hacks Archives

Tag: hacks

Flaw Leaves 900M Android Devices Vulnerable

July 5, 2013 Paul Roberts

A security researcher claims to have uncovered a flaw in the Android security model that leaves almost all devices running the mobile operating system vulnerable to attacks and malicious software. Jeff Forristal, the Chief Technology Officer at Bluebox Security posted a description of the flaw on Wednesday. It affects Android devices running any version of the OS released in the past four years, starting with Version 1.6 (codename: “Donut” ) – a population of nearly 900 million devices. Discrepancies in how Android applications are cryptographically signed and then verified by Android allow a malicious attacker to modify the application package file (or APK) code without breaking the cryptographic signature. The implications of the flaw are huge. A malicious application installed on a vulnerable Android device could access any data stored on the device. For applications, such as mobile virtual private network (VPN), an attacker who could alter the application’s code or […]

NIST Cyber Security Draft Framework Puts Execs In Driver’s Seat

July 3, 2013 Paul Roberts

The U.S. government’s federal technology agency has published a draft version of a voluntary framework it hopes will guide the private sector in reducing the risk of cyber attacks on critical infrastructure. The National Institute of Standards and Technology (NIST) published a draft of its Preliminary Framework to Reduce Cyber Risks to Critical Infrastructure on Monday. The document provides a guide for critical infrastructure owners of different maturity levels to begin documenting and understanding their risk of cyber attack, and – eventually – to measure their performance in areas such as asset management, threat detection and incident response. The framework was called for by Executive Order 13636, signed by President Obama in February. In that order, NIST was charged with creating a framework for sharing cyber security threat information and information on successful approaches to reduce risks to critical infrastructure. The Framework is comprised of five major cybersecurity functions: Know […]

NSA’s PRISM Puts Privacy Startup Silent Circle Into Orbit

July 2, 2013 Paul Roberts

Government surveillance has been getting a lot of attention in recent weeks, with the leak of classified information about spying by the National Security Agency using information provided by U.S. telecommunications and Internet firms including Verizon, Facebook, Google and Apple. The stories have revealed the very different legal standards that govern electronic communications and more traditional communications such as phone and postal mail. They have also put many otherwise lawful Internet users in search of technology that will keep their private conversations and thoughts well…private. That, in turn, has sparked concern in the government that civilian use of encryption will hamper lawful interception of communications. Wired.com reported last week that, for the first time, encryption thwarted government surveillance under court-approved wiretaps. That report, from the U.S. Administrative Office of the Courts (AO), said encryption was reported for 15 wiretaps in 2012, compared with just 7 wiretaps conducted during previous years. […]

Homeland Security: Hack Attempts On Energy, Manufacturing Way Up in 2013

June 29, 2013 Paul Roberts

Attempted cyber attacks on critical infrastructure in the U.S., including energy and critical manufacturing jumped sharply in the first half of 2013, according to a just-released report from the Department of Homeland Security’s Industrial Control System Cyber Emergency Response Team (ICS-CERT). ICS-CERT said that cyber incidents across all critical infrastructure in the U.S. are on pace to double in 2013. The agency has responded to 200 such incidents so far in fiscal year 2013 (October of 2012 to May of 2013), compared to 198 incidents for all of fiscal year 2012. A majority of those incidents – 53% – were against organizations in the energy sector, ICS-CERT reported. The report is just the latest from DHS about threats to the energy sector. The agency warned energy firms after seeing a sharp jump in attacks during 2012, when attacks on energy firms accounted for around 40% of the malicious activity directed […]

Richard Clarke: Car Hacking Possible In Crash That Killed Michael Hastings

June 25, 2013 Paul Roberts

OK – let me start by saying that The Security Ledger isn’t a web site that’s going peddle in rumor or unfounded conspiracy theories. Period. AND let me note that Richard Clarke, the former Cyber Security Czar and U.S. National Coordinator for Security, Infrastructure Protection and Counter-terrorism just told the Huffingtonpost.com that he thinks a car hack may have played a role in the suspicious, single car accident that killed investigative reporter Michael Hastings last week. Whoa! If you don’t know, Hastings was a Polk Award winning correspondent for the web site Buzzfeed.com, where he covered national security. He died, at age 33, in a fiery, single car crash in Los Angeles last week after the Mercedes he was driving hit a tree and burst into flames. The car was almost totally destroyed. The Los Angeles County Coroner confirmed Hastings identity but said it would likely take weeks to determine the cause of […]