“How did a hacker manage to infiltrate one of the world’s top computer-security companies? And could the data that was stolen be used to impair its SecurID products, which are used by 40 million businesses that are trying to keep their own networks safe from intruders?
In the attack on RSA, the attacker sent “phishing” e-mails with the subject line “2011 Recruitment Plan” to two small groups of employees over the course of two days. Unfortunately, one was interested enough to retrieve one of these messages from his or her junk mail and open the attached Excel file. The spreadsheet contained malware that used a previously unknown, or “zero-day,” flaw in Adobe’s Flash software to install a backdoor. RSA said that Adobe had since released a patch to fix that hole.”
From The New York Times
Search Results for: hacking team
Here’s something Canadian authorities don’t want you to know: whether its people, organizations, businesses or governments, we are all at risk of being victims of cyber attacks.
“We have major cyber security problems in this country,” says Ron Deibert, director of The Citizen Lab, at the University of Toronto. “The problem is nobody wants you to know about it.”
From CTV News
“Many believe “hacktivism”, or online activism, is a legitimate form of protest but this young man quickly discovered the authorities believe otherwise.
Matthew George loved the internet. The 22-year-old confessed loner from Newcastle used to spend almost all of his waking hours online in chat rooms and social networking sites.
But in October 2009 this online existence was suddenly threatened. The Rudd government had announced its plan to censor the internet. George was outraged. George would now add political activism to his previously mundane internet activities, as he began communicating with members of the internet activist group Anonymous.”
“Handmade cosmetics group Lush has admitted its website was hacked repeatedly by fraudsters over the past three months, putting thousands of customers at risk of having their card details stolen. But the company only informed customers last night.
The fact that Lush is warning customers to contact their banks may indicate it has failed to encrypt the details held on its site – which, if true, could mean it has failed to meet regulations known as PCI compliance, which governs the storage of card details by websites in Europe.
Many customers are also speculating why it took Lush so long to inform customers if the website was first hacked in October, especially as its statement indicates it has 24-hour web security.”
From The Guardian
“DUBAI, United Arab Emirates – Iran’s top police chief envisions a new beat for his forces: patrolling cyberspace.
‘There is no time to wait,’ Gen. Ismail Ahmadi Moghaddam said last week at the opening of a new police headquarters in the Shiite seminary city of Qom. ‘We will have cyber police all over Iran.’
The first web watchdog squads are planned in Tehran this month — another step in Iran’s rapidly expanding focus on the digital world as cyber warfare and online sleuthing take greater prominence with the Pentagon’s new Cyber Command and the secrets spilled to WikiLeaks.”
From Yahoo! News
“Until last week, any computing futurologist would tell you that cloud computing is where it’s at. You don’t need to know where your data is being stored; it’s just on a computer, or more likely computers, Out There On The Internet. Thus Amazon, with its EC2 (“Elastic Cloud Compute”) service, or Microsoft with its Azure service, or the most familiar example, Google, with its GoogleMail and Google Docs services, which are used by thousand of companies around the world. (Disclosure: the Guardian uses Google Docs and Mail, and Amazon’s EC2 system for its API.)”
From The Guardian
The Citizen Lab and the Information Warfare Monitor are featured in the December 2010 issue of Sharp Magazine. The dynamic emergence of information warfare and cyber espionage are up for examination in this investigative piece which refers to Information Warfare Monitor reports such as “Breaching Trust” and “Shadows in the Cloud” and includes interviews with Citizen Lab researchers.
From Sharp Magazine
“A team of researchers at Georgia Tech Research Institute is investigating whether passwords are now worthless, given the supercomputer-like performance now available to hackers using standard desktop graphics cards.
“Right now we can confidently say that a seven-character password is hopelessly inadequate – and as GPU power continues to go up every year, the threat will increase.”
“In today’s world passwords are simply not enough to protect sensitive information on their own. In fact, VeriSign research of UK online adults showed that 39% disagree that ‘user name plus password’ is a strong enough security measure.
“A password is only one layer of security, which criminals have proven they are able to bypass – either through brute force as the Georgia Tech researchers have demonstrated, or, often, simply by guessing.””
“The People’s Liberation Army has unveiled its first department dedicated to tackling cyber war threats and protecting information security, Chinese media reported today.
The move comes just over a year after the United States created a cyber command.
The PLA Daily said the military announced the creation of the Information Security Base on Monday, giving few more details in its brief report.”