Sino-American cyber relations approach overt cold war (Euro News calls it "WWIII on the WWW") as the US Administration demands that China halt theft of trade secrets. Chinese officials reiterate their tu quoque accusations of American cyber espionage. The FBI investigates a whistleblower's charges that NASA data were improperly revealed to Chinese officials.
Hewlett-Packard warns that some printers are vulnerable to remote exploitation. Kaspersky finds that MiniDuke is carried by Java and HTML vectors as well as infected pdfs. A Russian site hosts personal details of political and entertainment celebrities.
Last month's cross-platform malware that infected Twitter, Apple, Facebook, and Microsoft has turned out to be curiously discriminating. Not every machine that should have been infected at the waterhole was, which leads researchers to conclude that the malware was looking for some very specific (and still unknown) targets.
It's Patch Tuesday: expect seven fixes (four critical) from Redmond later today. Metaspoit adds a module for the recently patched Honeywell ICS vulnerability.
Dark Reading discerns a new vulnerability: "non-malicious insiders," people with more privileges than security savvy.
Tripwire announces its acquisition of nCircle. Cyber labor shortages continue to be felt across the sector, and the National Board of Information Security Examiners and the US Pacific Northwest National Laboratory seek to help by mapping skills to responsibilities.
Government and industry leaders will gather in Silicon Valley for SINET's ITSEF conference, March 19-20, to discuss cyber innovation and entrepreneurship. As we did for RSA, the CyberWire will provide special coverage of this event.
Today's issue includes events affecting Australia, China, India, Iran, Ireland, Pakistan, Russia, United Kingdom, United States..
Cyber Attacks, Threats, and Vulnerabilities
Hack Attack: China and the U.S. Trade Barbs on Cyberwarfare(Time) The gloves are off. For years, the White House has danced around the sensitive topic of Chinese hacking into American computer systems that is believed to have compromised everything from electrical grids to the email accounts of researchers focusing on China's human-rights record. Public finger-pointing at Chinese hackers has been left largely to the American legislative branch or to private Western cyber-security firms like Mandiant or McAfee, which have produced reports linking the Chinese military to online espionage. Even when U.S. President Barack Obama warned of the dangers of cyberwarfare in his State of the Union Address last month and then issued an executive order to protect America's online borders, he declined to specifically name China as an offender
U.S. publicly calls on China to stop commercial cyber-espionage, theft of trade secrets(Washington Post) In an unusually direct appeal, the Obama administration on Monday called on China to halt its persistent theft of trade secrets from corporate computers and engage in a dialogue to establish norms of behavior in cyberspace. The demands mark the administrations first public effort to hold China to account for what officials have described as an extensive, years-long campaign of commercial cyber-espionage. Increasingly, U.S. businesses are speaking out about their serious concerns about sophisticated, targeted theft of confidential business information and proprietary technologies through cyber-intrusions on an unprecedented scale, President Obamas national security adviser, Thomas E. Donilon, said in a speech to the Asia Society in New York
WWIII on the WWW(Euro News) America is under cyber attack, and Washington now believes there is evidence that China is officially sponsoring much of it. The source of much of the activity is a military building, and not some amateur hacker's home. Mandiant, a private security firm has traced a wave of cyber attacks to the door of China's cyber command. The report has rattled Washington, and the IT and intelligence communities are still scrambling for adequate answers
Microsoft Helps Chinese Government Spy on Skype Users(eSecurity Planet) TOM-Skype, the product of Microsoft's partnership with Tom Online, monitors Chinese users' text conversations for keywords. Jeffrey Knockel, a 27-year-old graduate student at the University of New Mexico, has decrypted and published a list of the words that prompt Skype to block messages or forward them to Chinese servers. "Unlike throughout the rest of the world, people in China must use a special version of Skype, called TOM-Skype, which is a joint venture between Microsoft and Tom Online, a Chinese wireless Internet company," writes Computerworld's Preston Gralla. "TOM-Skype has almost 96 million users."
HP, CERT Warn of Critical Hole in LaserJet Printers(Threatpost) Homeland Security's Computer Emergency Response Team is warning today that some printers manufactured by Hewlett-Packard, including 10 of its LaserJet Professional printers, have a security vulnerability that could allow an attacker to remotely access data
MiniDuke does not come only via email(Help Net Security) Researchers from Kaspersky and CrySyS Lab continue to analyze the MiniDuke backdoor and have discovered two previously unknown infection mechanisms. Recently discovered to have been used to attack
Dox Site Exposes the Details of 17 Celebrities and Government Officials(Softpedia) A relatively new website called Exposed, apparently operated by a Russian individual, has been found to host the personal details of several public figures, including celebrities, law enforcement officials and government officials. So far, the details of 17 individuals are on the website, but the number keeps growing. Currently, the ones whose personal information is on the site are Michelle Obama, Kim Kardashian, Joe Biden, FBI Director Robert Mueller, Hillary Clinton, US Attorney General, LAPD Chief Charlie Beck, Mel Gibson, Ashton Kutcher, Jay Z, Beyonce, Paris Hilton, Britney Spears, Sarah Palin, Hulk Hogan, Donald Trump and Arnold Schwarzenegger
Australia's Central Bank Struck in Cyber Attack(Israel National News) Australia's central back has confirmed it was hit in a cyber attack, but declined to comment on the source of the malware used. The Reserve Bank of Australia (RBA) reassured depositors in a statement Monday thatno data had been lost or systems compromised
Cross-platform malware that hit tech giants had specific targets(CSO) Apple, Facebook, Microsoft and Twitter acknowledge finding the Trojan in employee computers, but provide little information to security firms. The creators of a cross-platform malware that infected employee computers in Apple, Facebook, Twitter and Microsoft appeared to look for specific targets among the visitors to several compromised websites used to distribute the Trojan. Reported last month, the malware infected Windows and Mac computers through a previously unknown vulnerability in the Java browser plug-in. The Trojan was distributed through three or four developer sites, including one for Apple iOS and another for Android. The malware did not infect all visiting computers, an indication that the creators had the app look for particular targets, Lysa Myers, senior security analysis for Mac anti-virus vendor Intego said Monday. Intego had not determined the criteria for infection
Some data-breach victims can't be helped(IT World) From the No Good Deed Goes Unpunished Department: Security experts trying to tell a Pennsylvania hospital that a pile of its sensitive data belonging to staff -- and possibly patients -- was sitting exposed on the Internet were stymied for five days recently by the fact that no one at the medical facility would respond to their repeated warnings
Old and new botnets behind spam resurgence(Help Net Security) Even when they have other capabilities, botnets are primarily used to send out malicious messages, since that is the easiest - not to mention the least risky - way for botmasters to earn money
Twitter, social media are fertile ground for stock hoaxes(Yahoo) Prominent short-seller David Einhorn raised eyebrows last month when he popped up on Twitter to disavow that he had tweeted about Herbalife Ltd."Apparently I have a twitter impersonator," said the hedge fund manager, adding that he had no plans "to tweet about stocks."What set off Einhorn, founder of Greenlight Capital, was a post by a since-suspended Twitter account called @Greenlightcap that read: "The $HLF tug of war will in the end come down to who has more money to play with. I wouldn't want to be in Bill's shoes right now #TeamIcah
Security Patches, Mitigations, and Software Updates
After Previously Blocking It, Microsoft Now Enables Flash By Default On IE10 For Windows 8 And RT(TechCrunch) Today, Internet Explorer 10 in Windows 8?s Metro/Modern UI mode and on Windows RT blocks Flash by default and only allows sites on Microsoft's curated Compatibility View (CV) lists to play Flash content. Tomorrow, that's changing: all Flash content will run by default and the CV list will now be used to block sites from playing Flash content. Windows 8 users previously had to
Apple's App Store lacked encryption protection for months(CSO) Researchers say oversight left users vulnerable to cyber crooks. Apple's app store operated for months without the protection of SSL encryption, according to researchers. Apple announced it had fixed the problem in January, but the researchers who discovered the flaw didn't write about it until this month
March 2013 Patch Tuesday: 7 security fixes, 4 'critical'(CSO Salted Hash) Tomorrow is Microsoft's monthly release of security patches. Here's a preview. Microsoft says you can expect seven security updates tomorrow -- four of which will address critical vulnerabilities in Windows, IE, Silverlight and Office. Here's a more in-depth preview from some of the industry's better-known patch management experts
9 Must-Know Java Security Facts(InformationWeek) More than half of all Java users are still using Java 6, which Oracle officially retired last month. Is it time for a consumer recall
SMBs Unprepared For Security Breaches(Dark Reading) More than half of all small- and midsized businesses have suffered a data breach, most which could be prevented by better training, policies and a smattering of technology, study finds
Consumers don't trust banks with personal data(Help Net Security) Banks top the list of organizations consumers trust least with their personal data, according to a survey of 2,000 UK consumers. Mobile phone operators and retailers also fare badly in the eyes of the
Asia is the global locus of cyberspace competition, says Lewis(Fierce Government IT) Asia, and China in particular, has become the global locus of competition in cyberspace, says cybersecurity theorist James Andrew Lewis, in a new paper. Were it not for the fact of malicious Chinese cyber activities--which fall below the threshold of warfare but include rampant and internationally destabilizing cyber espionage--cyber conflict as an issue "would have a much lower profile and be of much less concern both regionally and globally," Lewis asserts in a March 7 paper
PACOM promotes regional cyber capabilities, defenses(62nd Airlift Wing) PACOM's cyber cell, serving as a testbed for the newly established U.S. Cyber Command, grappled with scenarios that shot holes through their cyber defenses, compromising their command-and-control systems and, by extension, their ability to control
Alex Heidt Joins Alion As SVP, GM(GovConWire) Alex Heidt, a former senior vice president within Harris Corp.'s information technology services business, has joined Alion Science and Technology as an SVP and general manager, GovCon Wire has learned. Heidt previously led business development for Harris' IT services business and earlier served as VP of Air Force programs, where he oversaw profit and loss functions and business development
CTC Developing Tech For Defense University(GovConWire) Concurrent Technologies Corp. has won a position on a potential $18 million contract to develop information availability technologies for the National Defense University. CTC won its spot on the potential three-year indefinite-delivery/indefinite-quantity contract from the General Services Administration, the company said Friday. The company will also advise NDUNational Defense University faculty and staff on new
Tripwire acquires nCircle(Help Net Security) Tripwire has entered into a definitive agreement to acquire nCircle. The acquisition is expected to close in April and is subject to the customary closing conditions. The terms of the acquisition are
Organisations need more cyber security experts, says study(Securityclearedjobs) Organisations worldwide are in need of more cyber security experts, according to a new survey, with employment in this sector set to escalate in future. The International Information Systems Security Certification Consortium, in partnership with Booz Allen Hamilton and with the assistance of Frost & Sullivan, polled over 12,000 information security professionals globally in the final quarter of 2012. It found that employment in the sector was highly secure, with more than 80 per cent of respondents having had no change of employer over the preceding 12 months
New UK cyber-champ: Chemist's winning formula cracks 'F1 race hack'(Register) A 28-year-old chemist is the new UK Cyber Security Champion after triumphing in a year-long competition that tested computer defence skills. Stephen Miller, from Hertfordshire, beat thousands of other hopefuls after competing in several online and face-to-face heats. Miller, who works as a lab team manager at a major pharmaceutical company, has taken part in the tournament since it launched in 2010, building up his skills along the way. Although he has no formal computer security training, examiners praised his abilities
Cybersecurity Workforce Developers Need You, Part Deux(Smart Grid Security Blog) Yes we can…Power industry security stakeholders (if you read this blog, that means you!) The National Board of Information Security Examiners (NBISE) is partnering with the Pacific Northwest National Laboratory to contribute to the development of the U.S. cybersecurity workforce. Toward this effort, a utility SME panel has mapped power system cybersecurity job responsibilities to the objectives of two workforce frameworks (NICE and ES-C2M2), the domains of training/education programs, and the objectives of key certifications
Products, Services, and Solutions
Samsung Knox Raises Android Security Game(Dark Reading) Following the BlackBerry announcement of BES 10 as a general-purpose mobile management solution, Samsung has expanded its SAFE program to include EMM features like MAM and business/personal partitioning. These companies are advancing the technology for customers. Where are Microsoft and Apple in this
Skyscape now accredited to support IL0-IL3 data through G-Cloud(Public Technology) Only days after programme director Denise McDonagh identified accreditation as an area for improvement in the G-Cloud, UK SME Skyscape has been awarded the highest level of pan-government accreditation from CESG (The National Technical Authority for Information Assurance
DataMotion releases email encryption service(Help Net Security) DataMotion announced SecureMail Automation, an email encryption service that automates secure digital message distribution for a range of business applications that send large volumes of sensitive
Improving the security for Android embedded systems(Help Net Security) McAfee has delivered a whitelisting security solution for Android based embedded systems. McAfee Application Control for Android resides in the Android kernel, embedded in the operating system
Technologies, Techniques, and Standards
Better Patching Priority(Dark Reading) What to consider when prioritizing risks. There are lots of different opinions about the best ways to tackle security risk. In a recent blog post titled "The Best Way to Spend Your Security Budget," Larry Seltzer says there is one burning issue that should be at the top of everyone's list: SQL injection
How Akamai's Chief Security Officer Secures Millions [VIDEO](eSecurity Planet) Andy Ellis, CSO at Akamai, explains how the content dev network deals with security at a massive scale. Akamai operates one of the world's largest content delivery networks, providing secure delivery of information to millions of end users. Making sure that data remains secure is the job of Chief Security
IPv6 Focus Month: Filtering ICMPv6 at the Border(Internet Storm Center) Paulgear1 asked on twitter: "help on interpreting RFC4890. I still haven't turned on IPv6 because I'm not confident in my firewall." First of all, what is RFC4890 all about ? The RFC is considered informational, not a standard. Usual guidance for IPv4 is to not block ICMP error messages, but one can get away with blocking all ICMP messages
IPv6 Focus Month: Traffic Testing, Firewalls, ACLs, pt 1(Internet Storm Center) Rule validation should be on a list of checks. This should continue with any rule change but that can often not scale. At a minimum, testing of Access Control Lists and Firewall rules must be conducted when implanting dual stack. Enter story; A little over four years ago I started my journey with IPv6, to the point of setting up tunneling at home, and getting my entire home network IPv6 enabled. This was actually quite simple with Tunnel Broker . The interesting part of this story comes in when you take a look at how dual stack works and firewall traffic. To make a long story short, I did not test the home firewall and discovered that it routed tunneled traffic but did not filter the tunneled traffic (Big Thanks to Dr J, whom I was testing with at the time, for point this out)
Resources for Aspiring Penetration Testers(netspi) At some point, all penetration testers get asked, Where did you learn all this stuff? In my experience, the question often comes from clients and students interested in pen testing. Usually, theyre asking because they arent sure where to start
How Women Can Stop Webcam Hacker Creeps from Watching You(The Atlantic Wire) There is one foolproof way to avoid an increasingly terrifying group of perverted cyberspies who are hijacking (mostly) women's computer cameras: Buy a new computer that has a light that goes on whenever your webcam is in use, whether you know it or not. Ars Technica's Nate Anderson details "the Internet's Wild West" of remote administration tools (RAT), which are as scary for their description of female hacking victims as "slaves" as they are vulnerable to the little known little green light, which is installed on all Macbooks. "If someone release[s] soft[ware] which will disable the led cam light he will be the richest man in HF [Hack Forums]!!!" wrote one user on Hack Forums
HTG Explains: What is a 'Zero-Day' Exploit? (And How to Protect Yourself)(How-To Geek) The tech press is constantly writing about new and dangerous "zero-day" exploits. But what exactly is a zero-day exploit, what makes it so dangerous, and - most importantly - how can you protect yourself? Zero-day attacks happen when the bad guys get ahead of the good guys, attacking us with vulnerabilities we never even knew existed. They're what happens when we haven't had time to prepare our defenses
Design and Innovation
SimCity mess shows how little faith business should put in beta tests(Quartz) Beta testers are not the same things as real customers, videogame maker Electronic Arts has belatedly discovered, resulting in a public apology from Lucy Bradshaw, an EA general manager. SimCity is a storied videogame franchise that has been a hit since its debut in 1989, so you'd think EA would have been ready for the horde of customers who mobbed the latest edition of the online-only title. But that wasn't the case, and many users have been unable to play
DNA hack could make medical privacy impossible(CSO) Researchers could find your name by taking samples from a distant cousin. It may now be possible for anyone, even if they follow rigorous privacy and anonymity practices, to be identified by DNA data from people they do not even know. A paper published in January in the journal Science describes a process by which it's possible to identify by name the donors of DNA samples, even without any demographic or personal information. The technique was developed by a team of geneticists at MIT's Whitehead Institute for Biomedical Research and is intended to demonstrate that science and technology have surpassed the techniques and laws currently in place for safeguarding private medical data, according to Yaniv Erlich, a fellow at Whitehead and member of the research team
Google Funds Fashion Recognition Research(InformationWeek) Technology being developed with support from Google could allow Project Glass or other mobile devices to recognize people without using facial biometrics. Google may be wary of adding a facial recognition system to Project Glass, its forthcoming computerized eyewear, due to the privacy implications. But the company appears to be more sanguine about the public's willingness to accept fashion recognition. Google recently awarded a research grant to support ongoing work on a project called InSight that enables individuals to be identified by their visual fingerprint, calculated through assessments of clothing colors, body structure and motion patterns
What Victorians got right about school, and Silicon Valley has wrong(Quartz) TED, the superstar conference of technology and entertainment, just awarded its top 2013 prize to Sugata Mitra for his proposal to overturn a "Victorian education system" that "mass-produces workers with identical skills." In lieu of lectures, books and homework, Mitra encouraged teachers instead to step back and let children learn in their own ways via the Internet…But I also wondered if Mitra, a professor in the UK, had noticed on the flight to his conference how virtually every child between 3 and 13 was glassy-eyed from using an iPad as a form of self-guided education. Watching it, I thought about the autobiography of John Stuart Mill, the home-schooled, self-guided, proto-Victorian prodigy, who late in life found salvation from the poetry he was never exposed to as a child
Lawmakers: Don't mess with Texas(IT World) Lone Star legislators have introduced the toughest location privacy laws yet. Cops want to know where you've been? They'd better have a warrant
Proposed act would require the US government to secure a warrant before reading your email(The Next Web) Today three members of the US House of Representatives, Lofgren, Poe, and DelBene, introduced the Online Communications and Geolocation Protection Act (OCGPA), calling it a reformation of the Electronic Communications Privacy Act (ECPA) of 1986. The ECPA is notoriously out of date. Its email provisions regarding when email can be read by the government are lax enough to be embarrassing
Iran bans VPN that lets web users bypass internet filters(IT Pro) Iranian authorities have blocked the use of most "virtual private networks", a tool that many Iranians use to get around an extensive government Internet filter, it has been claimed. A widespread government internet filter prevents Iranians from accessing many sites on the official grounds they are offensive or criminal. Many Iranians evade the filter through use of VPN software, which provides encrypted links directly to private networks based abroad, and can allow a computer to behave as if it is based in another country
DSB task force urges security mandates for DoD cloud computing(FierceGovernmentIT) Cloud computing adoption within the Defense Department will require establishment of clear security mandates, says a report from a Defense Science Board task force. The report dated January 2013, says among the mandates the DoD chief information officer and the Defense Information Systems Agency could establish include aspects of trusted computing such as hypervisor attestation to assure that it hasn't been corrupted, cryptographic sealing and "strong virtual machine isolation"
Litigation, Investigation, and Law Enforcement
Retailer Sues Visa Over $13 Million 'Fine' for Being Hacked(Wired Threat Level) A sports apparel retailer is fighting back against the arbitrary multi-million-dollar penalties that credit card companies impose on banks and merchants for data breaches by filing a first-of-its-kind $13 million lawsuit against Visa
FBI investigating NASA whistleblower reports of Chinese data breach(Federal News Radio) The congressman who oversees the committee that funds NASA says the FBI is looking into whistleblower reports that the agency allowed a Chinese national inside access to sensitive information, and that the data may have made its way back to the Chinese mainland. Rep. Frank Wolf (R-Va.) said he turned the allegations over to the FBI after employees at NASA's Langley Research Center in Hampton, Va., approached him, claiming that higher-ups had authorized the hiring of a contractor employee connected with an organization within China that federal agencies already had red-flagged as a potential national security threat
Kozinski: When consumers trade privacy for services, it's difficult to prevent the gov't from accessing that same info(FierceGovernmentIT) The third party doctrine and the public's willingness to trade privacy for services that carry no charge pose a significant hurdle to attempts to stymie government use of data brokers, said Alex Kozinski, chief judge of the Ninth Circuit federal court of appeals. "We've gotten used to getting this stuff on the cheap by selling our privacy," Kozinski said while speaking March 3 at a privacy conference held by Yale Law School--naming as examples services offered by Google and credit cards with no consumer fee
En Banc Ninth Circuit Holds That Computer Forensic Searches Are Like 'Virtual Strip Searches' And Require Reasonable Suspicion At the Border(Volokh Conspiracy) Today the Ninth Circuit handed down its long-awaited en banc decision in United States v. Cotterman, a case on the lawfulness of searching a computer at the border. (My prior posts are here, here, here, and here.) Today the Ninth Circuit announced a special rule for computer searches: Although a "review of computer files" can occur without reasonable suspicion, the "forensic examination" of a computer at the border requires reasonable suspicion because it is "akin to reading a diary line by line looking for mention of criminal activity--plus looking at everything the writer may have erased." Here's the key part of the analysis
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
e-Crime Congress 2013(London, England, March 12 - 13, 2013) The e-Crime Congress is designed to meet the needs of key stakeholders and decision makers who are responsible for designing and coordinating information security and risk management strategy, safeguarding...
CTIN Digital Forensics Conference(Seattle, Washington, USA, March 13 - 15, 2013) Speakers include experts and published authors in the field of digital forensics and cybersecurity. Topics include; Mobile Device Forensics, Internet Forensics, Physical Memory Analysis, Open Source Tools,...
Google and University of Maryland Cybersecurity Seminar(College Park, Maryland, USA, March 14, 2013) Dr. Ari Juels, Chief Scientist of RSA, The Security Division of EMC, and Director of RSA Laboratories, will discuss "Aggregation and Distribution in Cloud Security." His talk will feature information...
Department of Homeland Security 6th Annual Industry Day(Washington, DC, USA, March 18, 2013) The Department of Homeland Security (DHS) will be hosting its 6th Annual Industry Day to provide advanced acquisition planning information to industry. DHS Industry Day will consist of two sessions, the...
IT Security Entrepreneurs' Forum (ITSEF 2013)(Palo Alto, California, USA, March 19 - 20, 2013) Supported by the U.S. Department of Homeland Security, Office of Science and Technology, ITSEF 2013 aims to connect the ecosystem of the entrepreneur: industry, government, and academia. The conference...
The Future of Cyber Security 2013(London, England, UK, March 21, 2013) Cyber Security and the Citizen 2013 is a one-day conference and exhibition for senior decision-makers of central and local government organisations, NGOs and major private sector enterprises.
SANS Cyber Threat Intelligence Summit(Washington, DC, USA, March 22, 2013) Conventional network defense tools such as intrusion detection systems and anti-virus focus on the vulnerability component of risk, and traditional incident response methodology presupposes a successful...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.