Reports

FTC Wants To Be Top Cop On Geolocation

The Federal Trade Commission (FTC) is asking Congress to make it the chief rule maker and enforcer of policies for the collection and sharing of geolocation information, according to testimony this week. Jessica Rich, Director of the FTC Bureau of Consumer Protection, told the Senate Judiciary Committee’s Subcommittee for Privacy, Technology that the Commission would like to see changes to the wording of the Location Privacy Protection Act of 2014 (LPPA), draft legislation designed to spell out consumer protections pertaining to the location data. Rich said that the FTC, as the U.S. Government’s leading privacy enforcement agency, should be given rule making and enforcement authority for the civil provisions of the LPPA. The current draft of the law instead gives that authority to the Department of Justice (DOJ).   The LPPA legislation (PDF) was proposed in March by Sen. Al Franken, and co-sponsored by Senators Coons (D-DE) and Warren (D-MA). It proposes updating the Electronic Communications […]

Continue Reading

Heart Attack? Fixes For More Critical Holes In OpenSSL

Just a month after a critical security hole in OpenSSL dubbed “Heartbleed” captured headlines around the globe, The OpenSSL Foundation has issued an other critical software update fixing six more security holes, two of them critical. The Foundation issued its update on Thursday, saying that current versions of OpenSSL contain vulnerabilities that could be used to carry out “man in the middle” (or MITM) attacks against OpenSSL clients and servers. SSL VPN (virtual private network) products are believed to be especially vulnerable. Users of OpenSSL versions 0.9.8, 1.0.0 and 1.0.1 are all advised to update immediately. According to information released by the OpenSSL Foundation, an attacker using a carefully crafted handshake can force the use of “weak keying material in OpenSSL SSL/TLS clients and servers.” That could lay the groundwork for man-in-the-middle attacks in which an attacker positions herself between a vulnerable client and server, decrypting and modifying traffic as it passes through the attacker’s […]

Continue Reading

Survey: Consumers Growing Wary of Information Sharing

A survey by the business information service Lexis Nexis finds that consumers have grown more wary of programs that ask them to share data in exchange for improved services or other offerings. Editor’s note: LexisNexis has clarified that its survey was released in August, 2013, not October, 2013. The story has been corrected to reflect that information. – Paul 6/4/2014 The survey of  2,072 consumers, aged 21 to 74, was conducted in October 2013 by LexisNexis Risk Solutions. It found consumers were more wary of sharing information online, including at social networking and online banking sites than they were three years earlier. “Consumers are less comfortable with information sharing than three years ago,” the survey concluded. The survey was released in concert with Telematics Detroit 2014, a conference focused on information systems used in vehicles. It was designed to measure consumers’ awareness of- and interest in so-called “use based insurance” (or UBI) – sometimes referred […]

Continue Reading

DARPA Competition Seeks Autonomous Systems for Cyber Defense

We all know that ‘layer 8’ – humans – are the biggest attack surface in any IT environment. Companies can invest millions to harden their networks and endpoints. But all attackers have to do is convince one user to open a fake credit card bill for $20,000 or click a “You won’t believe this video!” link on Facebook and its game over. Our human failings came into the spotlight, most recently, with the breach at Target. According to news reports, the retailer had advanced threat detection software by FireEye deployed that actually alerted staff to some of the malicious activity that signaled the start of that (epic) hack.  Alas, Target’s IT staff in the U.S. dismissed the alerts, which were reported by a team working out of Bangalore, India. The result: 40 million credit card numbers were pilfered from Target’s network. That may be why the U.S. Department of Defense’s advanced […]

Continue Reading

Report: Hell is Unpatched Systems

One of the ‘subplots’ of the Internet of Things revolution concerns embedded devices. Specifically: the tendency of embedded devices to be either loosely managed or – in some cases – unmanageable.   The future holds the promise of more, not fewer of these. That’s the gist of a piece I wrote for InfoWorld, and that you can read here. In short: we’re already seeing the beginning of a shift on the threat landscape. While attacks against traditional endpoints (like Windows desktops, laptops and servers) are still the norm, there are more stories each day about cyber criminal groups and malicious actors who are compromising non-standard endpoints like home wifi routers.  In March, for example, the security consultancy Team Cymru identified a botnet consisting of some 300,000 compromised home routers and other in-home devices. The virus called “TheMoon” was also identified spreading between vulnerable home routers and other embedded devices. The […]

Continue Reading
1 126 127 128 129 130 152