• Internet IPv4 addresses completely exhausted

    Last week the final blocks of IPv4 addresses were allocated, officially signaling the end of Web space on IPv4 networks; the moment is significant as all new Internet ready devices must now be deployed using IPv6 networks, the upgrade to IPv4; IPv6 offers greater security, higher performance, and can support nearly an infinite number of devices; China is rapidly pushing ahead with IPv6 in the hopes that it can wield more clout over the new Internet space as the United States currently enjoys with IPv4; China has deployed IPv6 capabilities at more than double the rate of the United States

  • Android Trojan captures credit card details

    A team of security researchers has created a proof-of-concept Trojan for Android handsets that is capable of listening out for credit card numbers — typed or spoken — and relaying them back to the application’s creator

  • view counter
  • More than half of iPhone apps track users

    A recent study found that more than half of all iPhone apps could track users and collect data without an individual’s knowledge; researchers analyzed more than 1,400 iPhone apps to determine how they handle sensitive data; more than half collect an individual’s unique device ID or track a user’s location, and when combined with links to a Facebook account the app could gain a lot of sensitive data; researchers found that thirty six apps blatantly violated privacy rights by accessing an individual’s location without informing the user, while another five went so far as to take data from the user’s address book without first seeking permission

  • Egypt's Internet blackout revives U.S. "kill switch" debate

    Egypt’s five-day shutdown of the Internet has revived debate in the United States over how much authority the U.S. president should have over the Web in the event of a crisis; a bill pending before Congress would give the president the authority to shut down parts of the Internet in the event of a national security crisis such as a sustained enemy cyberattack on the U.S. national grid or financial systems; critics say this is a threat to civil liberties; “It’s not an Internet kill switch,” says one cyber expert; “But you can think about isolating certain domains or certain enterprises; say a big power company gets infected— You say to them, ‘Disconnect yourself before you infect other power companies’; It’s like an avian flu quarantine for the Internet”

  • DARPA working on major cyber security break through

    The DOD’s advanced research arm, DARPA, is currently working on two programs that could radically change cyber security; one program, CRASH, is based on the human immune system and will make it less likely that computers will spread cyber infections to other networks; DAPRA is also working on another program, PROCEED, which will allow programmers to work directly with encrypted data without having to decrypt it first; both are highly experimental and may not succeed, but researchers have high hopes

  • Critical cyber vulnerabilities found in financial system

    A recent report found critical weaknesses in automated high-frequency trading systems that hackers could exploit to make money or simply wreak havoc on the financial system; cPacket Networks fears that hackers could use what it calls a “side channel attack” stealthily to manipulate financial data as it is received by these high-frequency trading program; many analysts believe that the “flash crash” in May 2010, when the Dow dropped nearly a thousand points in several minutes, was unintentionally caused by high-frequency trading systems; cPacket is working with financial institutions to optimize their high-frequency trading systems to detect these manipulations

  • Stuxnet may turn Bushehr into a new Chernobyl

    The destructive Stuxnet virus infected some 45,000 industrial control computers and servers in Iran; it destroyed more than 20 percent of Iran’s centrifuges, and, on 16 November, forced Iran to shut down uranium enrichment operations; it also infected the control system of the Bushehr reactor; Stuxnet is a sophisticated virus: while doing its destructive work, it makes sure that control computers continue to display “normal” operational information; one Russian expert described how engineers at Bushehr “saw on their screens that the systems were functioning normally, when in fact they were running out of control”; a new intelligence report says that with control systems disabled by the virus, an accident in the reactor is likely — an accident which would have the force of a “small nuclear bomb”

  • Western analysts, Israel: Egyptian regime will weather the storm

    Israeli and western analysts agree Egyptian regime will remain as popular uprising gains strength while government clamps down on protesters; little to no concern of Muslim Brotherhood takeover: government shuts down Internet access, cellular service, and other personal communications in an effort to contain the rebellion as turmoil spreads across Egypt; journalists under assault; former IAEA chief El-Barradai under house arrest; ruling party headquarters set ablaze

  • Enabling PC operating systems to survive attacks

    In certain computer security attacks, an outside party compromises one computer application (such as a Web browser) and then uses that application to submit a “system call” to the operating system, effectively asking the operating system to perform a specific function; instead of a routine function, however, the attacker uses the system call to attempt to gain control of the operating system; North Carolina State University researchers offer a solution

  • Stuxnet heralds age of cyber weapons, virtual arms race

    Mounting evidence indicates that Stuxnet was created by the United States and Israel to target Iran’s nuclear program; analysts call this the first use of a specially designed cyber weapon and fear the beginning of a cyber weapons arms race; one analyst hopes that a doctrine of mutually assured destruction will limit the use of these devastating weapons in the future; current trends and other analysts indicate that cyber space will continue to be militarized

  • NATO networks vulnerable to cyber threat: U.S.

    U.S. says NATO’s military networks are not fully protected against cyber threats and the alliance must make good on a pledge to erect a virtual wall by 2012; U.S. Deputy Defence Secretary William Lynn warned at the end of a two-day visit to Brussels that the cyber threat was “maturing” from an espionage and disruption tool to a destructive force against vital infrastructure

  • Bill giving president power over Internet in cyber emergency to return

    A controversial bill handing President Obama power over privately owned computer systems during a “national cyberemergency,” and prohibiting any review by the court system, will return this year; the bill which emerged from a Senate committee on 15 December 2010, is more restrictive in three respects than the original bill, made public June 2010: The revised version sayis that the federal government’s designation of vital Internet or other computer systems “shall not be subject to judicial review”; another addition expanded the definition of critical infrastructure to include “provider of information technology”; a third authorized the submission of “classified” reports on security vulnerabilities

  • Australia unprepared for cyber attacks

    The head of cyber security at BAE Systems Australia is calling for expanded training for cyber security experts in Australia; he believes that there is a lack of proper training and there must be greater cooperation between the government and the private sector; a government report finds that the Australian government is underprepared for cyber security threats; in February 2010 hackers brought down the government’s main site and the parliament’s homepage for two days

  • Brivo: using the Internet to control, secure devices

    Cloud computing offers efficiency and economy — but the Achilles Heel of the technology is security; Brivo uses software as a service (SaaS)-based physical access control systems (PACS) to leverage the power and versatility of the Internet to provide real-time device control for organizations that need to protect buildings and facilities

  • GAO finds critical shortfalls in cyber security guidelines for smart grid

    The GAO issued a report that found critical shortfalls in the proposed guidelines for modernizing the smart grid; the proposed guidelines, released by NIST and the FERC, contained several shortcomings that would leave the nation’s security grid vulnerable to cyber attack; “missing pieces” in the guideline include a lack of metrics to evaluate cyber security, no enforcement mechanisms, and no coordination of disjointed oversight bodies; NIST and FERC agreed with the findings and is moving to address them in their next set of guidelines