Entrepreneur Jay Kaplan, co-founder and CEO of Synack, describes how the idea of creating a cybersecurity service for enterprise businesses by crowdsourcing hackers went from sounding like a long shot to launching as a venture capital-backed startup. Kaplan, previously a senior analyst at the National Security Administration, talks about the virtues of government work and the nuances of “white hat” hacking.
National Security sources told ABC News there is evidence that the malware was inserted by hackers believed to be sponsored by the Russian government, and is a very serious threat.
The hacked software is used to control complex industrial operations like oil and gas pipelines, power transmission grids, water distribution and filtration systems, wind turbines and even some nuclear plants. Shutting down or damaging any of these vital public utilities could severely impact hundreds of thousands of Americans.
A 2012 study of 13,500 Android apps by researchers in Germany found that only 0.8 percent used encrypted connections exclusively, and that 43 percent use no encryption at all. Last week mobile app security company MetaIntell reported that 92 percent of the 500 most popular Android applications communicated some data insecurely.
1. A method comprising, by one or more computing systems: executing software from a first partition of system memory; requesting an over-the-air (OTA) software update from an endpoint; receiving a manifest for the OTA update; downloading a payload pursuant to the manifest; installing the payload into a second partition of system memory; and rebooting, pursuant to the manifest, to the second partition of system memory, wherein rebooting to the second partition of system memory comprises authenticating a bootloader signature with a bootloader public key.Brief system analysis: the manifest represents the "Aboutness"; encrypted software update - Packaged Payload; device - Tool; a process that runs on the device to verify authenticity - Control; endpoint - Source; over-the-air channel - Distribution. Overall, it's a textbook example of system composition (Scalable Innovation, Chapter 2). To solve the problem, the inventors use Separation in Space - one of the key TRIZ principles.
(NYT. Jan 31, 2013) SAN FRANCISCO — For the last four months, Chinese hackers have persistently attacked The New York Times, infiltrating its computer systems and getting passwords for its reporters and other employees.
Security experts found evidence that the hackers stole the corporate passwords for every Times employee and used those to gain access to the personal computers of 53 employees, most of them outside The Times’s newsroom.
Over the course of three months, attackers installed 45 pieces of custom malware. The Times — which uses antivirus products made by Symantec — found only one instance in which Symantec identified an attacker’s software as malicious and quarantined it, according to Mandiant.
The scale of the attacks, in terms of the number of victims and the duration of the attacks, are another indication of the resources available to the attackers. Victims are attacked, not for petty crime or theft, but for the wholesale gathering of intelligence and intellectual property. The resources required to identify and acquire useful information—let alone analyze that information—could only be provided by a large criminal organization, attackers supported by a nation state, or a nation state itself.
Avi Rubin is Professor of Computer Science at Johns Hopkins University and Technical Director of the JHU Information Security Institute. Avi's primary research area is Computer Security, and his latest research focuses on security for electronic medical records. Avi is credited for bringing to light vulnerabilities in electronic voting machines. In 2006 he published a book on his experiences since this event.
Security firm ESET discovered the malware, now called ACAD/Medre.A, around February and noted it was “military-grade.” The worm attacks AutoCad, a popular piece of software used by architects and engineers to draw up blue prints and other infrastructure plans. It targets computers running the Windows operating system to steal and e-mail out AutoCad “drawings.” These drawings are then received by an e-mail that ESET found to be based in China.
Feb 5, 2012. VBeat -- It’s a new version of virtualization, but one for the whole network. With virtualizaiton software like VMware, a single computer can use translation software to behave as if it were dozens of different computers at once. Each “virtual machine” is a compartment within the computer that serves a particular user. But since that user isn’t using the computer, the computer can be rededicated to serve other users. It’s a more efficient way to use computers and serve users. The virtual machines can be created as needed to serve the demands of users within minutes.
Journalist Misha Glenny spent several years in a courageous investigation of organized crime networks worldwide, which have grown to an estimated 15% of the global economy. From the Russian mafia, to giant drug cartels, his sources include not just intelligence and law enforcement officials but criminal insiders.
January 30, 2012. VBeat -- When hackers strike at company web sites, there is often no easy way to figure out what happened. Solera helps companies reconstruct exactly what transpired. The value of that data is often critical to figuring out who did it, much like the evidence found at a crime scene is often most critical in the first 48 hours. It’s important that network forensics be done instantaneously to give companies the best situational awareness possible.In 2010, Intel acquired McAfee for $7.6B to beef up its offering of security software and services. Compared to that, the Solera investment looks like small potatoes, but it shows the general drive toward a more secure cloud. The web as we know it is dying, while mobile real-time networking proliferates. The demand for security in this new environment is going to be orders of magnitude greater than during the heydays of web.
Dec. 22 (Bloomberg) -- Business is booming, with annual revenue of $3 billion to $5 billion growing as much as 20 percent a year, ISS organizer Jerry Lucas estimates.Quantum computing, if it ever comes to a reasonable implementation, is going to be a game changer in this market. Maybe it already is.
Back at the hotel, the night is young and the paranoia is deep.
Unlike typical trade shows, this one has no social events. No corporate-sponsored cocktail parties. No hospitality suites. Clients and suppliers don’t want to be seen with each other in public, and some countries bar their agents from mingling at the event because it’s a recruiting ground for spies seeking sources, organizer Lucas says.
Dec 16, 2011. CNet - ... numbers still show all versions of IE taking a total of 40.09 percent of the market, vs. 26.31 percent for all versions of Chrome. Firefox is at 25.07 percent, Apple's Safari is at 5.86 percent, and Opera gets 1.91 percent.
(December 15, 2011. VBeat) - The US drone, which veered off course and landed in Iran, is said to have be hacked using a GPS spoofing attack.
Compromising the GPS system allowed the drone to “land on its own where we wanted it to, without having to crack the remote-control signals and communications,” the Iranian engineer told the Christian Science Monitor. This hid the operation from US engineers controlling the drone. At first, the unplanned landing was said to be the drone simply “veering off course” and flying into Iran
According to the engineer, the GPS system is one of the easiest to manipulate, making it a huge vulnerability that the United States was already aware of.
(26 October 2011. New Scientist. )Known as the Facebook Immune System (FIS), the massive defense network appears to be successful: numbers released by the company this week show that less than 1 per cent of users experience spam.
The system is overseen by a team of 30 people, but it can learn in real time and is able to take action without checking with a human supervisor.
It took just three years for FIS to evolve from basic beginnings into an all-seeing set of algorithms that monitors every photo posted to the network, every status update– indeed, every click made by every one of the 800 million users. There are more than 25 billion of these "read and write actions" every day. At peak activity the system checks 650,000 actions a second.
The efficiencies of the virtual world are totally unprecedented in human history. The Matrix is turning out to be a very cool place.The only network bigger, Larus suspects, is the web itself. That makes Facebook's defense system one of the largest in existence.
