In-brief: Gadi Evron recalls the denial of service attacks aimed at the government of Estonia in 2007 – one of the first recognized acts of ‘cyber war’ and a template for incidents that followed. Evron says there were many lessons in that incident – some of which the U.S. and its allies are still struggling to learn.
In-brief: An analysis of 85,000 hacked Remote Desktop Protocol servers from the cyber criminal marketplace xDedic shows that education and healthcare networks were the most often targeted by hackers, who often used brute force password guessing to gain access.
In-brief: Companies like Microsoft and Google have both unveiled initiatives that de-emphasize the traditional, static, alpha-numeric password in recent days. So is the password going the way of the horse and buggy? Don’t be so sure, says Robert Capps of the firm NuData. Capps thinks that passwords will be with us for the foreseeable future and that companies concerned about security need to do more than just find a more secure way to log-in.
In-brief: Researchers at universities in Germany, working with the security firm Trend Micro, discovered more than 100 vulnerabilities in GitHub code repositories simply by looking for re-used code from tutorials and other free code samples. The same method could be harnessed by cyber criminals or other sophisticated attackers to find and exploit vulnerabilities in software applications, the researchers warned.
In-brief: The April 7th hijacking of more than 100 civil defense sirens in Dallas was dismissed as an “old school” hack that relied copycat radio tones to set off a cacophony that lasted for nearly two hours. But was it? Security researcher Mark Loveless (aka “Simple Nomad”) has his doubts about the official explanation. In this latest Security Ledger podcast, he talks to Editor in Chief Paul Roberts about what might have really gone down in Dallas.
