TweakTown NewsRefine News by Category:
American film director Oliver Stone will make a movie based on former NSA contractor Edward Snowden, as he journeyed from American spy turned whistleblower.
"This is one of the greatest stories of our time," Stone said in a statement. "A real challenge. I'm glad to have the Guardian working with us."
Choosing Stone to direct the movie is a rather interesting choice, as the 67-year-old is known for being rather unique with the way he uses the truth. However, he's a vocal supporter of Julian WikiLeaks founder Julian Assange, so it will be interesting to see how he directs the movie - and what type of political slant he uses while filming.
Britain's National Crime Agency has taken the unusual step of posting an "urgent alert" for UK netizens - claiming they have "two weeks" to protect against an impending surge of botnet activity, by way of the GoZeuS and Cryptolocker malware.
Through Get Safe Online - the official British web safety group - the organization warned in conjunction with American authorities that this upcoming onslaught is part of "one of the largest industry and law enforcement collaborations attempted to date".
It's thought that pretty much everyone running any kind of Windows OS is at risk. According to the NCA, GoZeuS - AKA Gameover ZeuS - has already pocketed hundreds of millions the world over. What's next is a massive worldwide lockdown using CryptoLocker as ransomware. In fact, according to a recent study, as many as 40 percent of those hit by the ransomware pay the fee.
Despite all the doomsday sooth-saying, there's not quite reason to panic just yet. And actually, these kind of widely pervasive threats can be a boon for IT security - as they provide the rare incentive for backing up important files and keeping antivirus software up to date - which is basically a good habit to get into anyway, at a minimum.
Major websites such as Reddit, Imgur and DuckDuckGo are to take part in the June 5 "Reset The Net" anti-NSA spying online campaign.
They have pledged their support for the day, backed by household-name nonprofits like Amnesty International and Greenpeace, and look like they will promote the effort by offering a splash screen and a push notification that sends users towards a mobile privacy pack. Website owners are being encouraged to begin folding encryption such as SSL, HSTS and PFS into their websites, with a view to making collecting user data more difficult.
The underlying message of the campaign, as described on the official website, is not to "ask for your privacy" but to "take it back".
Lawmakers have struggled to try to keep up with technology, and recent waves of cybersecurity data breaches are difficult to defend against. Companies are losing employee and customer data, while consumers are seeing an increase in credit and debit card theft, loss of personal information, and potential headaches from identity fraud.
The massive Target breach that opened 70 million customers to potential identity theft drew a large amount of media attention. A number of smaller breaches followed over the next few months, and then the recent eBay breach grabbed international headlines last month. Following eBay's disclosure of a major breach, several state investigations have been launched - and the auction house company now faces additional scrutiny from a growing number of European governments.
Unfortunately, companies are struggling to try to keep data secure, and there aren't many regulations that force companies to keep data secure. However, there are growing numbers of people that want to see financial - and possible criminal penalties - in place to keep data breaches under control.
Cyberattacks focus on critical infrastructure such as public utilities, with many companies struggling to keep defenses updated. However, a recent industry analysis noted that major electric utilities received a 751 on a 250 to 900 scale, trailing only behind the financial industry which scored a 782, according to analysis from BitSight Technologies. Investor-controlled utility companies have been able to develop sophisticated security practices to keep their infrastructure better secure from cyber breaches.
"Large investor owned utilities have fairly sophisticated security practices," said Ave Dalva, VP of security science at Stroz Friedberg, in a statement. "Like large financial institutions, they have significant security budgets and cyber risk has executive level visibility."
Public utility companies have largely struggled to maintain cybersecurity efforts - and despite the high score - will have to keep on their toes, as hackers will still focus on attacking public utilities. Fortune 500 companies are scrambling to try to improve security, and paying large salaries and added perks to hire executive-level cybersecurity experts.
Pirate Bay co-founder Peter Sunde has been arrested in Sweden and will have to serve his eight-month jail sentence, with police searching for him from 2012, according to Swedish National Police Board officials. Sunde was living in Germany but was recently arrested in southern Sweden, and was quickly taken into custody.
"He is extremely talented and I still think that the judgment was wrong," said Peter Althin, Sunde's defense lawyer during his legal proceedings. "It's about being on the cutting edge if one is going to be successful... but if one is too far ahead it is not always about success. Peter fought for file-sharing and in 10 years I think it goes without saying that file-sharing for one's own needs will be allowed."
In late April, Pirate Bay hit the 10 million torrent milestone, as the popular online site continues to garner a large following. Despite founders and organizers being sentenced to varying prison sentences - and millions in fines - Pirate Bay will continues to function normally.
Following news from Gartner that 75 percent of mobile security breaches will be caused by app misconfiguration, applications and third-party ad networks are accessing large amounts of information that open the door to security threats:
At least 78 percent of applications downloaded by business users connect to an ad network, social media API, or analytics API, according to mobile security company Mojave Networks.
"It is critically important that users and IT administrators understand what data is being collected from their devices, where it is being sent, and how it is being used," according to the blog post published by Mojave Networks. "Given that the majority of the sensitive data being collected occurs within these third party libraries such as ad networks, social media APIs, and analytics tools, it is therefore important to fully understand each of the libraries included in your mobilie apps."
The "Pentagon Papers" whistleblower Daniel Ellsberg doesn't believe former NSA contractor Edward Snowden would be treated fairly if he faced trial after coming back to the United States. Snowden is currently living in Russia and has avoided extradition to the United States, where he would certainly face legal issues from the federal government.
"He's a fugitive, not as Secretary Kerry says from justice - he's a fugitive from injustice," Ellsberg recently said. "He has no chance of a fair, just trial in this country. He'd be facing a jail cell from the time he stepped off the plane here. He would probably never get out, unless the Espionage Act is changed, as it should be."
Snowden said he would like to return home in the future, though that wouldn't be likely as he's still charged under the 1917 Espionage Act. Meanwhile, Secretary of State Kerry taunted the former NSA contractor, saying he's a "coward."
Enterprise security companies Palo Alto Networks and Fortinet have teamed up to create a cyber defense consortium tasked with threat intelligence data sharing in the technology industry. The consortium will also offer coordination of incident response and better prevention of cyberattacks using advanced malware.
It's something that should have been created in the past among security companies, though as advanced persistent threats (APTs) and advanced evasion techniques (AETs) continue to evolve. APT attacks, for example, are typically well-researched and conduct operations without interfering with typical day-to-day operations, which make these type of attacks difficult to identify.
" We are pleased to work with another respected innovator like Fortinet to join forces in the ongoing battle against the rapidly evolving threats stemming from advanced malware and APTs," said Mark McLaughlin, Palo Alto Networks President and CEO, in a press statement. " The consortium is a clear response to the demands from the industry for a coordinated response from their technology vendors."
Weeks after it became evident Heartbleed was one of the biggest security threats to the internet ever, one security researcher has released a proof of concept that could deploy the same vulnerability over Wi-Fi.
Luis Grangeia has called his concept 'Cupid', and it would operate in a similar way to Heartbleed. But rather than being hidden on the web, it would run over Wi-Fi and take data from routers or Android devices. Android Jelly Bean 4.1.1 devices are particularly vulnerable.
There's not quite cause for panic over this vulnerability just yet, as although there's a proof of concept the attack would have to be carried out over Wi-Fi range, which would limit potential targets, the Verge reports.
Regardless, Grangeia points out it's important for vendors, admins and users to keep their devices up to date and as protected as possible, as well as demonstrating just how big an impact Heartbleed has had, and will likely continue to have.