Tag Archives: title

[ISN] Smartwatches a new frontier for cyber attack, HP study shows

http://www.computerweekly.com/news/4500250398/Smartwatches-a-new-frontier-for-cyber-attack-HP-study-shows By Warwick Ashford Security Editor ComputerWeekly.com 23 Jul 2015 Smartwatches with network and communication functionality represent a new and open frontier for cyber attack, according to a study by HP Fortify. The study revealed that 100% of the tested smartwatches contained significant vulnerabilities, including insufficient authentication, lack of encryption and privacy concerns. The study report entitled Internet of things security study: Smartwatches makes recommendations for secure smartwatch development and use in home and work environments. As the internet of things (IoT) market advances and smartwatches become more mainstream, they will increasingly store more sensitive information, such as health data, the report said. […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Encryption Hinders Investigations: FBI Chief

http://www.informationweek.com/mobile/mobile-devices/encryption-hinders-investigations-fbi-chief/d/d-id/1321231 By Thomas Claburn Informationweek.com July 8, 2015 FBI Director James Comey appeared before the Senate Judiciary Committee on Wednesday to argue for legal support to weaken strong encryption, which he claims obstructs criminal investigations. The title of the hearing, “Going Dark: Encryption, Technology, and the Balance Between Public Safety and Privacy,” borrows Comey’s characterization of encryption as way to conceal evidence of criminal acts. “We are seeing more and more cases where we believe significant evidence resides on a phone, a tablet, or a laptop—evidence that may be the difference between an offender being convicted or acquitted,” said Comey and Sally Quillian Yates, US Deputy Attorney General, in joint prepared remarks. “If we cannot access this evidence, it will have ongoing, significant impacts on our ability to identify, stop, and prosecute these offenders.” The concerns of Comey and Yates were echoed by Cyrus Vance Jr., District Attorney for New York County, who complained about the device encryption deployed by Apple and Google last fall. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Flawed Android factory reset leaves crypto and login keys ripe for picking

http://arstechnica.com/security/2015/05/flawed-android-factory-reset-leaves-crypto-and-login-keys-ripe-for-picking/ By Dan Goodin Ars Technica May 21, 2015 An estimated 500 million Android phones don’t completely wipe data when their factory reset option is run, a weakness that may allow the recovery of login credentials, text messages, e-mails, and contacts, computer scientists said Thursday. In the first comprehensive study of the effectiveness of the Android feature, Cambridge University researchers found that they were able to recover data on a wide range of devices that had run factory reset. The function, which is built into Google’s Android mobile operating system, is considered a crucial means for wiping confidential data off of devices before they’re sold, recycled, or otherwise retired. The study found that data could be recovered even when users turned on full-disk encryption. Based on the devices studied, the researchers estimated that 500 million devices may not fully wipe disk partitions where sensitive data is stored and 630 million phones may not wipe internal SD cards where pictures and video are often kept. The findings, published in a research paper titled Security Analysis of Android Factory Resets, are sure to be a wake-up call for individual users and large enterprises alike. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Here’s How You Hack a Military Drone

http://www.nextgov.com/defense/2015/04/heres-how-you-hack-drone/111229/ By Aliya Sternstein Nextgov.com April 27, 2015 Research studies on drone vulnerabilities published in recent years essentially provided hackers a how-to guide for hijacking unmanned aircraft, an Israeli defense manufacturer said Monday. A real-life downing of a CIA stealth drone by Iranians occurred a month after one such paper was published, noted Esti Peshin, director of cyber programs for Israel Aerospace Industries, a major defense contractor. In December 2011, the Christian Science Monitor reported that Iran navigated a CIA unmanned aerial vehicle safely down to the ground by manipulating the aircraft’s GPS coordinates. The 2011 study, co-authored by Nils Ole Tippenhauer of ETH Zurich and other ETH and University of California academics, was titled “The Requirements for Successful GPS Spoofing Attacks.” The scholars detailed how to mimic GPS signals to fool GPS receivers that aid navigation. “It’s a PDF file… essentially, a blueprint for hackers,” Peshin said. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] CfP – Workshop on Security and Privacy in Cloud-based Applications (in conjunction with ARES EU Projects Symposium 2015)

Forwarded from: “Egner, A.I.” *** Apologies for multiple copies *** CALL FOR PAPERS ************************************************************************ Workshop on Security and Privacy in Cloud-based Applications (in conjunction with ARES EU Projects Symposium 2015) Université Paul Sabatier, Toulouse, France, August 24th – 28th, 2015 http://www.ares-conference.eu/conference/ares-eu-symposium/au2eu/ ************************************************************************ Cloud services and cloud-based applications have become increasingly popular in the recent years. Security and privacy of the cloud-based applications have always been major roadblock for wide use of cloud services that involve sensitive data. Therefore this research field attracts a lot of attention from the academia and industry. The aim of the workshop is to provide the environment to exchange ideas and to foster discussions on a broad list of aspects related to privacy and security of cloud-based applications, and to find answers to questions like: How do we design authentication and authorization frameworks for cross-cloud environments, supporting different identity/attribute providers and organizational policies while guaranteeing privacy, security and trust? How can we extend current solutions with higher assurance of claims, trust indicators, policy enforcement mechanisms and processing under encryption techniques to address specific security and confidentiality requirements of large distributed infrastructures? What is the best way to validate practical aspects of the cloud-based applications, such as scalability, efficiency, maturity and usability? Next to regular sessions with research papers, the workshop will include an invited talk as well as a round table on “Evolution of privacy-preserving authentication and authorization tools: from concepts to deployment“, presenting the results of the FP7 AU2EU project (http://www.au2eu.eu/). CONFERENCE TOPICS The conference topics include, but are not limited to: – Privacy-preserving Authentication – Attribute-based Authorization – Integrated Authentication and Authorization – Assurance of Claims – Crypto-based Policy Enforcement – Attribute-based Encryption – Secure Data Management – Key Management – Trust Management – Operations under Encryption – Homomorphic Encryption – Searchable Encryption – Privacy-Preserving Data Mining – Security as a Service – Big Data Security PAPER SUBMISSIONS The proceedings of ARES 2014, published by Conference Publishing Services (CPS), are available here in the IEEE XPlore Digital Library. Authors are invited to submit research and application papers according the following guidelines: 8 pages (a maximum of 10 pages is tolerated), two columns, single-spaced, including figures and references, using 10 pt fonts and number each page. Submitted papers will be carefully evaluated based on originality, significance, technical soundness, presentation and clarity of exposition. Simultaneous submission of the same work to multiple venues, submission of previously published work, or plagiarism constitutes dishonesty or fraud. ARES, like other scientific and technical conferences and journals, prohibits these practices and may take action against authors who have committed them. Contact author must provide the following information at the ARES conference system: paper title, authors’ names, affiliations, postal address, phone, fax, and e-mail address of the author(s), about 200-250 word abstract, and about five keywords. Accepted papers will be given guidelines in preparing and submitting the final manuscript(s) together with the notification of acceptance. Double blind review: ARES requires anonymized submissions – please make sure that submitted papers contain no author names or obvious self-references. Details about submission can be found here: http://www.ares-conference.eu/conference/conference/submission/ IMPORTANT DATES Submission Deadline May 8, 2015 Author Notification June 1, 2015 Proceedings Version June 8, 2015 Conference August 24-28, 2015 PROGRAM CHAIRS – Milan Petkovic (General Chair), Philips Research / Eindhoven University of Technology – Netherlands – Jan Camenisch (Program Co-Chair), IBM Research – Zurich, Switzerland – John Zic (Program Co-Chair), CSIRO – Sydney, Australia – Alexandru Egner (Organization Co-Chair), Eindhoven University of Technology – Netherlands PROGRAM COMMITTEE – Giuseppe Ateniese, Sapienza University of Rome, Italy – George Danezis, University College London, UK – Refik Molva, EURECOM, France – Gerrit Bleumer, Scheidt & Bachmann, Germany – Ljiljana Brankovic, University of Newcastle, Australia – Jeroen Doumen, Irdeto, Netherlands – Csilla Farkas, University of South Carolina, USA – Pietro Colombo, University of Insubria, Italy – Simone Fischer-Hubner, Karlstad University, Sweden – Dieter Gollmann, Hamburg University of Technology, Germany – Tanya Ignatenko, Eindhoven University of Technology, Netherlands – Mizuho Iwaihara, Waseda University, Japan – Sushil Jajodia, George Mason University, USA – Nguyen Manh Tho, Vienna University of Technology, Austria – Guenther Pernul, University of Regensburg, Germany – Bart Preneel, KU Leuven, Belgium – Kai Rannenberg, Goethe University Frankfurt, Germany – Ahmad-Reza Sadeghi, Darmstadt University, Germany – Andreas Schaad, Huawei Research – Yuan Zhang, State University of New York at Buffalo, USA – Sabrina De Capitani di Vimercati, University of Milan, Italy For any questions, please contact the organization co-chair: a.i.egner (at) tue.nl


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Call for Papers – Workshop on Security and Privacy in Cloud-based Applications (in conjunction with ARES EU Projects Symposium 2015)

Forwarded from: “Egner, A.I.” CALL FOR PAPERS ************************************************************************ Workshop on Security and Privacy in Cloud-based Applications (in conjunction with ARES EU Projects Symposium 2015) Université Paul Sabatier, Toulouse, France, August 24th – 28th, 2015 http://www.ares-conference.eu/conference/ares-eu-symposium/au2eu/ ************************************************************************ Cloud services and cloud-based applications have become increasingly popular in the recent years. Security and privacy of the cloud-based applications have always been major roadblock for wide use of cloud services that involve sensitive data. Therefore this research field attracts a lot of attention from the academia and industry. The aim of the workshop is to provide the environment to exchange ideas and to foster discussions on a broad list of aspects related to privacy and security of cloud-based applications, and to find answers to questions like: How do we design authentication and authorization frameworks for cross-cloud environments, supporting different identity/attribute providers and organizational policies while guaranteeing privacy, security and trust? How can we extend current solutions with higher assurance of claims, trust indicators, policy enforcement mechanisms and processing under encryption techniques to address specific security and confidentiality requirements of large distributed infrastructures? What is the best way to validate practical aspects of the cloud-based applications, such as scalability, efficiency, maturity and usability? Next to regular sessions with research papers, the workshop will include an invited talk as well as a round table on “Evolution of privacy-preserving authentication and authorization tools: from concepts to deployment“, presenting the results of the FP7 AU2EU project (http://www.au2eu.eu/). CONFERENCE TOPICS The conference topics include, but are not limited to: – Privacy-preserving Authentication – Attribute-based Authorization – Integrated Authentication and Authorization – Assurance of Claims – Crypto-based Policy Enforcement – Attribute-based Encryption – Secure Data Management – Key Management – Trust Management – Operations under Encryption – Homomorphic Encryption – Searchable Encryption – Privacy-Preserving Data Mining – Security as a Service – Big Data Security PAPER SUBMISSIONS The proceedings of ARES 2014, published by Conference Publishing Services (CPS), are available here in the IEEE XPlore Digital Library. Authors are invited to submit research and application papers according the following guidelines: 8 pages (a maximum of 10 pages is tolerated), two columns, single-spaced, including figures and references, using 10 pt fonts and number each page. Submitted papers will be carefully evaluated based on originality, significance, technical soundness, presentation and clarity of exposition. Simultaneous submission of the same work to multiple venues, submission of previously published work, or plagiarism constitutes dishonesty or fraud. ARES, like other scientific and technical conferences and journals, prohibits these practices and may take action against authors who have committed them. Contact author must provide the following information at the ARES conference system: paper title, authors’ names, affiliations, postal address, phone, fax, and e-mail address of the author(s), about 200-250 word abstract, and about five keywords. Accepted papers will be given guidelines in preparing and submitting the final manuscript(s) together with the notification of acceptance. Double blind review: ARES requires anonymized submissions – please make sure that submitted papers contain no author names or obvious self-references. Details about submission can be found here: http://www.ares-conference.eu/conference/conference/submission/ IMPORTANT DATES Submission Deadline May 8, 2015 Author Notification June 1, 2015 Proceedings Version June 8, 2015 Conference August 24-28, 2015 PROGRAM CHAIRS – Milan Petkovic (General Chair), Philips Research / Eindhoven University of Technology – Netherlands – Jan Camenisch (Program Co-Chair), IBM Research – Zurich, Switzerland – John Zic (Program Co-Chair), CSIRO – Sydney, Australia – Alexandru Egner (Organization Co-Chair), Eindhoven University of Technology – Netherlands PROGRAM COMMITTEE – Giuseppe Ateniese, Sapienza University of Rome, Italy – George Danezis, University College London, UK – Refik Molva, EURECOM, France – Gerrit Bleumer, Scheidt & Bachmann, Germany – Ljiljana Brankovic, University of Newcastle, Australia – Jeroen Doumen, Irdeto, Netherlands – Csilla Farkas, University of South Carolina, USA – Pietro Colombo, University of Insubria, Italy – Simone Fischer-Hubner, Karlstad University, Sweden – Dieter Gollmann, Hamburg University of Technology, Germany – Tanya Ignatenko, Eindhoven University of Technology, Netherlands – Mizuho Iwaihara, Waseda University, Japan – Sushil Jajodia, George Mason University, USA – Nguyen Manh Tho, Vienna University of Technology, Austria – Guenther Pernul, University of Regensburg, Germany – Bart Preneel, KU Leuven, Belgium – Kai Rannenberg, Goethe University Frankfurt, Germany – Ahmad-Reza Sadeghi, Darmstadt University, Germany – Andreas Schaad, Huawei Research – Yuan Zhang, State University of New York at Buffalo, USA – Sabrina De Capitani di Vimercati, University of Milan, Italy For any questions, please contact the organization co-chair: a.i.egner (at) tue.nl


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Heartbleed a Year Later: How the Security Conversation Changed

http://www.eweek.com/security/heartbleed-a-year-later-how-the-security-conversation-changed.html By Sean Michael Kerner eWEEK.com 2015-04-07 A year ago today (April 7), I first saw the OpenSSL advisory about a new security vulnerability identified as CVE-2014-0160 and titled “TLS heartbeat read overrun.” When I first wrote my article for eWEEK on the issue, I identified the flaw as the Heartbeat SSL flaw. By the middle of the day on April 8, my editors at eWEEK were asking me if I had mislabeled the story since other publications were calling it Heartbleed. Time sure does fly. The name Heartbleed is the branded term that security firm Codenomicon came up with. They also branded the vulnerability in a way that I had never seen before, but has since become a model that other security vendors have tried to emulate. The Codenomicon-branded Heartbleed had its own logo and an easy-to-follow description of the flaw and the actual risks. As it turned out, the issue was also discovered by Google security researcher Neil Mehta. Both Mehta and Codenomicon were awarded the Black Hat 2014 Pwnie award for Heartbleed in the category of best server-side bug. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] R.E.S.P.E.C.T.: The way for CISOs to get and keep it

http://www.csoonline.com/article/2894037/security-leadership/r-e-s-p-e-c-t-the-way-for-cisos-to-get-and-keep-it.html By Taylor Armerding CSO March 10, 2015 If you’ve got a “C” at the beginning of your professional title, you’re at the top, or pretty close to it. That, at least, is the perception of most people below the “C-suite” in an organization. But, there is a hierarchy in the C-suite as well, and the Chief Information Security Officer (CISO) tends to be stuck at the low end of it, both in influence and respect. That’s the finding of a survey by ThreatTrack Security, reported in a white paper titled, “No Respect: Chief Information Security Officers Misunderstood and Underappreciated by Their C-Level Peers.” More specifically, the survey of 203 C-level executives at U.S. organizations employing a CISO found that a large majority (74%) thought CISOs didn’t even deserve a seat at the C-level table and viewed them primarily as, “a convenient scapegoat in the event of a data breach.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail