http://www.wsj.com/articles/is-the-prefix-cyber-overused-1425427767 By DANNY YADRON and JENNIFER VALENTINO-DEVRIES The Wall Street Journal March 4, 2015 These days, CyberPatriots go to CyberCamps. Washington wonks ponder a Cyber Red Cross. Last week, the Director of National Intelligence told Congress a “cyber Armageddon” is unlikely. This week, CBS Corp. will premiere the latest iteration of its long-running cops and crime franchise, “CSI: Cyber,” whose protagonist describes herself as cybercop and is based, the network says, on a real-life cyberpsychologist. For some, it is cyber-overload. Stop using the word,” Alex Stamos, the chief information security officer at Yahoo Inc. told a “Cybersecurity for a New America” conference in Washington last week. Earlier, Mr. Stamos quipped on Twitter that he had won “CyberBingo” at his table after a conference speaker warned of a “Cyber Pearl Harbor,” a term popularized by former Defense Secretary Leon Panetta in 2012. Mr. Stamos isn’t brushing off computer intrusions in his quest to hack away at “cyber” usage. As the guy in charge of keeping prying eyes out of one of the world’s most popular websites, you could say he is obsessed with them. […]
http://mashable.com/2015/03/01/australia-politicians-wickr/ By Jenni Ryall mashable.com March 1, 2015 Australian politicians are reportedly using the secret messenging app Wickr to communicate with each other on the sly. According to The Australian, Communications Minister Malcolm Turnbull and Minister for Social Services Scott Morrison have been using the service to communicate about their dissatisfaction with Prime Minister Tony Abbott and the ongoing leadership crisis. It follows months of speculation regarding instability within the Liberal-National Coalition Government, which culminated in a vote on whether to declare Abbott’s position vacant. That motion was defeated, but it has not quelled the rumours that members of his government are secretly pushing for a change of leadership. Wickr has a secure file-shredding feature that destroys all communication on your device and claims it has “military-grade encryption.” On the app’s website, the company claims that no conversations can be tracked or monitored using the app, which may mean that The Australian received a tip regarding the top-secret communications between the two politicians. […]
http://arstechnica.com/information-technology/2015/02/how-hackers-could-attack-hard-drives-to-create-a-pervasive-backdoor/ By Sean Gallagher Ars Technica Feb 18, 2015 News that a hacking group within or associated with the National Security Agency compromised the firmware of hard drive controllers from a number of manufacturers as part of a 14-year cyber-espionage campaign has led some to believe that the manufacturers were somehow complicit in the hacking—either by providing source code to controller firmware or other technical support. But it’s long been established that hard drive controllers can be relatively easily reverse-engineered without any help from manufacturers—at least, without intentional help. Despite keeping hardware controller chip information closed, hard drive manufacturers’ use of standard debugging interfaces makes it relatively simple to dump their firmware and figure out how it works—even inserting malicious code that can trigger specific behaviors when files are accessed. Reverse-engineering it to the point of creating a stable alternative set of firmware for multiple vendors’ hard disk controllers that also includes persistent malware, however, is a significant feat of software development that only the most well-funded attacker could likely pull off on the scale that the “Equation group” achieved. Hard drive controller boards are essentially small embedded computers unto themselves—they have onboard memory, Flash ROM storage, and a controller chip that is essentially a custom CPU (usually based on the ARM architecture). They also generally have diagnostic serial ports, or other interfaces on the board, including some based on the JTAG board debugging interface. Using software such as Open On Chip Debugger (OpenOCD), you can even dump the “bootstrap” firmware from the controller and analyze it with an ARM disassembler. […]
http://mashable.com/2015/02/03/bmw-connecteddrive-locks/ By Rex Santus Mashable.com 2/3/2015 BMW has mended a security flaw in its ConnectedDrive car connectivity system that affected 2.2 million cars, including Rolls-Royce and Mini cars, the company announced on Friday. It concerned software in the car that would have allowed hackers to open car doors. It highlights a oft-voiced concern around connected home products — sometimes called the Internet of Things — that household items would become vulnerable to malware or hacking. The update happens automatically, as soon as the vehicle connects to BMW’s servers, and includes the addition of HTTPS — the secure version of hypertext transfer protocol — to data transmissions via the ConnectedDrive system. A German automobile group called ADAC discovered the security flaw last year, opting to wait to disclose the discovery until BMW worked out a fix. The flaw has not been used in any attempted cyberattacks, according to both ADAC and BMW. […]
http://www.networkworld.com/article/2866950/cloud-computing/which-cloud-providers-had-the-best-uptime-last-year.html By Brandon Butler Network World Jan 12, 2015 Amazon Web Services and Google Cloud Platform recorded impressive statistics for how reliable their public IaaS clouds were in 2014, with both providers approaching what some consider the Holy Grail of availability: five nines. Flash back just to 2012 and pundits bemoaned the cloud being plagued with outages – from one that brought down Reddit and many other sites to the Christmas eve fiasco that impacted Netflix. It was a different story last year. Website tracking firm CloudHarmony monitors how often more than four dozen cloud providers experience downtime. The company has a web server running in each of these vendors’ clouds and tracks when the service is unavailable, logging both the number and length of outages. The science is not perfect but it gives a good idea of how providers are doing. And overall, vendors are doing well and getting better. Amazon and Google shone in particular. Amazon’s Elastic Compute Cloud (EC2) recorded 2.41 hours of downtime across 20 outages in 2014, meaning it was up and running 99.9974% of the time. Given AWS’s scale – Gartner predicted last year that Amazon had a distributed system that’s five times larger than its competitors – those are impressive figures. […]
Please accept with no obligation, implied or implicit, my best wishes for an environmentally conscious, socially responsible, low-stress, non-addictive, gender-neutral celebration of the winter or in some locations summer solstice holiday, practiced within the most enjoyable traditions of the religious persuasion of your choice, or secular practices of your choice, with respect for the religious/secular persuasion and/or traditions of others, or their choice not to practice religious or secular traditions at all. I also wish you a fiscally successful, personally fulfilling and medically uncomplicated recognition of the onset of the generally accepted calendar year 2015, but not without due respect for the calendars of choice of other cultures whose contributions to society have helped make America great. Not to imply that America is necessarily greater than any other country nor the only America in the Western Hemisphere. Also, this wish is made without regard to the race, creed, color, age, physical ability, religious faith or sexual preference of the wishee.
The International Conference on Cyber-Crime Investigation and Cyber Security (ICCICS2014) November 17-19, 2014 Asia Pacific University of Technology and Innovation (APU), Kuala Lumpur, Malaysia http://sdiwc.net/conferences/2014/iccics2014/ firstname.lastname@example.org All registered papers will be included in the publisher’s Digital Library. ============================================================== The conference aims to enable researchers build connections between different digital applications. The event will be held over three days, with presentations delivered by researchers from the international community, including presentations from keynote speakers and state-of-the-art lectures. RESEARCH TOPICS ARE NOT LIMITED TO: – Business Applications of Digital Forensics – Cyber Crime Investigations – Cyber Culture & Cyber Terrorism – Digital Forensic Processes and Workflow Models – Digital Forensics Process & Procedures – Digital Forensics Techniques and Tools – Embedded Device Forensics – Incident Response – Legal, Ethical and Policy Issues Related to Digital Forensics – Mobile / Handheld Device & Multimedia Forensics – Network and Cloud Forensics – Sexual Abuse of Children On Internet – Theoretical Foundations of Digital Forensics – Civil Litigation Support – Cyber Criminal Psychology and Profiling – Digital Forensic Case Studies – Digital Forensics & Law – Digital Forensics Standardization & Accreditation – E-Discovery – Hacking – Information Warfare & Critical Infrastructure Protection – Malware & Botnets – Money Laundering – Online Fraud – Software & Media Piracy – Theories, Techniques and Tools for Extracting, Analyzing and Preserving Digital Evidence Researchers are encouraged to submit their work electronically. All papers will be fully refereed by a minimum of two specialized referees. Before final acceptance, all referees comments must be considered. Best selected papers will be published in one of the following special issues provided that the author do major improvements and extension within the time frame that will be set by the conference and his/her paper is approved by the chief editor: International Journal of New Computer Architectures and their Applications (IJNCAA) International Journal of Digital Information and Wireless Communications (IJDIWC) International Journal of Cyber-Security and Digital Forensics (IJCSDF) International Journal of Digital Crime and Forensics (IJDCF) International Journal of Information and Computer Security (IJICS) PAPER SUBMISSION GUIDELINES: – Researchers are encouraged to submit their work electronically. Full paper must be submitted (Abstracts are not acceptable). – Submitted paper should not exceed 15 pages, including illustrations. All papers must be without page numbers. – Papers should be submitted electronically as pdf format without author(s) name. – Paper submission link: http://sdiwc.net/conferences/2014/iccics2014/openconf/openconf.php IMPORTANT DATES: Submission Deadline: Submission is extended until Oct. 30, 2014 Notification of Acceptance: Nov. 3, 2014 or 4 weeks from the submission date Camera Ready Submission: Nov. 7, 2014 Registration: Nov. 10, 2014 Conference Dates: November 17-19, 2014
http://www.computerworld.com/article/2836722/microsoft-warns-of-windows-zero-day-hackers-serve-exploits-in-powerpoint-files.html By Gregg Keizer Computerworld Oct 21, 2014 Microsoft on Tuesday warned Windows users that cyber criminals are exploiting a zero-day vulnerability using malicious PowerPoint documents sent as email attachments. In an advisory, Microsoft outlined the bug and provided a one-click tool from its “Fixit” line that customers can use to protect their PCs until a patch is available. Although Microsoft does not label its advisories with the same four-step threat scoring system it uses for security updates, it said that a successful exploit would let hackers hijack the PC so that they could, for example, steal information or plant other malware on the machine. The vulnerability affects all versions of Windows, from the aged Windows Server 2003 to the very newest Windows 8.1, and is within the operating system’s code that handles OLE (object linking and embedding) objects. OLE is most commonly used by Microsoft Office for embedding data from an Excel spreadsheet in, say, a Word document. […]