Verizon

mike Janke silent circle

NSA’s PRISM Puts Privacy Startup Silent Circle Into Orbit

Government surveillance has been getting a lot of attention in recent weeks, with the leak of classified information about spying by the National Security Agency using information provided by U.S. telecommunications and Internet firms including Verizon, Facebook, Google and Apple. The stories have revealed the very different legal standards that govern electronic communications and more traditional communications such as phone and postal mail. They have also put many otherwise lawful Internet users in search of technology that will keep their private conversations and thoughts well…private. That, in turn, has sparked concern in the government that civilian use of encryption will hamper lawful interception of communications. Wired.com reported last week that, for the first time, encryption thwarted government surveillance under court-approved wiretaps. That report,  from the U.S. Administrative Office of the Courts (AO), said encryption was reported for 15 wiretaps in 2012, compared with just 7 wiretaps conducted during previous years. […]

Continue Reading

Podcast: Project Prism – Has Uncle Sam Gone Rogue?

It was hard to escape the big news this week: revelations from The Guardian and The Washington Post about a program of widespread surveillance of online social networks and mobile phone use. The news, both the result of high-level leaks of classified information, has embroiled the Obama Administration in the most serious questions about domestic spying since the Nixon administration. To discuss the week’s events, Paul sat down with Ron Gula, the CEO of Tenable Network Security (and a former NSA security ninja) and Rick Forno, director of the University of Maryland Baltimore County’s Graduate Cybersecurity Program and a Junior Affiliate Scholar at the Stanford Law School’s Center for Internet and Society (CIS).  While neither guest was surprised to read about the government’s monitoring of cell phone activity or data from social networks, the latest reports lay bare the dimensions of the U.S. government’s domestic spying post 9/11, and raise serious […]

Continue Reading

Data Breach For Dummies: Simple Hacks, Hackers Are The Norm

In spite of widespread media attention to the problem of “advanced persistent threats” and nation-backed cyber espionage, most cyber attacks that result in the theft of data are opportunistic and rely on unsophisticated or non-technical means, according to Verizon’s 2013 Data Breach Investigations Report (DBIR). Verizon said that its analysis of 47,000 security incidents and 621 confirmed cases of data loss showed that three-quarters were “opportunistic” – not targeted at a specific company or individual – and financially motivated. Around 20 percent of attacks were linked to what Verizon termed “state affiliated actors” conducting cyber espionage. Verizon’s annual Data Breach Investigations Report presents the results of investigations conducted by Verizon’s RISK investigators, the U.S. Department of Homeland Security, US-CERT as well as by law enforcement agencies globally. In its sixth year, it is a highly regarded and oft-cited benchmark of malicious activity and threats to organizations. In a press release […]

Continue Reading
Android

ACLU Complaint Shows Android Insecurity Getting Political

The American Civil Liberties Union has filed a complaint with the U.S. Federal Trade Commission on Wednesday calling on the Federal Government to take action to stem an epidemic of unpatched and insecure Android mobile devices – a public scourge that the ACLU blames on recalcitrant wireless carriers. The civil liberties group’s complaint for injunctive relief with the FTC, noting that “major wireless carriers have sold millions of Android smartphones to consumers” but that “the vast majority of these devices rarely receive software security updates.” Calling the unpatched phones “defective and unreasonably dangerous,” the ACLU says that carriers leave their customers vulnerable to malware and spear phishing attacks that can be used to record or transmit information on the device to” third parties. “A significant number of consumers are using smartphones running a version of the Android operating system with known, exploitable security vulnerabilities for which fixes have been published by Google, but have […]

Continue Reading

Application Security ‘Precrimes’ Report: SQL Injection, Crypto Hacks in 2013

We have plenty of industry-provided reports that tell us what happened in the past. The annual Verizon Databreach Investigations Report is due out any day, providing data on breaches investigated by that company’s incident response professionals, as well as information from law enforcement agencies around the world. And, with the first quarter gone, its safe to assume that similar reports will follow from Symantec and others.   But what about the threats for 2013? That’s where Veracode’s State of Software Security (SoSS) report comes in. Released to the public today, SoSS documents the kinds of software vulnerabilities that company found during 2012. And, where there are vulnerabilities, there will be attacks, Veracode CTO Chris Wysopal says. So what’s on tap for 2013? SQL injection attacks are likely to be one of the main attack types against web-based applications this year, as they were last year, Veracode says. That’s because SQL […]

Continue Reading
1 2 3 4