Threat Level: green Handler on Duty: Russell Eubanks

SANS ISC Information Security News


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Popular News

1 day ago IRS attack may have originated in Russia

SC Magazine View Synopsis+1
An IRS breach may have been instigated by attackers in Russia, a U.S. Congressman said.

21 hours ago Death to Bullet Points

IT Toolbox Blogs View Synopsis+1

You want to communicate effectively.  You want to be persuasive.  Great!  Don't use bullet points.Bullet points aren't the worst thing in the world. They are more effective than paragraph prose.  If you make your audience read a full paragraph to know what you want, then you deserve what you get (nothing).  BUT!  Any more, bullet point lists

18 hours ago Apple issues temporary workaround for iPhone crashing Messages bug

ZDNet View Synopsis+1
The company is working on a fix, but in the meantime, there are steps you can take to mitigate the problem.

Top News

4 hours ago Silk Road boss Ross Ulbricht to spend LIFE in PRISON without parole

The Register View Synopsis+1
Judge: 'You wanted it to be your legacy. And it is'

Convicted Silk Road kingpin Ross Ulbricht has been sentenced to life in prison without parole.

3 hours ago Creator of Silk Road website faces sentencing for drug scheme

Yahoo Security View Synopsis+1

By Nate Raymond NEW YORK (Reuters) - The accused mastermind behind the Silk Road underground website was sentenced on Friday to life in prison for orchestrating a scheme that enabled more than $200 million of anonymous online drug sales using the digital currency bitcoin. Ross Ulbricht, 31, was sentenced by U.S. District Judge Katherine Forrest in Manhattan after a federal jury in February found him guilty of charges including distributing drugs through the Internet and conspiring to commit computer hacking and money laundering. "What you did was unprecedented," Forrest said.

15 hours ago UN Report on the Value of Encryption to Freedom World-Wide

Schneier blog View Synopsis+1

United Nation's Office of the High Commissioner released a report on the value of encryption and anonymity to the world:

Summary: In the present report, submitted in accordance with Human Rights Council resolution 25/2, the Special Rapporteur addresses the use of encryption and anonymity in digital communications. Drawing from research on international and national norms and jurisprudence, and the input of States and civil society, the report concludes that encryption and anonymity enable individuals to exercise their rights to freedom of opinion and expression in the digital age and, as such, deserve strong protection.

Here's the bottom line:

60. States should not restrict encryption and anonymity, which facilitate and often enable the rights to freedom of opinion and expression. Blanket prohibitions fail to be necessary and proportionate. States should avoid all measures that weaken the security that individuals may enjoy online, such as backdoors, weak encryption standards and key escrows. In addition, States should refrain from making the identification of users a condition for access to digital communications and online services and requiring SIM card registration for mobile users. Corporate actors should likewise consider their own policies that restrict encryption and anonymity (including through the use of pseudonyms). Court-ordered decryption, subject to domestic and international law, may only be permissible when it results from transparent and publicly accessible laws applied solely on a targeted, case-by-case basis to individuals (i.e., not to a mass of people) and subject to judicial warrant and the protection of due process rights of individuals.

One news report this called this "wishy-washy when it came to government-mandated backdoors to undermine encryption," but I don't see that. Government mandated back doors, key escrow, and weak encryption, are all bad. Corporations should offer their users strong encryption and anonymity. Any systems that still leave corporations with the keys and/or the data -- and there are going to be lots of them -- should only give them up to the government in the face of an individual and lawful court order.

Sounds good to me.

15 hours ago Breached Dating Site: Missed Alerts?

InfoRiskToday View Synopsis+1
Security Researchers Say FriendFinder Failed to Heed WarningsBreached dating website FriendFinder allegedly missed email warnings from security researchers that its site had been breached and customers' data was being sold on a "darknet" site. What can other businesses learn from that apparent mistake?

14 hours ago Why Medical Identity Theft Is Rising And How To Protect Yourself

Forbes View Synopsis+1
Ninety-one percent of health organizations have had a data breach in the last two years, and for the first time, cyber attacks was the top cause, according to a recent report.

7 hours ago House Passes USA Freedom Act (May 26 & 27, 2015)

SANS Newsbites View Synopsis+1

The US House of Representative has passed the USA Freedom Act, which reauthorizes PATRIOT ACT provisions set to expire at the end of the month with some changes.......

1 day ago Security Software Market Jumped Worldwide in 2014: Gartner

SecurityWeek View Synopsis+1

Global revenues for the security software market grew more than five percent in 2014 to a total of $21.4 billion, according to industry analyst firm Gartner.

15 hours ago Improving Detection, Prevention and Response with Security Maturity Modeling

SANS Reading Room View Synopsis+1
An Analyst Program whitepaper written by Byron Acohido. It discusses various security maturity models and how organizations can use them to improve their defense posture while reducing the time needed to respond to incidents and contain the damage.

12 hours ago How I Would Secure the Internet with $4 Billion

Dark Reading View Synopsis+1
In an open letter to President Obama, a member of the Open Web Application Security Project tells why pending legislation on threat-intel sharing doesn't go far enough.

12 hours ago Crypto flaws in Blockchain Android app sent Bitcoins to the wrong address

ArsTechnica View Synopsis+1
A comedy of programming errors could prove catastrophic for affected users.

8 hours ago Silk Road Creator Ross Ulbricht Sentenced to Life In Prison

WIRED View Synopsis+1

Ross Ulbricht conceived of his Silk Road black market as an online utopia beyond law enforcement's reach. Now he'll spend the next decades firmly in its grasp, locked inside a federal penitentiary.

The post Silk Road Creator Ross Ulbricht Sentenced to Life In Prison appeared first on WIRED.

Latest News

2 hours ago Unmasking hidden Tor service users is too easy, say infosec bods

The Register View Synopsis+1
Better to be more open on .onion, apparently

Security researchers speaking at the Hack in the Box conference in Amsterdam this week have demonstrated that users of hidden services on Tor are putting themselves at risk of being identified - if an attacker is willing to put in the time and resources.

4 hours ago Siri, please, please save my iPhone from the messages of death

The Register View Synopsis+1
Apple publishes a workaround - but no real fix for iMessage bomb bug

Apple has published a temporary workaround for iPhones plagued by incoming text messages that cause them to crash and restart - and it involves asking Siri for help.

4 hours ago NSA eggheads tried to bork Nork nukes with Stuxnet. It failed - report

The Register View Synopsis+1
There's an advantage to being medieval

The NSA tried to wreck North Korea's nuclear weapons lab using the centrifuge-knackering malware Stuxnet, and ultimately failed, multiple intelligence sources claim.

5 hours ago Silk Road website creator gets life term for drug plot

Yahoo Security View Synopsis+1

By Nate Raymond NEW YORK (Reuters) - The accused mastermind behind the Silk Road underground website was sentenced on Friday to life in prison for orchestrating a scheme that enabled more than $200 million of anonymous online drug sales using the digital currency bitcoin. Ross Ulbricht, 31, was sentenced by U.S. District Judge Katherine Forrest in Manhattan after a federal jury in February found him guilty of charges including distributing drugs through the Internet and conspiring to commit computer hacking and money laundering. "What you did was unprecedented," Forrest said.

6 hours ago The Silk Road Saga Is Way More Than a Crime Story

WIRED View Synopsis+1

The Silk Road story turned out to be much more than a crime narrative.

The post The Silk Road Saga Is Way More Than a Crime Story appeared first on WIRED.

6 hours ago Biz Email Fraud Could Hit $1 Billion

InfoRiskToday View Synopsis+1
Fighting New Wire Fraud Method Now a Top Priority for BanksWire fraud perpetrated via business email compromises has quickly become a top concern for banking institutions. Now one bank fraud executive predicts this type of fraud could exceed $1 billion this year.

7 hours ago Silk Road Mastermind Sentenced to Life in Prison

SecurityWeek View Synopsis+1

The US mastermind behind criminal website Silk Road, which sold $200 million worth of drugs to customers worldwide, was sentenced to life in prison by a federal judge in New York Friday.

Judge Katherine Forrest imposed two life sentences against Ross Ulbricht, 31, who had a privileged upbringing and graduate degree, for narcotics distribution and criminal enterprise.

7 hours ago The US Tried to Stuxnet North Korea's Nuclear Program

WIRED View Synopsis+1

Stuxnet had a fraternal twin that was designed to attack North Korea's nuclear program.

The post The US Tried to Stuxnet North Korea's Nuclear Program appeared first on WIRED.

7 hours ago Home Routers Being Targeted in DNS Hijacking Attack, Trend Micro Says

Dark Reading View Synopsis+1
Attackers attempting to steal sensitive data by diverting home router traffic to malicious domains, security firm says.

7 hours ago VPN Company Hola Is Reselling Its Users' Home Broadband Bandwidth To Businesses

Forbes View Synopsis+1
There's no such thing as a free lunch, as the saying goes, and that's something that people using the Hola free VPN are now learning. The service, it has emerged, has been selling domestic users bandwidth to business users through its Luminati service. Hola arrived, originally, in 2008 and is the [...]

7 hours ago Data Thieves Steal Taxpayer Information Through IRS Get Transcript Application (May 26, 2015)

SANS Newsbites View Synopsis+1

The US Internal Revenue Service (IES) has acknowledged that information thieves managed to steal personally identifiable information of more than 100,000 taxpayers through the agency's Get Transcript online service.......

7 hours ago Insurance Company Suing Healthcare Company to Recoup Breach Payout (May 28, 2015)

SANS Newsbites View Synopsis+1

The Columbia Casualty Company is suing Cottage Healthcare Systems to recover US $4.......

7 hours ago Grabit Malware Targets Small- and Medium-Sized Organizations (May 28 & 29, 2015)

SANS Newsbites View Synopsis+1

A new strain of malware dubbed Grabit targets small- and medium-sized companies in media, education, nanotechnology, and other sectors.......

7 hours ago Silk Road Creator Ross Ulbricht Sentenced to Life in Prison

WIRED View Synopsis+1

Ross Ulbricht conceived of his Silk Road black market as an online utopia beyond law enforcement's reach.

The post Silk Road Creator Ross Ulbricht Sentenced to Life in Prison appeared first on WIRED.

8 hours ago Silk Road Creator Ross Ulbricht Sentenced To Life In Prison

Forbes View Synopsis+1
Ross Ulbricht, the convicted mastermind behind the Silk Road, was sentenced to life in prison in a New York courtroom on Friday. The hearing, which included testimonies from parents of alleged Silk Road overdose victims, began at 1:30 p.m. ET and lasted until approximately 2.5 hours. A year and a half after he [...]

8 hours ago NEWS ALERT: Silk Road operator Ross Ulbricht sentenced to life in prison

SC Magazine View Synopsis+1
Ross Ulbricht, the mastermind behind Silk Road, was sentenced to life in prison on Friday afternoon.

8 hours ago 'Linux Moose' turns Linux devices into proxy servers to build social media followings

SC Magazine View Synopsis+1
Researchers have discovered a new type of of malware, dubbed 'Linux Moose,' that targets Linux based devices and uses them to create fraudulent social media accounts.

8 hours ago Murky Future for NSA Data Sweep as 'Sunset' Looms

SecurityWeek View Synopsis+1

With a key law underpinning US bulk surveillance programs set to expire, the future appears murky for the hotly contested data sweep efforts led by the National Security Agency.

8 hours ago Sally Beauty confirms malware on POS systems

SC Magazine View Synopsis+1
Malware was deployed on some Sally Beauty point-of-sale systems at varying times between March 6 and April 17.

9 hours ago Exclusive: U.S. tried Stuxnet-style campaign against North Korea but failed - sources

Yahoo Security View Synopsis+1
By Joseph Menn SAN FRANCISCO (Reuters) - The United States tried to deploy a version of the Stuxnet computer virus to attack North Korea's nuclear weapons program five years ago but ultimately failed, according to people familiar with the covert campaign. The operation began in tandem with the now-famous Stuxnet attack that sabotaged Iran's nuclear program in 2009 and 2010 by destroying a thousand or more centrifuges that were enriching uranium. Reuters and others have reported that the Iran attack was a joint effort by U.S. and Israeli forces.

9 hours ago How I Would Secure The Internet With $4 Billion

Dark Reading View Synopsis+1
In an open letter to President Obama, a member of the Open Web Application Security Project tells why pending legislation on threat-intel sharing doesn't go far enough.

11 hours ago Feedback Friday: Industry Reactions to Wassenaar Arrangement

SecurityWeek View Synopsis+1

Many cybersecurity experts have raised concerns after the Bureau of Industry and Security (BIS) published a proposal for the implementation of the Wassenaar Arrangement with regard to cyber weapons.