email

Europol Warns of Internet of Things Risk

In a newly released report, Europol’s European Cybercrime Center (EC3) warns that the growth of the Internet of Things (IoT) threatens to strengthen the hand of organized cyber criminal groups and make life much more difficult for police and governments that wish to pursue them. EC3’s latest Internet Organized Crime Threat Assessment (iOCTA) says the “Internet of Everything” will greatly complicate the work of law enforcement creating “new opportunities for everything from cyber criminals to state actors to child abusers. The growing numbers of connected devices will greatly expand the “attack surface” available for cyber criminal activity, the EC3 warns. Cyber criminals may co-opt connected devices for use in common criminal activity (like denial of service attacks and spam campaigns). However, advancements like connected (“smart”) vehicles and infrastructure create openings for large scale and disruptive attacks. The report, which was published late last months, is a high level position paper and pulls data mostly […]

Hack Tool Authors Deny Link To Celeb Photo Leaks

With some of Hollywood’s biggest stars issuing statements on Monday condemning the leak of personal photographs online, attention has turned to identifying the source of the leaks. But more than 24 hours after the photos appeared, there are more questions than answers about its source. Early attention has focused on an automated tool that exploited an apparent vulnerability in Apple’s FindMyiPhone feature. But by Monday, there were denials from the makers of that tool that it played any role in the massive privacy breach that saw photos of A-list celebrities like Jennifer Lawrence, Kate Upton and others leaked online. Within hours of the photos’ appearance on the image sharing site 4chan, attention shifted to the cause of the leak and the coincidence of the leaked photos with the publication of iBrute, a simple tool available on GitHub in recent days. According to this published report by Owen Williams over at TheNextWeb,  the […]

Phishing

TRUST: Threat Reduction via Understanding Subjective Treatment

It has become obvious (to me, anyway) that spam, phishing, and malicious software are not going away. Rather, their evolution (e.g. phishing-to-spear phishing) has made it easier to penetrate business networks and increase the precision of such attacks. Yet we still apply the same basic technology such as bayesian spam filters and blacklists to keep the human at the keyboard from unintentionally letting these miscreants onto our networks. Ten years ago, as spam and phishing were exploding, the information security industry offered multiple solutions to this hard problem. A decade later, the solutions remain: SPF (Sender Policy Framework), DKIM (Domain Keys Identified Mail) and DMARC (Domain-based Message Authentication, Reporting & Conformance). Still: we find ourselves still behind the threat, rather than ahead of it. Do we have the right perspective on this? I wonder. The question commonly today is: “How do we identify the lie?” But as machine learning and data science become the new norm, I’m […]

ipad_for_business

Apple And IBM: The Corporatization of Consumerization

Apple Computer has built up a brand so strong that it borders on being a cult. That is why it is jarring to realize that, at the end of the day, Steve Jobs’ baby is just another company that needs to make its numbers each quarter and keep Wall Street happy. The company’s announcement of an exclusive partnership with  IBM is just that: a reminder that Apple’s core business is business, and that the company has been sorely underperforming in a key market: the enterprise. Whatever its faults, IBM is flush with the very things that Apple lacks: the brand, technology, expertise and reach that puts enterprise technology buyers at ease. As we reported, IBM will offer mobile device management, security, data analytics and cross-platform integrations for Apple’s iPad and iPhone that leverage IBM’s cloud services. There will be IBM-managed offerings around mobile device activation, supply and management tailored to businesses. But the partnership is something more- […]

Google India

Google Warns Of Dodgy Digital Certificates Issued By India

Beware of Google domains bearing gifts – especially gifts from India. On Tuesday, Google’s Adam Langley took to the company’s security blog to warn about unauthorized digital certificates that have been issued by India’s National Informatics Centre (NIC) and used to vouch for “several Google domains.” Google notified the NIC, as well as India’s Controller of Certifying Authorities (or CCA) and Microsoft about the discovery and the certificates have been revoked, Langley said. As Cory Doctorow noted over at BoingBoing.net, most operating system vendors and browser makers don’t trust NIC-issued certificates as a matter of course. However, NIC holds intermediate CA (certificate authority) certificates that are trusted by India’s CCA, and CCA-trusted certificates are included in Microsoft’s Root Store, meaning applications running on Windows as well as Microsoft’s Internet Explorer web browser would have trusted the bogus NIC certificates. Google said that Chrome users on Windows would not have been victims of the […]