TweakTown NewsRefine News by Category:
The open source and free TrueCrypt full-disk encryption project is likely over after developers jumped ship, abruptly ending what was a popular asset for PC users. There are rumors circulating that TrueCrypt was compromised, though that hasn't been confirmed and still seems rather unlikely at this point in time.
In what was a rather cheeky way to throw in the towel, the truecrypt.org website redirects users to sourceforge.net, and current TrueCrypt users are being transitioned to BitLocker. This message also was posted:
"WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues" -
"This page exists only to help migrate existing data encrypted by TrueCrypt."
"The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform."
Rising cyber tensions between the United States and China is leading to a marketing and sales boom for Chinese software and hardware companies. Chinese government officials are concerned of possible cyberespionage attempts, so new security solutions are being purchased - a steady increase since former NSA contractor Edward Snowden said his former employer breached Huawei.
"The nation's information security could come under direct threat if the software we use was implemented with backdoor viruses and the like," said Mian Wei, Ministry of Industry and Information Technology (MIIT) minister, in a statement to the Chinese media. "Our job is to make sure such things do not happen."
The Chinese and U.S. governments have exchanged cyberespionage jabs at one another, with China saying U.S. lawmakers have fabricated evidence - and the U.S. threatening cyberattack retaliation. It's unknown what will come of all this continued banter from Beijing and Washington, though both sides seem to be preparing for cyberwar.
British shoe retailer Office has sent a memo to customers, urging them to change their passwords due to a recent data breach. The only accounts compromised were those created in August 2013 or earlier, with names, addresses, email addresses, account passwords, and personal phone numbers stolen. Office didn't disclose how many customers might have been affected in the data breach.
The company was first aware of a cyberattack on May 22, and discovered the data breach on May 26. "I can confirm that the Office website has been the subject of a security breach," said Brian McCluskey, Office CEO, in a statement. "We take such a threat very seriously and have been in communication with our customers to advise them of the matter."
"We can confirm that no credit card, debit card, PayPal or bank details were compromised in any way," Office said in a memo sent to customers.
In their continued effort to try to combat cyberattacks, large U.S. corporations are hiring cybersecurity specialists and giving them elevated positions. Fortune 500 companies are seeing the cost of cyberattacks increasing, with data breaches causing loss of data, company downtime, public backlash, and possible legal issues.
For example, there are a rising number of chief information security officers (CISOs) with a growing demand for chief information officers (CIOs) as well. Popular retailer Target learned the hard way - and eBay will have to suffer the same consequences - as customers are angry, with state and national investigations currently underway.
"Boards don't feel they have the right expertise to draw upon," said David DiBari, Clifford Chance law firm managing partner, in a statement to Reuters. "It is not that they don't understand it is a risk; they don't want to blunder uninformed into it."
Arkansas Attorney General Dustin McDaniel issued a statement to residents, warning them they should change their eBay passwords - and warned of sophisticated phishing scams. His office informed residents that cybercriminals often send unsolicited emails, sometimes posing as banks, credit companies or utilities providers, and ask victims to turn over personal information.
It's important for lawmakers, if educated about cybercrimes, to share information that helps keep users more secure - many unsuspecting victims turn over usernames, passwords, and personal information without a second thought.
Here is what McDaniel had to say: " "While, thankfully, there is no evidence that there was any personal financial information stolen in this attack, there may be efforts afoot to trick consumers into providing sensitive data. Arkansas consumers need to be cautious in the coming days and weeks to avoid unsolicited requests by anyone seeking account numbers or personal information."
Senator Dianne Feinstein, Senate Intelligence Committee chair, has said former NSA contractor Edward Snowden didn't raise snooping concerns before deciding to leak information to the media. Snowden repeatedly noted he left a "paper trail," though Feinstein said that isn't what the NSA found when it tried to unravel the mess he left behind when he left the country.
"The email, provided to the committee by the NSA on April 10, 2014, poses a question about the relative authority of laws and executive orders - it does not register concerns about NSA's intelligence activities, as was suggested by Snowden in an NBC interview this week," Feinstein recently said.
Snowden's recent interview with NBC News clearly has ruffled feathers among U.S. politicians, as they become more vocal regarding Snowden's behavior. U.S. Secretary of State John Kerry recently called Snowden a coward, and said the former contractor is welcome to tell his side of the story if he returns back to the United States.
The owner and operator of BlackShades has plead not guilty to computer hacking charges, for his role in selling malware software. Alex Yucel, 24, was arrested last November and extradited to the United States, and now faces up to 15 years if convicted of conspiring to commit access device fraud and access to device fraud, among other charges.
The group reportedly sold its Remote Access Tool (RAT) to thousands of customers across the world since 2010, authorities noted.
Recently, authorities announced 100 people have been arrested in multiple countries for their participation in BlackShades. Federal authorities are trying to clamp down on cybercrime groups, though tend to only make arrests following major incidents - and have been largely unable to stop groups before they compromise users.
Online giant Amazon is reportedly ready to throw down with Spotify, Google Play, Rdio and Beats Music with its very own on-demand music streaming service. Until now, Amazon has focused on individual songs and album sales, though this will give another incentive to consumers to pay for the $99 yearly Prime subscription.
So far, Amazon has agreements in place with Warner Music Group and Sony Music, and is currently in talks with the Universal Music Group.
However, the Amazon music service won't have new artist releases, and music will not be available for at least six months following release, according to reports. Amazon Prime members spend almost double than non-Prime members, and this should be a welcome gift for its members. The company has focused on expanding its digital content offerings, providing television shows, movies, music, and books available for download.
An estimated 2.2 billion smartphones and tablets will be sold to consumers worldwide in 2014 alone, and security will continue to be a major problem, according to Gartner. The research firm predicts 75 percent of mobile security breaches by 2017 will be caused by mobile application misconfiguration. The threat of mobile malware is a constant headache for IT staff, especially when jailbroken devices are introduced on corporate networks.
" Mobile security breaches are - and will continue to be - the result of misconfiguration and misuse on an app level, rather than the outcome of deeply technical attacks on mobile devices," said Dionisio Zumerle, Gartner principal analyst. " A classic example of misconfiguration is the misuse of personal cloud services through apps residing on smartphones and tablets. When used to convey enterprise data, these apps lead to data leaks that the organization remains unaware of for the majority of devices."
IT security specialists should make use of mobile device management (MDM) solutions, coupled with appropriate app shielding and anti-malware solutions to keep corporate devices more secure. Making sure smartphones and tablets are secure with a password, at the very least, can help keep devices secure from anyone snooping.
Former NSA spy/contractor Edward Snowden, currently living in Russia, believes he's a patriot and would like to return to the United States one day. Snowden believes he conducted "civil disobedience" as he broke the law, essentially becoming a martyr to expose widespread and organized surveillance of U.S. citizens.
"I don't think there's ever been any question that I'd like to go home," Snowden said in his NBC News interview. "I mean, I've from day one said that I'm doing this to serve my country. Now, whether amnesty or clemency ever becomes a possibility is not for me to say. That's a debate for the public and the government to decide."
Considering how many angry politicians and Obama Administration members there are, it seems unlikely Snowden will be given amnesty or clemency. U.S. Attorney General Eric Holder said clemency "would be going too far," though does want to see if a fair resolution can be found if Snowden accepts responsibility. Secretary of State John Kerry described Snowden as a coward, and Snowden will likely be unable to return with Obama still in office, at the earliest.