US plan to make hacking harder revealed
The Obama administration has declassified part of its plan to improve the security of cyberspace in an attempt to cultivate greater collaboration between government and civilian groups. More cooperation between the private sector and the U.S. National Security Agency is the centerpiece of the Comprehensive National Cybersecurity Initiative (CNCI).
The declassified abstract of the plan reveals that the U.S. Department of Homeland Security will operate a new security system, called Einstein 3, that analyzes email and other data traffic into and out of federal networks. CNCI also urges merged oversight of federal spending on research and development in cybersecurity, with a particular focus on "leap-ahead" technology.
Although the initiative acknowledges that traditional security approaches "have not achieved the level of security needed," it says the federal government is now outlining "grand challenges" for the research community to help solve the most difficult problems.
Refer here to read more details.
Wednesday, March 10, 2010
Monday, March 8, 2010
GPS vulnerable to hacker attacks
Technology that depends on satellite-navigation signals is increasingly threatened by attack
Experts warn that technology reliant on satellite navigation signals is increasingly vulnerable to attack from widely available equipment. At a U.K. conference at the National Physical Laboratory, professor David Last said the global positioning system's (GPS's) biggest vulnerability is the extreme weakness of the signals that reach receivers, which allows jamming by Earth-based equipment to be executed.
Such jamming has been conducted by military systems for years to disrupt adversaries' navigation systems, but small jamming devices are increasingly available online. Moreover, receivers can be fooled into accepting erroneous data by bogus GPS signals, Last warned. Seagoing vessels are especially susceptible to GPS hacking, given that their systems increasingly use satellite navigation directly as well as feed GPS signals into other equipment.
Refer here to read the news.
Experts warn that technology reliant on satellite navigation signals is increasingly vulnerable to attack from widely available equipment. At a U.K. conference at the National Physical Laboratory, professor David Last said the global positioning system's (GPS's) biggest vulnerability is the extreme weakness of the signals that reach receivers, which allows jamming by Earth-based equipment to be executed.
Such jamming has been conducted by military systems for years to disrupt adversaries' navigation systems, but small jamming devices are increasingly available online. Moreover, receivers can be fooled into accepting erroneous data by bogus GPS signals, Last warned. Seagoing vessels are especially susceptible to GPS hacking, given that their systems increasingly use satellite navigation directly as well as feed GPS signals into other equipment.
Refer here to read the news.
Saturday, March 6, 2010
Single sign-on system for Internet session?
The safe way to use one Internet password
Queensland University of Technology (QUT) Ph.D. researcher Suriadi is investigating using an anonymous credential system, an Internet authentication system from the 1980s, to enable Web users to securely log in only once per Internet session. Suriadi says future single sign-on systems could give users access to multiple accounts--including email, bank, and shopping--but would need to provide extreme privacy to avoid hackers.
He says the anonymous credential system could enhance the security and privacy of a single sign-on system. "The system works by revealing as little information about who you are as necessary for logging into an account, therefore allowing you to remain anonymous," Suriadi says. A single sign-on system backed by the anonymous credential system requires the cooperation of business and organizations to enable it, Suriadi notes.
"However, if one of the parties is compromised, for example by a virus, a 'denial of service' attack or insecure set-up, it puts all the user's linked accounts at risk."
Refer here to read more details.
Queensland University of Technology (QUT) Ph.D. researcher Suriadi is investigating using an anonymous credential system, an Internet authentication system from the 1980s, to enable Web users to securely log in only once per Internet session. Suriadi says future single sign-on systems could give users access to multiple accounts--including email, bank, and shopping--but would need to provide extreme privacy to avoid hackers.
He says the anonymous credential system could enhance the security and privacy of a single sign-on system. "The system works by revealing as little information about who you are as necessary for logging into an account, therefore allowing you to remain anonymous," Suriadi says. A single sign-on system backed by the anonymous credential system requires the cooperation of business and organizations to enable it, Suriadi notes.
"However, if one of the parties is compromised, for example by a virus, a 'denial of service' attack or insecure set-up, it puts all the user's linked accounts at risk."
Refer here to read more details.
Wednesday, March 3, 2010
Customer Vs. Bank: Who is Liable for Fraud Losses?
Customer raises Key Questions About Responsibility and Security
The lawsuit, filed by EMI in a Michigan circuit court, alleges that Dallas-based Comerica opened its customers to phishing attacks by sending emails asking customers to click on a link to update the bank's security software. In January 2009, an EMI employee opened and clicked on links within a phishing email that purported to be from Comerica. The email duped the employee into believing the bank needed to update its banking software. Subsequently, more than $550,000 was stolen from the company's bank accounts and sent overseas.
EMI says even though the bank had two-factor authentication using digital certificates for its online banking portal, the phishing scam was able to circumvent these measures. The bank says its online security methods were reasonable "because they were in general used by other similarly situated customers of other banks."
Anytime a company incurs a data breach that compromises personal information, the organization risks having its customers walk away for good. That's why it's so important that, before an incident occurs, a company take proactive steps to implement a reasonable security program.
Is a Bank Liable For Phishing?
Should a bank be held liable for a customer's employee falling for a phishing email that supposedly represents the bank?
Most employees have been warned about phishing attempts, but even the most robust training does not protect against occasional human error. Does this training need to occur more frequently, or is it a matter of customizing the training to the evolving and specific types of phishing attempts? If a company is going to be responsible under the law for employees' vulnerability to phishing attempts, that's a pretty good incentive to increase training.
Can a bank be held liable? Some security experts say emphatically 'No.' "The bank clearly could have made better decisions on how to update security information.
What is 'Reasonable Security'?
In this case, was the bank's two-factor security token technology an unreasonable safeguard based on the information available at the time it was implemented by the company?
The key issue here is that What measures were in place to detect unauthorized, unusual activity involving this customer account, and did the bank act quickly enough in response to such detection? "All companies could benefit from evaluating and assessing how they compare the issues raised in this case against their own information security programs.
Banks should view it as a wake-up call and work on mitigating phishing attacks.
Refer here to read more details.
The lawsuit, filed by EMI in a Michigan circuit court, alleges that Dallas-based Comerica opened its customers to phishing attacks by sending emails asking customers to click on a link to update the bank's security software. In January 2009, an EMI employee opened and clicked on links within a phishing email that purported to be from Comerica. The email duped the employee into believing the bank needed to update its banking software. Subsequently, more than $550,000 was stolen from the company's bank accounts and sent overseas.
EMI says even though the bank had two-factor authentication using digital certificates for its online banking portal, the phishing scam was able to circumvent these measures. The bank says its online security methods were reasonable "because they were in general used by other similarly situated customers of other banks."
Anytime a company incurs a data breach that compromises personal information, the organization risks having its customers walk away for good. That's why it's so important that, before an incident occurs, a company take proactive steps to implement a reasonable security program.
Is a Bank Liable For Phishing?
Should a bank be held liable for a customer's employee falling for a phishing email that supposedly represents the bank?
Most employees have been warned about phishing attempts, but even the most robust training does not protect against occasional human error. Does this training need to occur more frequently, or is it a matter of customizing the training to the evolving and specific types of phishing attempts? If a company is going to be responsible under the law for employees' vulnerability to phishing attempts, that's a pretty good incentive to increase training.
Can a bank be held liable? Some security experts say emphatically 'No.' "The bank clearly could have made better decisions on how to update security information.
What is 'Reasonable Security'?
In this case, was the bank's two-factor security token technology an unreasonable safeguard based on the information available at the time it was implemented by the company?
The key issue here is that What measures were in place to detect unauthorized, unusual activity involving this customer account, and did the bank act quickly enough in response to such detection? "All companies could benefit from evaluating and assessing how they compare the issues raised in this case against their own information security programs.
Banks should view it as a wake-up call and work on mitigating phishing attacks.
Refer here to read more details.
Monday, March 1, 2010
Security Threat Against ‘Smart Phone’ Users
Personal computer security threat can now attack smart mobile phones
Rutgers University (RU) computer scientists have demonstrated how rootkits could surreptitiously instruct a smartphone to eavesdrop on a meeting, track its owner's location, or rapidly drain the battery. Smartphones "run the same class of operating systems as desktop and laptop computers, so they are just as vulnerable to attack by malicious software, or malware," says RU professor Vinod Ganapathy.
Rootkit attacks on smartphones could be especially effective because smartphone users tend to carry their phones with them all the time, which creates opportunities for attackers to eavesdrop, extract personal information, or pinpoint the users location using the phone's global positioning system.
Refer here to read more details about the research.
Rutgers University (RU) computer scientists have demonstrated how rootkits could surreptitiously instruct a smartphone to eavesdrop on a meeting, track its owner's location, or rapidly drain the battery. Smartphones "run the same class of operating systems as desktop and laptop computers, so they are just as vulnerable to attack by malicious software, or malware," says RU professor Vinod Ganapathy.
Rootkit attacks on smartphones could be especially effective because smartphone users tend to carry their phones with them all the time, which creates opportunities for attackers to eavesdrop, extract personal information, or pinpoint the users location using the phone's global positioning system.
Refer here to read more details about the research.
Friday, February 26, 2010
Using TrueCrypt for disk encryption
How to use TrueCrypt for disk encryption
You're well aware of the benefits provided by encryption, but many organizations don't have the budget or resources to purchase an expensive encryption tool. In this TechTarget screencast, learn about a free open-source disk encryption tool.
Learn how to use this tool to not only create an encrypted drive, but also a hidden drive as an additional data protection measure.
You're well aware of the benefits provided by encryption, but many organizations don't have the budget or resources to purchase an expensive encryption tool. In this TechTarget screencast, learn about a free open-source disk encryption tool.
Learn how to use this tool to not only create an encrypted drive, but also a hidden drive as an additional data protection measure.
Wednesday, February 24, 2010
Safe Travels for You and Your Data
Computers in cybercafes and hotels are notorious for having malware on them
You’re a smart traveler. You pack sunscreen and Pepto, locks for your luggage and a pouch to hide cash under your clothes. But what digital precautions do you take?
It’s hard enough to make sure the data you send and receive is safe when you’re at home or at work. But traveling brings a whole new set of hazards: from publicly accessible computers to unprotected wireless networks to crowded and pickpocket-plagued airports.
Luckily, preventing a digital wipeout while you’re on the road is reasonably easy and inexpensive. Here are some of the main things you can do to keep your data out of harm’s way while you wander the world.
Interest and worth reading article on NY times, refer here to read.
You’re a smart traveler. You pack sunscreen and Pepto, locks for your luggage and a pouch to hide cash under your clothes. But what digital precautions do you take?
It’s hard enough to make sure the data you send and receive is safe when you’re at home or at work. But traveling brings a whole new set of hazards: from publicly accessible computers to unprotected wireless networks to crowded and pickpocket-plagued airports.
Luckily, preventing a digital wipeout while you’re on the road is reasonably easy and inexpensive. Here are some of the main things you can do to keep your data out of harm’s way while you wander the world.
Interest and worth reading article on NY times, refer here to read.
Subscribe to:
Posts (Atom)
Posts
