security

Backoff Point-of-Sale Malware Has Compromised 1,000+ Networks (August 22 & 23, 2013)

SANS NewsBites - Wed, 2014-08-27 17:00

Point-of-sale malware known as Backoff reportedly used in the breach of systems at UPS stores is also believed to be responsible for compromising networks of more than 1,000 other US businesses including Target.......

Categories: security

DHS Cyberthreat Information Sharing Program Information is Hard to Find (August 22, 2014)

SANS NewsBites - Wed, 2014-08-27 17:00

Despite a 2013 executive order directing the US Department of Homeland Security (DHS) to expand a cyber threat information-sharing program to 16 critical infrastructure sectors, including state and local governments, most state officials are unaware of the program.......

Categories: security

33-Month Prison Sentence for Film Piracy (August 22, 2014)

SANS NewsBites - Wed, 2014-08-27 17:00

A 25-year-old British man has been sentenced to nearly three years in prison for filming a movie in a theater.......

Categories: security

Researchers are Developing Web Server Attack Prediction Tool (August 21, 2014)

SANS NewsBites - Wed, 2014-08-27 17:00

Researchers from Carnegie Mellon University are developing a tool to predict cyber web server attacks.......

Categories: security

Security Flaws in Rapiscan Full-Body Scanners

Schneier on Security - Wed, 2014-08-27 07:38
Security researchers have finally gotten their hands on a Rapiscan backscatter full-body scanner. The results aren't very good. Website with paper and images. News articles and commentary. Note that these machines have been replaced in US airports with millimeter wave full-body scanners....
Categories: security

Security by Obscurity at Healthcare.gov Site

Schneier on Security - Tue, 2014-08-26 06:21
The White House is refusing to release details about the security of healthcare.gov because it might help hackers. What this really means is that the security details would embarrass the White House....
Categories: security

Eavesdropping Using Smart Phone Gyroscopes

Schneier on Security - Tue, 2014-08-26 05:56
The gyroscopes are sensitive enough to pick up acoustic vibrations. It's crude, but it works. Paper. Wired article. Hacker News thread....
Categories: security

Wired Asks Tech Leaders How to Save The Internet (August 19, 2014)

SANS NewsBites - Mon, 2014-08-25 15:00

Wired Magazine asked technology and security leaders for their ideas about how to "maintain the Internet as a home for innovation, community, and freely exchanged information.......

Categories: security

Amazon Web Services First Cloud Provider Authorized to Handle Sensitive DOD Data (August 21, 2014)

SANS NewsBites - Mon, 2014-08-25 15:00

The Defense Information Systems Agency has granted Amazon Web Services a provisional authority to operate (ATO), making it the first commercial cloud services provider to be authorized to handle "the most sensitive unclassified" Defense Department data.......

Categories: security

Military Contractors Face New Breach Disclosure and Procedure Deadlines (August 13, 2014)

SANS NewsBites - Mon, 2014-08-25 15:00

Contractors for the US Defense Department are facing a new deadline for rules that will require them to report breaches to the Pentagon and to grant the government access to their networks so they can conduct attack analysis.......

Categories: security

Microsoft to Preview New Operating System Next Month (August 21, 2014)

SANS NewsBites - Mon, 2014-08-25 15:00

Microsoft plans to preview the next incarnation of its Windows operating system, codenamed Threshold, on September 30, 2014.......

Categories: security

Study Finds University Networks Less Secure Than Retail and Healthcare Sectors (August 21, 2014)

SANS NewsBites - Mon, 2014-08-25 15:00

According to a report from BitSight Technology, college and university networks face greater risk of attacks than retail and healthcare networks.......

Categories: security

FBI and DHS Plan to Provide Healthcare Organizations More Threat Info More Quickly (August 21, 2014)

SANS NewsBites - Mon, 2014-08-25 15:00

Following a breach that compromised personal information of 4.......

Categories: security

Rogue Anti-Virus Malware Defru Targeting Users in Russia (August 20 & 21, 2014)

SANS NewsBites - Mon, 2014-08-25 15:00

Malware known as Defru blocks its victims from visiting certain websites; it is currently targeting users in Russia, and some in the US and in Kazakhstan.......

Categories: security

UPS Discloses Data Breach (August 20, 2014)

SANS NewsBites - Mon, 2014-08-25 15:00

The UPS Store shipping company has disclosed that malware in its systems may have compromised customer payment card information at 51 stores in 24 US states.......

Categories: security

Attackers Made Initial Breach of Community Health Services Through Heartbleed Flaw (August 20, 2014)

SANS NewsBites - Mon, 2014-08-25 15:00

The initial vector of attack in the Tennessee-based Community Health Systems (CHS) breach was the Heartbleed vulnerability in OpenSSL.......

Categories: security

Analysis of Chrome Extensions Finds Malicious Activity (August 19, 2014)

SANS NewsBites - Mon, 2014-08-25 15:00

Researchers analyzed extensions for Google's Chrome browser and found that many conduct malicious activity, including fraud and data theft.......

Categories: security

The Problems with PGP

Schneier on Security - Mon, 2014-08-25 12:04
Matthew Green has a good post on what's wrong with PGP and what should be done about it....
Categories: security

The hacker revealed

LinuxSecurity.com - Mon, 2014-08-25 07:42
LinuxSecurity.com: It's a story of hackers and attack bloggers, privacy and paranoia, bombshells and duds. It's rapidly become the story of the election. Rawshark, a self-styled information vigilante, has derailed National's political campaign with his hack of Whale Oil blogger Cameron Slater's private communications and now threatens to up- end the seedier part of corporate public relations.
Categories: linux, news, security

People Are Not Very Good at Matching Photographs to People

Schneier on Security - Mon, 2014-08-25 07:08
We have an error rate of about 15%: Professor Mike Burton, Sixth Century Chair in Psychology at the University of Aberdeen said: "Psychologists identified around a decade ago that in general people are not very good at matching a person to an image on a security document. "Familiar faces trigger special processes in our brain -- we would recognise a...
Categories: security