Archive for September, 2012

A minefield of legal risks come with “bring your own device” policies

From: The Washington Post

By Catherine Ho

If there’s one buzz word Reed Smith attorney Tim Nagle hears a lot, it’s “BYOD.”

The acronym stands for “bring your own device,” the term businesses use when they have their employees use personal cellphones and tablets to access work-related e-mails, servers and data rather than using company-issued mobile devices.

IRGC decrypts enemy confidential data: Admiral Fadavi

From: PressTV

The chief of the Islamic Revolution Guards Corps (IRGC) Navy says the IRGC cyber forces have decrypted the most confidential data of enemy states.

“Today, our cyber forces have easily accessed the most confidential information [encrypted] by the enemy and [our] cyber warfare capabilities have been effectively improved,” Rear-Admiral Ali Fadavi said on Sunday as he inaugurated IRGC Navy Information Technology (IT) systems.

Underscoring the “daily increasing activities of enemies in the cyber space”, the admiral said: “Counterrevolutionary [circles] have remarkably added to their Farsi-language satellite channels in the past one month. In the light of this trend, we have to enter this sector by relaying on our own experts with more determination and seriousness.”

Cyber Attacks On Canadian Firms Could Be Coming From China

OTTAWA (Reuters) – Canada said on Friday it was aware of an attempt by hackers to target a domestic energy company, the second time in 24 hours Ottawa had acknowledged a cyber security attack against a Canadian firm.
In both cases the Canadian government declined to comment on reports which suggested a Chinese connection.

The news comes at an awkward time for Canada’s Conservative government, which is deciding whether to approve a landmark $15.1 billion bid by China’s CNOOC Ltd to take over Canadian oil producer Nexen Inc.
Ottawa revealed the second case after being asked about a security report from computer manufacturer Dell Inc, which said it had tracked hackers who targeted a number of firms, including an unnamed energy company in Canada. Dell said on its website that the hackers had used a Chinese service provider based in Beijing Province.

Hackers Breached Adobe Server in Order to Sign Their Malware

From: Wired

By Kim Zetter

The ongoing security saga involving digital certificates got a new and disturbing wrinkle on Thursday when software giant Adobe announced that attackers breached its code-signing system and used it to sign their malware with a valid digital certificate from Adobe.

Adobe said the attackers signed at least two malicious utility programs with the valid Adobe certificate. The company traced the problem to a compromised build server that had the ability to get code approved from the company’s code-signing system.

Breach a ‘security disaster’ for IEEE

From: CSO

By Taylor Armerding

CSO— The IEEE (Institute of Electrical and Electronics Engineers) describes itself on its website as “the world’s largest professional association for the advancement of technology.”

But after a data breach that left the usernames and passwords of 100,000 of its members exposed in plain text for a month, some security experts said it is clear both the organization and at least some of its members should also be in the business of the advancement of common sense security.

The breach discovered by an independent security researcher, demonstrates an almost inexplicable lack of basic security protocols, including some of the most vulnerable passwords possible.

Canadian energy firm hit by cyber attack

From: Toronto Sun

Hackers broke into Canadian software manufacturer

By Jessica Murphy

OTTAWA – A cyber attack on a major player in Canada’s energy industry is “extremely serious,” says a former Canadian diplomat who specializes in Chinese crime and espionage.

“Canadians just don’t want to take this seriously,” Brian Adams said. “In essence, it’s an electronic war that’s going on. And this company is bringing to our attention that China could shut down the energy resources of any country in the world with this sort of thing going on.”

Pentagon expanding public-private cyber information sharing program

From: Foreign Policy

Posted By John Reed

Rather than wait for Congress to pass legislation enabling private companies to send information about cyber attacks to the U.S. government, the Pentagon is expanding a little-known program allowing defense contractors to quickly share information with the government about cyber espionage and attacks against them.

In recent years, U.S. defense contractors have famously been hit by cyber attacks compromising information on high-profile weapons systems, such as the $1.5 trillion F-35 Joint Strike Fighter program. In the case of the F-35, the attacks have led to costly software redesigns and production delays.

The Soviet spy inside the cyber security boom

Maija Palmer, Financial Times

Eugene Kaspersky rubs shoulders with world security chiefs regularly these days. He has just been on a panel with Condoleezza Rice, the former US secretary of state, at a security summit in Yalta. Next he is meeting European defence ministers in Brussels.

The co-founder and chief executive of Kaspersky Labs, the Russian internet security company, is proud of his high-level contacts – but says it is also worrying. “It is nice to be recognised, but it’s bad, too. The situation on cyber security must be so serious now if I am recognised as important.”

Russian Cyber Expert: Hackers Could Shut Down Power In Most Of The World In A Decade

From: Reuters

Uncontrolled security threats on the Internet could return much of the planet to  an era without electricity or automated transportation, top U.S. and Russian  experts said on Thursday.

Former National Security Agency Director Michael Hayden warned that the  United States had yet to resolve basic questions about how to police the  Internet, let alone how to defend critical infrastructure such as electric  generation plants.

And if recently discovered and government-sponsored intrusion software  proliferates in the same way that viruses have in the past, “somewhere in 2020,  maybe 2040, we’ll get back to a romantic time – no power, no cars, no trains,”  said Eugene Kaspersky, chief executive officer of Moscow-based Kaspersky Lab,  the largest privately held security vendor.

NSF Invests $50 Million in Research to Secure Our Nation’s Cyberspace

From: National Science Foundation

The National Science Foundation (NSF) today awarded $50 million for research projects to build a cybersecure society and protect the United States’ vast information infrastructure.

The investments were made through the NSF’s Secure and Trustworthy Cyberspace (SaTC) program, which builds on the agency’s long-term support for a wide range of cutting edge interdisciplinary research and education activities to secure critical infrastructure that is vulnerable to a wide range of threats that challenge its security.

“Securing cyberspace is key to America’s global economic competitiveness and prosperity,” said NSF Director Subra Suresh. “NSF’s investment in the fundamental research of cybersecurity is core to national security and economic vitality that embraces efficiency while also maintaining privacy.”