Hackin9
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

A Nest video screen grab of a November 22 burglary led to one teen's arrest—and the online hunt for others. (credit: @BaconisFruit)

On November 22, 2015, a group of teenagers broke into the house of a Baltimore man, stealing his bicycle and finding a spare key to his Jeep Renegade. They then took off, stealing the Jeep and taking it for a multiday joyride before abandoning it with an empty gas tank and some minor damage.

In Baltimore (as I can sadly say from personal experience), the story would usually end there with an insurance claim and a shrug. But the group of young men involved in the burglary and theft were all captured on a Nest camera as they rifled through drawers. And some of them left more potential digital evidence when they paired their phones over Bluetooth with the Jeep's UConnect system.

One of the thieves was identified from a head shot from the camera footage a few weeks later by a school police officer and has already pleaded guilty in juvenile court. But the apprehended youth wouldn't give police the identities of the others involved in the theft. Because he's a juvenile, he'll likely be released soon.

Read 4 remaining paragraphs | Comments

 

An estimated 63 percent of the encryption products available today are developed outside US borders, according to a new report that takes a firm stance against the kinds of mandated backdoors some federal officials have contended are crucial to ensuring national security.

The report, prepared by security researchers Bruce Schneier, Kathleen Seidel, and Saranya Vijayakumar, identified 865 hardware or software products from 55 countries that incorporate encryption. Of them, 546 originated from outside the US. The most common non-US country was Germany, a country that has publicly disavowed the kinds of backdoors advocated by FBI Director James Comey and other US officials. Although the Obama administration is no longer asking Congress for legislation requiring them, it continues to lobby private industry to include ways law enforcement agencies can decrypt encrypted data sent or stored by criminal or terrorism suspects.

The authors said that they found no reason to believe the quality of encryption products developed abroad are any better or worse than their counterparts in the US or in the UK or France, whose officials have also hinted they favor encryption backdoors. The conclusion of their survey—which the researchers said represents the lower bound of the number of encryption products available worldwide—was that criminals or terrorists who are savvy enough to use encryption would also be smart enough to choose a product that isn't subject to mandatory backdoor laws. The result, the authors argued, is that US competitiveness would be harmed with little benefit to national security.

Read 2 remaining paragraphs | Comments

 

SiliconANGLE (blog)

New Trustwave report finds Infosec staff are seriously stressed
SiliconANGLE (blog)
Infosec firm Trustwave Holdings has released its 2016 Security Pressures Report, and has found that information security professionals are feeling more under pressure as the security environment continues to become more difficult. The report, based on ...
Security Pros Struggling with Increasing Workplace PressureInfosecurity Magazine

all 9 news articles »
 
Linux Kernel CVE-2015-7990 Incomplete Fix Null Pointer Deference Denial of Service Vulnerability
 
Re: [FD] [CVE-2016-0602, CVE-2016-0603] Executable installers are vulnerable^WEVIL (case 24): Oracle Java 6/7/8 SE and VirtualBox
 
Re: OLE DB Provider for Oracle multiple DLL side loading vulnerabilities
 
Duplicator Wordpress Plugin - Source Code And Database Dump Via CSRF Vulnerability
 
MapsUpdateTask Task DLL side loading vulnerability
 
BDA MPEG2 Transport Information Filter DLL side loading vulnerability
 
NPS Datastore server DLL side loading vulnerability
 
Internet Storm Center Infocon Status