Independent – Page 421 – Computer Security Articles

Credit to Author: Evan Schuman| Date: Wed, 08 Mar 2017 06:48:00 -0800

Having just spent much of the day browsing through Wikileaks’ latest batch of documents from the intelligence community — in which government agents discussed ways to circumvent mobile encryption and to listen in on conversations near smart devices including smart TVs — it’s clear that government agents have long had the ability to grab mobile content before it’s encrypted.

Some of the tactics have names that are quite explicit about their function, such as a TV mode called “TV Fake-Off.” These docs provide a fascinating look into the government teams that are emulating cyberthieves, trying to improve on their techniques rather than thwart them.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

March 8, 2017 admin

CIA repurposed Shamoon data wiper, other malware

Credit to Author: Lucian Constantin| Date: Wed, 08 Mar 2017 06:35:00 -0800

The U.S. Central Intelligence Agency documents published by WikiLeaks Tuesday shows that one of the agency’s teams specializes in reusing bits of code and techniques from public malware samples.

According to the leaked documents the Umbrage team is part of the Remote Development Branch under the CIA’s Center for Cyber Intelligence. It maintains a library of techniques borrowed from in-the-wild malware that could be integrated into its own projects.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

March 8, 2017 admin

Senator probes into CloudPets smart toy hack

Credit to Author: John Ribeiro| Date: Wed, 08 Mar 2017 04:40:00 -0800

A U.S. senator is seeking answers about a data breach involving smart toys made by Spiral Toys, writing a letter to the company’s CEO asking about the company’s security practices.

Bill Nelson, a Florida Democrat, wrote in a letter Tuesday to CEO Mark Meyers that the breach raises serious questions concerning how well the company protects the information it collects, particularly from children.

Nelson also said that the incident raises questions about the vendor’s compliance with the Children’s Online Privacy Protection Act, which requires covered companies to have reasonable procedures to protect the confidentiality, security and integrity of personal information collected from children.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

March 8, 2017 admin

CIA-made malware? Now antivirus vendors can find out

Credit to Author: Michael Kan| Date: Wed, 08 Mar 2017 04:29:00 -0800

Thanks to WikiLeaks, antivirus vendors will soon be able to figure out if you have been hacked by the CIA.

On Tuesday, WikiLeaks dumped a trove of 8,700 documents that allegedly detail the CIA’s secret hacking operations, including spying tools designed for mobile phones, PCs and smart TVs.

WikiLeaks has redacted the source code from the files to prevent the distribution of cyber weapons, it said. Nevertheless, the document dump — if real — still exposes some of the techniques that the CIA has allegedly been using.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

March 8, 2017 admin

Senate resolution aims to roll back privacy rules for ISPs

Credit to Author: John Ribeiro| Date: Wed, 08 Mar 2017 03:57:00 -0800

A resolution introduced in the U.S. Senate on Tuesday aims to roll back privacy rules for broadband service providers that were approved by the Federal Communications Commission in October.

The rules include the requirement that internet service providers like Comcast, AT&T, and Verizon obtain “opt-in” consent from consumers to use and share sensitive personal information such as geolocation and web browsing history and also give customers the choice to opt out from the sharing of non-sensitive information such as email addresses or service tier information.

The rules have been opposed by ISPs that argue that they are being treated differently from other Internet entities like search engines and social networking companies.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

March 8, 2017 admin

Apple says it has already patched ‘many’ (not all) leaked CIA exploits

Credit to Author: Jonny Evans| Date: Wed, 08 Mar 2017 03:51:00 -0800

Details concerning multiple iOS, Mac, and AirPort exploits allegedly used by the CIA were published by Wikileaks late last night.

The documents reveal an extensive quantity of exploits used against Apple devices, thought WikiLeaks has not published any of the technical details or computer code that was also leaked to prevent these hacks disseminating any further. (Though we don’t know who else got the data).

Post-privacy

The documents offer the deepest look yet into how intelligence services (including the CIA, GCHQ, and others) have worked together to undermine the security of products from multiple vendors, including Apple.

To read this article in full or to leave a comment, please click here

Independent Krebs

March 7, 2017 admin

Payments Giant Verifone Investigating Breach

Credit to Author: BrianKrebs| Date: Tue, 07 Mar 2017 18:02:30 +0000

Credit and debit card payments giant Verifone [NYSE: PAY] is investigating a breach of its corporate computer networks that could impact companies running its point-of-sale solutions, according to multiple sources. Verifone says the extent of the breach was “limited” and that its payment services network was not impacted. San Jose, Calif.-based Verifone is the largest maker of credit card terminals used in the United States. It sells point-of-sale terminals and services to support the swiping and processing of credit and debit card payments at a variety of businesses, including retailers, taxis, and fuel stations. On Jan. 23, 2017, Verifone sent an “urgent” email to all company staff and contractors, telling them that they had 24 hours to change all company passwords.

ComputerWorld Independent

March 7, 2017 admin

Android gets patches for critical OpenSSL, media server and kernel driver flaws

Credit to Author: Lucian Constantin| Date: Tue, 07 Mar 2017 08:37:00 -0800

A five-month-old flaw in Android’s SSL cryptographic libraries is among the 35 critical vulnerabilities Google fixed in its March security patches for the mobile OS.

The first set of patches, known as patch level 2017-03-01, is common to all patched phones and contains fixes for 36 vulnerabilities, 11 of which are rated critical and 15 high. Android vulnerabilities rated critical are those that can be exploited to execute malicious code in the context of a privileged process or the kernel, potentially leading to a full device compromise.

One of the patched vulnerabilities is located in the OpenSSL cryptographic library and also affects Google’s newer BoringSSL library, which is based on OpenSSL. What’s interesting is that the flaw, identified as CVE-2016-2182, was patched in OpenSSL back in September. It can be exploited by forcing the library to process an overly large certificate or certificate revocation list from an untrusted source.

To read this article in full or to leave a comment, please click here