• Hacker built, and demonstrated, a $1,500 cell-phone tapping device

    Security researcher demonstrated a device, which he built for just $1,500, which can intercept some kinds of cell phone calls and record everything that is said; the attack illustrates weaknesses in GSM, one of the world’s most widely used cellular communications technologies

  • First Cyber Security Challenge winner announced

    The United Kingdom suffers from a dearth of cybersecurity experts; several private and public organizations have launched the Cyber Security Challenge competition — a series of challenges and games that would test the talent and skills of people; the challenges is built around eight key skill areas which include digital forensics, network analysis, and logical thinking

  • ATMs easily compromised by hacker at Black Hat

    A disturbingly high percentage of the world’s automated teller machines (ATMs) are vulnerable to physical and remote attacks that can steal administrative passwords and personal identification numbers, to say nothing of cash

  • Identifying future digital leakers, whistle-blowers

    Digital encoding could catch future informants; the Wikileaks saga will likely result in an overhaul of how governments protects information; in addition to using watermarking, government agencies could adapt existing digital-rights-management technologies; such technologies can perform various tasks that might be relevant: identify when the same computer is downloading voluminous amounts of material, restrict downloading to authorized users, and stop users from copying or passing restricted files to other computers

  • New cybersecurity threat: smartphone apps that do more than what they say they do

    A large proportion of applications contain third-party code with the capability to interact with sensitive data in a way that may not be apparent to users or developers; Apple reviews its applications before accepting them into its App Store, but even that is not foolproof when it comes to detecting erroneous or malicious components within apps, which might end up collecting or storing information that has nothing to do with the intended usage case of the app

  • Five hot topics to be discussed at Black Hat and Defcon

    Among the many topics to be discussed at Black Hat, which opens today, and DefCon, which opens Friday, is SCADA networks vulnerability; many of these networks have developed a no man’s land between IT and industrial systems, and these networks’ computers are often at risk because nobody seems to take complete ownership of them; there will be a talk about where bugs show up in the infrastructure; the speaker is Jonathan Pollet, whose company, Red Tiger Security, has collected data on 38,000 vulnerabilities — and the types of exploits that have been written for them

  • Breakthrough: UCLA engineering devises new location-based cryptography method

    Location-based security is ensured by using quantum mechanics; this type of cryptography could be useful in several settings — for example, one could communicate with a military base with a guarantee that only someone physically present at the base will have access to the information; furthermore, the location-based method eliminates the need for distributing and storing keys, one of the most difficult tasks in cryptography

  • First puzzle of U.K Cyber Security Challenge competition cracked

    The United Kingdom suffers from a dearth of cybersecurity experts; several private and public organizations have launched the Cyber Security Challenge competition — a series of challenges and games that would test the talent and skills of people; the challenges is built around eight key skill areas which include digital forensics, network analysis and logical thinking; enthusiasts claim they have already solved he first test of the challenge

  • Black Hat opens Wednesday in Las Vegas, DefCon to follow Friday

    Black Hat, one of the more important cybersecurity event, opens this Wednesday in Las Vegas; Black Hat gives way on Friday to DefCon, “Black Hat is a place where security researchers go to show off their work and get peer feedback,” said Jeff Moss, who founded and runs both gatherings; “DefCon is the fun stuff they don’t have time to do in their day jobs”; DefCon’s array of activities includes a lock picking village and a “capture the flag” contest to see who can break into a computer network and fend off rivals

  • New report: Apple software has the most vulnerabilities

    The usual suspects lead the list of software makers whose software come with most vulnerabilities — Apple, Microsoft, Oracle, and Adobe; new vulnerabilities report offers support to the notion that a high market share correlates with a high number of vulnerabilities

  • Dell to replace server parts infected with virus

    Dell says W32.Spybot worm was found in replacement motherboards, and that it will replace infected parts with clean motherboards; the company says it is unaware of any attacks as result of infections

  • Shortage of cyber workers in the U.S.

    The United States is lacking an adequate number of individuals within the federal government and private sector with the technical skills necessary to secure cyberspace; there is an even greater shortage of cybersecurity experts that can design secure systems and networks, write nonvulnerable computer code and create the tools needed to prevent, detect and mitigate damage due to malicious acts

  • The worst database security breaches in the U.S., U.K.

    On 6 February 2010 AvMed Health Plans announced that personal information of current and former subscribers have been compromised by the theft of two company laptops from its corporate offices in Gainesville, Florida; the information was comprehensive, including Social Security numbers and protected health information; attempts the thwart the theft have been unsuccessful, leaving the identity data of nearly 1,100,000 vulnerable; this is only one of many cases of database breaches — and the number of cases is growing

  • Cybersecurity solution detects cyber attacks as they happen

    A winning entry in a cyber security competition gives analysts a way to look at computer network traffic and determine how a system was penetrated; it also supplies critical data that can be used to reduce system vulnerabilities and limit future attacks