• Collegiate cyber defense competition advances to regional finals

    Seven members of the University of Maine Cyber Defense Team will compete at the annual Northeast Collegiate Cyber Defense Competition at the University of New Hampshire in March. The team was one of nine out of a pool of fourteen schools that qualified for the regional competition. The competition simulates security operations for a small company. Teams must quickly familiarize themselves with network systems and software before beginning to defend against attacks while also providing customer service to users.

  • Latest cybersecurity threat: WiFi virus

    Researchers have shown for the first time that WiFi networks can be infected with a virus that can move through densely populated areas as efficiently as the common cold spreads between humans. The team designed and simulated an attack by a virus and found that not only could it spread quickly between homes and businesses, but it was able to avoid detection and identify the points at which WiFi access is least protected by encryption and passwords.

  • NIST seeking comments on its cryptographic standards process

    As part of a review of its cryptographic standards development process, NIST said it was seeking public comment on a new draft document that describes how the agency develops those standards. In November 2013, NIST announced it would review its cryptographic standards development process after concerns were raised about the security of a cryptographic algorithm in NIST Special Publication 800-90 (2006) an its updated version, 800-90A (2007).

  • Facebook-WhatsApp deal raises security concerns

    Facebook’s acquisition of WhatsApp made headlines for its sheer size — $4 billion in cash and $15 in Facebook stock, for a total of about $19 billion – but security experts are worried about the security aspects of the deal. Even security specialists advising WhatApp’s customers not to panic about the deal, use language which is not exactly reassuring. Serge Malenkovich of Kaspersky Labs says: “There are no new [emphasis in original] reasons to worry about messaging privacy. Honestly speaking, WhatsApp was never meant to be a true confidential messaging tool; there were even multiple breaches in the past, including some attacks, which make eavesdropping possible.”

  • Cloud security specialist Apprity announces $8 million Series A round

    Santa Clara, California-based Apprity, a stealth Cloud Security company, the other day announced an $8 million Series A round of venture capital funding. The company notes that more and more business processes and applications are being transitioned to the cloud, but that the promise of Cloud and SaaS applications, combined with trends of Mobility, Bring-your-own-Device (BYOD), and the Internet-of-Things (IoT) is constrained by multiplying cyber threats. While security vendors typically focus on providing solutions for securing the perimeter, Apprity says it focuses on the need for a modern approach to Cloud security, and is developing patent-pending technology to address today’s complex business requirements.

  • QR codes threaten Internet security

    Internet security experts have raised concerns about the growing use of Quick Response codes, also known as QR codes. Because the codes can only be read by a machine, such as a smart phone, it is difficult for people to determine what they are about to download. The codes, which are often used in marketing campaigns, could also be used to subscribe people to unwanted services, such as premium SMS.

  • Anonymous messaging apps grow in popularity

    The recent surge in anonymous and ephemeral messaging apps like Backchat, Whipsper, Snapchat, Secret, and Ask.fm is a response to a growing demand for social media networks which allow users to interact without revealing their identify for fear of retribution or long-term stains on their personal records.

  • Skeptics doubt voluntary Cybersecurity Framework will achieve its goal

    The Framework for Improving Critical Infrastructure Cybersecurity, developedby NIST following Executive Order 13636to promote cybersecurity, has been received with both support and skepticism from critical infrastructure industries. The 41-page document, put together by industry and government experts, offers guidelines on cybersecurity standards and best practices to critical infrastructure firms. It says its role is to be a complement to industries’ existing risk management practices.Skepticssay that without incentives, legislation, or enforcement, the guidelines will not be adopted.”The marketplace will punish any company that implements anything that could be considered excessive security, because it will increase their costs,” says an industry insider.

  • Snowden stole co-worker’s password to gain access to secret databanks: NSA

    One reason National Security Agency (NSA) former analyst Edward Snowden was able to gain such broad access to a wide variety of agency’s secret documents was that he copied a password from a co-worker who has since resigned. After Snowden was denied access to NSANet, the agency’s computer network which connects into many of the agency’s classified databases, he persuaded a co-worker, an NSA civilian employee, to use his – the co-worker’s — Public Key Infrastructure (PKI) certificate to gain access. The NSA told Congress Snowden used what the agency describes as “digital deception”: the civilian NSA employee entered his password on Snowden’s computer, not realizing that Snowden was able to capture the password, allowing him even greater access to classified information. Once he gained access to NSANet, Snowden released a “Web crawler” inside the system. The crawler automatically indexed the NSANet, and using the passwords Snowden held – one his, one or more those of co-workers – copied every document in its path.

  • Israeli defense company launches cybersecurity solutions section

    In recent months the Israel Aerospace Industries (IAI) has increased its cyberdefense-related activities. Esti Peshin, director of the company’s cyber section and a veteran of the IDF’s hush-hush sigint Unit 8200, says IAI is now developing solutions for clients in Israel and abroad. “We’re a start-up, but with the backing of a company that earns $3.5 billion a year,” she said. Ultimately, she implied, these defensive measures can be turned into offensive capabilities. “Intelligence is a subset of attack,” Peshin said. “This is, first of all, a national mission.”

  • New cyber-attack model helps hackers time the next Stuxnet

    Taking the enemy by surprise is usually a good idea. Surprise can only be achieved if you get the timing right — timing which, researchers argue, can be calculated using a mathematical model, at least in the case of cyber-wars. The researchers say that based on the stakes of the outcome, a cyberweapon must be used soon (if stakes are constant) or later (if the stakes are uneven). In other words, when the gain from a cyberattack is fixed and ramifications are low, it is best to attack as quickly as possible. When the gain is high or low and ramifications are high, it is best to be patient before attacking.

  • The “Mask": Kaspersky Lab discovers advanced global cyber-espionage operation

    Kaspersky Lab’s security researchers have announced the discovery of the Mask (aka Careto), an advanced Spanish-language speaking threat actor that has been involved in global cyber-espionage operations since at least 2007. What makes the Mask special is the complexity of the toolset used by the attackers. This includes a sophisticated malware, a rootkit, a bootkit, Mac OS X and Linux versions, and possibly versions for Android and iOS (iPad/iPhone). The primary targets are government institutions, diplomatic offices and embassies, energy, oil, and gas companies, research organizations and activists. Victims of this targeted attack have been found in thirty-one countries around the world.

  • Israeli legal expert urges development of ethics code for cyberwarfare

    Col. Sharon Afek, former deputy military advocate general, says that countries would benefit from developing an ethics code to govern cyber warfare operations. He notes that existing law already prohibits cyber operations which would directly lead to loss of life, injury, or property damage, such as causing a train to derail or undermining a dam. “Israel faces a complex and challenging period in which we can expect both a cyber arms race with the participation of state and non-state entities, and a massive battle between East and West over the character of the future legal regime,” he writes. He acknowledges, though, that only a catastrophic event like “Pearl Harbor or Twin Towers attack in cyberspace” would accelerate developments in this area.

  • New software obfuscation system a cryptography game changer

    A team of researchers has designed a system to encrypt software so that it only allows someone to use a program as intended while preventing any deciphering of the code behind it. This is known in computer science as “software obfuscation,” and it is the first time it has been accomplished. Previously developed techniques for obfuscation presented only a “speed bump,” forcing an attacker to spend some effort, perhaps a few days, trying to reverse-engineer the software. The new system puts up an “iron wall,” making it impossible for an adversary to reverse-engineer the software without solving mathematical problems that take hundreds of years to work out on today’s computers — a game-change in the field of cryptography.

  • Social networking makes us smarter now, but more stupid in the long run

    Does improved connectivity to other people through social networks makes us smarter or more stupid? Some say that connectivity allows us acquire information from other people as well as by direct experience. Many pundits say that in the Internet era, in which we have access to a diversity of information, humankind will learn to make more informed decisions. Others, however, suggest having so much information at our fingertips will limit our ability for concentration, contemplation, and reflection. Controlled tests show that both arguments are correct – but on different tike scales: Being able to copy from other people in vast networks means analytical responses rapidly spread – but only by making it easy and commonplace for people to reach analytical response without engaging analytical processing. The researchers conclude that this tendency to copy without thinking “can explain why increased connectivity may eventually make us stupid by making us smarter first.”