• Are your phones really secure?

    Breakthroughs in technology have enabled malicious actors to listen in on any conversation using your phone even when not in use; eavesdroppers have circumvented encrypted audio channels by relying on a relatively simple principle in physics — resonance; by tapping into an object’s natural resonance, spies have turned phones and phone cables into listening devices even when they are not in use; researchers at Teo, a manufacturer of secure telecommunications equipment, were able to capture human voices using standard phones, unplugged Ethernet cables, or even a rock; to address this security gap, Teo has designed its IP TSG-6 phones with special vibration dampening circuitry and materials that render them impervious to these types of listening devices

  • Android apps send private data in the clear

    Cell phones running the Android operating system fail to encrypt data sent to and from Facebook and Google Calendar, shortcomings that could jeopardize hundreds of millions of users’ privacy; Facebook’s recently unveiled always-on SSL encryption setting to prevent snooping over insecure networks — but the encryption is no good, meaning that all private messages, photo uploads, and other transactions are visible to eavesdroppers

  • U.K. rethinking cyber security

    U.K. cyber crime could cost more than 27 billion Pounds a year; the estimate of 21 billion Pounds to businesses, 2.2 billion Pounds to government, and 3.1 billion Pounds to citizens may be an under-estimation due to a possible lack of reporting for fear of reputational damage; the hardest-hit sectors being pharmaceuticals, biotech, electronics, IT, and chemicals

  • IT organization surveys potential insider-threats

    Employees are being overloaded with passwords; 10 percent of IT professionals are still able to access accounts from a prior job; 52 percent of employees admit that they have shared their work log-ins and passwords with other co-workers, and vice versa

  • Hackers steal data from oil giants worth millions

    McAfee Inc. recently announced that hackers have stolen data worth millions from five major multinational oil and gas companies; in the attacks, dubbed “Night Dragon,” hackers stole company secrets like bidding contracts, oil exploration data, proprietary industrial processes, and sensitive financial documents; analysts determined that hackers initially began infiltrating company networks in November 2009 using relatively simple methods; the information that the cyber thieves took was “tremendously sensitive and would be worth a huge amount of money to competitors”; the methods of execution and circumstantial evidence implicate China

  • Hackers release Stuxnet's decompiled code online

    The Stuxnet worm was a cybermissile designed to penetrate advanced security systems; it was equipped with a warhead that targeted and took over the controls of the centrifuge systems at Iran’s uranium processing center in Natanz, and it had a second warhead that targeted the massive turbine at the nuclear reactor in Bushehr; security experts say it is the most sophisticated cyberweapon ever designed; now, a group of anonymous “hacktivists” hacked the computers of a U.S. security company and stole a decrypted version — the decompiled code — of the malware, and put it on the Web; security experts are anxious: “There is the real potential that others will build on what is being released,” says one; this will not lead to an immediate threat, but it could lead to something soon, he added; “Weeks wouldn’t surprise me”

  • Cyberweapon could cause Internet doomsday

    Researchers show that an attack by a large botnet — a network of computers infected with software that allows them to be externally controlled — could take down the Internet; the researchers reckon that 250,000 such machines would be enough to do the job; a sustained 20-minute attack by the 250,000-strong army — they will be sending waves of border gateway protocol (BGP) updates to every router in the world — would overwhelm the net, bringing Web servers down by overloading them with traffic

  • Cell phones are hackers' target of choice

    In its fourth quarter threat report, McAfee announced that hackers have increasingly turned their attention to smart phones; in 2010 there was a 56 percent increase in malware targeting cell phones; hackers most frequently used Adobe products like PDFs and Flash to embed pernicious code; Google’s Android smart phone operating system was also a target of choice; the report noted that spam levels were down 62 percent, while politically motivated hacking was on the rise

  • Cybersecurity named one of top five global threats

    World leaders at the World Economic Forum in Davos named cyber security as one of the top five global risks in its 2011 report; the report identifies four key areas that pose global risks: cyber theft, cyber espionage, cyber war, and cyber terrorism; observers worry that the Stuxnet virus, which damaged Iran’s nuclear centrifuges, may have sparked a cyber arms race and are particularly concerned about the lack of established international norms surrounding these weapons; the report fears that cyber attacks on nations could lead to conventional attacks

  • Android Trojan captures credit card details

    A team of security researchers has created a proof-of-concept Trojan for Android handsets that is capable of listening out for credit card numbers — typed or spoken — and relaying them back to the application’s creator

  • More than half of iPhone apps track users

    A recent study found that more than half of all iPhone apps could track users and collect data without an individual’s knowledge; researchers analyzed more than 1,400 iPhone apps to determine how they handle sensitive data; more than half collect an individual’s unique device ID or track a user’s location, and when combined with links to a Facebook account the app could gain a lot of sensitive data; researchers found that thirty six apps blatantly violated privacy rights by accessing an individual’s location without informing the user, while another five went so far as to take data from the user’s address book without first seeking permission

  • Enabling PC operating systems to survive attacks

    In certain computer security attacks, an outside party compromises one computer application (such as a Web browser) and then uses that application to submit a “system call” to the operating system, effectively asking the operating system to perform a specific function; instead of a routine function, however, the attacker uses the system call to attempt to gain control of the operating system; North Carolina State University researchers offer a solution

  • Cyber Security Challenge finalists shortlisted

    The nation-wide U.K. Cyber Security Challenge held the first round of competition over the weekend, with two teams making it through to the finals; the industry-sponsored Challenge aims to entice young people into choosing cyber security as a career and to find great IT talent that could be put to use for defending U.K.’s cyber infrastructure

  • Fears of cyberwar exaggerated: report

    New report says that analysis of cyber-security issues has been weakened by the lack of agreement on terminology and the use of exaggerated language; the report says online attacks are unlikely ever to have global significance on the scale of, say, a disease pandemic or a run on the banks; the authors say, though, that “localized misery and loss” could be caused by a successful attack on the Internet’s routing structure, which governments must ensure are defended with investment in cyber-security training

  • Android phones more vulnerable to cyber attacks than Apple iPhone

    Android smart phones are more susceptible to hacking and viruses than Apple’s iPhone; the Android operating system is open source, allowing hackers to understand the underlying code; Apple iPhone may have a safer operating system, but it is not impervious to attacks; McAfee warns that 2011 will see hackers increasingly target mobile devices like Android phones, iPads, and iPhones