Hacking, Security & Privacy News - Page 19

The State of the Internet report has been released for the fourth quarter of 2015 and it highlights some of the more malicious trends coming from across the Internet. The short of it is, the volume of attacks against websites has increased through nearly every avenue than compared to the third quarter.

DDoS's in particular have seen quite the massive increase since last quarter, with a 148.85% increase in overall occurrences. The bright side is that duration seems to have been shortened, probably due to the pay-per-play nature of the services that seem to be the most used. But that didn't stop those sites from being targeted multiple times, up to 24 times in some cases. The good news is that the actual number of packets sent was lower. How very nice of these attackers.

Size of attacks seemed to be below 30Mbps, with only four that exceeded that amount and two that peaked even higher. The biggest were at around 309Gpps with 202Mpps (packets per second).That's actually a small decline in the number of big attacks, but 44.44%. But the interesting part is that the majority of attacks, some 54.45% of all the DDoS activity was focused on the gaming sector. People are getting more and more mad during and after online matches, preventing people, servers and games themselves from working right. Not to mention the massive attack on Xbox Live and the PlayStation Network.

Amazon's Fire OS 5 came out in September, but only now is it being discovered that the operating system no longer supports local encryption (which makes data accessible only with a passcode or key). Concerns have arisen as a result, given Amazon just filed a brief supporting Apple's defense of encryption.

Fire OS is built on Android's open-source code, which has offered local encryption for years. Fire OS 5 doesn't support the feature it turns out, and Amazon's statement on why doesn't help clear matters up much.

Yesterday, Twitter, Reddit, and 15 other tech companies collectively filed an amicus brief in support of Apple and its defense of smartphone encryption. For reason unclear, other giants like Microsoft and Facebook -- which have publicly announced their support -- were not included. However, they have filed their own separate brief with the same goal.

Microsoft President and CLO Brad Smith writes in a blog post of the case, "The fact that we're discussing the All Writs Act across the country is a telling indication of the urgent need to update antiquated rules that govern digital technology and privacy. If we are to protect personal privacy and keep people safe, 21st century technology must be governed by 21st century legislation. What's needed are modern laws passed by our elected representatives in Congress, after a well-informed, transparent, and public debate."

He later continues, "We've reached a critical moment in which a new generation of mobile and cloud-based technologies have far outrun the laws that protect our safety and preserve our timeless and fundamental rights. By standing with Apple, we're standing up for customers who depend on us to keep their most private information safe and secure."

Amazon seems to be moving in the opposite direction of the other big mobile companies that are looking to strengthen their devices security. The latest Fire OS is removing support for encryption starting with version 5.0.

The OS that Amazon uses is a fork of the Android Open Source Project, but it takes out any compatibility with Google's own apps even though it relies heavily on the underlying architecture. Notably missing now, is full device encryption, something that's been greatly improved (and mandatory on some classes of devices) with the release of Marshmallow. Apparently the option of encryption just wasn't used very much by their user-base.

What this means is that the anything that you put on it won't be automatically encrypted, making the storage open to attackers who wish to sync or connect directly to the tablet. To be clear, it only applies to anything on the tablet that's being stored. SSL/TLS connections and communication with Amazon's AWS for your cloud content is still just as safe as ever, and your content in the cloud is likely to be encrypted at rest on their servers, as well, which is quickly becoming the standard.

Not all figures within the US government oppose encryption, today shows.

Secretary of Defense Ashton Carter made his position on the matter clear today at the RSA 2016 security conference, stating, "I'm not a believer in backdoors. It's not realistic and it's not technically accurate," later continuing, "[The Department of Defense is] not in the executive branch seeking legislation of this kind. I don't think writing a law without an exploration of all the technical solutions out there [is a good idea]."

He also isn't a fan of implementing "a law written by people [without tech expertise] or written in an atmosphere of anger and grief" and feels that one case shouldn't "drive the solution."

Pirating just became a whole lot easier thanks to the Internet. A group of sea-going pirates were able to hack into the content management system of a shipping company to pinch the shipping manifests and schedule to better plan their brazen heists.

According to a new security report by Verizon, the Internet, and hacking in general, is becoming an ever increasing resource for the seafaring thieves. Based on the evidence, however, it appears that the pirates themselves are carrying out the attacks because of the sloppy way in which they're going about it. It's proven easy to trace the activity completely to its source.

Pirating is evolving. It once was a primarily physical activity, but now they're becoming more efficient and careful. Why waste resources physically looking for ships on the open sea when you can just track precisely where they'll be by taking a look at the schedule. It's a bold move, especially when they don't seem to care that they get caught. Their mobile nature makes that point moot anyhow

A landmark decision has been reached in the ongoing data encryption war. A US magistrate judge in New York, presiding over a drug trafficking case, has ruled Apple cannot be forced to unlock an iPhone by the US government, which has been using the more than 100 year-old All Writs Act (AWA) as part of its argument. While this doesn't directly involve the bigger San Bernardino terrorism case, it's a big win for Apple and smartphone users in general who support their right to encryption, and will certainly help its argument in that case.

"The established rules for interpreting a statute's text constrain me to reject the government's interpretation that the AWA empowers a court to grant any relief not outright prohibited by law," magistrate Judge James Orenstein stated in his order.

In other words, the government overstepped its bounds in its interpretation of the AWA. Orenstein went on to conclude this is a congressional issue.

Apple today asked a judge to throw out the order requiring it to hack the phone of an attacker in the San Bernardino case and followed it up with a request of its own: that its peers stand behind it to fight for privacy.

That's happened with Microsoft, whose President and Chief Legal Officer Brad Smith declared in a congressional hearing yesterday his company's "wholehearted" support of Apple's position, and that it would file an amicus brief next week to that end. (An amicus brief is a filing that allows those not directly involved in a case to have their say in it.)

Twitter has confirmed to us they "expect to be on a brief supporting Apple" and that the "filing deadline is Wednesday."

Sources close to the company and security experts are saying Apple is currently working on upgrading its iPhone security measures, which would shield them from potential win by the government in the ongoing encryption war. It's said they've been working on it since before the San Bernardino attack.

The new security would be configured in such a way that a backdoor couldn't be created for it at the government's request (as is currently the case). Specifically, it addresses the vulnerability introduced by the troubleshooting system that allows Apple to update system software without a password. Once the new security in place, the government could request all it likes: Apple wouldn't be able to oblige even if it wanted to.

Experts believe Apple will be able to go through with it. Should the government win the fight, it's expected a new round of court battles would begin, at which point Apple may introduce yet more security measures, and round and round we go. In other words, Apple currently has the upper hand and will for the foreseeable future, barring Congress involvement.

Last week, Facebook joined the ranks of Google, Twitter, and Apple in publicly supporting one's right to smartphone encryption amidst the San Bernardino terrorist case. This left some to wonder where Microsoft was in all of this, so we inquired with the tech giant, who pointed us to a tweet by Microsoft President and CLO Brad Smith (retweeted by CEO Satya Nadella), indicating it does indeed support encryption (via the Reform Government Surveillance coalition).

The full statement reads as follows: "Reform Government Surveillance companies believe it is extremely important to deter terrorists and criminals and to help law enforcement by processing legal orders for information in order to keep us all safe. But technology companies should not be required to build in backdoors to the technologies that keep their users' information secure. RGS companies remain committed to providing law enforcement with the help it needs while protecting the security of their customers and their customers' information."