A Hong Kong-based technology manufacturer, USBKill.com, has taken data security to the "Mission Impossible" extreme by creating a USB stick that uses an electrical discharge to fry an unauthorized computer into which it's plugged."When the USB Kill stick is plugged in, it rapidly charges its capacitors from the USB power supply, and then discharges -- all in the matter of seconds," the company said in a news release. USBKill.com
The USB Kill 2.0 stick.To read this article in full or to leave a comment, please click here
Not enough is being done to protect networks from solar storms that could wipe out electric power grids and destroy satellites. The end game in a catastrophic solar storm would be the internet’s time synchronization not working anymore. That would stop the internet altogether.“An impending calamitous solar storm” is how Joseph N. Pelton, the former dean of the International Space University (ISU) in Strasbourg, describes the perceived event in his press release.Pelton, who is also a current executive board member of the International Association of Space Safety (IAASS), has published an article in Room: The Space Journal (subscription) on the subject.To read this article in full or to leave a comment, please click here
Bernard Barbier, a former head of the French signals intelligence service, shared a few stories with students of CentraleSupélec, the elite engineering school from which he graduated in 1976, at a symposium this summer.There was that time he caught the U.S. National Security Agency delving into computers at the Elysée Palace, residence of the French president, for example. And flew to Washington to tell them they'd been found out. Or when the Canadians said they -- and the Iranians, the Spaniards, the Algerians and a few others -- had all been hacked by a Frenchman, and they were totally right, although the French government denied it.These little confessions to the members of a student association at his old school, though, have reached a somewhat larger audience than he may have planned on.To read this article in full or to leave a comment, please click here
RSA
Amit Yoran
Enterprises should expect business as usual from RSA in the wake of its being swept up by Dell this week in the largest tech deal ever, with company executives saying it will retain a good deal of autonomy to carry out its strategic plans.To read this article in full or to leave a comment, please click here
Old data breaches carried out years ago are entering into the limelight thanks to anonymous internet users like Keen.Earlier this week, Keen, a data collector who runs the site Vigilante.pw, helped to uncover details about stolen data taken from the popular porn site Brazzers. A copy of almost 800,000 accounts, probably originally hacked back in 2012, fell into his hands.The stolen database is just one of the many Keen has on file, in fact, and each one can involve thousands or even millions of internet accounts. Vigilante.pw continually archives past data breaches as a way to warn the public. To read this article in full or to leave a comment, please click here
Google today continued its campaign to tighten the screws on unencrypted web traffic as it outlined the next steps it will take with Chrome to warn users of insecure connections.Starting with Chrome 56, which is currently scheduled to ship in stable format on Jan. 31, 2017, the browser will mark sites that transmit either passwords or credit card information over HTTP connections as "non-secure."The move will be "Part of a long-term plan to mark all HTTP sites as non-secure," Emily Schechter, a product manager in the Chrome security team, said in a post to a company blog Thursday. The plan, Schechter continued, "will take place in gradual steps, based on increasingly stringent criteria."To read this article in full or to leave a comment, please click here
U.S. authorities have arrested two suspects allegedly involved in dumping details on 29,000 officials with the FBI and the Department of Homeland Security.Andrew Otto Boggs and Justin Gray Liverman have been charged with hacking into the internet accounts of senior U.S. government officials and breaking into government computer systems.Both suspects were arrested on Thursday, according to the U.S. Department of Justice.Boggs, age 22, and Liverman, 24, are from North Carolina and are allegedly part of a hacking group called Crackas With Attitude.From October 215 until February, they used hacking techniques, including "victim impersonation" to trick internet service providers and a government help desk into giving up access to the accounts, the DOJ alleged.To read this article in full or to leave a comment, please click here
Kuna is a smart home security camera in a stylish outdoor light that detects and allows you to interact with people outside your door. The security device includes HD live and recorded video, two-way intercom, alarm, smart motion detection alerts to your phone, and more. Easy 15 minute installation with no batteries to replace so you have continuous protection around the clock. Be protected at all times - Access HD live video with its 720P wide angle camera, communicate via its two way intercom from your mobile device, or activate its 100 dB alarm siren. Smart light control lets you turn on or off your lights remotely, or program a schedule for when you're away. Access live video or review & download events for 2 hours free or up to 30-days on an optional subscription plan, starting as low as $4.99 per month. This Kuna security light averages 4 out of 5 stars from over 330 people (read reviews), and its typical list price of $199 has been reduced 20% to $159. See the discounted Kuna Smart Home Security Light and Camera on Amazon.To read this article in full or to leave a comment, please click here
Researchers from Carnegie Mellon University say they have developed an open source algorithm that can help spot social media frauds trying to sway valuable community influence.+More on Network World: Star Trek turns 50!+“Given the rise in popularity of social networks and other web services in recent years, fraudsters have strong incentives to manipulate these services. On several shady websites, anyone can buy fake Facebook page-likes or Twitter followers by the thousands. Yelp, Amazon and TripAdvisor fake reviews are also available for sale, misleading consumers about restaurants, hotels, and other services and products. Detecting and neutralizing these actions is important for companies and consumers alike,” the researchers wrote in a paper outlining their algorithm known as FRAUDAR.To read this article in full or to leave a comment, please click here
There are some interesting industry dynamics going on in the cybersecurity market. Just a few months ago, Symantec bought Blue Coat taking a private company public and forming a cybersecurity industry colossus in the process. Now two other historical cybersecurity powerhouses are heading in the other direction and going private. When the Dell/EMC deal was approved this week, industry veteran RSA became the security division of the world’s largest diversified private technology company. Not to be outdone, Intel and partner TPG are spinning out McAfee as an independent private company.The good news for both companies is that the market for cybersecurity products and services is quite healthy, and large customers are looking for enterprise-class security vendors with integrated product suites, managed/professional services, and business process experience to partner with. Cybersecurity vendors like Cisco and IBM that fit this description are doing quite well in the enterprise so McAfee and RSA (as well as Forcepoint, Palo Alto Networks, Symantec, Trend Micro, and a few others) could join this exclusive club. To read this article in full or to leave a comment, please click here
To push more websites to implement encryption and to better protect users, Google will start flagging plain HTTP connections as insecure in its popular Chrome browser.The plan will go into effect in January with the release of Chrome 56 and will roll out in stages. Chrome 56 will display a "not secure" indicator before HTTP URLs in the browser's address bar, but only for those web pages that contain password or credit card form fields.Transmitting such sensitive information over HTTP is dangerous because the data can be intercepted by man-in-the-middle attackers on public wireless networks or via compromised routers, for example.In later Chrome releases, the HTTP warnings will be further expanded. First, HTTP pages will be labeled as "not secure" when accessed in the browser's privacy-oriented Incognito mode. Eventually, Chrome will show the warning for all HTTP pages and will switch the security indicator to the red triangle now used for broken HTTPS connections.To read this article in full or to leave a comment, please click here
Based on an extensive review of publicly reported internet of things (IoT) device vulnerabilities, the Online Trust Alliance (OTA) today announced that all of the problems could have been easily avoided.
"In this rush to bring connected devices to market, security and privacy is often being overlooked," Craig Spiezle, executive director and president of the OTA, said in a statement today. "If businesses do not make a systematic change, we risk seeing the weaponization of these devices and an erosion of consumer confidence impacting the IoT industry on a whole due to their security and privacy shortcomings."To read this article in full or to leave a comment, please click here
An agreement to send Canadian authorities passenger name record (PNR) data for flights from the European Union cannot be entered into in its current form, a top European Union judge has said.That's because parts of the draft agreement are incompatible with EU citizens' fundamental privacy rights, according to Paolo Mengozzi, Advocate General of the Court of Justice of the EU, in a legal opinion issued Thursday.His opinion, on a case brought by the European Parliament, is only advisory, and it still remains for the CJEU to make a final ruling on the matter.But if the court follows his advice, it could disrupt the European Commission's plans for a new directive on the sharing of PNR data among EU member states and with other countries. To read this article in full or to leave a comment, please click here
Most users lock their computer screens when they temporarily step away from them. While this seems like a good security measure, it isn't good enough, a researcher demonstrated this week.Rob Fuller, principal security engineer at R5 Industries, found out that all it takes to copy an OS account password hash from a locked Windows computer is to plug in a special USB device for a few seconds. The hash can later be cracked or used directly in some network attacks.For his attack, Fuller used a flash-drive-size computer called USB Armory that costs $155, but the same attack can be pulled off with cheaper devices, like the Hak5 LAN Turtle, which costs $50.To read this article in full or to leave a comment, please click here
In the latest episode of Security Sessions, CSO Editor-in-Chief Joan Goodchild talks with Bill Rosenthal, CEO of Logical Operations, about the benefits of tiered security training for IT staff members, not just those with 'security' in their title.
Devops is transforming how developers and operations teams work together to deliver better software faster. At its core, devops is about automation. When several tasks in development, testing, and deployment are automated, developers can make changes to code and deploy to production frequently. Amazon, a leading devops proponent, at one point claimed to have more than 1,000 deployments a day.But such an accelerated workflow has the potential to bypass secure coding practices, which developers often find difficult to incorporate in the first place. If devops is to continue its momentum, developers need to integrate security testing earlier in the software delivery lifecycle.To read this article in full or to leave a comment, please click here(Insider Story)
Empowering the patientImage by ThinkstockThere is serious personal risk associated with a healthcare data breach, especially with multiple connected devices and health record systems generating and storing a patient’s sensitive health data. Every person interacting with an online system needs a digital identity, and it should be authenticated in real time, so that unusual behavior can be detected at any time, whether at login or midway through a session.To read this article in full or to leave a comment, please click here
You should be worried about the November election. Not so much that the candidates you support won’t win, but about the risk that the “winners” may not really be the winners, due to hackers tampering with the results.Or, that even if the winners really are the winners, there will be enough doubt about it to create political chaos.This is not tinfoil-hat conspiracy theory. The warnings are coming from some of the most credible security experts in the industry.Richard Clarke, former senior cybersecurity policy adviser to presidents Bill Clinton and George W. Bush, wrote recently in a post for ABC News that not only are US election systems vulnerable to hacking, but that it would not be difficult to do so.To read this article in full or to leave a comment, please click here
To the old legal presumption of innocence until proven guilty, the European Union's highest court has added another: innocence until proven profitable.It's OK for websites to hyperlink to an image published elsewhere without the rights holder's permission -- as long as they don't know that, and don't make a profit from it, the Court of Justice of the EU ruled on Thursday.The ruling concerned Dutch website GeenStijl, accused by Playboy of linking to an Australian website that published, without the magazine's permission, a photoshoot it had commissioned with Dutch TV personality Britt Dekker.Playboy's lawyers wrote to GeenStijl asking it to remove the link, but it refused -- and published a new link to another website hosting the photos without permission when they were removed from the Australian site. When the pictures disappeared from that site too, GeenStijl allowed its forum users to link to the photos on other sites.To read this article in full or to leave a comment, please click here
Intel’s plans to spin out its security business under the McAfee name could be clouded by the plans of security expert and businessman John McAfee, who claims he had not assigned the rights to his personal name.The chip maker said Wednesday that it had signed an agreement with TPG for a deal that would see its Intel Security business as a separate cybersecurity company in which Intel shareholders would hold 49 percent of the equity with the balance held by the investment firm. Intel would also receive US$3.1 billion in cash. The new company would be named McAfee.To read this article in full or to leave a comment, please click here