22 hours ago Judge throws antivirus patents back to HellThe Register View Synopsis+1
Loss of two patents cripples case with Trend Micro, could slash Symantec payout
A US district court has torn the heart out of two patents wielded by Intellectual Ventures against two antivirus makers.
Cybersecurity legislation remains in a mess, with a mad dash to get it through risking serious problems.
Jesus Vigo goes over three ways to recover admin access (or prevent unauthorized access) to OS X-based devices.
OPINION: In his RSA 2015 keynote on national cybersecurity threats, Homeland Security head Jeh Johnson told an audience of cybsersecurity experts something so wildly impossible, it almost went unnoticed.
Technology can't replace the value of online safety education, the key to keeping kids out of predators' paths, panelists shared.
1 day ago Op-Ed: In defense of Tor routersArsTechnica View Synopsis+1
One InvizBox creator responds to assertion that Tor routers are "ridiculous."
1 day ago The Further Democratization of QUANTUMSchneier blog View Synopsis+1
From Data and Goliath:...when I was working with the Guardian on the Snowden documents, the one top-secret program the NSA desperately did not want us to expose was QUANTUM. This is the NSA's program for what is called packet injectionÂ -- basically, a technology that allows the agency to hack into computers. Turns out, though, that the NSA was not alone in its use of this technology. The Chinese government uses packet injection to attack computers. The cyberweapons manufacturer Hacking Team sells packet injection technology to any government willing to pay for it. Criminals use it. And there are hacker tools that give the capability to individuals as well. All of these existed before I wrote about QUANTUM. By using its knowledge to attack others rather than to build up the Internet's defenses, the NSA has worked to ensure that anyone can use packet injection to hack into computers.
And that's true. China's Great Cannon uses QUANTUM technology.
I continued:Even when technologies are developed inside the NSA, they don't remain exclusive for long. Today's top-secret programs become tomorrow's PhD theses and the next day's hacker tools.
I could have continued: ...and the next day's homework assignment.
Michalis Polychronakis at Stony Book has assigned building QUANTUM as a homework assignment. It's basically sniff, regexp match, swap sip/sport/dip/dport/syn/ack, set ack and push flags, and add the payload to create the malicious reply. Shouldn't take more than a few hours. Of course, it would take a lot more to make it as sophisticated and robust as what the NSA and China have at their disposal, but the moral is that we need to make the Internet secure against this kind of attack instead of pretending that only the "good guys" can use it effectively.
End-to-end encryption is the solution. Nicholas Weaver wrote:The only self defense from all of the above is universal encryption. Universal encryption is difficult and expensive, but unfortunately necessary.
Encryption doesn't just keep our traffic safe from eavesdroppers, it protects us from attack. DNSSEC validation protects DNS from tampering, while SSL armors both email and web traffic.
There are many engineering and logistic difficulties involved in encrypting all traffic on the internet, but its one we must overcome if we are to defend ourselves from the entities that have weaponized the backbone.
Not knowing that a contractor's employee had access to system passwords is not a valid excuse when your client's records are stolen.
23 hours ago RSA Conference: Closing ThoughtsInfoRiskToday View Synopsis+1
ISMG Editors Share Final Insights on RSA Conference 2015This year's event was bigger than ever, overwhelming to take in, and no single challenge, strategy or solution emerged as a top priority - very much a reflection of today's information security marketplace.
San Francisco -- RSA Conference 2015 -- Examine the Ponemon Institute's '2014 Cost of Data Breach Study' and it becomes clear there is a vast difference in the costs of dealing with a data breach in different parts of the world.
When the U.S. Secretary of Defense Ashton Carter laid out the Pentagon's new cybersecurity strategy this week, few were expecting it to break news. And, indeed, his talk at Stanford's Hoover Institution on Thursday offered no surprises. But the secretary did set up an expectation during his speech on which he ultimately failed to deliver. […]
The post DoD's New 'Transparent' Policy on Cybersecurity Is Still Opaque appeared first on WIRED.
By Guest Blogger Vijay Krishna, CEO and founder of SysCloud
As regulations and laws becoming more and more complicated in almost all industries, companies are required to comply all corporate activities and transactions with regulations relating to their business practices. Among
It's very common these days for tech companies Google and Microsoft to offer hackers and security researchers big bucks if they're able to find security vulnerabilities that could pose serious threats to important software and services. Google in particular often hosts its own hacking competition whereÂ the search giant puts millions of dollarsÂ on the line for anyone savvy enough to skirt around Google's built-in security schemes. Recently, one security researcher found a number of high-level vulnerabilities on Groupon's website. Groupon promptly patched the security holes but, as it turns out, is refusingÂ to pay him. Here's why. DON'T MISS:Â Google Maps trolls Apple in the most unbelievably inappropriate way A security researcher who goes by the name BruteLogic recently uncovered upwards of 32
The services are slowly expanding their use of "psychometric" testing to help identify who is best suited to join the military's growing cyber force.......
When you don't differentiate between good and bad hackers, you have a problem.