• Weak passwords get robust protection

    The combination of simple codes and Captchas, which are even more encrypted using a chaotic process, produces effective password protection; the passwords of the future could become more secure and, at the same time, simpler to use; researchers have been inspired by the physics of critical phenomena in their effort significantly to improve password protection; the researchers split a password into two sections; with the first, easy to memorize section they encrypt a Captcha — an image that computer programs per se have difficulty in deciphering; the researchers also make it more difficult for computers, the task of which it is automatically to crack passwords, to read the passwords without authorization; they use images of a simulated physical system, which they additionally make unrecognizable with a chaotic process; these p-Captchas allowed the researchers to achieve a high level of password protection, even though the user need only remember a weak password

  • Firm pushes for open wireless sensor data

    As wireless sensors are becoming increasingly ubiquitous in electrical grids, homes, and businesses, electronic enthusiasts and programmers believe that this data could be used to create a host of new devices with practical uses; making sensor data freely available allows engineers to build software and apps that monitor data in real time for things like local radiation levels, water quality, or even your home’s energy consumption; leading the push for open sensor data is U.K. based Pachube (pronounced “patchbay”) which has developed a network of sensors that collect six million points of data per day; the majority of sensor information is currently encrypted and therefore inaccessible

  • view counter
  • Siemens, McAfee team up to defend against critical infrastructure attacks

    McAfee and Siemens will work together to help secure critical infrastructure against cyber attacks that target industrial control processes like the Stuxnet worm which destroyed nuclear centrifuges at an Iranian nuclear enrichment facility; the two companies are targeting Advanced Persistent Threats aimed at the manufacturing and process industry; this new security product could help ease security fears for critical infrastructure operators who rely on industrial control programs for nearly every automated process; McAfee says it’s Application Control system product would have protected Iran’s centrifuges from the Stuxnet virus that caused them to spin out of control

  • Russian bloggers fall victim to cyber attacks

    Earlier this month LiveJournal, a major Russian blogging site, was the victim of a large cyber attack; bloggers believe that it was a move meant to silence political dissent in advance of the country’s elections; the site was brought down by a distributed denial of service (DDos) attack; SUP, the owners of LiveJournal, said that the recent attacks were the worst in its company’s history and unprecedented in that it targeted the entire website rather than individual blogs; the majority of Russia’s opposition leaders and political activists maintain blogs on LiveJournal that they use as platforms to gain support and spread their message

  • Joint EU and U.S. cyber security exercise to be held this year

    The United States and the European Union (EU) recently announced that they will hold joint cyber war exercises by the end of 2011; the exercise comes as part of a broader agreement to expand efforts to jointly defend against cyber security threats; the two sides agreed to share best practices, engage the private sector, and increase global cyber incident response capabilities; in particular, the agreement will focus on fighting botnets, securing industrial control systems, and enhancing the resilience and stability of the internet

  • Iran admits Stuxnet's damage

    A senior Iranian official admitted that the Stuxnet malware, which infected tens of thousands of computers and servers used in Iran’s nuclear weapons complex inflicted serious damage on Iran’s nuclear program, including large-scale accidents and loss of life

  • Chips may sabotage hi-tech weapons

    Countries producing sophisticated weapon systems do not want these systems to fall into the wrong hands; one idea is to plant a chip in these weapons which would allow the country that supplied them to destroy or disable them remotely; already there are worries that with chip manufacturing moving outside the United States, foreign powers may bribe or coerce chip manufacturers into planting “backdoor” circuits in chips these manufacturers sell American defense contractors

  • Call for creating a U.S. cybersecurity emergency response capability

    Lawmakers call for the creation of a cybersecurity emergency response capability to help businesses under major cyber attacks; “Who do you call if your CIO is overwhelmed, if you’re a local bank or utility?” Senator Sheldon Whitehouse (D-Rhode Island) asked; “How can we preposition defenses for our critical infrastructure, since these attacks come at the speed of light?”

  • Demand for gov. cybersecurity specialists outstrips supply

    The demand for IT personnel continues to grow, but there has been a subtle shift with regard to the qualifications most sought after; new studies found that professionals with the right IT skills and an active government security clearance earned 12 percent more than non-cleared personnel; in the Washington, D.C., area, the pay bump is 20 percent

  • Senator seeks to end wasteful government cybersecurity spending

    Senator Tom Carper (D – Delaware) is actively seeking ways to end wasteful government cybersecurity spending; Carper believes that the government can spend its money more efficiently on IT security; he believes that too many government programs are expensive, inefficient, and do not actually secure government networks; Carper was careful to note that he was not advocating for budget cuts, but rather more efficient spending; Carper has proposed mandating that all agencies only purchase technology that is preconfigured with encryption or other security measures; he is currently working with Senators Joseph Lieberman (I-Connecticut) and Susan Collins (R-Maine) on the Cybersecurity and Internet Freedom Act of 2011, which contains many of his proposals

  • Keeping digital data safe

    The recent Epsilon data leak incident was serious, as it exposed a large number of people to an attack called “spear phishing,” in which an attacker targets specific users or organizations with attempts to steal personal information; this incident could have been much worse: many third-party organizations have aggregated large amounts of our personal information in one place, making us increasingly vulnerable to the type of attack we saw with Epsilon — and attack in which a single breach can result in the compromise of a large amount of user data

  • Internet threat landscape offers a grim picture

    A new Symantec report paints a grim picture of the Internet threat landscape; Symantec detected more than three billion malware attacks from 286 million malware variants in 2010 — up 93 percent on 2009; 49 percent of malicious sites found through Web searches were pornographic; in 2010, 6,253 software vulnerabilities were reported, higher than in any previous year; fourteen vulnerabilities were used in zero-day attacks, including four different Windows zero-days used in the Stuxnet attack; the bad guys also demonstrated a firm grasp of new technology: social networking sites are a huge target, and hackers are exploiting the boom in URL shortening services such as bit.ly; smartphones are also beginning to attract malware

  • RSA explains how hackers stole critical SecurID data

    Cyber security giant RSA detailed how hackers recently infiltrated its systems and stole critical data related to its SecurID two factor authentication products which are used by the Department of Defense, major banks, and other government agencies around the world; hackers used a “spear-phishing attack,” fake emails containing malicious code, to first gain access to its networks; once inside the network, hackers were able to target high-level RSA employees with access to sensitive information and copy their data; experts warn that these types of attacks primarily exploit people, so educating employees to not open these types emails that may contain malicious code is critical

  • U.S. industrial processes vulnerable to Stuxnet-like attack

    Cyber security experts recently warned that U.S. manufacturing plants and critical infrastructure were vulnerable to a Stuxnet-like attack; industrial plants, transportation systems, electrical grids, and even nuclear plants could be crippled by new cyber weapons that target specialized control core processes; concern has spread after the Stuxnet virus targeted these systems and created physical damage; experts have likened Stuxnet to “the arrival of an F-35 into a World War I battlefield”

  • OMB reports on 2010 cybersecurity attacks

    A new report on U.S. government cybersecurity says that in 2010 there were 41,776 reported cyber incidents of malicious intent in the federal network in 2010 out of a total 107,439 reported to the United States Computer Emergency Readiness Team;the number represented a 39 percent increase over 2009, when 30,000 incidents were reported by the feds of 108,710 attacks overall