TweakTown NewsRefine News by Category:
Warplane manufacturer Northrop Grumman is offering British children the chance to learn cyber defence skills in UK schools, targeting those between 12- to 18 years old.
Northrap Grumman's program is dubbed CyberCenturion, and it will cater to any young person who wants to learn more about cyber security, including in the international arena. It's feared that there will be a skills gap if nothing is done to train young people in science and engineering, which the programme aims to address. It comes as part of the British government's Cyber Security Challenge UK, which seeks to promote cyber security particularly among young people through a series of competitions.
Those who do particularly well at certain competitions, such as checking virtual machines for vulnerabilities, could be offered an internship placement with Northrop Grumman. "The CyberCenturion competition will provide a way for young people interested in the world of cyber security to understand the cyber challenges of today, test their cyber defense skills and inspire them in their choice of career," the company's chief exec, Andrew Tyler, said.
The Blackphone was announced as a way for security conscious consumers to use their device in peace, without the fear of their communications being compromised - and it has now been 'hacked' at the Black Hat event in under five minutes.
@TeamAndIRC managed to gain root access to the Blackphone at the DefCon hacking conference within five minutes by going through the Android Debugging Bridge, and without using a bootloader to boot. Blackphone still seems to be solidly secure on the surface nonetheless, and now the company has responded to the discovery.
Blackphone said it is perhaps not as big of a disaster as it sounds: the company underplayed getting access through ADB, claiming it is just a part of the Android OS that the firm opted to turn off, and that a patch is on the way. But another vulnerability uncovered by TeamAndIRC, the company said in a blog post, is "accurate" - and a patch was released in three days of its initial discovery. Blackphone went on to congratulate the hacker for finding the bug.
Criminals that compromise networks and steal large amounts of information are finding easier and more organized methods to quickly get rid of the data. Data dumps are one of the most popular products found on these underground forums, where buyers and sellers communicate in an organized fashion similar to an official business from the legitimate world.
Many cybercriminal groups are trying to steal bulk data, such as the Target and eBay breach, looking to offload the information as quickly as possible. Using organized underground hacker forums, many based in Eastern Europe and China, they are able to sell and trade the data.
"When we think about the markets themselves they are organized in a unique fashion," said Tom Hold, Michigan State University associated professor specializing in cybercrime. "At the individual level, we're talking about a process where we're seeing peers and colleagues; at the formal forum level, we're seeing a more formal organization that takes place."
Cybersecurity experts Jakob Lell and Karsten Nohl have demonstrated a new vulnerability that makes it extremely difficult for users to defend against USB-based attacks. The current USB standard's vulnerability makes it hard to defend against attacks, even if manufacturers should begin developing additional security layers.
Specifically, empty USB flash drives can contain malware even if formatted - a troubling sign for many of the companies that rely on flash drives to transfer data.
"USB is ubiquitous across all devices," said Mike McLaughlin, First Base Technologies, in a statement to BBC. "It comes down to the same old saying - don't plug things in that you don't trust. Any business should always have policies in place regarding USB devices and USB drives. Businesses should stop using them if needed."
The high-profile security data breaches of Target and eBay, among others over the past year, caused alarm among security experts wanting to see better government intervention to prevent future problems.
Former NSA contractor Edward Snowden disclosing massive government surveillance angered some Black Hat users, but sophisticated malware used by China, Russia and other state-sponsored are of greater concern. Cyberespionage attacks continue to increase in an effort to steal government and corporate secrets, while IT staff struggle to keep up.
"Either software houses deliver quality and back it up with product liability, or they will have to let their users protect themselves," said Dan Geer, venture capital firm In-Q-Tel, as he spoke for himself during the event. "The current situation - users can't see whether they need to protect themselves and have no recourse to being unprotected - cannot go on."
Many people are very focused on security and keeping their communications private. Some of the focus on privacy and security came after Edward Snowden leaked documents to the world that showed the US government was capturing information on the internet from unencrypted websites.
Yahoo announced this week that users of its email service will have the option of encrypting emails sent from start to finish. The encryption will be available starting next year and will be enabled via a browser plug-in.
Yahoo's announcement comes only a short while after Google made a similar announcement. Yahoo says that it will bootstrap Google's code and that the Yahoo and Google encryption services will be compatible. Once the encryption is complete, the people will be able to send emails that only the intended recipient can read. Yahoo will use PGP encryption for its email.
When it comes to getting better rankings for their websites, you can bet many business users will do anything that Google tells them to. Google has a formula that it uses to determine the page raking for the sites that are returned in its listings when you type in a word or phrase.
Exactly what Google uses to rank the pages is a secret, but it will occasionally give site owners an idea what they need to do to get better rankings. Such is the case with an announcement made this week that involves a change to the formula used to rank pages online.
Google has said that web pages that automatically encrypt their services will get a ranking boost in the Google recommendation system. Google says for now the encryption will be a small factor in ranking, but the company says that it may put greater emphasis on encryption in the future. Sites that start with "https" are going to get rankings boost.
A security consultant speaking at the Black Hat event has outlined how he gained access to the controls of 200 luxury hotel rooms in China.
At a session called Learn How To Control Every Room At A Luxury Hotel Remotely at Black Hat, Las Vegas, Jesus Molina spoke of the time he spent staying at the St Regis hotel, Shenzhen. Molina became "bored" - at which point he picked up a complimentary iPad granted to guests and reverse engineered a home automation protocol, KNX/IP. He then had access to the lights, temperature and more in his room - but by simply changing one digit of the iPad's IP address he could control rooms all over the hotel.
Molina thought about testing the methods with the door lock mechanism but decided not to. "I thought about looking to see if a similar system controlled the door locks but got scared," he said, according to Sky News. Later he made sure to inform the parent company of the security flaw, which is apparently now shut.
An American web security company, Hold Security, claims Russian criminal rings have built enormous databases of 1.2 billion stolen usernames and passwords, along with half a billion email addresses.
This heist will be the biggest identity theft of data in the history of the internet, according to Hold Security, and it is thought to have compromised roughly 420,000 websites. Hold has not named the companies it believes were hit but asserted brands both big and small are among those affected.
"We were amazed when 10,000 passwords went missing," company founder Alex Holden said. "Now we're in the age of mass production of stolen information. These guys did nothing new, they just did it better and on a mass level so it affects absolutely everybody."
The Mozilla Foundation has made a mistake that left the credentials of about 76,000 developers using its Mozilla Developer Network vulnerable to hackers. During a sanitation process on the server where the data was stored, some sort of error cause an emergency dump of the data on that server to be sent to a backup server.
That emergency dump is something that many servers do to prevent data loss. The catch is that the backup server where the data was dumped was unencrypted. That means that the details of those 76,000 developers were available to be copied by anyone along with 4,000 encrypted passwords.
Mozilla has removed the data now, but the information sat there for a month before developers noticed the issue. Mozilla says that the passwords would not work and that it hasn't seen any sort of breach using the data.