Information Security News
As UK Prime Minister David Cameron forges ahead with a campaign pledge to ban encrypted messaging apps unless his government is given backdoors, that country's Guardian newspaper has aired a secret US report warning that government and private computers were at risk because cryptographic protections aren't being implemented fast enough.
The 2009 document, from the US National Intelligence Council, said encryption was the "best defense" for protecting private data, according to an article published Thursday by the newspaper. Airing of the five-year forecast came the same day Cameron embarked on a US trip to convince President Obama to place pressure on Apple, Google, and Facebook to curtail their rollout of stronger encryption technologies in e-mail and messaging communications. According to Thursday's report:
Part of the cache given to the Guardian by Snowden, the paper was published in 2009 and gives a five-year forecast on the “global cyber threat to the US information infrastructure”. It covers communications, commercial and financial networks, and government and critical infrastructure systems. It was shared with GCHQ and made available to the agency’s staff through its intranet.
One of the biggest issues in protecting businesses and citizens from espionage, sabotage and crime – hacking attacks are estimated to cost the global economy up to $400bn a year – was a clear imbalance between the development of offensive versus defensive capabilities, “due to the slower than expected adoption … of encryption and other technologies”, it said.
An unclassified table accompanying the report states that encryption is the “[b]est defense to protect data”, especially if made particularly strong through “multi-factor authentication” – similar to two-step verification used by Google and others for email – or biometrics. These measures remain all but impossible to crack, even for GCHQ and the NSA.
The report warned: “Almost all current and potential adversaries – nations, criminal groups, terrorists, and individual hackers – now have the capability to exploit, and in some cases attack, unclassified access-controlled US and allied information systems.”
Cameron's campaign against encryption comes as the rest of the world has stepped up cryptographic protections. Both Apple and Google have added default disk encryption by default to their iPhone and Android smartphone platforms, and a growing number of companies are ensuring that links connecting data centers use strong encryption to ensure traffic can't be read by the National Security Agency or its UK counterpart, the Government Communications Headquarters. Even before the Guardian report, it was hard to envision how it would be plausible to implement restrictions as draconian as the ones the UK prime minister is proposing. Now, there's evidence that UK's staunchest ally may have cold feet, too, signalling Cameron may have an even steeper uphill battle.
DShield sensors report an uptick of scanning for tcp/6379, currently mostly originating from 61.160.x and 61.240.144.x, which are both CHINANET/UNICOM. tcp/6379 is the default port of the Redis NoSQL database (http://redis.io) and Redis by default accepts connections from any">Redis is designed to be accessed by trusted clients inside trusted environments. This means that usually it is not a good idea to expose the Redis instance directly to the internet
which makes us wonder if the service scanned for in this case is indeed Redis, or something else?" />(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Reader Robert came today with a very interesting situation. He noticed odd wordpress login patterns:
T 188.8.131.52:51020 - +http://www.google.com/bot.html).
log=adminpwd=admin%21%21%21wp-submit=Log+Inredirect_to=http://**redacted**/wp-admin/tes1a0">T 184.108.40.206:43322 - +http://www.google.com/bot.html).
log=ahenrypwd=Ahenry%24%24%24wp-submit=Log+Inredirect_to=http://**redacted**/wp-admin/tes1a0">T 220.127.116.11:46902 - +http://www.google.com/bot.html).
log=natemcpwd=Johns666wp-submit=Log+Inredirect_to=http://**redacted**/wp-admin/tes1a0">">tes1a0 in the Wordpress 4.1 installation download and its not part of the code. It">Have you seen this kind of wordpress attempts? If yes, let us know via Contact form. I will update the diary with the information gathered.
During one scene in the upcoming hacker action movie Blackhat, a team is sent into the control room of a burned-out nuclear power plant to gather clues about the evil computer saboteur who sparked its catastrophic meltdown. The investigators, led by a convicted carder sprung from prison to track down the enigmatic perp, take an axe to a server cabinet so they can retrieve a badly corrupted hard drive that ultimately reveals the suspect's true location.
As a way to advance the plot, the 60-second scene is mostly unremarkable. But had computer and security expert Christopher McKinlay not been retained as one of the movie's two hacking consultants, it would have been the kind of Hollywood fare that makes technically savvy viewers groan. Originally, McKinlay said, the screenplay called for the investigators to pull the data off of a perfectly functioning computer. When the 36-year-old—best known for hacking the OKCupid dating site to make him the most popular male user located in Los Angeles—told director Michael Mann electronics don't function in highly irradiated environments, the scene was rewritten to make it more technically accurate. The movie opens Friday.
The scene isn't the only example of the pains Mann took to ensure his film portrayed computers and hacking in a realistic light. McKinley provided virtually all of the Unix line commands furiously typed by convicted hacker turned whitehat Nicholas Hathaway as he closes in on his quarry. The protagonist, played by actor Chris Hemsworth, was modeled after Max Butler, aka Max Vision, the security consultant turned credit card stealing hacker profiled in Kingpin, a book written by fellow Blackhat hacking consultant Kevin Poulsen. (Poulsen himself served time in prison on a hacking conviction before becoming a journalist.) Early on in the planning, the director toyed with the idea of Hemsworth becoming a coder himself.
KSU grads improve careers by earning degrees
Daily Tribune News
I started a new business with a concentration in my passion, InfoSec [information security].” Nivens enrolled at KSU in fall 2011, attending school at least 12 semester hours a week and working 40 to 60 hours a week at his business, NIV Securities. For ...
Posted by InfoSec News on Jan 15http://www.theregister.co.uk/2015/01/15/sony_hack_was_good_news_for_insurers_and_investors/
Posted by InfoSec News on Jan 15http://arstechnica.com/tech-policy/2015/01/obama-wants-congress-to-increase-prison-sentences-for-hackers/
Posted by InfoSec News on Jan 15http://www.sfgate.com/movies/article/Blackhat-review-Michael-Mann-movie-bombs-6016040.php
Posted by InfoSec News on Jan 15http://www.darkreading.com/vulnerabilities---threats/anatomy-of-a-cyber-physical-attack-/d/d-id/1318624
Posted by InfoSec News on Jan 15http://healthitsecurity.com/2015/01/14/healthcare-cybersecurity-still-top-issue-says-chime-leader/