APT

McAfee sideshow eclipses Defcon’s real security breakthroughs | Security – InfoWorld

The onetime technology wunderkind, who left a job working for Lockheed to turn his curiosity about computer viruses into a thriving, global corporation showed up at two Las Vegas hacker cons last week: B-Sides Las Vegas and DEFCON. He offered some off-the-cuff rebukes to firms like Google. He also rambled long and hard about the dark forces that pursue him: the U.S. government, the government of Belize, Central American drug cartels and script kiddies desperate for his (virtual) scalp. Everywhere he goes, people take his picture. Who are they working for? The phones and computers he buys are bugged. His movements are being tracked. Those in attendance were admonished to beware of government snooping — especially via mobile applications. “Without privacy there is no freedom,” McAfee intoned.   Listening to McAfee rant, it’s easy to forget there were plenty of folks walking the halls of Defcon, Black Hat, and B-Sides […]

Continue Reading

Study Finds Unrelenting Cyber Attacks Against China’s Uyghurs

A group representing the Uyghurs,a  persecuted religious minority in China, faces unrelenting, targeted cyber attacks that appear aimed at stealing sensitive data and otherwise undermining the group’s activity, according to a new study by researchers at Northeastern University in Boston as well as the Max Planck Institute for Software Systems and the National University of Singapore.   A study of more than 1,400 suspicious email messages sent to members of groups representing the Uyghur minority found that more than three quarters of the messages contained malicious attachments. The messages targeted 724 individuals at 108 separate organizations. Moreover, researchers found overlap between the individuals associated with the Uyghur World Contress (UWC) and western targets such as the New York Times and U.S. embassies. The study, “A Look at Targeted Attacks Through the Lense of an NGO” is being presented at the UNENIX Security Conference in San Diego on August 21. (A copy of the full paper is […]

Continue Reading

Dan Geer’s Other Keynote: Embedded Devices Need A Time To Die

With the Black Hat Conference well under way and DEFCON starting later this week, the security world’s attention will turn to Las Vegas, where some of the cyber security industry’s top researchers and thinkers will be holding court. One of the most anticipated talks is the Black Hat Briefings opening keynote. This year, the honor goes to none other than Dr. Dan Geer, the CISO of In-Q-Tel, the investment arm of the U.S. intelligence sector. Geer’s talk  on Wednesday, August 6, 2014 is entitled “Cybersecurity as Realpolitik.” In anticipation of Dr. Geer’s Black Hat, we’re releasing another recent talk he gave: this one a keynote speech at our May, 2014 Security of Things Forum in Cambridge, MA. In this talk, Dan focused on the security of embedded devices and the fast-emerging Internet of Things. (A full transcript of the talk is available here.) “The embedded systems space, already bigger than what is normally thought of as […]

Continue Reading

Report: CIA Fears the Internet of Things | Nextgov.com

A story by Patrick Tucker over at Nextgov.com picks up on some comments from Dawn Meyerriecks, the deputy director of the Central Intelligence Agency’s directorate of science and technology regarding the agency’s thinking about the Internet of Things. Meyerriecks was speaking at The Aspen Institute’s Security Forum on Thursday of last week in a panel on “The Future of Warfare.” Speaking about the topic of cyber warfare, she said that current debates about the shape of cyber war don’t address the “looming geo-security threats posed by the Internet of Things.” Meyerriecks cited the now-debunked Proofpoint report about smart refrigerators being used in spam and distributed denial of service attacks.” She also mentioned “smart fluorescent LEDs [that are] are communicating that they need to be replaced but are also being hijacked for other things.” Those might be some sensational (and dubious) examples, but Meyerriecks main point was more pedestrian: that we’re on the cusp of disruptive […]

Continue Reading

TRUST: Threat Reduction via Understanding Subjective Treatment

It has become obvious (to me, anyway) that spam, phishing, and malicious software are not going away. Rather, their evolution (e.g. phishing-to-spear phishing) has made it easier to penetrate business networks and increase the precision of such attacks. Yet we still apply the same basic technology such as bayesian spam filters and blacklists to keep the human at the keyboard from unintentionally letting these miscreants onto our networks. Ten years ago, as spam and phishing were exploding, the information security industry offered multiple solutions to this hard problem. A decade later, the solutions remain: SPF (Sender Policy Framework), DKIM (Domain Keys Identified Mail) and DMARC (Domain-based Message Authentication, Reporting & Conformance). Still: we find ourselves still behind the threat, rather than ahead of it. Do we have the right perspective on this? I wonder. The question commonly today is: “How do we identify the lie?” But as machine learning and data science become the new norm, I’m […]

Continue Reading
1 31 32 33 34 35 47