• Move to IPv6 may create a "security nightmare"

    IPv6, the Internet’s next-generation addressing scheme is so radically different from the current one that its adoption is likely to cause severe security headaches for those who adopt it; the radical overhaul still is not ready for prime time — in large part because IT professionals have not worked out a large number of security threats facing those who rely on it to route traffic over the net

  • Software vendors will be forced to fix vulnerabilities under deadline

    Software vendors tend to take their time fixing security vulnerabilities discovered in their products; Zero Day Initiative, which serves as a broker between security researchers who find flaws and software companies who need to fix them, says there are 122 outstanding vulnerabilities that have been reported to vendors and which have not been patched yet; the oldest on the list was reported to IBM in May 2007 and more than thirty of the outstanding vulnerabilities are older than a year; Zero Day Initiative has just announced a new policy: vendors will now have six months to fix vulnerabilities, after which time the Zero Day Initiative will release limited details on the vulnerability, along with mitigation information so organizations and consumers who are at risk from the hole can protect themselves

  • view counter
  • Criminals, spies dominate cyber world, with little to deter them

    White House cyber security coordinator Howard Schmidt says the U.S. economy essentially rests on safe Internet facilities; last year saw $10 trillion in online business, a figure forecast to hit $24 trillion in another decade, he noted; yet, incredibly, the business world has yet to grasp the threat that online thieves and vandals pose; almost half of small businesses don’t use antivirus software and even fewer use it properly, Schmidt warned

  • Worry: Hackers can take over power plants

    In many cases, operating systems at power plants and other critical infrastructure are decades old; sometimes they are not completely separated from other computer networks used by companies to run administrative systems or even access the Internet; those links between the administrative networks and the control systems provide gateways for hackers to insert malicious codes, viruses, or worms into the programs that operate the plants

  • INL's International Symposium on Resilient Control Systems (ISRCS)

    Idaho National Laboratory is helping generate innovative research and codify resilience in next-generation control system designs by hosting the 3rd International Symposium on Resilient Control Systems in Idaho Falls 10-12 August; INL says it sponsors the symposium to support a multidisciplinary approach to the complex nature of control system interdependencies that ensure safe and secure operation of critical components of the U.S. infrastructure including electrical grids, water supplies, and transportation

  • Commerce Department seeks comments on cybersecurity and its impact on innovation

    The U.S. Commerce Department seeks comments from all stakeholders, including the commercial, academic and civil society sectors, on measures to improve cyber security while sustaining innovation; the department says that the Internet has become vitally important to U.S. innovation, prosperity, education, civic activity, and cultural life as well as aspects of America’s national security, and that a top priority of the department is to ensure that the Internet remains an open and trusted infrastructure, both for commercial entities and individuals

  • As demand for cybersecurity professionals grows, shortages are felt

    Federal agencies, contractors, and tech companies compete with each other for cyber security work force; measuring the size of the cyber security sector is difficult, but surveys show demand for technical expertise is skyrocketing; the number of jobs posted on ClearanceJobs.com by companies and recruiters looking for professionals with active federal security clearances has jumped 11 percent to 6,100 openings this year from fewer than 5,500 in the same time period last year; Maryland wants to become U.S. cybersecurity capital

  • Indonesia joins countries mulling BlackBerry ban to fight terror

    Indonesia considers joining a growing list of countries, including India, Saudi Arabia and the UAE in banning BlackBerry devices; Research in Motion is receiving increasing pressure to allow government access to data generated by the hand-held devices

  • Smart Grid offers target-rich opportunities for hackers

    SCADA systems are vulnerable to hacking, but the smart grid is even more vulnerable; security experts at the Black Hat conference in Las Vegas last week warned that the accelerated deployment of smart-grid technology could leave critical infrastructure and private homes vulnerable to hackers; hacking may come in a benign form — customers might simply figure out how to lower their electricity bills by manipulating how much energy their meters say they are using; hacking may also have more sinister aspects: large-scale attacks may also be possible, and the smart grid’s serious vulnerabilities make it possible to shut down the power supply to an entire city

  • New identity theft scheme: stealing kids' Social Security numbers

    The latest identity theft scheme: stealing kids’ Social Security numbers years before these kids grow up to use these numbers; the scheme allows people to establish phony credit and run up huge debts — debts that the kids may never be able to pay off

  • U.S. "cyber flank" exposed

    Former head of the CIA and the NSA warns the U.S.“cyber flank” was exposed and it was losing clout to influence rules of war on the Internet; “Our flank is totally exposed,” Michael Hayden said at the Black Hat computer security gathering in Las Vegas, comparing the U.S. tactical position on the Internet to a battle of land troops; “If tomorrow they show up on that flank they are going to roll down.”; the retired general said he was in “absolute awe and wonderment” at the Chinese cyber espionage campaign but that they were certainly not the only nation doing it; he faulted an Internet built on the premise of quickly and freely sharing information for creating an open landscape that gives attackers an edge over defenders

  • Hacker built, and demonstrated, a $1,500 cell-phone tapping device

    Security researcher demonstrated a device, which he built for just $1,500, which can intercept some kinds of cell phone calls and record everything that is said; the attack illustrates weaknesses in GSM, one of the world’s most widely used cellular communications technologies

  • First Cyber Security Challenge winner announced

    The United Kingdom suffers from a dearth of cybersecurity experts; several private and public organizations have launched the Cyber Security Challenge competition — a series of challenges and games that would test the talent and skills of people; the challenges is built around eight key skill areas which include digital forensics, network analysis, and logical thinking

  • ATMs easily compromised by hacker at Black Hat

    A disturbingly high percentage of the world’s automated teller machines (ATMs) are vulnerable to physical and remote attacks that can steal administrative passwords and personal identification numbers, to say nothing of cash