told Apple about it, but when months went by and nothing was done to patch it, he turned his team loose. Here’s how the Post describes the attack:To read this article in full or to leave a comment, please click here
Bill Gates thinks new laws are needed to sort out the encryption conflict going on between law enforcement and tech companies.“The sooner we modernize the laws the better,” Gates says in a Reddit “Ask Me Anything” session.+More on Network World: 11 highest paying tech jobs in America+He says it’s clear the government under certain circumstances needs to be able to tap into encrypted communications, but also that there should be oversight so that power isn’t abused. “Right now a lot of people don't think the government has the right checks to make sure information is only used in criminal situations,” he says. “So this case will be viewed as the start of a discussion.”To read this article in full or to leave a comment, please click here
Cisco has aggressively bought up security vendors and worked on integrating their software protections into existing Cisco gear, making for a simpler, more secure and flexible network, says Cisco’s security chief.
David Goeckeler
“The customers we talk to have an average of somewhere around 50 to 60 different vendors in their network to deliver their security posture,” says David Goeckeler, senior vice president and general manager of Cisco’s security business. “What’s happening in the industry is the complexity of managing all those different products is overwhelming the effectiveness of them.”To read this article in full or to leave a comment, please click here
Cisco has aggressively bought up security vendors and worked on integrating their software protections into existing Cisco gear, making for a simpler, more secure and flexible network, says Cisco’s security chief.
David Goeckeler
“The customers we talk to have an average of somewhere around 50 to 60 different vendors in their network to deliver their security posture,” says David Goeckeler, senior vice president and general manager of Cisco’s security business. “What’s happening in the industry is the complexity of managing all those different products is overwhelming the effectiveness of them.”To read this article in full or to leave a comment, please click here
The world’s top security and encryption experts who spent time last week at RSA Conference 2016 trying to figure out how to keep devices and communications secure yet also enable criminal investigations came up with nothing except to punt the issue to the U.S. Congress.And Congress will take up the issue this week with Attorney General Loretta Lynch scheduled to testify to the Senate Judiciary Committee. The panel is looking into the Justice Department in general, but the topic is expected to come up.+More on Network World: Hot security products at RSA 2016+To read this article in full or to leave a comment, please click here
The new Juniper Networks liaison between the company’s engineering team and its customers says it will take time, but Juniper’s software defined security networking (SDSN) will eventually support third-party devices to help build security into the network fabric itself.It’s part of a shift from network security to a secure network that is flexible thanks to software defined networking, says Kevin Walker, Juniper’s Security CTO.The SDSN framework is designed to leverage the capabilities of the entire network to detect and assess threats, and enforce security policies across switches, routers and firewalls. Recently Juniper CEO Rami Rahim referred to this framework as “the rolling thunder of security enhancements.”To read this article in full or to leave a comment, please click here
In one case pirates – actual pirates – boarded cargo ships armed with a list of which shipping containers contained jewelry and went straight to them, stole the gems and left.In another, attackers took control of the mainframe at a water district, mixed sewage with the drinking water, boosted the chlorine to dangerous levels and stole customer information.These are two of 18 representative case studies in Verizon’s new Data Breach Digest, a compendium of anonymized customer investigations performed by the company’s Research, Investigations, Solutions and Knowledge (RISK) Team and released at RSA Conference 2016.+ NOT AT THE SHOW? Follow all the news from RSA 2016 +To read this article in full or to leave a comment, please click here
bugBlast Next-gen AppSec PlatformKey features – bugBlast correlates results from vulnerability testing tools with real-time threat intel for a single view of an application’s security; can massively scale to test mega-apps for software, Web and mobile. More info.To read this article in full or to leave a comment, please click here
TrustPipe, a startup that made bold claims last year about stopping 100% of network-borne attacks on endpoints, has retooled its software and distribution system in order to better fit into enterprise security schemes.
Ridgely Evers
The changes it plotted out last fall were so extensive that the company held off delivering its platform to customers, says co-founder and CEO Ridgely Evers. The revised version is available now.To read this article in full or to leave a comment, please click here
Everyone has an opinionApple and the Department of Justice are locked in a court fight over whether the company should disable the anti-brute force mechanism on the iPhone used by the San Bernardino terrorists. Public opinion is split on which side is right, and everyone from tech experts to presidential candidates is weighing in on whether the order actually threatens privacy or whether it’s just a way to find out what’s on that particular phone. Here’s a sampling of comments about the issue from the likes of Bill Gates, Mark Zuckerberg and Donald Trump.To read this article in full or to leave a comment, please click here
IBM is considering buying Resilient Systems, whose software platform defines workflows to follow when corporate networks are hit with security incidents, according to a report.The price tag for the company is more than $100 million, according to a story by Xconomy that attributes its information to two unnamed sources. IBM and Resilient haven’t answered requests yet for more information.MORE: 2015 enterprise tech M&A trackerTo read this article in full or to leave a comment, please click here
Countless wireless mice and keyboards can be hacked from 100 yards away leaving their host machines and the networks they are attached to open to malware, Bastille has discovered.The problem, which is being called MouseJack, affects Amazon, Dell, Gigabyte, HP, Lenovo, Logitech and Microsoft products, the company says, and likely more vendors’ gear that they haven’t tested. Logitech alone shipped its billionth mouse in 2008, so the problem is widespread.+More on Network World: Startup Trusona is launching what it claims to be a 100% accurate authentication scheme aimed at corporate executives+To read this article in full or to leave a comment, please click here
Startup Trusona is launching what it claims to be a 100% accurate authentication scheme aimed at corporate executives, premiere banking customers and IT admins who have unfettered authorization to access the most valued corporate assets.The system uses four-factor authentication to assure that the person logging in is the person they say they are. It requires a dongle that is tied to a set of specific devices (phones, tablets, laptops), certain cards with magnetic stripes that the user already owns, and a biometric ID based on how the card is swiped through the card reader on the dongle.The TruToken dongle is the miniaturization of anti-ATM-card cloning technology made by MagTek that reads not the digital data recorded on cards’ magnetic strips but rather the arrangement of the pattern of the barium ferrite particles that make the strips magnetic. The particles are so numerous and so randomly placed that no two strips have identical patterns, says Ori Eisen, Trusona’s CEO. That also makes the strips unclonable, he says.To read this article in full or to leave a comment, please click here
Shlomo Kramer – co-founder of Check Point Software, Imperva and Incapsula – is at it again with Cato Networks, a cloud-based network security provider aimed at helping midsize companies that are strapped for funds and expertise to tune-up their defenses.Cato kicks off its service sometime before midyear with offers of next-generation firewalling, URL filtering, application control and VPN access to customers who link their networks to the service. The service can protect traditional WAN connections as well as mobile devices.
Shlomo KramerTo read this article in full or to leave a comment, please click here
Arctic Wolf Networks is trying to address the problem many security techs have of receiving too many false-positive incident alerts to respond to effectively.The company is offering a security service made up of its home-grown SIEM in the cloud backed by security engineers who filter out the security-event noise and trigger alerts only when they come across incidents actually worth investigating further.The company is four years old but just last year started serving up its service – AWN Cyber-SOC - that quickly analyzes security data from a range of other security devices.
Brian NeSmithTo read this article in full or to leave a comment, please click here
Startup AttackIQ can run attack scenarios against live networks to see whether the defenses customers think are in place are actually doing their job.The platform, called FireDrill, consists of an agent that is deployed on representative endpoints, and a server that stores attack scenarios and gathers data.The platform’s function is similar to that of another startup SafeBreach. Both companies differ from penetration testing in that they continuously test networks whereas a pen test gives a snapshot in time with large gaps between each snapshot.To read this article in full or to leave a comment, please click here
A new IBM mainframe includes security hardware to encrypt data without slowing down transactions and can integrate with IBM security software to support secure hybrid-cloud services.
Ravi Srinivasan, vice president of strategy and offering management for IBM Security
Thanks to an encryption co-processor, the new IBM z13s mainframe offloads encryption and doubles the speed at which previous mainframes could perform transactions, making for faster completion times and lower per-transaction costs, says Ravi Srinivasan, vice president of strategy and offering management for IBM Security.To read this article in full or to leave a comment, please click here
Tim Greene