email

Google India

Google Warns Of Dodgy Digital Certificates Issued By India

Beware of Google domains bearing gifts – especially gifts from India. On Tuesday, Google’s Adam Langley took to the company’s security blog to warn about unauthorized digital certificates that have been issued by India’s National Informatics Centre (NIC) and used to vouch for “several Google domains.” Google notified the NIC, as well as India’s Controller of Certifying Authorities (or CCA) and Microsoft about the discovery and the certificates have been revoked, Langley said. As Cory Doctorow noted over at BoingBoing.net, most operating system vendors and browser makers don’t trust NIC-issued certificates as a matter of course. However, NIC holds intermediate CA (certificate authority) certificates that are trusted by India’s CCA, and CCA-trusted certificates are included in Microsoft’s Root Store, meaning applications running on Windows as well as Microsoft’s Internet Explorer web browser would have trusted the bogus NIC certificates. Google said that Chrome users on Windows would not have been victims of the […]

Continue Reading

U.S. looks to create an ‘Internet of Postal Things’ – Computerworld

There’s an interesting article by Patrick Thibodeau over at Computerworld about how the U.S. Postal Service is soliciting ideas about leveraging Internet of Things technologies throughout its (massive) system. The Postal Service published a solicitation for a “supplier who has the expertise and critical knowledge of the Internet of Things,” as well as (big) data analytics. The goal is to harness data from throughout the Postal Service’s massive infrastructure in order to increase efficiency and lower costs. The U.S. Postal Service is one of world’s most extensive and efficient. But it has also been bleeding red ink in recent years. The Services reported a $15.9 billion net loss in fiscal year 2012 – much of it tied to mandated payments to meet future retiree health benefits. Those losses have narrowed in recent years. In May, the USPO reported a net loss of $1.9 billion in the second quarter and increased […]

Continue Reading

iPhone and iPad Hijacking: What You Need To Know

The past 24 hours has seen a spate of stories warning about a spate of ‘ransomware’ attacks on iPhones and iPads – especially in the the UK and Australia. According to the reports, compromised devices are locked and owners are instructed to email a ransom (variously: $100, $50, €100) to one “Oleg Pliss” to have their devices unlocked. These attacks aren’t really news. In fact, the Oleg Pliss scam appears to have been circulating for close to six months. However, it’s worthwhile reviewing what we do (and don’t) know about these latest attacks on mobile devices. Accordingly, Security Ledger has put together a short FAQ that tells you what you need to know about the latest mobile scam, and to dispel some of the rumors floating around in the Internet ether. What’s Going On? According to news reports and complaints on Apple Support forums, owners of iPhones and iPads are having their devices locked. […]

Continue Reading

Cisco Survey: 100% of Fortune 500 Hosting Malware?

If you’re working in IT at a Fortune 500 firm, Cisco Systems has some unwelcome news: you have a malware problem. According to the 2013 Annual Security Report from the networking giant, 100 percent of 30 Fortune 500 firms it surveyed sent traffic to Web sites that host malware. Ninety-six percent of those networks communicated with hijacked servers operated by cyber criminals or other malicious actors and 92 percent transmitted traffic to Web pages without content, which typically host malicious activity. “It was surprising that it was 100 percent, but we know that it’s not if you’re going to be compromised, but when,” said Levi Gundert, a technical lead in Cisco’s Threat Research, Analysis and Communications (TRAC) group in an interview with The Security Ledger. Among the high points (or low points) in Cisco’s Report: Cisco observed the highest number of vulnerabilities and threats on its Intellishield alert service in the 13 years […]

Continue Reading

Report: Cell Phone Data, Blackberry Mail Swept Up In NSA’s Net

Sensitive data from every major brand of cell phone can be captured and analyzed by the U.S. National Security Agency, (NSA) according to a report in the German magazine Der Spiegel on Saturday.   Citing “top-secret, internal NSA documents viewed by SPIEGEL reporters, the magazine said that NSA security researchers have developed tools to sap contact lists, SMS traffic, notes and location information from popular devices such as Apple’s iPhone, Google’s Android and Blackberry phones, including Blackberry e-mail, a supposedly secure system that is one of the phone’s most trumpeted features. The documents describe a large-scale and well-organized program within the NSA to obtain data from mobile devices, with discrete teams of security analysts working on a specific platform, developing malware that infiltrates the computers the phones “synch” with, and then loads scripts onto the phones that provide access to a range of other features. See Also: Secure e-mail firms […]

Continue Reading
1 3 4 5 6