• Cost of cyberattacks on the rise

    A new study shows that cybercrime is costing corporations 56 percent more than last year; the study conducted by the Ponemon Institute and sponsored by ArcSight, an HP company, found that the median cost of cybercrimes for the fifty companies surveyed was $5.9 million; the increase in costs were largely due to hackers using stealthier techniques

  • Researchers show how to unlock, start a car remotely

    Two researchers at the Black Hat event in Las Vegas demonstrated they could send commands from a laptop to unlock the doors of a Subaru Outback — and then start the car; they said that in addition to vehicles, many other GPS-tracking devices, 3G security cameras, urban traffic control systems, SCADA sensors, and home controls and systems are also telephony-enabled and, as a result, susceptible to attack

  • Better than SecurID?

    The man who invented the two-factor authentication SecurID token has just unveiled a more secure authentication system using voice biometrics; Kenneth Weiss, the founder of Universal Secure Registry, says his latest invention is more flexible and secure than SecurID tokens as they can be used to authenticate individuals on mobile phones, payments, and cloud computing; by adding a voice biometric component, the new device offers three-factor authentication

  • Cybercrime statistics wildly inaccurate, says researcher

    A cybersecurity researcher is questioning the various statistics that government officials and IT companies use as evidence of the rampant and deleterious effects of hackers; Cormac Herley, a principal researcher at Microsoft Research, argues that the existing data on the estimated losses from cyberattacks is wildly inaccurate to the point that analysts have no idea what the problem’s economic impacts are; one expert, noting that estimates of the annual cost of cybercrime range from $560 million to $100 billion to $1 trillion, asks: “How can this be? How can you have estimates of the same problem ranging across three orders of magnitude?”

  • Data breaches compromise nearly 8 million medical records

    The revelation that millions of people have had their personal medical records stolen could slow the Obama administration’s efforts to digitize the nation’s health care records; in the last two years alone nearly eight million people have had their medical records stolen or compromised; 1.7 million patients, staff members, contractors, and suppliers at several New York hospitals had their information stolen when thieves removed them from an unlocked van; to ensure that medical records are safe, HHS has begun imposing penalties on health care providers who compromise their patient’s records; but some health care experts wonder if enforcing HIPAA alone will be enough to address the problem

  • U.S. intelligence sets up cyber defense office in Estonia

    Since gaining its independence in 1991, Estonia has become one of the most cyber-focused nations in the world; it also has its own experience with cyberwar: in 2007 Russian government-inspired hackers launched a massive cyber attack on Estonia after the Estonian government decided to move a statue commemorating the Red Army from the center of the capital to a more modest location; now the U.S. intelligence community has decided to open an office in the Estonian capital Tallinn to help bolster the fight against cyber-crime

  • Strikeout! Yankees release ticket holders' personal data

    Apple and Google, Sony and Microsoft have all made news with security failures in the last weeks; the venerable New York Yankees baseball franchise now joins that list with the release of personal information of half of their season-ticket holders; this is but the latest example of cyber vulnerability owing to human fallibility

  • Government plan for consolidated online ID unveiled

    Last Friday President Obama unveiled a plan to establish federal standards to create consolidated secure online passwords; the ultimate goal of National Strategy for Trusted Identities in Cyberspace (NSTIC) is to create a more secure environment for online transactions where users only have to register once and can use a common password for multiple sites; NSTIC lays out the industry standards and technology policies around the new authentication methods but leaves the development and deployment of the technology entirely in the hands of the private sector to avoid the establishment of a government-led national ID; privacy advocates worry that it could create an environment where authentication is increasingly required

  • Senator seeks to end wasteful government cybersecurity spending

    Senator Tom Carper (D – Delaware) is actively seeking ways to end wasteful government cybersecurity spending; Carper believes that the government can spend its money more efficiently on IT security; he believes that too many government programs are expensive, inefficient, and do not actually secure government networks; Carper was careful to note that he was not advocating for budget cuts, but rather more efficient spending; Carper has proposed mandating that all agencies only purchase technology that is preconfigured with encryption or other security measures; he is currently working with Senators Joseph Lieberman (I-Connecticut) and Susan Collins (R-Maine) on the Cybersecurity and Internet Freedom Act of 2011, which contains many of his proposals

  • Major increase in cyber attacks on China's government

    China recently reported that last year its government websites experienced a 68 percent increase in cyber attacks; a total of 35,000 Chinese websites, including 4,635 government sites, were hit by hackers in 2010; attacks on non-government websites decreased 22 percent in 2010, while attacks on government websites had increased; in response to the increased number of cyber attacks, the report urged local regulators to step up efforts to police the Internet and deter these hackers by imposing stricter penalties; five million Chinese IP addresses had been infected with a trojan horse or corpse virus

  • Law enforcement, and domain name registrars discuss ways to tackle net crooks

    Police and other law enforcement agencies in the United States and the United Kingdom are increasingly turning their attention to domain names as an Internet choke-point that can be used to shut down Web sites selling counterfeit goods and enabling the trading of pirated movies and child pornography

  • Critical cyber vulnerabilities found in financial system

    A recent report found critical weaknesses in automated high-frequency trading systems that hackers could exploit to make money or simply wreak havoc on the financial system; cPacket Networks fears that hackers could use what it calls a “side channel attack” stealthily to manipulate financial data as it is received by these high-frequency trading program; many analysts believe that the “flash crash” in May 2010, when the Dow dropped nearly a thousand points in several minutes, was unintentionally caused by high-frequency trading systems; cPacket is working with financial institutions to optimize their high-frequency trading systems to detect these manipulations

  • Android phones more vulnerable to cyber attacks than Apple iPhone

    Android smart phones are more susceptible to hacking and viruses than Apple’s iPhone; the Android operating system is open source, allowing hackers to understand the underlying code; Apple iPhone may have a safer operating system, but it is not impervious to attacks; McAfee warns that 2011 will see hackers increasingly target mobile devices like Android phones, iPads, and iPhones

  • Quick Heal introduces technology to track laptops

    New laptop tracking technology will help Indian police track and locate stolen laptops across the country; Quick Heal, the company offering the technology, also aims to create a centralized database of lost or stolen laptops; the database will be accessible to retailers and consumers

  • Obama pushing for Internet ID for Americans

    The Obama administration is currently drafting what it is calling the National Strategy for Trusted Identities in Cyberspace, which will give the Commerce Department the authority over a forthcoming cybersecurity effort to create an Internet ID for Americans