Information Security Buzz. July 0. 6, 2. 01. July 0. 6, 2. 01. Defines cryptographic terms and concepts, offers crypto scheme comparison, and provides some real world examples. Norms about speech seem to be changing rapidly on many college campuses. Universities are offering or requiring training in recognizing “microaggressions,” and. The Money Market Hedge: How It Works Scott Hanselman on Programming, The Web, Open Source.NET, The Cloud and More. Searching for an electronic component? Simultaneously query distributors, and returns the responses in real time.
PM - EFF Deeplinks - Turkish police officers in plainclothes yesterday raided a digital security training meeting on the island of Buyukuda in Istanbul, seizing equipment and detaining ten attendees. The human rights defenders are still being held in separate detention centers, and were denied access to lawyers and the press for over 2. Amnesty's Turkey researcher reports that Eser faces at least seven days pre- trial detention under Turkish law; Global Voices Advocacy says the same for the other Turkish citizens arrested in the raid. The status of the trainers, who are from Germany and Sweden, is currently unknown. EFF believes that everyone should be free to learn to protect themselves online and that this is information they have the right to share. Digital security trainings like this one are frequently held across the world to educate lawyers, journalists, and human rights advocates on how best to protect themselves and their communities. Teaching or learning these skills is certainly no grounds for detention. By conducting this raid, Turkey joins Iran and Ethiopia as countries where innocent citizens are intimidated and arrested simply for learning the basic principles of modern technology. We join Amnesty International, HIVOS, Article 1. Turkish authorities release all the Buyukuda detainees, including the two digital security trainers, immediately. Earlier this week, Bob Dyachenko, from security firm Kromtech, told Forbes he’d uncovered a huge, unprotected WWE database containing information on more than 3 million users, noting it was open . The Moscow City Court issued its ruling July 6 against Vladimir Anikeyev in a decision made behind closed doors, one indication of the . From November 2. 00. December 2. 01. 2, Muhammad Sohail Qasmani laundered more than $1. All of your data is protected every step of the way using revolutionary 2. SSL encryption even a supercomputer can’t crack. Access Hulu, Netflix, BBC, ITV, Sky, Rai. TV and much more from anywhere in the world. Unmetered access for 6 simultaneous devices. You're sure to find dozens of good uses for a VPN. Take advantage of the current 7. This is a special deal available for a limited time. To read this article in full or to leave a comment, please click here. July 0. 6, 2. 01. PM - EFF Deeplinks - Ruth Taylor never expected that her hobby would get her sued for patent infringement. Her photography website, Bytephoto. The site hosts user- submitted photos and runs weekly competitions, decided by user vote, for the best. Ruth’s main business is her own photography. She supports that business by visiting more than a dozen local art festivals in Bucks County, Pennsylvania every year. In 2. 00. 7, almost four years after Bytephoto began running online photo competitions, a company called Garfum. Corporation applied for a patent titled “Method of Sharing Multi- Media Content Among Users in a Global Computer Network.” The patent, U. S. 8,2. 09,6. 18, takes the well- known concept of a competition by popular vote and applies it to the modern context of computer networks. On September 2. 3, 2. Garfum filed a federal lawsuit accusing Bytephoto of patent infringement for allowing its users to vote for their favorite photo. Ruth didn’t understand how someone could patent online contests. She was stunned. Ruth didn’t understand how someone could patent online contests. It just didn’t seem logical. A few days later, a process server arrived at her house to formally serve the complaint. Then Ruth knew it was real. Garfum’s opening settlement demand was $5. This demand far exceeded Bytephoto’s annual revenue. Ruth learned that defending the case could easily cost more than a million dollars. Since Bytephoto was just a hobby, Ruth had never incorporated it. This meant she was personally on the hook. She faced the choice between paying the settlement and paying even higher litigation costs. This was especially frustrating because Bytephoto began allowing users to vote for their favorite photographs years before Garfum filed its patent application. You can’t patent what already exists. But proving this defense in court would take months of expensive discovery. Fortunately for Ruth, Garfum’s lawsuit arrived after the Supreme Court’s decision in Alice v. Many judges have allowed challenges under Alice to be filed early in the case rather than waiting for discovery (since the patent itself is the key evidence). EFF agreed to represent Ruth pro bono and filed a motion asking the court to hold the patent invalid under Alice. A few days before the hearing on that motion, Garfum voluntarily abandoned its suit. Ruth’s case is a perfect example of why Alice improves the patent system. Garfum’s broad and abstract patent did nothing to promote innovation. The idea of voting has been around for centuries. The idea of applying voting to online social networks did not deserve patent protection. Indeed, even Ruth’s own website predated Garfum’s application. Yet a settlement or litigation expenses could quickly have led to the site being shut down. Fortunately, thanks to the Alice ruling, Ruth was able to defeat Garfum’s absurd claim and continue running her site and her business. If this is the case in your organization, whether you are a financial services provider or a retailer, it may be time to take another look at these valuable security tools. Many of today’s data security professionals are beginning to recognize that unprotected web applications have become attractive targets for cybercriminals looking for easy entry points into their networks. The fact is, securing application environments presents a unique and consistent challenge to IT teams. Which is why 8. 3 percent of enterprise IT executives, according to a recent IDG survey, now believe that application security is critical to their IT strategy. To read this article in full or to leave a comment, please click here. July 0. 6, 2. 01. PM - Dark Reading - Researchers say Islamic State's United Cyber Caliphate remains in its infancy when it comes to cyberattack expertise. Regrettably, this notice concerns an incident involving some of that information. On May 1. 8, 2. 01. Baptist South learned that a backup hard drive used for EEG testing was missing from an EEG room. We immediately began . Less trick question and more a candid exploration of our collective mindset in security. We remain flooded with headlines and conference talks that decry our losses and offer approaches for us to win. The constant negativity poisons our mindset to the point where we question if security even matters, if we matter. To be certain, security matters. Increasingly, security matters. Which means you matter. The key is understanding what success for security leaders actually is. To read this article in full or to leave a comment, please click here. July 0. 6, 2. 01. PM - Security Affairs - Wiki. Leaks leaked documents detailing Bothan. Spy and Gyrfalcon CIA implants designed to steal SSH credentials from Windows and Linux OSs. Wiki. Leaks has published a new batch of documents from the Vault. CIA implants alleged used by the agency to intercept and exfiltrate SSH (Secure Shell) credentials from both Windows and Linux operating systems with different attack vectors. The first implant codenamed Bothan. Spy was developed to target Microsoft Windows Xshell client, the second one named Gyrfalcon was designed to target the Open. SSH client on various Linux distros, including Cent. OS, Debian, RHEL (Red Hat), open. SUSE and Ubuntu. Bothan. Spy and Gyrfalcon are able to steal user credentials for all active SSH sessions and then sends them back to CIA cyber spies. Bothan. Spy is installed as a Shellterm 3. Xshell is running on it with active sessions. Xshell is a terminal emulator that supports SSH, SFTP, TELNET, RLOGIN and SERIAL for delivering industry leading features including a tabbed environment, dynamic port forwarding, custom key mapping, user defined buttons, VB scripting, and UNICODE terminal for displaying 2 byte characters and international language support.“Bothan. Spy only works if Xshell is running on the target, and it has active sessions. Otherwise, Xshell is not storing credential information in the location Bothan. Spy will search.” reads the user manual.“In order to use Bothan. Spy against targets running a x. Windows, the loader being used must support Wow. Xshell only comes as a x. Bothan. Spy is only compiled as x. Shellterm 3. 0+ supports Wow. Shellterm is highly recommended.“The Gyrfalcon implant works on Linux systems (3. CIA hackers use a custom malware dubbed JQC/Kit. V rootkit for persistent access. The implant could collect full or partial Open. SSH session traffic, it stores stolen information in a local encrypted file for later exfiltration.“Gyrfalcon is an SSH session “sharing” tool that operates on outbound Open. SSH sessions from the target host on which it is run. It can log SSH sessions (including login credentials), as well as executecommands on behalf of the legitimate user on the remote host.” reads the user manual of Gyrfalcon v. The tool runs in an automated fashion. It is configured in advance, executed on the remote host and left running. Some time later, the operator returns and commands gyrfalcon to flush all of its collection to disk. The operator retrieves the collection file, decrypts it, and analyzes the collected data”Wikileaks also published the user guide for Gyrfalcon v. The target platform must be running the Linux operating system with either 3. Gyrfalcon consists of two compiled binaries that should be uploaded to the targetplatform along with the encrypted configuration file. The operator must use a third- party application to upload these three files to the target platform.”Below the list of release published by Wikileaks since March: Bothan. Spy and Gyrfalcon – 0. July, 2. 01. 7Outlaw. Country – 3. 0 June, 2. ELSA malware – 2. June, 2. 01. 7Cherry Blossom – 1. June, 2. 01. 7Pandemic – 1 June, 2. Athena – 1. 9 May, 2. After. Midnight – 1. Today's Stock Market News and Analysis. CLOSEXPlease confirm your selection. You have selected to change your default setting for the Quote Search. This will now be your default target page. Are you sure you want to change your settings?
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
August 2017
Categories |