TweakTown NewsRefine News by Category:
Not enough websites and Internet browsers utilize the HTTP Strict Transport Security (HSTS) policy to keep Internet users secure, according to the Electronic Frontier Foundation (EFF).
HSTS forces encryption by opening HTTPS sessions instead of just HTTP, so information to and from the website is encrypted. Using HSTS, websites never allow Internet users to interact with an HTTP session, with everything automatically converted.
The EFF believes not enough web developers know about HSTS, while browser support has also only increased slowly but surely. Google Chrome, Mozilla Firefox, and Opera have long-supported HSTS, while Microsoft said it will use the Web standard with Internet Explorer 12.
The Federal Financial Institutions Examination Council (FFIEC) recently released a security notice of required steps that must be followed by banks and financial institutions operating in the United States. All banks under federal government regulation have to beef up security and pay attention to distributed denial of service (DDoS) attacks which plague bank servers.
Specifically, these companies need to try and mitigate DDoS attacks to the best of their ability, to keep subscribers more secure.
"In the latter half of 2012, an increased number of DDoS attacks were launched against financial institutions by politically motivated groups," according to the FFIEC statement. "These DDoS attacks continued periodically and increased in sophistication and intensity. These attacks caused slow website response times, intermittently prevented customers from accessing institutions' public websites, and adversely affected back-office operations."
Customer information is a valuable commodity to cybercriminals, with the ability to steal identities, transfer money from accounts, and financially ruin victims. Cybercriminals enjoy using the brand names and logos of well-known companies, making it easier to lure users into clicking fraudulent links.
"Phishing attacks are so popular because they are simple to deploy and extremely effective," said Sergey Lozhkin, Kaspersky Lab Senior Security Researcher, in a press statement. "It is often not easy for even advanced Internet users to distinguish a well-designed fraudulent site from a legitimate page, which makes it even more important to install a specialized protection solution."
Former CIA intelligence analyst Ray McGovern believes Edward Snowden isn't a traitor to the United States, nor is he a hero.
McGovern discussed how Snowden didn't appreciate a "clear violation of the 4th Amendment to the Constitution," which is one of the reasons the data disclosures were made public. Also, the former CIA analyst noted that National Intelligence Director James Clapper didn't face punishment for lying under oath in front of Congress.
"He's a patriot," McGovern recently said during a speech at Missouri Southern State University. "He took his oath seriously. He took the Constitution seriously."
The top social media network in Russia is now being sued by Sony Music, Warner Music and Universal Music, with vKontakte accused of "deliberately facilitating piracy on a large scale."
Each of the top three music labels filed individual suits against vKontakte, spearheaded by the International Federation of the Phonographic Industry (IFPI). In 2012, the social media site made $172 million in advertising revenue, but didn't pay the IFPI for copyrighted music shared through the site.
vKontakte says it allows copyright holders to submit removal requests of any content that violates copyright rules, but IFPI officials noted the process is too cumbersome. Both the US government and copyright holders have believed vKontakte provides large-scale music piracy - originally launched in 2006, vKontakte has 143 million global users, and 88 million Russian members.
Security bugs in software could leave power plants, oil refineries, and similar infrastructure vulnerable to cyberattacks from foreign-based hackers, according to recent research.
To make matters worse, around 7,600 plants worldwide have software that a cybercriminals with the "lowest skill in hacking" could still be successful. The Yokogawa Centum CS 3000, released in 1998 and designed for Microsoft Windows 98, while companies need to evaluate if they should make immediate software improvements.
"We went from zero to total compromise," said Juan Vazquez, security researcher with Rapid7, told BBC. "If you are able to exploit the vulnerabilities we have identified you get control of the Human Interface Station. That's where the operator sits or stand and monitors operation details. If you have control of that station as an attacker you have the same level of control as someone standing on the plant floor wearing a security badget."
A homeless man in Maine used his ATM card at a TD Bank branch to collect more than $37,000 in cash advances, receiving $700 separated into 53 transactions.
Initially, the man had just $100 in his checking account, but the malfunctioning ATM allowed him to receive multiple cash advances before he was stopped by police.
"We got a call that he was sleeping in the [ATM] vestibule, and we had to move him along," said Lt. Todd Bernard, from the South Portland Police Department, in a statement to local media. "Then at around 5:30 a.m., we got another call that he was back there and taking an unusually long time at the ATM by a who was trying to use it. She thought it seemed suspicious."
European companies are responding to the NSA's spying activities by tightening control over data, boosting encryption, and promising to do a better job of protecting user rights.
"For Israeli companies, the new rules may appear to be onerous, but there could be a great business opportunity for many of them in Europe as a result," said Patrick Van Eecke, legal expert specializing in cybersecurity, in a statement to Israeli media. "There are many companies around the world that specialize in collecting data, but they are not clear on the implications of Europe's new policies - and as a result, there is opportunity for companies from Israel, many of which do understand the policies."
In addition of concerns related to snooping, there are expectations of cyberattacks between national governments and splinter hacker groups. Growing global cyber threats allow countries to find yet another outlet to torment one another - Russia is reportedly launching cyberattacks to disrupt Ukrainian infrastructure, while Ukrainian hackers retaliated by hitting the Kremlin.
aFederal agencies aren't seriously defending against data breaches and personal identifiable information (PII) is increasingly finding its way into the hands of cybercriminals, according to a recent report published from the Government Accountability Office (GAO).
The number of government data breaches increased up to 25,566, twice the amount as reported in 2010 - and affected companies often are unfamiliar with how to respond properly.
The GAO has criticized federal government branches, specifically the Department of the Army, IRS, SEC, and a few other agencies, falling short of mandating information security programs and being lackadaisical about security efforts.
There is a shifting strategy to try and fight Internet piracy, with the old strategy of targeting individual users eliminated in favor of shutting down organized piracy rings.
There are three emerging strategies to target piracy: force ISPs to block subscribers from accessing sites with pirated content, shut down advertising streams on pirated sites, and trying to pressure search engines to not index and show links to sites with pirated content.
"Disrupting the money unlawful websites make from advertising could make a real difference to the fight against copyright infringement," said Ed Vaizey, creative industries minister, in a statement. "It is an excellent example of what can be achieved through industry, government and law enforcement working together."