• Computer engineers battle malicious bots

    Defending Web sites from malicious intruder bots is not unlike fighting viruses: neutralize them and they reinvent themselves, finding new ways to penetrate. IT security designers, however, still hold an advantage over some automated programs masquerading as people. To date, there are human abilities too complex to imitate. Exploiting that weakness is central to an Internet security technology developed by researchers who have come up with a new method for distinguishing humans from computers. Their next-gen CAPTCHA — a brief test that computer users must pass in order to access a Web site — requires viewers to identify text, but presents it in video animation rather than in the distorted, static letters users now identify and reproduce to gain admittance.

  • Police department pays ransom after hackers encrypt department’s data

    Last December, cyberterrorists hacked into servers belonging to the Tewksbury Police Department, encrypted the data stored, and later asked for a $500 bitcoin ransom to be paid before department officials could regain control of their files. The attack is known as the CryptoLocker ransomware virus, and it points to a new frontier in cyberterrorism.

  • NSA’s recruitment effort challenged by Snowden leaks, private sector competition

    The NSA employs roughly 35,000 people nationwide and anticipates on recruiting at least 1,000 workers each year. For 2015, the agency needs to find 1,600 recruits, hundreds of whom must come from highly specialized fields like computer science and mathematics. The agency has been successful so far, but still faces recruitment challenges in the aftermath of the Edward Snowden revelations and competition from private sector firms who offer recruits much higher salaries.

  • U.S. grid vulnerable to cyber, physical attacks

    The U.S. electric grid remains vulnerable to cyber and physical attacks, putting millions of households at risk from outages that could last a few days or weeks. Attacks on the grid occur once every four days, and though no great harm has been caused, some experts are warning that the series of small-scale incidents may point to broader security problems. “It’s one of those things: One is too many, so that’s why we have to pay attention,” says one expert. “The threats continue to evolve, and we have to continue to evolve as well.”

  • New technology combats mobile malware attacks

    As mobile phones increase in functionality, they are becoming increasingly ubiquitous in everyday life. At the same time, these devices also are becoming easy targets for malicious activities.One of the primary reasons for such malware explosion is user willingness to download applications from untrusted sources that may host apps with hidden malicious codes. Once installed on a smartphone, such malware can exploit it in various ways. Researchers have developed simple but effective techniques to prevent sophisticated malware from secretly attacking smartphones.

  • Yahoo to offer user-friendly e-mail encryption service

    Yahoo has announced plans to create its own e-mail encryption plug-in for Yahoo Mail users this year, adding to already growing competition among Silicon Valley firms to capitalize on consumers increased privacy desires. The service will feature “end-to-end” encryption, or the locking up of message contents so that only the user and receiver have access to the information — typically a more advanced and time consuming process which involves specific software and encryption codes.

  • A 2-square-meter model city shows cyber-threats real cities face

    In a secret location in New Jersey, Ed Skoudis operates CyberCity, a model town of 15,000 people, which employs the same software and control systems used by power and water utilities in major cities. CyberCity has its own Internet service provider, bank, media outlets, military base, hospital, and school. The two-square-meter model town serves as a mock staging ground for the cyber threats faced by city officials around the world. There, computer security professionals get offensive and defensive training in their battle against hackers. Skoudis, founder of CounterHack, designed CyberCity four years ago when military clients complained that most cybersecurity training felt too much like video games.

  • Air-gapped computer systems can be hacked by using heat: Researchers

    Computers and networks are air-gapped – that is, kept approximately fifteen inches (40 cm) apart — when they need to be kept highly secure and isolated from unsecured networks, such as the public Internet or an unsecured local area network. Typically, air-gapped computers are used in financial transactions, mission critical tasks, or military applications. Israeli researchers have discovered a new method, called BitWhisper, to breach air-gapped computer systems. The new method enables covert, two-way communications between adjacent, unconnected PC computers using heat – meaning that hackers to hack information from inside an air-gapped network, as well as transmit commands to it.

  • People act to protect privacy – after learning how often apps share personal information

    Many smartphone users know that free apps sometimes share private information with third parties, but few, if any, are aware of how frequently this occurs. A new study shows that when people learn exactly how many times these apps share that information, they rapidly act to limit further sharing. In an experiment, researchers found that one of the more effective alert messages which g grabbed the attention of phone users and caused them to act to protect their privacy, was: “Your location has been shared 5,398 times.”

  • IT security spending grows, but confidence in cyber protection measures does not

    A new report looking at how organizations view the future of cyberthreats and these organizations’ current defenses, found that while IT spending is increasing, confidence in the efficacy of cyber protection is declining. In a survey of more than 800 IT security leaders and professionals, the report found that more than 70 percent of respondents’ networks had been breached in 2014 — a 62 percent increase from 2013. Security concerns are only going to increase as the number of Internet connected devices increase from fourteen billion today to fifty billion by 2020.

  • Wireless implantable medical devices vulnerable to hacking

    With rapidly advancing medical technologies, more and more Americans are fitted with wireless implantable medical devices (IMDs) such as cardiac pacemakers, defibrillators, cochlear implants, neuro-stimulators, and insulin pumps. This is leading to growing concerns over the vulnerability of such devices to hacking.

  • Senate panel passes revised cybersecurity bill, but privacy concerns remain

    Last Thursday, the Senate Intelligence Committeepassed the Cybersecurity Information Sharing Act(CISA) meant to encourage the private sector to share data with federal agencies, with the hopes of preventing and responding to cyberthreats before they materialized. The bill is a reincarnation of the 2013 Cyber Intelligence Sharing and Protection Act(CISPA), which drew a veto threat from President Barack Obama because of privacy concerns. Critics say that CISA, as was the case with its predecessor, would create a legal framework for companies to more closely monitor internet users and share that data with government agencies.

  • Encryption for the masses

    In the wake of the revelations that intelligence agencies have engaged in mass surveillance, both industry and society at large are looking for practicable encryption solutions which protect businesses and individuals. Previous technologies have failed in practice because they were too expensive or not user-friendly enough. German scientists have launched an open initiative called Volksverschlüsselung, which aims to bring end-to-end encryption to people.

  • The Brandeis program: Harnessing technology to ensure online privacy

    In a seminal 1890 article in the Harvard Law Review, Louis Brandeis developed the concept of the “right to privacy.” DARPA the other day announced the Brandeis program – a project aiming to research and develop tools for online privacy, one of the most vexing problems facing the connected world as devices and data proliferate beyond a capacity to be managed responsibly.

  • Biometric security could do away with passwords

    With hackers and cyber thieves running rampant online, efforts to create stronger online identity protection are leading major tech firms to invest in biometric security methods. Analysts predict that 15 percent of mobile devices will be accessed with biometrics in 2015, and the number will grow to 50 percent by 2020.