ComputerWorld – Page 189 – Computer Security Articles

Credit to Author: Michael Kan| Date: Thu, 09 Mar 2017 03:57:00 -0800

WikiLeaks has attracted plenty of haters over its controversial disclosures. But the site may be in a unique position to help tech vendors better secure their products.

That’s because WikiLeaks has published secret hacking tools allegedly taken from the CIA, which appear to target smartphones, smart TVs and PCs.

Companies including Apple and Cisco have been looking through the stolen documents to address any vulnerabilities the CIA may have exploited. However, WikiLeaks might be able to speed up and expand the whole process.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

March 8, 2017 admin

Security holes in Confide messaging app exposed user details

Credit to Author: Michael Kan| Date: Wed, 08 Mar 2017 12:51:00 -0800

Confide, a messaging app reportedly used by U.S. White House staff, apparently had several security holes that made it easier to hack.

Security consultancy IOActive found the vulnerabilities in Confide, which promotes itself as an app that offers “military-grade” end-to-end encryption.

But despite its marketing, the app contained glaring problems with securing user account information, IOActive said in a Wednesday post.

The consultancy noticed it could access records for 7,000 Confide users by exploiting vulnerabilities in the app’s account management system. Part of the problem resided with Confide’s API, which could be used to reveal data on user’s phone numbers and email addresses.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

March 8, 2017 admin

Leaked docs suggest NSA and CIA behind Equation cyberespionage group

Credit to Author: Lucian Constantin| Date: Wed, 08 Mar 2017 12:40:00 -0800

Purported CIA documents leaked Tuesday appear to confirm that the U.S. National Security Agency and one of the CIA’s own divisions were responsible for the malware tools and operations attributed to a group that security researchers have dubbed the Equation.

The Equation’s cyberespionage activities were documented in February 2015 by researchers from antivirus vendor Kaspersky Lab. It is widely considered to be the most advanced cyberespionage group in the world, based on the sophistication of its tools and the length of its operations, some possibly dating as far back as 1996.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

March 8, 2017 admin

CIA hacking tools targeting Windows

Credit to Author: Darlene Storm| Date: Wed, 08 Mar 2017 08:22:00 -0800

By releasing information about CIA hacking tools, WikiLeaks has given a new meaning to March Madness.

The CIA’s project Fine Dining is intriguing, since it outlines DLL hijacks for Sandisk Secure, Skype, Notepad++, Sophos, Kaspersky, McAfee, Chrome, Opera, Thunderbird, LibreOffice, and some games such as 2048, which the CIA writer “got a good lol out of.” Yet I was curious about what the CIA does to targeted machines running Windows since so many people use the OS.

Nearly everything dealing with the CIA hacking arsenal and Windows is labeled as “secret.” Nicholas Weaver, a computer scientist at the University of California at Berkeley, told NPR that the Vault 7 release is not all that big of a deal, not too surprising the agency hacks. Yet if “Year Zero” was obtained by a non-government hacker compromising the CIA’s system, then that would be a big deal.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

March 8, 2017 admin

IDG Contributor Network: Why the Samsung TV spying hack is way overblown

Credit to Author: John Brandon| Date: Wed, 08 Mar 2017 07:25:00 -0800

Major media has some egg on their face over this one.

Drawn to the attention-grabbing idea of your Samsung TV being compromised by the CIA, and knowing a lot of people have a Samsung TV, the headlines went something like this.

WikiLeaks says CIA hacked Samsung smart TVs

Why your smart TV is the perfect way to spy on you

None of these reports bothered to explain any of the details.

As noted in Wired and in this Forbes report, the CIA cannot spy on you over wireless. To update a Samsung TV, they’d need to use a USB key to install a firmware update. Also, the televisions are older models from 2013. To record any conversations or video, the CIA would then have to copy files back onto the USB drive.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

March 8, 2017 admin

If the CIA can sidestep encryption, what makes you think cyberthieves can’t?

Credit to Author: Evan Schuman| Date: Wed, 08 Mar 2017 06:48:00 -0800

Having just spent much of the day browsing through Wikileaks’ latest batch of documents from the intelligence community — in which government agents discussed ways to circumvent mobile encryption and to listen in on conversations near smart devices including smart TVs — it’s clear that government agents have long had the ability to grab mobile content before it’s encrypted.

Some of the tactics have names that are quite explicit about their function, such as a TV mode called “TV Fake-Off.” These docs provide a fascinating look into the government teams that are emulating cyberthieves, trying to improve on their techniques rather than thwart them.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

March 8, 2017 admin

CIA repurposed Shamoon data wiper, other malware

Credit to Author: Lucian Constantin| Date: Wed, 08 Mar 2017 06:35:00 -0800

The U.S. Central Intelligence Agency documents published by WikiLeaks Tuesday shows that one of the agency’s teams specializes in reusing bits of code and techniques from public malware samples.

According to the leaked documents the Umbrage team is part of the Remote Development Branch under the CIA’s Center for Cyber Intelligence. It maintains a library of techniques borrowed from in-the-wild malware that could be integrated into its own projects.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

March 8, 2017 admin

Senator probes into CloudPets smart toy hack

Credit to Author: John Ribeiro| Date: Wed, 08 Mar 2017 04:40:00 -0800

A U.S. senator is seeking answers about a data breach involving smart toys made by Spiral Toys, writing a letter to the company’s CEO asking about the company’s security practices.

Bill Nelson, a Florida Democrat, wrote in a letter Tuesday to CEO Mark Meyers that the breach raises serious questions concerning how well the company protects the information it collects, particularly from children.

Nelson also said that the incident raises questions about the vendor’s compliance with the Children’s Online Privacy Protection Act, which requires covered companies to have reasonable procedures to protect the confidentiality, security and integrity of personal information collected from children.

To read this article in full or to leave a comment, please click here