Cybersecurity

  • Improved disaster resilience is imperative for U.S: report

    A new report from the National Academies says that it is essential for the United States to bolster resilience to natural and human-caused disasters, and that this will require complementary federal policies and locally driven actions that center on a national vision – a culture of resilience; improving resilience should be seen as a long-term process, but it can be coordinated around measurable short-term goals that will allow communities better to prepare and plan for, withstand, recover from, and adapt to adverse events

  • New study probes insider threat in financial services sector

    New study found that those committing insider fraud are taking a “low and slow” approach, escaping detection for long periods of time and costing targeted organizations an average of $382,000 or more, depending on how long the crime goes undetected; managers and accountants cause the most damage from insider fraud and evade detection longer

  • The five biggest stories at Black Hat

    The annual Black Hat Briefings conference, held last week in Las Vegas, is the world’s biggest, and arguably the most important, gathering of security researchers; here are the five biggest stories to take away from last week’s Black Hat meeting in Las Vegas

  • Global air control system largely defenseless against hacking

    The ADS-b system, the multi-billion dollar communication system deployed at airports around the world over the last few years, has two major flaws: first, it has no means of verifying who is actually sending a message, which means that a hacker can impersonate an aircraft and send malicious and misleading information to control towers and to other aircraft; second, the position, velocity, and other information broadcast by aircraft is not encrypted and can be grabbed from the air; a presenter at the Black Hat cybersecurity event showed how it is possible to use the information to plot the route of Air Force Phone on an iPad; these two vulnerabilities can be easily exploited by anyone with modest technical skills and about $2,000 worth of electronics

  • Winners of the California Cyber Summer Camp Capture the Flag competition announced

    Cal Poly Pomona, in partnership with Booz Allen Hamilton and the U.S. Cyber Challenge, hosted the U.S. Cyber Challenge California Cyber Summer Camp in Pomona, California; the camp curriculum included in-depth workshops on a range of topics, including penetration testing, reverse engineering, and forensics; the week was capped off by a virtual “capture the flag” competition and awards ceremony on the last day

  • Researchers say spoofed GPS signals can be countered

    From cars to commercial airplanes to military drones, global positioning system (GPS) technology is everywhere — and researchers have known for years that it can be hacked, or as they call it, “spoofed”; the best defense, they say, is to create countermeasures that unscrupulous GPS spoofers can not deceive

  • Game lets players try their hand at computer security

    A new game — Control-Alt-Hack — gives teenage and young-adult players a taste of what it means to be a computer-security professional defending against an ever-expanding range of digital threats; the game’s creators will present it this week in Las Vegas at Black Hat 2012; educators in the continental United States can apply to get a free copy of the game while supplies last; it is scheduled to go on sale in the fall for a retail price of about $30

  • ElcomSoft, Pico Computing show world's fastest password-cracking solution

    Pico Computing manufactures a range of high-end hardware acceleration platforms, offering a computational equivalent of more than 2,000 dual-core processors in a single 4U chassis; ElcomSoft updates its range of password recovery tools, employing Pico Field Programmable Gate Array (FPGA)-based hardware to accelerate the recovery of passwords

  • Novel network model to help in cyberwarfare, conservation, and disease prevention

    Computer networks are the battlefields in cyberwarfare, as exemplified by the U.S. recent use of computer viruses to attack Iran’s nuclear program; researchers develop a computer model which could help military strategists devise the most damaging cyber attacks as well as guard America’s critical infrastructure

  • Military-grade mobile security for commercial markets

    Cummings Engineering announced the release of SecureMobile 1.0, powered its proprietary SAIFE encryption technology

  • New book confirms Israel behind killing of Iran nuclear scientists

    A book to be published today offers details about, Israel’s campaign to take out Iranian nuclear scientists, a campaign which is part of the Israel’s broader effort to prevent Iran from acquiring nuclear weapons; the book also says that the cyber campaign against Iran’s nuclear program was an Israeli innovation, not an American one as recently reported; it was the brainchild of Israel’s military intelligence agency (AMAN) and Unit 8-200 — Israel’s equivalent of the eavesdropping, code-breaking National Security Agency (NSA) — and endorsed by the White House at Israel’s suggestion

  • ACLU-sponsored app keeps police accountable

    A new app from the ACLU of New Jersey allows people securely and discreetly to record and store interactions with police, as well as provide legal information about citizens’ rights when interacting with the police

  • New Facebook app detects pedophiles, criminals

    Researchers have developed a new privacy solution for Facebook; the Social Privacy Protector (SPP), developed by Ben-Gurion University of the Negev (BGU) undergraduate students, can help parents adjust their children’s profiles in one click, prevent criminals from gathering valuable personal information, and keep teens safe from pedophiles

  • Mobile device necessitate “stateless” IT security architecture

    I n a new report, Forrester analysts say that to stay ahead of evolving mobile business requirements, security and risk (S&R) and infrastructure and operations (I&O) executives cannot rely on the old approach of end-to-end control over the data path, device, and applications; instead, they must embrace a “stateless” architecture in which IT decouples security controls from the devices and the infrastructure, derives trust dynamically, and avoids costly new investment of in-house applications and infrastructure

  • Sharp increase in cyberattacks on U.S. critical infrastructure

    The number of reported cyberattacks on U.S. critical infrastructure increased sharply – from 9 incidents in 2009 to 198 in 2011; water sector-specific incidents, when added to the incidents which affected several sectors, accounted for more than half of the incidents; in more than half of the most serious cases, implementing best practices such as login limitation or properly configured firewall, would have deterred the attack, reduced the time it would have taken to detect an attack, and minimize its impact