Tag: Microsoft

Facebook Joins In Tech Industry Demands For Surveillance Reform

Facebook on Tuesday reiterated calls for reform of laws pertaining to government surveillance practices in the U.S. and elsewhere. The company, in a blog post, urged governments to stop bulk collection of data and enact reforms to limit governments’ authority to collect users information to pertain to “individual users” for “lawful purposes.” The company also called for more oversight of national intelligence agencies such as the US National Security Agency, and more transparency about government requests for data. The blog post was authored by Facebook general counsel Colin Stretch. Facebook reiterated its calls for surveillance reform in recognition of “The Day We Fight Back,” a grass roots effort to use Tuesday, February 11th as a day to rally support for more civil liberties protections.   [Read more Security Ledger coverage of Facebook here.] The date is the one year anniversary of the suicide of Internet activist Aaron Swartz. Leading online […]

top secret file

US Allows More Talk About Surveillance Orders

The U.S. Department of Justice has acceded to requests from some large, technology firms, allowing them to post more specific information about government requests for data on their users, according to a report by The New York Times. In a statement released on Monday, Attorney General Eric Holder and James R. Clapper, the Director of National Intelligence, the new rules allowing some declassification followed a speech by President Obama calling for intelligence reform. “The administration is acting to allow more detailed disclosures about the number of national security orders and requests issued to communications providers, and the number of customer accounts targeted under those orders and requests including the underlying legal authorities,” the joint statement reads. “Through these new reporting methods, communications providers will be permitted to disclose more information than ever before to their customers.” [Read more Security Ledger coverage of the NSA surveillance story.] Previously, companies were prohibited from […]

When The Internet of Things Attacks! Parsing The IoT Botnet Story

I spent most of last week at a conference in Florida going deep on the security of critical infrastructure – you know: the software that runs power plants and manufacturing lines. (More to come on that!) While there, the security firm Proofpoint released a statement saying that it had evidence that a spam botnet was using “Internet of Things” devices. The company said on January 16 that a spam campaign totaling 750,000 malicious emails originated with a botnet made up of “more than 100,000 everyday consumer gadgets” including home networking routers, multi media centers, televisions and at least one refrigerator.” Proofpoint claims it is the “first time the industry has reported actual proof of such a cyber attack involving common appliances.” [Read: “Missing in action at Black Hat: the PC.”] Heady stuff – but is it true? It’s hard to know for sure. As with all these reports, it’s important […]

Ephemeral, In-Memory Attack Used With New IE 0Day

It was just last week that we wrote about research from the security firm Triumfant that found evidence for the growing use of ephemeral “diskless” malware. That point was driven home over the weekend, with a report from the firm Fireeye that found a new Internet Explorer zero day vulnerability was being used in conjunction with a disk-less variant of the Hydraq (aka “McRAT”) Trojan horse program.   Fireeye first called attention to the existence of attacks exploiting new, “zero day” (or previously unknown) vulnerabilities in the Internet Explorer web browser on Friday. The company discovered the malicious activity on the web site of a “strategically important website” that was being used as a “watering hole” to attack visitors who were “interested in national and international security policy.” The company described two IE vulnerabilities: an information leakage hole and an IE out-of-bounds memory access vulnerability. The information leak affects Windows XP […]

Windows XP Users Six Times More Likely To Be Infected By Malware

Microsoft came out with a new edition of its Security Intelligence Report today, saying that company data shows that Windows XP machines are much more likely to be infected in encounters with malicious software on the Internet. Windows XP machines were six times more likely to be infected than machines running Windows 8, the latest version of Microsoft’s operating system, the company said. The Security Intelligence Report (or SIR) is a unique window into the malicious activity online, given Microsoft’s massive footprint of more than 1 billion systems running versions of the Windows operating system, and the detailed data it collects from them through its automatic update patching- and malware removal features. This is the 15th such report Microsoft has issued.  The company used the latest report to hammer home a message about the need for Windows XP users to move off that system to a newer version of the […]