-
Is Facelock the password alternative we’ve been waiting for?
One of the problems with using passwords to prove identity is that passwords that are easy to remember are also easy for an attacker to guess, and vice versa. Nevertheless, passwords are cheap to implement and well understood, so despite the mounting evidence that they are often not very secure, until something better comes along they are likely to remain the main mechanism for proving identity. But maybe something better has come along. Researchers propose a new system based on the psychology of face recognition called Facelock. But how does it stack up against existing authentication systems? The idea certainly sounds interesting and the technical challenges in implementing such a system do not seem great. But there are difficult questions regarding cost, selection and security of images that need to be answered before it becomes a practical alternative to passwords.
-
-
Research identifies Android security weaknesses caused by performance design
Researchers have identified a weakness in one of Android’s security features. Their research, titled Abusing Performance Optimization Weaknesses to Bypass ASLR, identifies an Android performance feature that weakens a software protection called Address Space Layout Randomization (ASLR), leaving software components vulnerable to attacks that bypass the protection. The work is aimed at helping security practitioners identify and understand the future direction of such attacks.
-
-
“Marked ghost imaging” offers enhanced security for data storage, transmission
“Ghost imaging” sounds like the spooky stuff of frivolous fiction, but it is an established technique for reconstructing hi-res images of objects partly obscured by clouds or smoke. Now researchers are applying the same idea in reverse to securing stored or shared electronic data. Their work establishes “marked ghost imaging” technology as a new type of multi-layer verification protocol for data storage or transmission.
-
-
Shortage of cybersecurity professionals a risk to U.S. national security
The nationwide shortage of cybersecurity professionals — particularly for positions within the federal government — creates risks for national and homeland security, according to a new RAND study. Demand for trained cybersecurity professionals who work to protect organizations from cybercrime is high nationwide, but the shortage is particularly severe in the federal government, which does not offer salaries as high as the private sector.
-
-
Security flaw: Researchers find thousands of secret keys in Android apps
Researchers have discovered a crucial security problem in Google Play, the official Android app store where millions of users of Android, the most popular mobile platform, get their apps. “Google Play has more than one million apps and over 50 billion app downloads, but no one reviews what gets put into Google Play — anyone can get a $25 account and upload whatever they want. Very little is known about what’s there at an aggregate level,” says one of the researchers.
-
-
Carnegie Mellon recognized for excellence in cybersecurity education, research
The NSA and DHS have designated Carnegie Mellon University as a National Center of Academic Excellence in Information Assurance/Cyber Defense Education and a National Center of Academic Excellence in Information Assurance/Cyber Defense Research for academic years 2014 through 2021. As a CAE, Carnegie Mellon will continue to be eligible to participate in federal scholarship and research opportunities.
-
-
A first: San Francisco to feature encrypted Wi-Fi service
The Chief Information Officer (CIO) for the city of San Francisco has announced that the city will implement a small, free Wi-Fi spot within the city which will offer encrypted service and, it is hoped, usher in a new standard for other urban centers.
-
-
Improving cybersecurity top priority: Federal CIOs, CISOs
Federal chief information officers (CIOs) and chief information security officers (CISOs) cite improving cybersecurity as their top priority. Annual survey reports that 63 percent of participants said cybersecurity issues were one of their top three priorities; with 66 percent noting that cyber threats to their organizations rose by at least 10 percent in 2013. Eighty-seven percent of respondents pointed out that their organizations have increased spending on cybersecurity, but noted that the fiscal 2015 budget proposal which calls for $13 billion toward cybersecurity improvements at civilian and defense agencies, will need to be increased in the future.
-
-
IT security at U.S. ports weak: GAO
The Government Accountability Office (GAO) reports that maritime security policies and plans at three high-risk U.S. ports do not effectively address how to assess, manage, and respond to cybersecurity threats. While all three ports have strategies to deal with physical security, there were few policies that specifically addressed cybersecurity.
-
-
Improved performance of facial recognition software
Who is that stranger in your social media photo? A click on the face reveals the name in seconds, almost as soon as you can identify your best friend. While that handy app is not quite ready for your smart phone, researchers are racing to develop reliable methods to match one person’s photo from millions of images for a variety of applications.
-
-
Six more bugs found in popular OpenSSL security tool
OpenSSL is a security tool that provides facilities to other computer programs to communicate securely over the public Internet. OpenSSL is also used in some common consumer applications, such as software in Google’s Android smartphones. So when the Heartbleed vulnerability in OpenSSL was discovered and widely publicized in April this year, system administrators had to rush to update their systems to protect against it. Computer system administrators around the world are groaning again as six new security problems have been found in the OpenSSL security library.
-
-
Squiggly lines may be the future of password security
As more people use smart phones or tablets to pay bills, make purchases, store personal information, and even control access to their houses, the need for robust password security has become more critical than ever. A new study shows that free-form gestures — sweeping fingers in shapes across the screen of a smart phone or tablet — can be used to unlock phones and grant access to apps. These gestures are less likely than traditional typed passwords or newer “connect-the-dots” grid exercises to be observed and reproduced by “shoulder surfers” who spy on users to gain unauthorized access.
-
-
Logging in securely without passwords
Passwords are a common security measure to protect personal information, but they do not always prevent hackers from finding a way into devices. Researchers are working to perfect an easy-to-use, secure login protection that eliminates the need to use a password — known as zero-interaction authentication.
-
-
Adm. Michael Rogers: Businesses must “own” cybersecurity threats
Cybersecurity threats are a vital issue for the nation, and like the Defense Department, businesses must own the problem to successfully carry out their missions, DOD’s top cybersecurity expert told a forum of businesspeople.
-
-
DARPA’s Cyber Grand Challenge aims to see fully automated network security systems developed
There is an increasingly serious cybersecurity problem: the inadequacy of current network security systems, which require expert programmers to identify and repair system weaknesses — typically after attackers have taken advantage of those weaknesses to steal data or disrupt processes. Such disruptions pose greater risks than ever as more and more devices, including vehicles and homes, get networked in what has become known as “the Internet of things.” DARPA is addressing this problem, with teams from around the world starting a two-year track toward the world’s first tournament of fully automated network security systems. Computer security experts from academia, industry, and the larger security community have organized themselves into more than thirty teams to compete in DARPA’s Cyber Grand Challenge — first-of-its-kind tournament designed to speed the development of automated security systems able to defend against cyberattacks as fast as they are launched.
-
More headlines
The long view
Encryption Breakthrough Lays Groundwork for Privacy-Preserving AI Models
In an era where data privacy concerns loom large, a new approach in artificial intelligence (AI) could reshape how sensitive information is processed. New AI framework enables secure neural network computation without sacrificing accuracy.
Need for National Information Clearinghouse for Cybercrime Data, Categorization of Cybercrimes: Report
There is an acute need for the U.S. to address its lack of overall governance and coordination of cybercrime statistics. A new report recommends that relevant federal agencies create or designate a national information clearinghouse to draw information from multiple sources of cybercrime data and establish connections to assist in criminal investigations.