If you want to import beef, eggs or chicken into the U.S., you need to get your cargo past inspectors from the U.S. Department of Agriculture. Not so hardware and software imported into the U.S. and sold to domestic corporations. But a spate of stories about products shipping with malicious software raises the question: is it time for random audits to expose compromised supply chains? Concerns about ‘certified, pre-pwned’ hardware and software are nothing new. In fact, they’ve permeated the board rooms of technology and defense firms, as well as the halls of power in Washington, D.C. for years. The U.S. Congress conducted a high profile investigation of Chinese networking equipment maker ZTE in 2012 with the sole purpose of exploring links between the company and The People’s Liberation Army, and (unfounded) allegations that products sold by the companies were pre-loaded with spyware. Of course, now we know that such […]
Tag: crime
Must Read: How Russian Hackers Stole the Nasdaq – Businessweek
If there’s one story you should read this week, its Michael Riley’s extensive report over at Businessweek on the 2010 compromise of systems belonging to the Nasdaq stock exchange, “How Russian Hackers Stole the Nasdaq.” The incident was extensively reported at the time, but not in great depth. Obviously, the parties involved weren’t talking. And Nasdaq’s public statements about the compromise woefully downplayed its severity, as Riley’s report makes clear. Among the interesting revelations: the Nasdaq may have fallen victim to a third-party compromise – similar to the hack of Target earlier this year. In the case of Nasdaq, investigators from the FBI, NSA and (eventually) CIA found discovered that the website run by the building management company responsible for Nasdaq’s headquarters at One Liberty Plaza had been “laced with a Russian-made exploit kit known as Blackhole, infecting tenants who visited the page to pay bills or do other maintenance.” What’s clear is […]
This Week In Security: Poking Holes In Two Factor Authentication
It was another busy week in the security world. There was big news on the legal front, as The U.S. Supreme Court took steps to protect the data stored on mobile devices from warrantless searches by police. (That’s good news.) But the week also plenty of concerning stories about the security of data stored on mobile phones, tablets and the like. One of the stories that gained a lot of attention was DUO Security’s report on a flaw in PayPal’s two factor authentication feature that could expose the accounts of security-conscious PayPal users. As The Security Ledger reported, DUO researcher Zach Lanier discovered a flaw in mobile APIs published by PayPal that would allow anyone with a valid PayPal user name and password to sidestep two-factor authentication when accessing PayPal accounts that had that option enabled. After DUO went public with information on the flaw, PayPal disabled two factor authentication […]
Gameover Not The End: Zeus Malware Still Threatens Fortune 500
Prolexic, a division of Akamai, issued an advisory to Fortune 500 firms on Monday about what it calls “a high-risk threat of continued breaches from the Zeus framework.” The company’s Security Engineering & Response Team (PLXsert) said on Monday that it has observed new payloads from the Zeus crimeware kit in the wild, and that networks of Fortune 500 companies are a prime target. Cyber crime groups are using Zeus to steal login credentials and gain access to web-based enterprise applications, as well as online banking accounts, Akamai warned. “The Zeus framework is a powerhouse crimeware kit that enterprises need to know about to better defend against it,” said Stuart Scholly, senior vice president and general manager, Security Business Unit, Akamai, in a statement. “It’s hard to detect, easy to use, and flexible – and it’s being used to breach enterprises across multiple industries.” A variant of Zeus, Gameover, was the subject […]
Pew: IoT Will Take Off By 2025, Despite Security Woes
A survey of technology experts by the Pew Research Center and Elon University predicts that the Internet of Things will take off in the next decade despite serious concerns about the security of IoT devices and the data they hold. The IoT will gain wide adoption in the next decade, with the result that many aspects of day-to-day life will be transformed by a combination of inexpensive sensors, cloud based computing and data analytics. The report cites a number of likely innovations that will become commonplace by 2025 – from “smart” food products that can report when they are exhausted or spoiled, to smart roads and infrastructure to “subcutaneous sensors or chips that provide patients’ real-time vital signs to self-trackers and medical providers.” The Pew Center canvassed more than 1600 technology leaders and analysts about the Internet of Things and published the findings of the survey on Wednesday. The survey population included […]
