Tag Archives: program

[ISN] United Airlines Pays Man a Million Miles for Reporting Bug

http://www.wired.com/2015/07/united-airlines-pays-man-million-miles-reporting-bug/ By Kim Zetter Security Wired.com July 15, 2015 TWO MONTHS AFTER United Airlines launched a bug-bounty program to reward researchers who report flaws in the company’s web site and apps, a researcher has received 1 million air miles in the first reward given. After submitting information to United about a remote-code execution flaw in the airline’s web site, Jordan Wiens was awarded his mileage last week. It was the first time Wiens, owner of the Florida-based security firm Vector 35, had submitted to a bug-bounty program. United is the first airline to launch a bug bounty program. The company announced the program in May, after receiving harsh criticism for banning a security researcher from one of its flights. […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Unit 8200: Israel’s cyber spy agency

http://www.ft.com/cms/s/2/69f150da-25b8-11e5-bd83-71cb60e8f08c.html By John Reed FT.com July 10, 2015 In a searingly hot afternoon at a campuslike new science park in Beer Sheva, southern Israel, I watched as a group of bright, geeky teenagers presented their graduation projects. Parents and uniformed army personnel milled around a windowless room packed with tables holding laptops, phones or other gadgets. There was excited chatter and a pungent smell of adolescent sweat. This was a recent graduation ceremony for Magshimim (which roughly translates as “fulfilment”), the three-year after-school programme for 16 to 18-year-old students with exceptional computer coding and hacking skills. Magshimim serves as a feeder system for potential recruits to Unit 8200, the Israeli military’s legendary high-tech spy agency, considered by intelligence analysts to be one of the most formidable of its kind in the world. Unit 8200, or shmone matayim as it’s called in Hebrew, is the equivalent of America’s National Security Agency and the largest single military unit in the Israel Defence Forces. It is also an elite institution whose graduates, after leaving service, can parlay their cutting-edge snooping and hacking skills into jobs in Israel, Silicon Valley or Boston’s high-tech corridor. The authors of Start-up Nation, the seminal 2009 book about Israel’s start-up culture, described 8200 and the Israeli military’s other elite units as “the nation’s equivalent of Harvard, Princeton and Yale”. With a female IDF minder at my side, I listened as the teenagers described their projects. More than half were boys but there were girls too, and 8200 is open to both. Omer, 19, had designed a USB key that can suck information out of one computer and organise it on another: essentially, a hacking tool. “We made it appear like a keyboard so you can infiltrate any company in the world,” he told me. “It’s a proof of concept.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Healthcare Vendor Risk Management Programs Lagging, Says Study

http://healthitsecurity.com/news/healthcare-vendor-risk-management-programs-lagging-says-study By Elizabeth Snell healthitsecurity.com July 8, 2015 Healthcare vendor risk management programs can have a huge impact on a healthcare organization’s ability to keep sensitive data – such as patient PHI – secure. However, if a recent study is any indication, healthcare vendor risk management programs have room for improvement. The 2015 Vendor Risk Management Benchmark Study, conducted by The Shared Assessments Program and Protiviti, found that vendor risk management programs within financial services organizations are more mature than companies in other industries, such as insurance and healthcare. “Even the more optimistic assessments of the current state of vendor risk management indicate that significant improvements may be needed,” the report’s authors explained. “The time for progress and improvements in vendor risk management capabilities is now, particularly when considering that cyberattacks and other security incidents are very likely to continue increasing.” The survey interviewed more than 460 executives and managers in various industries. Respondents were asked to rate their organization’s maturity level in different areas of vendor risk management on a 0 to 5 scale, with 0 equal to “Do not perform” and 5 equal to “Continuous improvement – benchmarking, moving to best practices.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Why Cyber War Is Dangerous for Democracies

http://www.theatlantic.com/international/archive/2015/06/hackers-cyber-china-russia/396812/ By MOISÉS NAÍM The Atlantic June 25, 2015 This month, two years after his massive leak of NSA documents detailing U.S. surveillance programs, Edward Snowden published an op-ed in The New York Times celebrating his accomplishments. The “power of an informed public,” he wrote, had forced the U.S. government to scrap its bulk collection of phone records. Moreover, he noted, “Since 2013, institutions across Europe have ruled similar laws and operations illegal and imposed new restrictions on future activities.” He concluded by asserting that “We are witnessing the emergence of a post-terror generation, one that rejects a worldview defined by a singular tragedy. For the first time since the attacks of Sept. 11, 2001, we see the outline of a politics that turns away from reaction and fear in favor of resilience and reason.” Maybe so. I am glad that my privacy is now more protected from meddling by U.S. and European democracies. But frankly, I am far more concerned about the cyber threats to my privacy posed by Russia, China, and other authoritarian regimes than the surveillance threats from Washington. You should be too. Around the time that Snowden published his article, hackers broke into the computer systems of the U.S. Office of Personnel Management and stole information on at least 4 million (and perhaps far more) federal employees. The files stolen include personal and professional data that government employees are required to give the agency in order to get security clearances. The main suspect in this and similar attacks is China, though what affiliation, if any, the hackers had with the Chinese government remains unclear. According to the Washington Post, “China is building massive databases of Americans’ personal information by hacking government agencies and U.S. health-care companies, using a high-tech tactic to achieve an age-old goal of espionage: recruiting spies or gaining more information on an adversary.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Cyber war in Ukraine: How NATO is helping the country defend itself against digital threats

http://www.zdnet.com/article/ukraines-cyber-warfare-how-nato-helps-the-country-defend-itself-against-digital-threats/ By Andrada Fiscutean Central European Processing ZDNet News June 11, 2015 Ukraine’s recent history has been dramatic, with border changes, riots, the occupation of government buildings, and bloodshed. Behind all this, a quiet conflict, free of gunfire but equally hard-fought, has been taking place in the online world. DDoS attacks and communications jamming has lead to misinformation in an already confused country. Now, North Atlantic Alliance nations are joining forces to help Ukraine protect its digital space. Albania, Estonia, Hungary, Poland, Portugal, Romania, and Turkey have offered financial or in-kind contributions to Ukraine’s Cyber Defense Trust Fund, a program agreed by world leaders during a NATO summit held last September in Wales. US president Barack Obama, British prime minister David Cameron, German chancellor Angela Merkel, and French president François Hollande all participated. “The technical requirements for the implementation of this project have been set up and the negotiations for the necessary legal arrangements are at an advanced stage,” a NATO official in Brussels told ZDNet. “NATO needs to keep abreast of the rapidly changing threat landscape and to maintain a robust cyber-defence,” he added. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Industry cyber info-sharing body to launch new ‘ISAO’ for insurers

http://insidecybersecurity.com/Cyber-General/Cyber-Public-Content/industry-cyber-info-sharing-body-to-launch-new-isao-for-insurers/menu-id-1089.html Inside Cybersecurity May 13, 2015 The information-sharing entity for industrial control system operators is being folded into Webster University’s “Cyberspace Research Institute” and will announce next week that it is launching a new information sharing and analysis organization, or ISAO, for the insurance sector. Webster’s Cyberspace Research Institute, known as the CRI, will also bid to be selected by the Department of Homeland Security as the private-sector standards-setting body for ISAOs, according to Chris Blask, the ICS-ISAC executive director. DHS is expected to release a “grant opportunity notice” in the near term. Blask will continue to lead the ICS-ISAC within the Webster cyber institute, and the existing info-sharing body will keep its name. Blask has been an active promoter of info-sharing initiatives and the framework of cybersecurity standards developed by the National Institute of Standards and Technology. Webster’s cybersecurity program was launched in 2014 and is the brainchild of Tom Johnson, chief of strategic initiatives at the school and a pioneer in cybersecurity education. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Mixed Verdicts in Second Trial of Aleynikov, Ex-Goldman Sachs Programmer

http://www.nytimes.com/2015/05/02/business/dealbook/ex-goldman-programmer-found-guilty.html By MATTHEW GOLDSTEIN and BEN PROTESS Dealbook The New York Times MAY 1, 2015 For the second time in five years, prosecutors have prevailed over Sergey Aleynikov, the former Goldman Sachs programmer accused of stealing confidential computer trading code from the bank. The first time it took a federal jury just hours to convict; this time it came after more than a week of deliberation and an accusation of “food poisoning” and avocado tampering in a state court jury room. A jury on Friday convicted Mr. Aleynikov on one count he faced but acquitted him on another and deadlocked on a third. Mr. Aleynikov, who is unlikely to face much if any prison time, cracked a nervous smile after the decision was announced. The split verdict — a striking conclusion to a case that divided the legal world, inspired a best-selling book and spotlighted the secret formulas behind high-frequency trading on Wall Street — came after the case nearly ended in what would have been the most bizarre of mistrials. The possible mistrial stemmed from a dispute between two jurors deciding Mr. Aleynikov’s fate; a female juror accused a male one of “food tampering,” in part because an avocado was missing from her sandwich. The female juror also said she took a blood test to determine whether she had been poisoned, temporarily turning the criminal proceedings into a culinary whodunit. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Here’s How You Hack a Military Drone

http://www.nextgov.com/defense/2015/04/heres-how-you-hack-drone/111229/ By Aliya Sternstein Nextgov.com April 27, 2015 Research studies on drone vulnerabilities published in recent years essentially provided hackers a how-to guide for hijacking unmanned aircraft, an Israeli defense manufacturer said Monday. A real-life downing of a CIA stealth drone by Iranians occurred a month after one such paper was published, noted Esti Peshin, director of cyber programs for Israel Aerospace Industries, a major defense contractor. In December 2011, the Christian Science Monitor reported that Iran navigated a CIA unmanned aerial vehicle safely down to the ground by manipulating the aircraft’s GPS coordinates. The 2011 study, co-authored by Nils Ole Tippenhauer of ETH Zurich and other ETH and University of California academics, was titled “The Requirements for Successful GPS Spoofing Attacks.” The scholars detailed how to mimic GPS signals to fool GPS receivers that aid navigation. “It’s a PDF file… essentially, a blueprint for hackers,” Peshin said. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail