• Worry: Hackers can take over power plants

    In many cases, operating systems at power plants and other critical infrastructure are decades old; sometimes they are not completely separated from other computer networks used by companies to run administrative systems or even access the Internet; those links between the administrative networks and the control systems provide gateways for hackers to insert malicious codes, viruses, or worms into the programs that operate the plants

  • INL's International Symposium on Resilient Control Systems (ISRCS)

    Idaho National Laboratory is helping generate innovative research and codify resilience in next-generation control system designs by hosting the 3rd International Symposium on Resilient Control Systems in Idaho Falls 10-12 August; INL says it sponsors the symposium to support a multidisciplinary approach to the complex nature of control system interdependencies that ensure safe and secure operation of critical components of the U.S. infrastructure including electrical grids, water supplies, and transportation

  • Commerce Department seeks comments on cybersecurity and its impact on innovation

    The U.S. Commerce Department seeks comments from all stakeholders, including the commercial, academic and civil society sectors, on measures to improve cyber security while sustaining innovation; the department says that the Internet has become vitally important to U.S. innovation, prosperity, education, civic activity, and cultural life as well as aspects of America’s national security, and that a top priority of the department is to ensure that the Internet remains an open and trusted infrastructure, both for commercial entities and individuals

  • As demand for cybersecurity professionals grows, shortages are felt

    Federal agencies, contractors, and tech companies compete with each other for cyber security work force; measuring the size of the cyber security sector is difficult, but surveys show demand for technical expertise is skyrocketing; the number of jobs posted on ClearanceJobs.com by companies and recruiters looking for professionals with active federal security clearances has jumped 11 percent to 6,100 openings this year from fewer than 5,500 in the same time period last year; Maryland wants to become U.S. cybersecurity capital

  • Indonesia joins countries mulling BlackBerry ban to fight terror

    Indonesia considers joining a growing list of countries, including India, Saudi Arabia and the UAE in banning BlackBerry devices; Research in Motion is receiving increasing pressure to allow government access to data generated by the hand-held devices

  • Smart Grid offers target-rich opportunities for hackers

    SCADA systems are vulnerable to hacking, but the smart grid is even more vulnerable; security experts at the Black Hat conference in Las Vegas last week warned that the accelerated deployment of smart-grid technology could leave critical infrastructure and private homes vulnerable to hackers; hacking may come in a benign form — customers might simply figure out how to lower their electricity bills by manipulating how much energy their meters say they are using; hacking may also have more sinister aspects: large-scale attacks may also be possible, and the smart grid’s serious vulnerabilities make it possible to shut down the power supply to an entire city

  • New identity theft scheme: stealing kids' Social Security numbers

    The latest identity theft scheme: stealing kids’ Social Security numbers years before these kids grow up to use these numbers; the scheme allows people to establish phony credit and run up huge debts — debts that the kids may never be able to pay off

  • U.S. "cyber flank" exposed

    Former head of the CIA and the NSA warns the U.S.“cyber flank” was exposed and it was losing clout to influence rules of war on the Internet; “Our flank is totally exposed,” Michael Hayden said at the Black Hat computer security gathering in Las Vegas, comparing the U.S. tactical position on the Internet to a battle of land troops; “If tomorrow they show up on that flank they are going to roll down.”; the retired general said he was in “absolute awe and wonderment” at the Chinese cyber espionage campaign but that they were certainly not the only nation doing it; he faulted an Internet built on the premise of quickly and freely sharing information for creating an open landscape that gives attackers an edge over defenders

  • Hacker built, and demonstrated, a $1,500 cell-phone tapping device

    Security researcher demonstrated a device, which he built for just $1,500, which can intercept some kinds of cell phone calls and record everything that is said; the attack illustrates weaknesses in GSM, one of the world’s most widely used cellular communications technologies

  • First Cyber Security Challenge winner announced

    The United Kingdom suffers from a dearth of cybersecurity experts; several private and public organizations have launched the Cyber Security Challenge competition — a series of challenges and games that would test the talent and skills of people; the challenges is built around eight key skill areas which include digital forensics, network analysis, and logical thinking

  • ATMs easily compromised by hacker at Black Hat

    A disturbingly high percentage of the world’s automated teller machines (ATMs) are vulnerable to physical and remote attacks that can steal administrative passwords and personal identification numbers, to say nothing of cash

  • Identifying future digital leakers, whistle-blowers

    Digital encoding could catch future informants; the Wikileaks saga will likely result in an overhaul of how governments protects information; in addition to using watermarking, government agencies could adapt existing digital-rights-management technologies; such technologies can perform various tasks that might be relevant: identify when the same computer is downloading voluminous amounts of material, restrict downloading to authorized users, and stop users from copying or passing restricted files to other computers

  • New cybersecurity threat: smartphone apps that do more than what they say they do

    A large proportion of applications contain third-party code with the capability to interact with sensitive data in a way that may not be apparent to users or developers; Apple reviews its applications before accepting them into its App Store, but even that is not foolproof when it comes to detecting erroneous or malicious components within apps, which might end up collecting or storing information that has nothing to do with the intended usage case of the app

  • Five hot topics to be discussed at Black Hat and Defcon

    Among the many topics to be discussed at Black Hat, which opens today, and DefCon, which opens Friday, is SCADA networks vulnerability; many of these networks have developed a no man’s land between IT and industrial systems, and these networks’ computers are often at risk because nobody seems to take complete ownership of them; there will be a talk about where bugs show up in the infrastructure; the speaker is Jonathan Pollet, whose company, Red Tiger Security, has collected data on 38,000 vulnerabilities — and the types of exploits that have been written for them

  • Breakthrough: UCLA engineering devises new location-based cryptography method

    Location-based security is ensured by using quantum mechanics; this type of cryptography could be useful in several settings — for example, one could communicate with a military base with a guarantee that only someone physically present at the base will have access to the information; furthermore, the location-based method eliminates the need for distributing and storing keys, one of the most difficult tasks in cryptography