Recent Posts

Missing in Action At BlackHat: The PC

Once the target of choice for hackers of all stripes, personal computers (PC) will be -at most- a side attraction at this year’s annual Black Hat Briefings show in Las Vegas, where presentations on ways to attack mobile devices and other networked “stuff” will take center stage. Just over ten percent of the scheduled talks and turbo talks at The Black Hat Briefings in early August (5 of 47)  will be devoted to attacks against what might be considered “traditional” endpoints, like end user systems and servers running Microsoft’s Windows, Apple’s Mac OSX and Linux. By contrast, more than 30% will discuss security flaws and attacks against mobile phones or other “smart” devices including wireless surveillance cameras, home automation systems and smart meters. The dearth of PC-focused talks isn’t a new trend in and of itself. As far back as 2006, talks that explicitly discussed security issues with components of Microsoft’s […]

Continue Reading

Monoculture 2.0: Will Android’s Rise Be A Security Nightmare?

There have been a bunch of interesting articles in recent weeks that highlight the rapid expansion of Google’s Android operating system from phones and tablets to all kinds of intelligent devices. They beg the question: is Android becoming the Microsoft Windows of the fast-emerging “Internet of Things.” And, if so, we might ask: ‘What are the security implications of that?’ First the skinny on Android’s growing dominance of the intelligent device sector. Ashlee Vance over at Businessweek.com delved into that with an article “Behind the Internet of Things is Android – and its everywhere.” Vance makes the point that Android is not only the choice for 75% of the handset makers these days – it’s also become the OS of choice for anyone making anything with a processor and a networking stack. The effect of that is akin to what Microsoft encountered when Windows went from being just another PC […]

Continue Reading

Illiquid: Liberty Reserve Gone, Cybercrooks Look For Alternatives

Now that authorities in Spain, Costa Rica and the U.S. have taken down online money transfer service Liberty Reserve, the cyber underground is facing a serious liquidity crunch, as criminal gangs, botmasters, spammers and malicious hackers look for a safe platform on which to transact business. But finding a ready substitute may not be easy, with Liberty Reserve’s close competitors showing less tolerance of its “no questions asked” account creation policy, and less scrupulous outlets wary of the long arm of the U.S. Justice Department. Liberty Reserve (libertyreserve.com) went offline on Friday along with dozens of other domains operated by its founder, Arthur Budovsky – a.k.a. “Arthur Belanchuk” a.k.a “Eric Paltz.” Budovsky was arrested in Spain on May 24th. Spanish authorities acted at the request of authorities in Costa Rica, where Budovsky had set up shop, and the U.S. A three-count criminal complaint filed there by the U.S. Attorney for the […]

Continue Reading

Report: Chinese Hackers Pinch Advanced Weapons Designs

A Washington Post story on Sunday cited a confidential report prepared by the Pentagon that claims “Chinese hackers” have compromised systems storing data on the design of more than two dozen major U.S. weapons systems. The report, prepared for the Pentagon’s senior brass by the Defense Science Board, warns that the intrusions have given China’s People’s Liberation Army (PLA) a leg up on the U.S., and a boost in efforts to modernize its own military for use in a possible, future conflict, The Post reported. Many of the breaches that led to theft of sensitive data occurred at private defense contractors, or at firms that acted as subcontractors to them, the report said. No specific incidents or companies are named in the report. However, the main outlines of it echo reports of leaks of classified information on weapons systems going back more than three years. In April, 2009, for example, […]

Continue Reading

Podcast: The Big Truth – Responding To Sophisticated Attacks

If you work at a rank and file corporation in the U.S. or Europe, stories like those about the breach at the defense contractor Qinetiq are terrifying. Here’s a company that’s on the bleeding edge of technology, making autonomous vehicles and other high-tech gadgetry for the U.S. Military. Despite that, it finds itself the hapless victim of a devastating cyber breach that lasts – by all accounts – for months, or years. In the end, the attackers (likely linked to China’s People’s Liberation Army) make off with the company’s intellectual property (likely all of it) and, soon, defense contractors in Mainland China start turning out devices that look eerily similar to the ones Qinetiq makes. Ouch! If a company like Qinetiq can’t stop an attack by advanced persistent threats (APT) – or whatever name you want to use –  what hope do overworked IT admins at rank and file enterprises […]

Continue Reading
1 371 372 373 374 375 397