• IT security at U.S. ports weak: GAO

    The Government Accountability Office (GAO) reports that maritime security policies and plans at three high-risk U.S. ports do not effectively address how to assess, manage, and respond to cybersecurity threats. While all three ports have strategies to deal with physical security, there were few policies that specifically addressed cybersecurity.

  • Improved performance of facial recognition software

    Who is that stranger in your social media photo? A click on the face reveals the name in seconds, almost as soon as you can identify your best friend. While that handy app is not quite ready for your smart phone, researchers are racing to develop reliable methods to match one person’s photo from millions of images for a variety of applications.

  • Six more bugs found in popular OpenSSL security tool

    OpenSSL is a security tool that provides facilities to other computer programs to communicate securely over the public Internet. OpenSSL is also used in some common consumer applications, such as software in Google’s Android smartphones. So when the Heartbleed vulnerability in OpenSSL was discovered and widely publicized in April this year, system administrators had to rush to update their systems to protect against it. Computer system administrators around the world are groaning again as six new security problems have been found in the OpenSSL security library.

  • Squiggly lines may be the future of password security

    As more people use smart phones or tablets to pay bills, make purchases, store personal information, and even control access to their houses, the need for robust password security has become more critical than ever. A new study shows that free-form gestures — sweeping fingers in shapes across the screen of a smart phone or tablet — can be used to unlock phones and grant access to apps. These gestures are less likely than traditional typed passwords or newer “connect-the-dots” grid exercises to be observed and reproduced by “shoulder surfers” who spy on users to gain unauthorized access.

  • Logging in securely without passwords

    Passwords are a common security measure to protect personal information, but they do not always prevent hackers from finding a way into devices. Researchers are working to perfect an easy-to-use, secure login protection that eliminates the need to use a password — known as zero-interaction authentication.

  • Adm. Michael Rogers: Businesses must “own” cybersecurity threats

    Cybersecurity threats are a vital issue for the nation, and like the Defense Department, businesses must own the problem to successfully carry out their missions, DOD’s top cybersecurity expert told a forum of businesspeople.

  • DARPA’s Cyber Grand Challenge aims to see fully automated network security systems developed

    There is an increasingly serious cybersecurity problem: the inadequacy of current network security systems, which require expert programmers to identify and repair system weaknesses — typically after attackers have taken advantage of those weaknesses to steal data or disrupt processes. Such disruptions pose greater risks than ever as more and more devices, including vehicles and homes, get networked in what has become known as “the Internet of things.” DARPA is addressing this problem, with teams from around the world starting a two-year track toward the world’s first tournament of fully automated network security systems. Computer security experts from academia, industry, and the larger security community have organized themselves into more than thirty teams to compete in DARPA’s Cyber Grand Challenge — first-of-its-kind tournament designed to speed the development of automated security systems able to defend against cyberattacks as fast as they are launched.

  • Roots of Trust research focuses on protecting cyber physical systems

    “Roots of Trust” refers to a set of security functions in a device or system, which are implicitly trusted by the device’s operating system and applications, and which constitute the foundation for security. The Cyber Security Research Alliance (CSRA) the other day said it will prioritize research in Roots of Trust for cyber physical systems (CPS), to help address growing cyber security threats to public and private critical infrastructure.

  • Develop tool to make the Internet of Things safer

    There is a big push to create the so-called Internet of Things, where all devices are connected and communicate with one another. As a result, embedded systems — small computer systems built around microcontrollers — are becoming more common. They remain vulnerable, however, to security breaches. Some examples of devices that may be hackable: medical devices, cars, cell phones and smart grid technology. Computer scientists have developed a tool that allows hardware designers and system builders to test security- a first for the field.

  • Is your iPhone at risk after the Oleg Pliss hack?

    iPhone users in Australia were greeted with an alarming message this week when they tried to use their devices. They were told that a hacker or group of hackers going by the name Oleg Pliss had taken control of their phone and will lock it permanently unless a $100 ransom is paid. It’s not yet clear whether the attack is likely to affect iPhone users outside Australia but even if it doesn’t, the attack has raised questions about the security of the iPhone. Apple products have a reputation for being more secure than others and this is the first major attack of its kind. iPhone is one of the most secure smartphones and that is still true. This attack is a very clever compromise but it does not actually hack into your phone. Instead, Oleg Pliss seems to have found a way of attacking the remote server that supports an iPhone user’s iCloud account.

  • Debating disclosures of cyber vulnerabilities

    Cybersecurity experts are debating whether the NSAand U.S. Cyber Commandshould keep cyber vulnerabilities secret, or disclose and fix them. Not disclosing and fixing cyber vulnerabilities means that, when necessary, such vulnerabilities may be used as weapons in offensive information warfare. Disclosing and fixing such vulnerabilities would diminish the effective of U.S. offensive cyber operations, but the effectiveness of an adversary’s offensive cyber operations would be similarly diminished.

  • Future cyberattacks to cause more trouble than Heartbleed

    Many of the future cyberattacks could take advantage of vulnerabilities similar to Heartbleed, a major Internet security flaw which allows attackers to gain access to encrypted passwords, credit card details, and other data on trusted Web sites including Facebook, Gmail, Instagram, and Pinterest. A new report said that hackers could soon use similar holes in computer security to shut down energy grids, disrupt public services, and steal vast amounts of private data worth billions of dollars, unless institutions take measures today to ready themselves against future Heartbleed-like threats.

  • Testing distributed computing to protect against cyberattacks on power grids

    The power grid is complicated, divided up into sections that cover everything from a single municipal area (like New York City) to large regions (like the entire state of California). Each of these sections is controlled by a single control center. If that control center stops functioning, because of a cyberattack or for any other reason, it is no longer capable of monitoring and maintaining the grid, resulting in severe instabilities in the system. The SmartAmerica Challenge, which kicked off in late 2013 to highlight U.S. research in the field of cyberphysical systems, aims to address power grid security concerns.

  • Snowden revelations spur a surge in encrypted e-mail services

    The Edward Snowden revelations about National Security Agency(N.S.A) surveillance programs have fueled a surge of new e-mail encryption services. “A lot of people were upset with those revelations, and that coalesced into this effort,” said the co-developer of a new encrypted e-mail service which launched last Friday. The company notes that its servers are based in Switzerland, making it more difficult for U.S. law enforcement to reach them.

  • Researchers crack supposedly impregnable encryption algorithm in two hours

    Without cryptography, no one would dare to type their credit card number on the Internet. Security systems developed to protect the communication privacy between the seller and the buyer are the prime targets for hackers of all kinds, hence making it necessary for encryption algorithms to be regularly strengthened. A protocol based on “discrete logarithms,” deemed as one of the candidates for the Internet’s future security systems, was decrypted by École polytechnique fédérale de Lausann (EPFL) researchers. Allegedly tamper-proof, it could only stand up to the school machines’ decryption attempts for two hours.