Here is my collection of security trends for 2012 from different sources:
Windows XP will be the biggest security threat in 2012 according to Sean Sullivan, security advisor at F-Secure: “People seem to be adding new systems without necessarily abandoning their old XP machines, which is great news for online criminals, as XP continues to be their favourite target.”
F-Secure also says also that it might not be long before the cyber criminals turn their attentions to tablet devices. Attacks against mobile devices have become more common and I expect this to continue this year as well.
Americans more susceptible to online scams than believed, study finds. A recent survey from The Ponemon Institute and PC Tools dives into this question and reveals a real gap between how aware Americans think they are of scams and how likely they actually are to fall for them.
Fake antivirus scams that have plagued Windows and Mac OSX during the last couple of years and now it seems that such fake antivirus scams have spread to Android. Nearly all new mobile malware in Q3 2011 was targeted at Android.. When antivirus software becomes a universally accepted requirement (the way it is on Windows is the day), has the platform has failed and missed the whole point of being mobile operating system?
Cyber criminals are developing more sophisticated attacks and the police will counterattack.
Mobile phone surveillance will increase and more details of it will surface. Last year’s findings have included Location data collecting smart-phones, Carrier IQ phone spying busted and Police Surveillance system to monitor mobile phones. In USA the Patriot Act lets them investigate anything, anywhere, without a warrant. Now they are on your devices and can monitor everything. Leaked Memo Says Apple Provides Backdoor To Governments: “in exchange for the Indian market presence” mobile device manufacturers, including RIM, Nokia, and Apple (collectively defined in the document as “RINOA”) have agreed to provide backdoor access on their devices.
Geo-location tagging in smartphones to potentially cause major security risks article says that geo-location tagging security issues are likely to be a major issue in 2012—and that many users of smartphones are unaware of the potentially serious security consequences of their use of the technology. When smartphones images to the Internet (to portals such Facebook or Flickr) there’s a strong chance they will also upload the GPS lcoation data as well. This information could be subsequently misused by third parties.
You need to find your balance between freedom and security (
Vapauden ja turvallisuuden tasapaino). Usernames poured out for all to see, passwords and personal identification numbers are published. A knowledge of access management is even more important: who has the right to know when and where the role of functioning? Access, identity and role management are essential for the protection of the whole system. Implementation of such systems is still far from complete.
When designing networked services, the development of safety should taken into account in the planning stage, rather than at the end of execution. Even a secure network and information system can not act as operating a vacuum.
Reliability of the server certificates will face more and more problems. We can see more certificate authority bankruptcies due cyber attacks to them. Certificate attacks that have focused on the PC Web browsers, are now proven to be effective against mobile browsers.
Stonesoft says that advanced evasion techniques (AET) will be a major threat. Stonesoft discovered that with certain evasion techniques (particularly when combined in particular combinations) they could sneak common exploits past many IDS/IPS systems (including their own, at the time last summer). Using the right tool set (including a custom TCP/IP stack) attackers could sneak past our best defenses. This is real and they foresee a not too distant future where things like botnet kits will have this as a checkbox feature.
Rise of Printer Malware is real. Printer malware: print a malicious document, expose your whole LAN says that sending a document to a printer that contained a malicious version of the OS can send your sensitive document anywhere in Internet. Researchers at Columbia University have discovered a new class of security flaws that could allow hackers to remotely control printers over the Internet. Potential scenario: send a resume to HR, wait for them to print it, take over the network and pwn the company. HP does have firmware update software for their printers and HP Refutes Inaccurate Claims; Clarifies on Printer Security. I wonder how many more years until that old chain letter, where some new insidious virus infects everything from your graphics card to your monitor cable, becomes true.
Unauthorized changes in the BIOS could allow or be part of a sophisticated, targeted attack on an organization, allowing an attacker to infiltrate an organization’s systems or disrupt their operations. How Do You Protect PCs from BIOS Attacks? The U.S. National Institute of Standards and Technology (NIST) has drafted a new computer-security publication that provides guidance for computer manufacturers, suppliers, and security professionals who must protect personal computers as they start up “out of the box”: “BIOS Integrity Measurement Guidelines,” NIST Special Publication 800-155.
According to Stonesoft security problems threaten the lives and the year 2012 may be the first time when we lose lives because of security offenses. According to the company does this happen remains to be seen, but the risk is due to industrial SCADA systems attacks against targets such as hospitals or automated drug delivery systems. I already posted around month ago about SCADA systems security issues.
849 Comments
Tomi Engdahl says:
Wanted: Hackers For Large-Scale Attacks On American Banks
http://news.slashdot.org/story/12/10/06/0113202/wanted-hackers-for-large-scale-attacks-on-american-banks
“RSA’s FraudAction research team has been monitoring underground chatter and has put together various clues to deduce that a cybercrime gang is actively recruiting up to 100 botmasters to participate in a complicated man-in-the-middle hijacking scam using a variant of the proprietary Gozi Trojan. This is the first time a private cybercrime organization has recruited outsiders to participate in a financially motivated attack”
Tomi says:
Crimes of Technology
http://www2.electronicproducts.com/Crimes_of_Technology-article-FANE_technology_crimes_Oct2012-html.aspx
It seems like crime has taken on a new meaning in the digital age. No longer are authorities confronted with just the traditional horrors such as robbery, kidnapping, or even murder. Although technology has afforded criminal justice officials new and improved methods to capturing criminals, technology has also provided the criminals themselves with new opportunities to commit offenses.
Tomi says:
Laser Strikes On Aircraft Becoming Epidemic
http://yro.slashdot.org/story/12/10/06/2018229/laser-strikes-on-aircraft-becoming-epidemic
“The FBI says that laser strikes are becoming epidemic, saying that they expect to see reports of 3,700 of them this year.”
Laser strikes against airplanes now an “epidemic,” says FBI
“I had temporary blindness. My eyes were burning,” says pilot.
http://arstechnica.com/gadgets/2012/10/laser-strikes-against-airplanes-now-an-epidemic-says-fbi/
You may not be the kind of person who gets his kicks by standing at the end of a runway and firing a small laser into the cockpit of jets during their takeoffs and landings—but plenty of other people are. In 2005, the FBI only heard about 283 such incidents; this year, it expects to record 3,700.
What does it look like when a helicopter tracks down a guy with a laser? The FBI released the video
Those caught could face up to five years in jail and up to an $11,000 fine.
LASER STRIKES against US planes on the rise
Zap attacks now at ‘epidemic’ levels
http://www.theregister.co.uk/2012/10/05/laser_strike_epidemic/
The next time you find yourself on an airline flight coming in for a landing, consider this: at that very moment, someone on the ground could be training a handheld laser at your aircraft’s cockpit.
It happens more often than you think.
The problem is twofold, say the Feds. First, laser technology has plummeted in price in recent decades. Low-powered laser pointers can be purchased for as little as $1, yet even these “toys” can have effective ranges of up to two miles. Meanwhile, individuals can now buy industrial lasers with significantly more power online fairly easily.
Second, an individual aiming a laser from the ground often has no real conception of the effect the beam will have on a faraway target. A laser pointer aimed at a nearby wall looks like a small, glowing dot, no more than a centimeter or two in diameter. But the farther laser light travels, the more diffuse it becomes, causing it to illuminate a larger area.
“At 500 feet,” says Tim Childs of the Federal Air Marshal Service, “that two-centimeter dot you see on your wall can be six feet wide.” That’s wide enough to light up an entire cockpit, with an intensity that’s comparable to a camera flash.
Although there have been no known incidents of an airplane actually crashing due to a laser strike, the FBI says there have been eye injuries, enough to make the current “epidemic” of laser attacks a serious threat to aviation security.
“Use a laser pointer for what it’s made for. Aiming a laser pointer at an aircraft is dangerous and reckless. Just don’t do it,”
Tomi Engdahl says:
Mozilla to prompt Firefox users on Windows with old versions of Adobe Reader and Flash, Silverlight
http://thenextweb.com/insider/2012/10/05/mozilla-to-prompt-firefox-users-on-windows-with-old-versions-of-adobe-reader-and-flash-silverlight/
Mozilla today announced it will soon start prompting Firefox users to upgrade select old plugins. This will only affect Windows users, and three plugins: Adobe Reader, Adobe Flash, and Microsoft Silverlight.
Mozilla says Firefox users will “soon see a notification urging them to update” when they visit a web page that uses the plugins. Unfortunately, Mozilla did not share a date for when this will start happening, what the message will look like, nor which versions it will specifically be targeting.
Tomi Engdahl says:
Kaspersky adds mugshot feature to Mobile Security software
http://www.theinquirer.net/inquirer/news/2215093/kasperky-adds-mugshot-feature-to-mobile-secuirty-software
SECURITY FIRM Kaspersky has updated its Android mobile security software today with a “Mugshot” feature to help users to identify phone thieves by taking photos of the user via a front-facing camera.
Activated via the software’s Web Management interface, photos taken of the thieves are uploaded to a portal where the smartphone owner can view them.
Kaspersky said it also remains possible to control the device remotely via special SMS based commands, along with the SIM Watch function that offers an alternative method of remote control.
Tomi Engdahl says:
Chinese telephone and telecommunications equipment manufacturers Huawei and ZTE pose a risk to U.S. national security, because the devices can be used for Chinese American espionage. This is revealed congressional investigations, says finance magazine, The Wall Street Journal.
In addition, the Committee recommends that the U.S. administration to avoid the use of devices made by companies and attempts to find an alternative.
- We simply can not make such critical systems for companies with well-known ties to the Chinese state
Source: http://www.itviikko.fi/uutiset/2012/10/08/isku-huaweille-ja-ztelle–usa-torjuu-laitekaupat/201239394/7?rss=8
Tomi Engdahl says:
China Tech Giant Under Fire
Congressional Probe Says Huawei Poses National-Security Threat to the U.S.
http://online.wsj.com/article/SB10000872396390443615804578041931689859530.html?mod=WSJEurope_hpp_LEFTTopStories
A Chinese telecommunications giant that has been attempting to expand in the U.S. poses a national-security threat and may have violated U.S. laws, according to a congressional investigation.
In a report to be released Monday, the committee recommends that the U.S. block acquisitions or mergers involving the two companies through the Committee on Foreign Investments in the U.S. It also recommends that the U.S. government avoid using equipment from the firms, and that U.S. companies seek alternative vendors for telecommunications equipment.
The report comes as a blow to the two Chinese firms, which have mounted a major lobbying campaign in Washington to allay fears of government influence in their operations.
Huawei spokesman William Plummer called national-security concerns “baseless,”
ZTE says that its status as a publicly traded company has ensured that it is transparent about its practices with the public and the intelligence committee.
House intelligence committee chairman Mike Rogers (R., Mich.) said of U.S. telecommunications networks: “We simply cannot trust such vital systems to companies with known ties to the Chinese state, a country that is the largest perpetrator of cyberespionage against the U.S.”
Concerns about Chinese spying have grown in the past year. U.S. intelligence agencies allege China is the most active and persistent perpetrator of economic espionage against U.S. firms. A string of alleged Chinese cyberspying incidents targeting firms ranging from Google to the computer-security firm RSA have contributed to these worries. China has denied engaging in corporate espionage.
“Neither company was willing to provide sufficient evidence to ameliorate the committee’s concerns,” said a draft of the committee’s report. “The risks associated with Huawei’s and ZTE’s provisions of equipment to U.S. critical infrastructure could undermine core U.S. national security interests.”
The committee states in its report that it focused on the two companies because their Chinese ownership poses the greatest threat to U.S. national security.
Tomi Engdahl says:
Organizations will flow millions of euros in costs per year because of launch cyber-attacks, estimates research firm Ponemon Institute.
The attacks cause over the past year U.S. organizations an average of about 8.9 million dollars, or about 6.8 million Euros. Compared to last year the number is six per cent higher.
The attacks cause external costs, such as disturbances in the business, data theft, a narrowing of net sales, and equipment damage. Organization’s internal financial charge to launch cyber-attacks such as the interpretation of the problem and repair the current work, as well as protection from attacks.
Source: http://www.tietoviikko.fi/kaikki_uutiset/yrityksilta+palaa+miljoonia+vuodessa+kyberhyokkayksiin/a845554?s=r&wtm=tietoviikko/-08102012&
Tomi Engdahl says:
The police made a raid on the Pirate Bay – The Swedish government websites crashed
A handful of Swedish government online services remained for most of last week out of action due to denial of service attacks by Anonymous.
“We see this as a crime against freedom of speech, and that is why we have prevented the Swedish government action of some sites,”
Source: http://www.tietoviikko.fi/kaikki_uutiset/poliisi+teki+pirate+bay+ratsian++ruotsin+valtion+verkkosivustoja+kaatui/a845399?s=u&wtm=tivi-08102012
Tomi Engdahl says:
Exclusive: Anatomy Of A Brokerage IT Meltdown
http://www.informationweek.com/security/attacks/exclusive-anatomy-of-a-brokerage-it-melt/240008569
Regulators last year issued the SEC’s first-ever privacy fine against broker-dealer GunnAllen for failing to protect customer data. But former IT staffers say regulators didn’t seem to know half of this cautionary tale of outsourcing and oversight gone wrong.
The network slowdown was one of the first clues that something was amiss at GunnAllen Financial, a now defunct broker-dealer whose IT problems were only a symptom of widespread mismanagement and deeper misconduct at the firm.
network engineer eventually pinpointed the cause of the slowdown: A senior network engineer had disabled the company’s WatchGuard firewalls and routed all of the broker-dealer’s IP traffic–including trades and VoIP calls–through his home cable modem.
As a result, none of the company’s trades, emails, or phone calls were being archived, in violation of Securities and Exchange Commission regulations.
Despite the fact that at least five people at The Revere Group knew about the engineer’s action, it’s unclear whether it was reported at the time to GunnAllen or regulators.
What follows is a chronicle of one firm’s myriad IT and other missteps over a period of at least four years, as related by former employees and various official documents. It’s a cautionary tale of what happens when a company tosses all IT responsibility over a wall and rarely peeks back. It also reveals what happens when an IT outsourcing vendor gets in over its head, and it points to the failures of regulators to identify and clean up a corporate mess on a grand scale.
While these missteps go back as far as seven years, they have continuing relevance today in the context of how businesses oversee outsourcing, information security, regulatory, and employee matters.
Tomi Engdahl says:
Smith, the privacy expert, offered four takeaways for any company that outsources its IT department:
One, you need to do your due diligence up front so you know that your service provider can keep this safe.
Two, you need to have contractual obligations that allow you to keep this data safe, and audit that.
Three, monitor so you know it’s safe.
And four, if there’s unauthorized access, have your service provider notify you promptly.
Benchmarking normal activity and then monitoring for users who stray from that norm is an essential strategy for getting ahead of potential data and system breaches. But choosing the right tools is only part of the effort. Without sufficient training, efficient deployment and a good response plan, attackers could gain the upper hand.
Source: http://www.informationweek.com/security/attacks/exclusive-anatomy-of-a-brokerage-it-melt/240008569?pgno=3
Tomi Engdahl says:
Owners the right to ask for more and more reckless Google to censor content.
TorrentFreak predicts that removal requirements will increase in the future. At the moment, the “false alarms” will not be penalized in any way, so at worst mistaken public copyright requirements can hamper access to legal services activities.
Source: http://www.tietoviikko.fi/kaikki_uutiset/microsoftin+poistopyynnot+holtittomia++vaatii+googlea+sensuroimaan+luvun+45/a845773?s=r&wtm=tietoviikko/-09102012&
Tomi Engdahl says:
Flaws allow 3G devices to be tracked
http://www.scmagazine.com.au/News/317819,flaws-allow-3g-devices-to-be-tracked.aspx
Devices trackable over any 3G network.
New privacy threats have been uncovered by security researchers that could allow every device operating on 3G networks to be tracked.
The vulnerabilities could be exploited with cheap commercial off-the-shelf technology to reveal the location of phones and other 3G-capable devices.
The flaws affected the latest 3G networks that were hardened by discarding GSM interoperable networks that were long known to be vulnerable to interception techniques.
Attackers did not need to perform cryptographic operations nor possess security keys to instigate the attacks.
“[These] kind of vulnerabilities usually look trivial once uncovered but often remain unnoticed for [a] long time, since they do not involve fancy cryptography but are caused by errors in the protocol logic,” the researchers wrote in a paper.
The 3G global industry watchdog, the 3GPP, is investigating the research. It was reportedly informed of the flaws about six months ago, but lengthy revision processes for global mobile phone protocols could explain why fixes have not been circulated and implemented.
Two attacks were conducted using off-the-shelf kit and a rooted — or modified — femtocell unit which broadcasted a 3G signal. The attacks were made by intercepting, altering and injecting 3G Layer-3 messages into communication between the base station and mobile phones in both directions.
One attack, the IMSI paging attack, forced mobile devices to reveal the static identity (TMSI) in response to a temporary number (IMSI) paging request which contained the IMSI, a number which was assumed was known to the attacker.
This would reveal the presence of devices in a monitored area, breaking anonymity and ‘unlinkability’ by revealing the IMSI and TMSI correlation.
In the Authentication and Key Agreement (AKA) protocol attack, the same authentication request would be injected to all phones in range causing all but the targeted device – which would return a Mac failure — to respond with synchronisation failures.
The researchers wrote that the attacks could be used to track staff movements within a building.
“If devices with wider area coverage than a femtocell are used, the adversary should use triangulation to obtain finer position data.”
Tomi Engdahl says:
Human Rights Groups Report A Surge In Highly Targeted Malware For Macs
http://www.forbes.com/sites/andygreenberg/2012/10/08/human-rights-groups-report-a-surge-in-highly-targeted-malware-for-macs/
The security world has long cautioned Mac users that the lack of malware targeting their machines has been a function of cybercriminals’ focus on Windows’ larger market share, not of Apple’s brilliant security.
So when today’s espionage-focused hackers now set out to infect networks in highly targeted attacks, one human-rights group is warning that the illusion of security Mac users once enjoyed is a thing of the past.
At the SecTor conference in Toronto last week, security researcher Seth Hardy of the University of Toronto’s Citizen Lab research center warned that 2012 has seen a significant increase in new variants of targeted, Mac-focused malware reported to the group by the human rights organizations it seeks to aid.
many of the groups are in the Tibetan activist community. And given the difficult nature of tracing cyberattacks, Citizen Lab hasn’t tried to identify the groups behind the malware variants or whether they were used by government or private hackers, either.
Hardy believes that Mac-focused, targeted malware is just beginning to grow in volume and sophistication, and he suggests Apple users take the same precautions as other organizations, like teaching staffers to take a skeptical approach to attachments or external links in emails that might run a software exploit on their machine or route them to an infected web page, as well as running antivirus as a secondary layer of defense.
Tomi Engdahl says:
Kernel crimps make Windows 8 a hacker hassle
The kernel is the new battleground, says ReactOS and iOS co-author Alex Ionescu
http://www.theregister.co.uk/2012/10/09/windws_8_hacker_hassle/
Windows 8 will make hackers’ lives hard, says Windows internals expert, security researcher and co-author of Apple’s iOS and the open source Windows XP clone ReactOS, Alex Ionescu.
Now chief architect at CrowdStrike, a security company focused on nation-state adversaries, Ionescu says Windows 8 builds on the usermode exploit mitigations introduced into Windows Vista and 7 with new approaches to security that attempt to mitigate kernel mode attacks.
He’ll tell the audience that many pathways to exploitation will be sealed off in the latest Windows release.
That Windows will be targeted is hard to doubt, given that in the past hackers have treated security in Microsoft’s flagship as an unmitigated joke. Writing exploits for Windows XP was extremely easy and the resulting boom in malware affecting Windows users was unprecedented. But companies like Microsoft and Adobe have made significant headway in recent years by introducing exploit mitigations to their products.
Regardless of all the mitigations, disastrous exploits affecting Windows 7 still surface from time to time, and that will no doubt continue with Windows 8.
Tomi Engdahl says:
Microsoft: Pirates at high risk of malware infection
Freetards have only themselves to blame
http://www.theregister.co.uk/2012/10/10/ms_security_intel_report_v13/
Web-based attacks are on the rise, but according to Microsoft security researchers, the risks involved with casual browsing are nothing compared to the dangers of downloading and sharing illicit software, videos, music, and other media.
In the latest edition of the Microsoft Security Intelligence Report, published on Monday, Redmond’s Trustworthy Computing Group warns of a growing trend of malware infection via “unsecure supply chains,” which the report defines as “the websites, protocols, and other channels by which software and media are informally distributed.”
Examples of these so-called supply chains include underground websites, peer to peer networks, bootleg discs, and unreliable software archives – in short, anywhere media might be found that’s off the beaten track.
“Preying on the desire to ‘get a good deal’ is a form of social engineering that has been around for a long time, but it’s proving to be a perennially popular method for malware distributors,”
It’s a scary underworld out there
Microsoft’s report goes on to explain that illegal software isn’t the only risk vector. A category of malware called ASX/Wimad can disguise itself as a number of popular media file formats – including MP3, AVI, and WMV, among others – and exploit a Windows Media Player bug to download a malware payload. While this type of malware wasn’t as prevalent as Win32/Keygen in Microsoft’s research, it was still in the Top Ten threats detected on most versions of Windows.
According to Redmond’s report, avoiding all of these malware threats is largely a matter of following the usual advice. Users should have antimalware installed and their definition files should be up to date. They should also make sure that they have the latest security patches installed, both for their OS and for all of their applications.
Tomi Engdahl says:
HTTPS Everywhere plugin from EFF protects 1,500 more sites
The browser extension makes it easier to connect to encrypted websites.
http://arstechnica.com/security/2012/10/https-everywhere-plugin-from-eff-protects-1500-more-sites/
Members of the Electronic Frontier Foundation have updated their popular HTTPS Everywhere browser plugin to offer automatic Web encryption to an additional 1,500 sites, twice as many as previously offered.
A previous update to HTTPS Everywhere introduced an optional feature known as the Decentralized SSL Observatory. It detects and warns about possible man-in-the-middle attacks on websites a user is visiting. It works by sending a copy of the site’s SSL certificate to the EFF’s SSL Observatory. When EFF detects anomalies, it sends a warning to affected end users.
Tomi Engdahl says:
Microsoft: 76% of pirates trying to get free software end up with malware infecting their PCs
http://thenextweb.com/microsoft/2012/10/09/microsoft-76-of-pirates-trying-to-get-free-software-end-up-with-malware-infecting-their-pcs/
One of the biggest shifts, according to Microsoft, has been the growth of key generators and its link with the spread of malware. The software giant found that Win32/Keygen, which represents key generators, was the most commonly reported threat family between January 2012 and June 2012. It was detected by Redmond nearly 5 million times, and so the software giant is warning pirates to avoid them.
If you’ve never heard of key generators (keygens for short), they’re little utilities that users can use to help pirate software. As their name implies, they generate keys for products that require validation to install or activate.
Tomi Engdahl says:
Huawei faces exclusion from planned Canada govt network
http://in.reuters.com/article/2012/10/10/usa-china-huawei-canada-idINDEE8980EO20121010
(Reuters) – Canada indicated strongly on Tuesday it would exclude Chinese telecom equipment giant Huawei Technologies Co Ltd from helping to build a secure Canadian government communications network because of possible security risks.
Tomi Engdahl says:
102 successful web attack a week
HP Ponemon Institute research institute commissioned by 2012 Cost of Cyber Crime Study shows that the number of cyber attacks has more than doubled in the last three years.
At the same time attack the economic costs have risen by almost 40 per cent.
The annual average cost of a comparison of selected organizations in the United States among the 8.9 million U.S. dollars. This means a six percent increase compared to 2011 and 38 percent growth compared to 2010.
The 2012 survey also revealed that 42 per cent volume growth in cybercrime.
In 2012, the attack was carried out successfully on average 102 times during the week.
“Companies and organizations use continuously more time, money and energy to the fight against cyber-attacks. Impact an organization’s resources is unsustainable in the long term,”
Source: http://www.tietoviikko.fi/kaikki_uutiset/102+onnistunutta+nettihyokkaysta+viikossa/a845960?s=r&wtm=tietoviikko/-10102012&
Tomi Engdahl says:
Monster botnet held 800,000 people’s details
http://www.securityfocus.com/news/11580?ref=rss
The Mariposa botnet had the power to dwarf Georgia and Estonia cyberattacks if it had been used to launch denial of service attacks, say Spanish police.
Months of investigations by the Guardia Civil in Spain, the FBI and security firm Panda Security and Defence Intelligence led to the takedown of the 12.7 million strong zombie network in December and the arrest of three suspects in Spain two months later.
At a press conference announcing the operation in Madrid on Wednesday, Spanish police said they recovered the personal details of 800,000 people from systems recovered from three alleged cybercriminals. This cache of stolen information includes bank login credentials from businesses and consumers as well as email passwords.
Three Spanish residents suspected of running the botnet have been charged with online offences
Tomi Engdahl says:
Apple, Bing Maps Reveal Secret Sites
http://www.wired.com/dangerroom/2012/10/apple-secret-site/
A top-secret base in Taiwan, revealed on Apple Maps. The Navy SEALs’ rehearsal site for the Osama bin Laden raid, found on Bing. Once again, commercial satellites have snapped images of things that governments would rather hide from public view. And once again, those governments are finding that there’s not much they can do once this sensitive imagery ends up online.
The big technology companies and their mapping apps have been turning generals red-faced for the better part of a decade by posting on the net pictures of sensitive locations.
Today, there are sensitive facilities that occasionally vanish — or get de-rezzed — from the databases of Google Earth or its competitors, after a government pleas its secrecy case.
Tomi Engdahl says:
Be prepared for security breach
The EU Data Protection Regulation in preparation will expand the reporting of security breaches.
Source: http://www.cert.fi/tietoturvanyt/2012/10/ttn201210101625.html
Tomi Engdahl says:
Pre-emptive cyberattack defense possible, Panetta warns
http://news.cnet.com/8301-1009_3-57531071-83/pre-emptive-cyberattack-defense-possible-panetta-warns/?part=rss&subj=news&tag=title
Defense Secretary Leon Panetta uses stark language to describe a “cyber-Pearl Harbor” that could cripple the nation’s power grid, transportation system, financial networks, and government.
The U.S. military has the ability to act pre-emptively when it detects an imminent cyberattack threat, Defense Secretary Leon Panetta said today.
During his first major policy speech on cybersecurity, Panetta echoed previous statements that the United States was facing the possibility of a “cyber-Pearl Harbor” perpetrated by foreign hackers, painting a grim portrait of the destructive power wielded by unnamed agents.
“A cyber attack perpetrated by nation states or violent extremist groups could be as destructive as the terrorist attack of 9/11,” he said in prepared remarks during a speech at the Intrepid Sea, Air and Space Museum in New York. “Such a destructive cyber terrorist attack could paralyze the nation.”
To illustrate the threat, Panetta cited the Shamoon virus, which was blamed for a cyberattack on Saudi Arabian oil company Saudi Aramco and Qatar’s natural gas firm Rasgas in mid-August.
“All told, the Shamoon virus was probably the most destructive attack that the private sector has seen to date,” Panetta said. “More than 30,000 computers that it infected (at ARAMCO) were rendered useless, and had to be replaced.”
However, Panetta said the government’s significant investments in cyber forensics alone are not enough to prevent all cyberattacks.
“If we detect an imminent threat of attack that will cause significant physical destruction or kill American citizens, we need to have the option to take action to defend the nation when directed by the President,” Panetta said. “For these kinds of scenarios, the Department has developed the capability to conduct effective operations to counter threats to our national interests in cyberspace.”
Tomi Engdahl says:
Internet fresh ipv6-address system is expected to bring a lot of good. Cert-fi warn now that something nasty became involved: nearly all operating systems, IPv6 deployments have been found in the fault, which allows at least mischief. Correction is unfortunately not known.
Since vulnerabilities are virtually all operating systems. An attacker can load machines unusable condition. So far, it has become clear that the vulnerable are Windows, Mac OS X, NetBSD and FreeBSD.
Linux users appear to be safe.
Vulnerabilities have not been published fixes, so the only way to prevent such denial of service attacks is to connect the IPv6 functionality off.
Source: http://www.tietokone.fi/uutiset/ipv6_haava_avaa_hyokkaajille_reitin_lahes_kaikkiin_koneisiin
Tomi Engdahl says:
Finnish companies’ information security: do not look good
The EDPS calls for Finnish companies to invest more in information security. Authority did the inspection and found that the Finnish companies in the information security arrangements are often in a bad way.
About a third of the respondents companies said that the incident did not result in any action. Security is not enhanced in any way.
The EDPS calls for Finnish companies to invest more in information security.
The EDPS emphasizes that companies should focus on data security just because of your own business.
Several small companies or communities were forced to stop completely online service, when they were attacked.
In larger companies, the situation was better, but the smaller firms had difficulty in securing systems. In many cases, the reason is lack of resources.
Source: http://www.tietokone.fi/uutiset/suomalaisyritysten_tietoturva_ei_hyvalta_nayta
Tomi Engdahl says:
German security researcher Felix Lindner has found Huawei routers feature which may be of greater concern than the company’s customers in the United States fears that the company’s products could serve as tools for spying for China.
According to Lindner’s routers, the software quality of the code is like the 1990′s. He began to study the Chinese finished products for the security level earlier this year. At the time, Huawei had not even been a significant security focused team.
After Felix Lindner was in July along with another colleague, Gregor Köpf with exposed vulnerabilities in the company’s routers, according to Lindner’s Huawei began visibly to invest in information security.
“It seems to me rather that the government would prepare the Cisco routers, the Huawei, but I did not because that Huawei is a Chinese. But that’s because Cisco equipment in relation to quality, “he says.
Source: http://www.tietoviikko.fi/kehittaja/tutkija+tylyttaa+huawein+koodi+on+kuin+1990luvulta/a846569
Tomi Engdahl says:
Night Vision Watches and Video Recording Glasses – We Visit The Real-Life Q
http://www.ibtimes.co.uk/articles/393280/20121011/james-bond-007-real-world-spy-gadgets.htm
Now pay attention, 007. The new James Bond film Skyfall opens in cinemas on 26 October and sees the return of MI6′s gadget man Q, so to celebrate this IBTimes UK met up with SpyMaster to look at the latest kit no spy should leave his office without.
Q (real name Jeremy Marks) has run SpyMaster for 20 years and has three branches in central London. The company sells a wide range of covert equipment, from recorders disguised as chewing gum wrappers and watches with night vision cameras, to body armour and home security.
Tomi Engdahl says:
A new threat: for users to bring their own network to work
IT professionals have in recent years been wrestling with consumerism trend when employees bring their own digital devices to workplaces.
Now their own computers and smartphone operating has got a new trend: employees bring their own network with those devices to workplace. Many mobile phones and tablet computers can make their own network that allows other nearby computers to connect to them (and though them to 3G/4G network). And employees can use this less secure network to office laptop PC. This pose those PCs to the same risk to coffee shops and places of public open WiFi networks. This can put the company applications and data at risk.
This network security problem is usually poorly known, particularly in growth companies and software development sector companies, as they often rely on cloud services. The cloud does not work without a net, so users try to get the network connection any way they can.
Source: http://www.tietoviikko.fi/cio/uusi+uhka+kayttajat+tuovat+oman+verkkonsa+toihin/a846921
Tomi Engdahl says:
Apple patent could remotely disable protesters’ phone cameras
http://www.zdnet.com/apple-patent-could-remotely-disable-protesters-phone-cameras-7000003640/
Summary: A new patent, granted to Apple, could prevent academic cheating, cinema interruptions, but also see areas of political protest activity ‘ring-fenced’ disabling phone and tablet cameras.
Isn’t it a shame you can’t take a photo of the police officer beating a man in the street because your oppressive government remotely disabled your smartphone camera?
A new patent granted to Apple could do all of the above.
U.S. Patent No. 8,254,902, otherwise known as “Apparatus and methods for enforcement of policies upon a wireless device,” was granted in late-August, and would allow phone policies to be set to “chang[e] one or more functional or operational aspects of a wireless device [...] upon the occurrence of a certain event.”
What that means in real-terms is “preventing wireless devices from communicating with other wireless devices (such as in academic settings),” and for, “forcing certain electronic devices to enter “sleep mode” when entering a sensitive area.”
But the patented technology may also be used to restrict protesters’ right to free expression in oppressive regimes around the world — if you haven’t checked recently, there’s plenty of them — by preventing camera images and video being taken at political rallies and events.
Tomi Engdahl says:
New Video Breaks Down How An Apple Patent Stomps All Over The 1st Amendment
A patent granted to Apple in late-August allows governments to disable iPhones and other smartphones, targeting specific apps even, when they enter what is deemed a “sensitive” area.
U.S. Patent No. 8,254,902, titled “Apparatus and methods for enforcement of policies upon a wireless device,” enables phone policies to be set to change “one or more functional or operational aspects of a wireless device … upon the occurrence of a certain event.”
Camera? Off. Voice recorder? Off. No calls out, no calls in. Total blackout; or, for an event like a concert, the organizers could target specifically just recording functions of a user’s phone.
Read more: http://www.businessinsider.com/apple-patent-government-control-phones-2012-10#ixzz299YrMkvZ
Tomi Engdahl says:
Google readying on-device malware scanner for Android
Could block bad apps from any source
http://www.theregister.co.uk/2012/10/13/android_ondevice_malware_scanning/
Android malware is on the rise, but the good news is that Google isn’t sitting still for it. The search giant is reportedly readying a comprehensive anti-malware system for its mobile OS that will soon be able to spot malicious apps not just in the Google Play store, but also on Android devices themselves.
According to a report by the Android Police fan site, the latest, as-yet-unreleased build of the Google Play shopping app contains code snippets that suggest links to a future onboard malware scanner.
Text strings included in the Google Play 3.9.16 APK package file include such tidbits as, “Allow Google to check all apps on this device for harmful behavior?” And, “To protect you, Google has blocked the installation of this app.”
Tomi Engdahl says:
When the Most Personal Secrets Get Outed on Facebook
http://online.wsj.com/article_email/SB10000872396390444165804578008740578200224-lMyQjAxMTAyMDEwMjAxODI3Wj.html
In the era of social networks like Facebook and Google Inc.’s Google+, companies that catalog people’s activities for a profit routinely share, store and broadcast everyday details of people’s lives. This creates a challenge for individuals navigating the personal-data economy: how to keep anything private in an era when it is difficult to predict where your information will end up.
Many people have been stung by accidentally revealing secrets online that were easier kept in the past.
“Our hearts go out to these young people,” says Facebook spokesman Andrew Noyes. “Their unfortunate experience reminds us that we must continue our work to empower and educate users about our robust privacy controls.”
Tomi Engdahl says:
US Suspects Iran Was Behind a Wave of Cyberattacks
http://it.slashdot.org/story/12/10/15/0022250/us-suspects-iran-was-behind-a-wave-of-cyberattacks
“American intelligence officials are increasingly convinced that Iran was the origin of a serious wave of network attacks that crippled computers across the Saudi oil industry and breached financial institutions in the United States, episodes that contributed to a warning last week from Defense Secretary Leon E. Panetta”
Iran’s Hand Is Suspected in Computer Attacks
http://mobile.nytimes.com/2012/10/14/world/middleeast/us-suspects-iranians-were-behind-a-wave-of-cyberattacks.xml
WASHINGTON – American intelligence officials are increasingly convinced that Iran was the origin of a serious wave of network attacks that crippled computers across the Saudi oil industry and breached financial institutions in the United States, episodes that contributed to a warning last week from Defense Secretary Leon E. Panetta that the United States was at risk of a “cyber-Pearl Harbor.”
The attacks emanating from Iran have inflicted only modest damage. Iran’s cyberwarfare capabilities are considerably weaker than those in China and Russia, which intelligence officials believe are the sources of a significant number of probes, thefts of intellectual property and attacks on American companies and government agencies.
The attack under closest scrutiny hit Saudi Aramco, the world’s largest oil company, in August.
Until the attack on Aramco, most of the cybersabotage coming out of Iran appeared to be what the industry calls “denial of service” attacks
Mr. Panetta spoke only in broad terms, stating that Iran had “undertaken a concerted effort to use cyberspace to its advantage.” Almost immediately, experts in cybersecurity rushed to fill in the blanks.
One senior intelligence official described a debate inside the Obama administration over the pros and cons of openly admitting that the United States has deployed a new cyber weapon, and could use it in response to an attack, or pre-emptively.
Tomi says:
EA Accidentally Gives Away Thousands of Free Games
http://kotaku.com/5951665/ea-accidentally-gives-away-thousands-of-free-games
Over the weekend, some gamers received a special code from Electronic Arts as thanks for completing a survey. That code allowed them to download a free game from Origin, EA’s online store for PC games.
Or, it would have if EA thought to secure the code properly. Instead, it was quickly discovered that the code could be used to download as many free games as the internet wanted.
Shortly after the codes were sent out, news was circulated on community site Reddit
EA’s online store spent the weekend handing out thousands, if not hundreds of thousands of free games to people before the loophole was closed down.
Tomi Engdahl says:
SMARTPHONE USERS SHOULD BE AWARE OF MALWARE TARGETING MOBILE DEVICES AND SAFETY MEASURES TO HELP AVOID COMPROMISE
http://www.ic3.gov/media/2012/121012.aspx
Tomi Engdahl says:
Facebook patches security hole that allowed mass harvesting of phone numbers
http://www.computerworld.com/s/article/9232265/Facebook_patches_security_hole_that_allowed_mass_harvesting_of_phone_numbers?taxonomyId=17
Facebook prevents the abuse of phone number searching on its mobile site by imposing a search-rate limit
On Friday, independent security researcher Suriya Prakash disclosed that Facebook’s phone number search feature can be abused to find the names of people who own randomly generated phone numbers.
After the public disclosure, other security researchers independently verified the vulnerability.
Facebook has restricted the rate at which users can perform phone number searches on its mobile website in order to block a recently disclosed method of harvesting phone numbers.
“The ability to search for a person by phone number is intentional behavior and not a bug in Facebook,” Facebook said Tuesday in an emailed statement. “By default, your privacy settings allow everyone to find you with search and friend finder using the contact info you have provided, such as your email address and phone number. You can modify these settings at any time from the Privacy Settings page.”
Security researchers confirmed that Facebook started limiting the number of searches that can be performed through its mobile website on Monday.
“Frankly, I don’t think such a rate limit ever existed on the mobile version [of the website],” Suriya said Wednesday.
“Quite honestly, I’m still not sure why an account name or Facebook id needs to be attached to a phone lookup result,” he said. “It should only give an option to send a friend request by that number if it existed, like you would with an email.”
“I don’t understand the presence of a security team if they can’t respond to serious security threats properly,” he said. “I even sent them an email a couple of days before I made it public stating that I am gonna make it public unless they acknowledge the vulnerability and move towards fixing it.”
“You also have to give it up to the media on this one,” Borland said. “Seriously, a couple of months of back and forth turned into a couple of hours to cook up a patch as soon as the media got a hold of it.”
Tomi Engdahl says:
DDoS-of-service attacks (Distributed Denial of Service) have become more common in recent years and have become even more crippling.
Why is that?
Wider sole motivation. Denial of service attacks are now a number of reasons. The issue is no longer just hackers or digivandaalit, but making the back can also be a competitor, customer or disappointed petty criminal.
Ease. Has become available, a large number of cheap attack tools and botnets are also more easily available. Anyone with an Internet connection, is able to trigger a crippling attack.
Complexity. Hackers are using increasingly sophisticated techniques, such as volumetric and application-level DDoS attacks, because they interfere with the network are more likely to be successful.
More than 25% of the companies and suppliers have experienced denial of service attacks, which have exceeded their data center bandwidth.
Source: http://exclusive-networks-sweden-ab.e-mailing.se/64375/GBW6HWGb/Oletko-yllatettavissa-DDoS-hyokkayksella
Tomi Engdahl says:
How a single DMCA notice took down 1.45 million education blogs
Massive takedown over 20-item questionnaire was “ham fisted,” says lawyer.
http://arstechnica.com/information-technology/2012/10/how-a-single-dmca-notice-took-down-1-45-million-education-blogs/
Web hosting firm ServerBeach recently received a Digital Millennium Copyright Act (DMCA) violation notice from Pearson, the well-known educational publishing company. The notice pertained to Edublogs, which hosts 1.45 million education-related blogs with ServerBeach, and it focused on a single Edublogs page from 2007 that contained a questionnaire copyrighted by Pearson. ServerBeach informed Edublogs about the alleged violation, and Edublogs says it quickly took down the allegedly infringing content.
Instead of calling the matter settled, though, ServerBeach took Edublogs’ servers offline last Wednesday, temporarily shutting off all 1.45 million blogs, according to Edublogs.
Edublogs pays $6,954.37 to ServerBeach each month for hosting, and it was delighted with the company’s service—until last week.
“Basically our sysadmin and CTO watched, in horror, live as our Web servers were shut down one-by-one and then we spent the next hour e-mailing, calling, and generally freaking out (it was around 3am for me; they are in the US) and through that we were able to get back up,” Farmer told Ars via e-mail today. “If they hadn’t been there, and we hadn’t done that, it [the shutdown] would have been indefinite!”
Still, taking down entire servers containing a million and a half blogs over an alleged copyright violation on just one page was an overreaction, according to intellectual property attorney Evan Brown. He confirmed that DMCA rules don’t require anything close to such a response—particularly when the customer was working to take down the infringing content itself.
“It’s pretty hard to believe that a hosting provider would be quite this ham-fisted as to take an entire network offline over one piece of content,” Brown told Ars via e-mail. “The DMCA certainly does not require such drastic measures. Quite the contrary, actually. The statute requires copyright owners to identify with some particularity the content alleged to infringe and for intermediaries to remove or disable access to that content. There’s nothing in there requiring whole sites to be taken down over one piece of infringement.”
Tomi Engdahl says:
Manchester plods cop £120k fine for USB-stick-inna-wallet data gaffe
http://www.theregister.co.uk/2012/10/16/manchester_police_fine_memory_stick/
The Greater Manchester Police Force have paid a £120,000 fine after losing the details of more than a thousand people under investigation for serious drugs crime.
The personal details were kept on an unencrypted memory stick with no password protection, belonging to an officer with the Serious Crime Division team. Kept in the officer’s wallet it went AWOL in July 2011 after the wallet was swiped from his kitchen table when his home was burgled.
It contained the details of 1,075 people
A similar security breach in September 2010 had prompted no change in culture, the ICO said.
And officers were still not sufficiently trained in data security, the ICO found.
It should have been obvious to the force that the type of information stored on its computers meant proper data security was needed.
Tomi Engdahl says:
India spews more spam than ever before, report finds
http://nakedsecurity.sophos.com/2012/10/16/india-spews-more-spam-than-ever-before-report-finds/
You can thank India for about one out of six spam messages cluttering your inbox.
India has topped the charts for the third quarter in a row.
That means that computers in India are passing along a whopping 16.1% of the spam spotted by Sophos experts.
The spam doesn’t necessarily emanate from India’s computers.
Rather, the numbers suggest that many of the country’s ill-protected machines have been turned into spam-spitting zombies in botnets
Tomi Engdahl says:
Pacemakers seem to be hackable now too, if researcher Barnaby Jack is to be believed. And the consequences of that are deadly. Anonymous assassinations within 30 feet of the pacemaker seem to be possible:
Hacked terminals capable of causing pacemaker deaths
http://www.scmagazine.com.au/News/319508,hacked-terminals-capable-of-causing-pacemaker-mass-murder.aspx‘
Security holes enable attackers to switch off pacemakers, rewrite firmware from 30 feet away.
IOActive researcher Barnaby Jack has reverse-engineered a pacemaker transmitter to make it possible to deliver deadly electric shocks to pacemakers within 30 feet and rewrite their firmware.
The effect of the wireless attacks could not be overstated — in a speech at the BreakPoint security conference in Melbourne today, Jack said such attacks were tantamount to “anonymous assassination”, and in a realistic but worse-case scenario, “mass murder”.
In a video demonstration, which Jack declined to release publicly because it may reveal the name of the manufacturer, he issued a series of 830 volt shocks to the pacemaker using a laptop.
The pacemakers contained a “secret function” which could be used to activate all pacemakers and implantable cardioverter-defibrillators (ICDs) in a 30 foot -plus vicinity.
Each device would return model and serial numbers.
“With that information, we have enough information to authenticate with any device in range,” Jack said.
That data could be used to load rogue firmware which could spread between pacemakers with the “potential to commit mass murder”.
Madge Lovet says:
Dave Mejias is a world class attorney in the NY area. He can consult with all legal issues.
Tomi says:
Malware Is ‘Rampant’ On Medical Devices In Hospitals
http://science.slashdot.org/story/12/10/17/1741225/malware-is-rampant-on-medical-devices-in-hospitals
“Computerized hospital equipment is increasingly vulnerable to malware infections, according to participants in a recent government panel. These infections can clog patient-monitoring equipment and other software systems, at times rendering the devices temporarily inoperable. While no injuries have been reported, the malware problem at hospitals is clearly rising nationwide”
Tomi Engdahl says:
Pirate Bay Moves to The Cloud, Becomes Raid-Proof
http://torrentfreak.com/pirate-bay-moves-to-the-cloud-becomes-raid-proof-121017/
The Pirate Bay has made an important change to its infrastructure. The world’s most famous BitTorrent site has switched its entire operation to the cloud. From now on The Pirate Bay will serve its users from several cloud hosting providers scattered around the world. The move will cut costs, ensure better uptime, and make the site virtually invulnerable to police raids — all while keeping user data secure.
The Pirate Bay was raided back in 2006 and there are rumors that the police might try again in the near future.
The Pirate Bay is not oblivious to this looming threat. They have backups in place and are shielding the true location of their servers. Nevertheless, should the site lose all its servers it might take a while to get back online.
This is one of the reasons why The Pirate Bay decided to move the site into the cloud yesterday. The switch resulted in five minutes downtime and was hardly noticed by the public, but it’s a big change for the infamous BitTorrent site.
Hosting in the cloud also makes the site easier to scale, it reduces downtime, and is also cheaper.
“Moving to the cloud lets TPB move from country to country, crossing borders seamlessly without downtime. All the servers don’t even have to be hosted with the same provider, or even on the same continent,” The Pirate Bay told TorrentFreak.
The Pirate Bay is currently hosted at cloud hosting companies in two countries where they run several Virtual Machine (VM) instances.
“If one cloud-provider cuts us off, goes offline or goes bankrupt, we can just buy new virtual servers from the next provider. Then we only have to upload the VM-images and reconfigure the load-balancer to get the site up and running again.”
“All communication with users goes through TPB’s load balancer, which is a disk-less server with all the configuration in RAM. The load balancer is not in the same country as the transit-router or the cloud servers,” The Pirate Bay told us.
“The communication between the load balancer and the virtual servers is encrypted. So even if a cloud provider found out they’re running TPB, they can’t look at the content of user traffic or user’s IP-addresses.”
The worst case scenario is that The Pirate Bay loses both its transit router and its load balancer. All the important data is backed up externally on VMs that can be re-installed at cloud hosting providers anywhere in the world.
Tomi Engdahl says:
Pirate Bay moves to the cloud to confound copyright cops
Police left with very little to seizehttp://www.theregister.co.uk/2012/10/17/pirate_bay_cloud_move/
The Pirate Bay went down for about five minutes on Tuesday night as the group retired almost all of its servers and shifted onto the cloud.
“So, first we ditched the trackers. Then we got rid of the torrents. Now? Now we’ve gotten rid of the servers. Slowly and steadily we are getting rid of our earthly form and ascending into the next stage, the cloud,” the group said on its Facebook page.
“The cloud, or Brahman as the Hindus call it, is the All, surrounding everything. It is everywhere; immaterial, yet very real. If there is data, there is The Pirate Bay.”
The service is now hosted on virtual machines in two countries, using separate cloud networks, and it has the ability to switch to a new provider pretty much instantly as needed.
The move may also throw a bit of a wrench in plans by AT&T and other US network operators to implement a “six strikes and you’re out” policy on piracy, which is due to take effect by the end of the year. Tracking IP addresses of Pirate Bay users is going to be key to the RIAA and MPAA’s enforcement efforts, and that task looks to have become significantly harder with the latest Brahman bootstrapping.
Tomi Engdahl says:
Pacemakers, defibrillators open to attack
Crims could send 830 volts straight to your heart
http://www.theregister.co.uk/2012/10/17/pacemakers_open_to_wireless_attack/
Pacemakers and implanted defibrillators are vulnerable to wireless attacks that could kill tens of thousands, says the security researcher best known for “jackpotting” an ATM on stage at the BlackHat security conference in Las Vegas in 2010.
The researcher in question, Barnaby Jack, today told the Ruxcon Breakpoint security conference in Melbourne, Australia that “the most obvious scenario would be a targeted attack against a high profile individual.”
Tomi Engdahl says:
Computer Viruses Are “Rampant” on Medical Devices in Hospitals
http://www.technologyreview.com/news/429616/computer-viruses-are-rampant-on-medical-devices/
A meeting of government officials reveals that medical equipment is becoming riddled with malware.
Computerized hospital equipment is increasingly vulnerable to malware infections, according to participants in a recent government panel. These infections can clog patient-monitoring equipment and other software systems, at times rendering the devices temporarily inoperable.
While no injuries have been reported, the malware problem at hospitals is clearly rising nationwide, says Kevin Fu, a leading expert on medical-device security and a computer scientist at the University of Michigan and the University of Massachusetts, Amherst, who took part in the panel discussion.
Software-controlled medical equipment has become increasingly interconnected in recent years, and many systems run on variants of Windows, a common target for hackers elsewhere. The devices are usually connected to an internal network that is itself connected to the Internet, and they are also vulnerable to infections from laptops or other device brought into hospitals. The problem is exacerbated by the fact that manufacturers often will not allow their equipment to be modified, even to add security features.
Tomi Engdahl says:
Tarsnap: On-line Backups for the Truly Paranoid
http://www.linuxjournal.com/content/tarsnap-line-backups-truly-paranoid
Storing backups in the cloud requires a level of trust that not everyone is willing to give. While the convenience and low cost of automated, off-site backups is very compelling, the reality of putting personal data in the hands of complete strangers will never sit quite right with some people.
Enter Tarsnap—”on-line backups for the truly paranoid”. Tarsnap is the brainchild of Dr Colin Percival, a former FreeBSD Security Officer. In 2006, he began research and development on a new solution for “encrypted, snapshotted remote backups”, culminating in the release of Tarsnap in 2008.
Unlike other on-line backup solutions, Tarsnap uses an open, documented cryptographic design that securely encrypts your files. Rather than trusting a vendor’s cryptographic claims, you have full access to the source code, which uses open-source libraries and industry-vetted protocols, such as RSA, AES and SHA.
Tarsnap provides a command-line client that operates very much like the traditional UNIX tar command. Familiar syntax, such as tarsnap cf and tarsnap xvf works as users would expect, except that instead of manipulating local tarballs, the client is working with cloud-based archives. These archives are stored on Amazon S3 with EC2 servers to handle client connections.
Tomi Engdahl says:
One year on, SSL servers STILL cower before the BEAST
70% of sites still vulnerable to cookie monster
http://www.theregister.co.uk/2012/10/18/ssl_security_survey/
The latest monthly survey by the SSL Labs project has discovered that many SSL sites remain vulnerable to the BEAST attack, more than a year after the underlying vulnerability was demonstrated by security researchers.
BEAST is short for Browser Exploit Against SSL/TLS. The stealthy piece of JavaScript works with a network sniffer to decrypt the encrypted cookies that a targeted website uses to grant access to restricted user accounts.
The root cause of the BEAST attack, first outlined by security researchers in September 2011, is a vulnerable ciphersuite on servers. The dynamics of the CRIME attack are more complex but capable of being thwarted at the browser or quashed on a properly updated and configured server.