Archive for July, 2015
Payment service providers and merchants should lose no time in assessing the affect of proposed European security regulations
The European Commission (EC) is bringing in regulations to improve the security of online e-commerce payments that will have significant implications for the way individuals and companies do business online.
Whilst the regulations are not only about security – they also seek to bring more payment services under regulation and to help open the market up to new entrants – this piece will focus on some of the security matters.
From: The Hill
By Cory Bennett
Hackers supported by the Russian government are allegedly using Twitter to control malware that is stealing data from U.S. companies and potentially even the U.S. government.
Security firm FireEye on Wednesday released a report showing that one of the most active Russian hacking groups covers up and coordinates its digital assaults through a complex method involving fake Twitter accounts and encrypted data buried in seemingly innocuous photos.
The hackers who stole data on tens of millions of U.S. insurance holders and government employees in recent months breached another big target at around the same time — United Airlines.
United, the world’s second-largest airline, detected an incursion into its computer systems in May or early June, said several people familiar with the probe. According to three of these people, investigators working with the carrier have linked the attack to a group of China-backed hackers they say are behind several other large heists — including the theft of security-clearance records from the U.S. Office of Personnel Management and medical data from health insurer Anthem Inc.
From: Bloomberg Business
Facebook Inc. says this enhances the user experience. But privacy advocates say the company’s technology — which regulators in Europe and Canada have ordered shut off — should only be used with explicit permission.
As commercial use of facial recognition technology grows to replace password log-ins, find people in photos and someday even customize displays for shoppers as they browse in stores, it’s raised privacy questions. That’s one reason the U.S. government is participating in a working group to develop rules for companies using facial recognition — even if those are voluntary.
NHTSA Official: Breach Is “First Example Of What’s To Come”
A cyber-security gap that allowed for the remote hacking of a Jeep Cherokee has federal officials concerned. An associate administrator with the National Highway Traffic Safety Administration said Thursday that news of the breach conducted by researchers Chris Valasek and Charlie Miller had “floated around the entire federal government.”
I was driving 70 mph on the edge of downtown St. Louis when the exploit began to take hold.
Though I hadn’t touched the dashboard, the vents in the Jeep Cherokee started blasting cold air at the maximum setting, chilling the sweat on my back through the in-seat climate control system. Next the radio switched to the local hip hop station and began blaring Skee-lo at full volume. I spun the control knob left and hit the power button, to no avail. Then the windshield wipers turned on, and wiper fluid blurred the glass.
The original Lonestar was a 50-gigaflops Cray T3E with 88 processsors. With Lonestar 5, TACC is installing a Cray XC40 machine with more than 30,000 Intel Xeon processing cores delivering 1.25 petaflops of computing power. Specs include 1,252 nodes of dual-socket 12-core Intel Xeon E5-2600 v3 processors, two large shared memory nodes with 1 TB each, eight large shared memory nodes with 500 GB each and a 1.2 PB DDN storage system, running on Cray Aries interconnect. The system will replace the Dell PowerEdge-based Lonestar 4 in serving Texas researchers with a wide variety of application needs.
BROOKLYN, NEW YORK — Medical infusion pumps, which intravenously deliver drugs to millions of hospital patients in the United States every year, often have basic security flaws that could let hackers deliver fatal overdoses and which manufacturers may be unwilling to address, a security researcher said at the Summercon 2015 hacker conference here yesterday (July 18).
Billy Rios, a former U.S. Marine and Google and Microsoft security engineer who now runs his own firm in the Bay Area, singled out infusion pumps made by Lake Forest, Illinois-based Hospira as an example, although he implied other brands probably had similar issues. He added that Hospira’s pump-management software had a secret administrative account with a built-in, hard-coded password of “12345678”.
From: The Hill
By Cory Bennett
United Airlines has given out millions of frequent fliers miles to hackers who hand discovered security flaws in the company’s system, Reuters reported.
The program, first announced in May, was launched amid growing fears that airlines, planes and the whole air traffic control system are sitting ducks for cyberattackers. So-called “bug-bounty” programs are common at major tech companies like Google, but United was the first airline to try such an approach to shoring up security.
From: The Diplomat
Beijing hopes to make cyberspace “safe and harmonious” territory.
By Jennifer Zhang
China has been eager to claim its “Internet sovereignty” since the 18th party congress, with Internet control naturally topping the central leadership’s agenda. The recently released cyber security law draft, while aiming to codify the previously scattered Internet regulation policies and solidify Cyberspace Administration’s status as the leading Internet governing body, has demonstrated the country’s determination to take a more effective and concentrated approach to make cyberspace “safe and harmonious” territory.