Cybersecurity

  • Squiggly lines may be the future of password security

    As more people use smart phones or tablets to pay bills, make purchases, store personal information, and even control access to their houses, the need for robust password security has become more critical than ever. A new study shows that free-form gestures — sweeping fingers in shapes across the screen of a smart phone or tablet — can be used to unlock phones and grant access to apps. These gestures are less likely than traditional typed passwords or newer “connect-the-dots” grid exercises to be observed and reproduced by “shoulder surfers” who spy on users to gain unauthorized access.

  • Logging in securely without passwords

    Passwords are a common security measure to protect personal information, but they do not always prevent hackers from finding a way into devices. Researchers are working to perfect an easy-to-use, secure login protection that eliminates the need to use a password — known as zero-interaction authentication.

  • Adm. Michael Rogers: Businesses must “own” cybersecurity threats

    Cybersecurity threats are a vital issue for the nation, and like the Defense Department, businesses must own the problem to successfully carry out their missions, DOD’s top cybersecurity expert told a forum of businesspeople.

  • DARPA’s Cyber Grand Challenge aims to see fully automated network security systems developed

    There is an increasingly serious cybersecurity problem: the inadequacy of current network security systems, which require expert programmers to identify and repair system weaknesses — typically after attackers have taken advantage of those weaknesses to steal data or disrupt processes. Such disruptions pose greater risks than ever as more and more devices, including vehicles and homes, get networked in what has become known as “the Internet of things.” DARPA is addressing this problem, with teams from around the world starting a two-year track toward the world’s first tournament of fully automated network security systems. Computer security experts from academia, industry, and the larger security community have organized themselves into more than thirty teams to compete in DARPA’s Cyber Grand Challenge — first-of-its-kind tournament designed to speed the development of automated security systems able to defend against cyberattacks as fast as they are launched.

  • TECHEXPO - Exclusive Security-Cleared Hiring Events - Register Now!
    view counter
  • Roots of Trust research focuses on protecting cyber physical systems

    “Roots of Trust” refers to a set of security functions in a device or system, which are implicitly trusted by the device’s operating system and applications, and which constitute the foundation for security. The Cyber Security Research Alliance (CSRA) the other day said it will prioritize research in Roots of Trust for cyber physical systems (CPS), to help address growing cyber security threats to public and private critical infrastructure.

  • Develop tool to make the Internet of Things safer

    There is a big push to create the so-called Internet of Things, where all devices are connected and communicate with one another. As a result, embedded systems — small computer systems built around microcontrollers — are becoming more common. They remain vulnerable, however, to security breaches. Some examples of devices that may be hackable: medical devices, cars, cell phones and smart grid technology. Computer scientists have developed a tool that allows hardware designers and system builders to test security- a first for the field.

  • Is your iPhone at risk after the Oleg Pliss hack?

    iPhone users in Australia were greeted with an alarming message this week when they tried to use their devices. They were told that a hacker or group of hackers going by the name Oleg Pliss had taken control of their phone and will lock it permanently unless a $100 ransom is paid. It’s not yet clear whether the attack is likely to affect iPhone users outside Australia but even if it doesn’t, the attack has raised questions about the security of the iPhone. Apple products have a reputation for being more secure than others and this is the first major attack of its kind. iPhone is one of the most secure smartphones and that is still true. This attack is a very clever compromise but it does not actually hack into your phone. Instead, Oleg Pliss seems to have found a way of attacking the remote server that supports an iPhone user’s iCloud account.

  • Debating disclosures of cyber vulnerabilities

    Cybersecurity experts are debating whether the NSAand U.S. Cyber Commandshould keep cyber vulnerabilities secret, or disclose and fix them. Not disclosing and fixing cyber vulnerabilities means that, when necessary, such vulnerabilities may be used as weapons in offensive information warfare. Disclosing and fixing such vulnerabilities would diminish the effective of U.S. offensive cyber operations, but the effectiveness of an adversary’s offensive cyber operations would be similarly diminished.

  • Future cyberattacks to cause more trouble than Heartbleed

    Many of the future cyberattacks could take advantage of vulnerabilities similar to Heartbleed, a major Internet security flaw which allows attackers to gain access to encrypted passwords, credit card details, and other data on trusted Web sites including Facebook, Gmail, Instagram, and Pinterest. A new report said that hackers could soon use similar holes in computer security to shut down energy grids, disrupt public services, and steal vast amounts of private data worth billions of dollars, unless institutions take measures today to ready themselves against future Heartbleed-like threats.

  • Testing distributed computing to protect against cyberattacks on power grids

    The power grid is complicated, divided up into sections that cover everything from a single municipal area (like New York City) to large regions (like the entire state of California). Each of these sections is controlled by a single control center. If that control center stops functioning, because of a cyberattack or for any other reason, it is no longer capable of monitoring and maintaining the grid, resulting in severe instabilities in the system. The SmartAmerica Challenge, which kicked off in late 2013 to highlight U.S. research in the field of cyberphysical systems, aims to address power grid security concerns.

  • Snowden revelations spur a surge in encrypted e-mail services

    The Edward Snowden revelations about National Security Agency(N.S.A) surveillance programs have fueled a surge of new e-mail encryption services. “A lot of people were upset with those revelations, and that coalesced into this effort,” said the co-developer of a new encrypted e-mail service which launched last Friday. The company notes that its servers are based in Switzerland, making it more difficult for U.S. law enforcement to reach them.

  • Researchers crack supposedly impregnable encryption algorithm in two hours

    Without cryptography, no one would dare to type their credit card number on the Internet. Security systems developed to protect the communication privacy between the seller and the buyer are the prime targets for hackers of all kinds, hence making it necessary for encryption algorithms to be regularly strengthened. A protocol based on “discrete logarithms,” deemed as one of the candidates for the Internet’s future security systems, was decrypted by École polytechnique fédérale de Lausann (EPFL) researchers. Allegedly tamper-proof, it could only stand up to the school machines’ decryption attempts for two hours.

  • NIST seeking comments on revisions to ICS security guide

    The National Institute of Standards and Technology (NIST) has issued for public review and comment a proposed major update to its Guide to Industrial Control Systems (ICS) Security. The NIST guide, downloaded more than 2.5 million times since its initial release in 2006, advises on how to reduce the vulnerability of computer-controlled industrial systems used by industrial plants, public utilities and other major infrastructure operations to malicious attacks, equipment failures, errors, inadequate malware protection and other software-related threats.

  • New algorithm revolutionizes cryptography

    Researchers have solved one aspect of the discrete logarithm problem. This is considered to be one of the “holy grails” of algorithmic number theory, on which the security of many cryptographic systems used today is based. They have devised a new algorithm which calls into question the security of one variant of this problem, which has been closely studied since 1976.

  • Cybersecurity bill not likely before a crisis proves its necessity

    A recent simulation, with 350 participants from congressional staffs, the cybersecurity sector, and the U.S. military, examined whether or not Congress was capable of passing a comprehensive cybersecurity legislation to protect the country’s critical infrastructure from debilitating cyberattacks. The simulation participants concluded that Congress is not likely to act unless there is a major cyber crisis, and that until such crisis occurs, smaller measures, such as the president’s voluntary cybersecurity framework, are the best that can be hoped for.