• DHS slowly moving government's Internet traffic to secure networks

    It will take several more years for the U.S. government fully to install high-tech systems to block computer intrusions, a drawn-out timeline that enables criminals to become more adept at stealing sensitive data, experts say; DHS is responsible for securing government systems other than military sites, and the department is slowly moving all the government’s Internet and e-mail traffic into secure networks — known as Einstein 2 and Einstein 3 — which eventually will be guarded by intrusion detection and prevention programs

  • WikiLeaks episode demonstrates insider security threat

    Even the toughest security systems sometimes have a soft center that can be exploited by someone who has passed rigorous screening; the U.S. Defense Department’s Secret Internet Protocol Router Network (SIPRNet), a system of dedicated and encrypted lines and servers set up by the Pentagon in the 1990s globally to transmit material up to and including “secret,” the government’s second-highest level of classified information; in 1993, GAO report estimated more than three million U.S. military and civilian personnel had the clearance to access SIPRNet

  • Defeating detector blinding attacks on quantum cryptography

    Quantum cryptography is a method to distribute digital encryption keys across an optical fiber; the protocol has been proven to be perfectly secure from eavesdropping; any differences between the theoretical protocol and its real-world implementation, however, can be exploited to compromise the security of specific systems; one form of attack on quantum cryptography is called a detector blinding attack — but Toshiba researchers show how such attacks can be rendered ineffective

  • Second round of CyberPatriot competition sees 80 teams advance

    CyberPatriot, an education initiative produced by AFA to inspire students to consider science, technology, engineering, and mathematics fields in their studies, completed a second round of competition; nearly 400 teams registered in the All-Service Division, and approximately 80 teams scored high enough to compete again come 4 December; teams raced against time and their opponents quickly to find and effectively correct vulnerabilities in a virtual network

  • Fujitsu develops inter-cloud data security technology

    With the advent of cloud computing, the boundary separating internal and external data has become increasingly blurred due to the utilization of external services; as a result, existing methods of preventing data leakage, such as only using a gateway to block the outflow of confidential data, have become insufficient, and there is increased demand for new security technology to allow the safe use of confidential data even in the cloud; Fujitsu offers a new data leakage prevention technology in cloud computing environments

  • Briton gets 4-months jail for refusing to disclose password

    A 19-year old Briton used a 50-charcter password to protect child pornography files he kept in his computers; the court ordered him to reveal the password, but he refused and was sentenced to sixteen weeks imprisonment

  • Impact of cyberattack on U.S. could be "an order of magnitude surpassing" 9/11

    Former director of national intelligence and director of the National Security Agency Mike McConnell and Bush administration Homeland Security Adviser Fran Townsend say the United States is unprepared for a cyberattack and must overhaul its defenses; they said a large-scale cyberattack against the United States could impact the global economy “an order of magnitude surpassing” the attacks of 9/11; McConnell: “The warnings are over; it could happen tomorrow”

  • Faster cybersecurity with merging of two protocols

    Combination of unrelated protocols — a suite of automated network access control standards from the Trusted Computing Group and the government’s Security Content Automation Protocols (SCAP) — now being tested in South Carolina to enable automated policy enforcement on networks; the two standards offer a complementary set of capabilities, each valuable in its own right but much more powerful when combined

  • ITU chief supports governments' need to access BlackBerry communications

    In an interview with AP, ITU head Hamadoun Toure said RIM should provide law enforcement access to customer data; Toure characterized the governments’ needs as “genuine” concerns that cannot be ignored

  • India gives BlackBerry reprieve, saying Google, Skype are next

    BlackBerry users in India have received a 60-day reprieve: RIM has offered the Indian government a solution to interception issue (the Indian government wants to have the ability to intercept BlackBerry communications), and the government says it will examine the offer during the next two months; the government also said that services offered by Google and Skype are next, but unlike BlackBerry, Skype and Google Talk are both encrypted end-to-end, so intercepting communications is extremely difficult

  • U.S. intensifies campaign to train, hire, retain cybersecurity professionals

    The cyber threats to both government and public network intensify, and the U.S. federal agencies must find ways to attract qualified workers and develop new skills internally; NIST’s Dr. Ernest McDuffie: “We’ve got a problem of where the next generation of engineers are going to come from— Awareness, education, workforce, and training all have to come together”

  • RIM proposes industry encryption forum to demands for access to e-mail, messages

    RIM has proposed that an industry forum be established to help governments manage lawful intercept, in the hope of forestalling India’s threatened ban, due this coming Wednesday; the proposed body would be led by RIM, but the company is hoping that others companies threatened by bans — Google, Skype, and others — will join in

  • Intel wants security built directly into silicon

    A consensus is emerging that the main reason for Intel’s acquisition of McAfee is that Intel wants to build directly into its hardware the kind of security features more traditionally provided by software like McAfee’s

  • Technological challenges to Intel's embedded security approach

    Embedding security in silicon faces many challenges, among them: how much can be placed into a chip, and the fact that patching hardware or firmware is when a security vulnerability is discovered, is much harder than patching software

  • Intel acquires McAfee for $7.68 billion

    Intel says security is now a fundamental component of online computing, but today’s approach to security is not adequate for the growing availability of Internet connections on mobile phones, medical devices, ATMs, automobiles, and elsewhere; the industry needs a new approach that combines software, hardware, and services to meet tomorrow’s needs