TweakTown NewsRefine News by Category:
Authorities believe that a breach in US government data was thanks to a "foreign entity" and the Federal Bureau of Investigation has launched a full inquiry into who exactly stole the data on approximately four million workers.
This hacking spree took place through the US's Office for Personnel Management (OPM) and began in April 2015, with The Department of Homeland Security concluding that this attack had finished by the beginning of May - announcing the data as compromised.
Despite the implementation of EINSTEIN, private information on four million employees was stolen directly from the human resource systems, affecting OPM IT systems as a whole.
Computex 2015 - Adding something a little different to the Computex 2015 trade show is the ASUS series of SmartHome devices, designed to keep yourself and your technology safe at home.
Also winning a BC award as per the ASUS ROG GR6 mini gaming PC, these products are coupled with the tagline "Smart, Simple, Secure" and are aimed at everyone from the general consumer to the complete computer mastermind.
Pictured is the black circle-like object named the ASUS Smart Home Gateway, this sets out to let you control your home through one simple app installed on a smartphone or tablet and can work with third-party products - meaning you aren't locked into ASUS branded components only.
The NSA and GCHQ continue to face significant backlash of their widespread surveillance activities, largely due to Edward Snowden's spying disclosures. However, the UK intelligence agency is defending itself by saying it couldn't spy on all its citizens in an unlawful manner, even if it actually wanted to.
"One of the things that has almost flippantly been said in our defense is that even if we wanted to do such things we don't have enough people to engage in such unlawful mass intrusion," said Ciaran Martin, director general of cybersecurity for the GCHQ, while speaking at the InfoSecurity conference.
The GCHQ has conducted mass collection of user data inside the UK, which was disclosed by Snowden a couple of years ago. Not surprisingly, there has been increased debate - both in the US and UK - regarding the effectiveness of these programs.
Independent researcher George Tankersley and CloudFlare security team member Filippo Valsorda again showed how Tor users are not as secure as they wish.
Speaking during the Hack in the Box conference in Amsterdam, the researchers said motivated users can subvert anonymous access to the service. Hackers can identify the original location of users by operating rogue HSDir (hidden service directory) nodes that are required - with two sets of three needed to connect to the hidden service - with four days of operation to be marked as a "trusted" HSDir node.
A malicious HSDir instead of an exit node can be used in the process, making it easy to attack hidden service users.
The United States and the rest of the "Five Eyes" group, which also includes the UK, Australia, Canada and New Zealand, aimed to infect apps available in the Google Play store with spyware.
Even though the US and UK are well known for spying on their own citizens, among foreign nationals, it looks like this spying campaign was designed to target non-US residents. The effort reportedly began in late 2011 with an effort to infect the Alibaba-owned UC Browser, which runs on Google Android, Apple iOS, Microsoft Windows Phone, Symbian, Java ME, and BlackBerry.
The idea that Five Eyes wanted to spy on users isn't overly surprising, but possible ramifications don't leave users at ease.
Apple co-founder Steve Wozniak described former NSA contractor Edward Snowden as "a hero," as he "gave up his own life... to help the rest of us." Wozniak previously met with Snowden in Moscow sometime in 2014, though it's unknown what the two men discussed.
"Total here to me; total hero," Wozniak recently said in an interview with ArabianBusiness. "Not necessarily [for] what he exposed, but the fact that he internally came form his own heart, his own belief in the United States Constitution, what democracy and freedom was about. And now a federal judge has said that NSA data collection was unconstitutional."
The Woz obviously is a great fan of technology, but has admitted early innovators "didn't realize that in the digital world there were a lot of ways to use the digital technology to control us." That interview was published by CNN in 2013, before Snowden unveiled a widespread NSA surveillance program.
The IRS recently suffered a data breach that left thousands of Americans at risk, and more attention is now focused on government mismanaged. Utilizing a $10.9 billion budget, either the agency is greatly mismanaged and/or the IRS just isn't ready to try to protect taxpayer information.
There seems to be a lot of problems with the IRS, and that has certainly trickled down to its cybersecurity protocols. The agency still uses Microsoft Windows XP - and while the IRS originally paid Microsoft for support - that support has ended. To make matters worse, some fraud identification software is almost 20 years old.
The IRS previously had 410 cybersecurity team personnel, but that has been slashed down to 363 workers. The idea that IRS personnel are unable to keep up with identity theft is a huge problem, especially as cybercriminals get cleverer.
It didn't take long for Apple to provide a temporary fix for a bug that allows users to crash an iPhone, iPad or Apple Watch via text message. The company was reportedly working on a fix anyway, but had to speed things up when users started sharing details about the problem on YouTube and social media outlets.
The problem stemmed from the way Arabic text is rendered by an iOS device, and the device's RAM ends up full, forcing a restart.
iOS users can have Siri read unread messages, and have Siri respond to the malicious message. Once that is done, users can open Messages again. Once in messages, users must swipe left to delete the entire conversation thread - or tap, hold, and delete the malicious message.
The United States reportedly attempted to launch a Stuxnet-like cyberattack aimed at the nuclear weapons program in North Korea, but the cyberespionage attempt failed. Launched at the same time when Stuxnet hit Iran in 2009 and 2010, the US wanted to also set North Korea's nuclear efforts back, according to a recent Reuters report.
US cybersecurity specialists couldn't directly access systems responsible for controlling nuclear ambitions in Pyongyang - and the reclusive country's extreme secrecy and isolation helped make the attack more difficult. Similar to Iran, North Korea likely uses Microsoft Windows to power the PCs, which use control software from Siemens AG.
Cyberespionage among nations is nothing new, with nations specifically concerned regarding the nuclear ambitions of Iran, North Korea, and other nations. However, North Korea - which extremely limits access to the Internet - reportedly has an increasingly sophisticated cyberespionage program that can be used to target South Korea, the US, and other political rivals.
Encryption is vital to free speech and government efforts to install backdoors prove to be a violation of human rights against Internet users. The UN report says encryption and Internet anonymity allow for a privacy buffer so they can share their views without the fear of being censored.
There is an effort by the United States, UK and other governments to create backdoors - which could also allow cybercriminals to access information - in an effort to aid law enforcement. If an agency needs to view and monitor encrypted messages, it should only be done on a "case-by-case" basis, and shouldn't be required for the majority of users.
The report will be presented in front of the UN Human Rights Council sometime next month.