Cyber Trends
Closing time for the open Internet (The New Yorker) Since 1970 or so, carriers like A. T. & T. and Verizon have been barred from blocking or degrading whatever is transported over their lines. Although, at the time, the rule primarily concerned long-distance voice calls, that principle, applied to the Internet, has become known more recently as net neutrality. It offers a basic guarantee: that content providers on a network—whether it be YouTube, Wikipedia, or bloggers—can reach their users without worrying about being blocked, harassed, or forced to pay a toll by the carrier. Policing that rule in its various guises has been a core mission of the Federal Communications Commission for the past four decades—and keeping carriers away from Internet content has been among the F.C.C.'s most successful policy initiatives since its creation, in 1934. It is the Magna Carta of the Web; today, there's not a tech firm or a blog that doesn't owe something to the open, unblocked Internet
Opinion: The Internet of dumb, nasty things is on the way (TechTarget ChannelMedia) Machines: We can't live without them, but they're about to gang up on us and do us in, judging by data released by Ovum. Nick Booth is worried
Manufacturing, Energy: Targeted Attacks Growing (Industrial Safety and Security Source) The manufacturing and energy sectors are in the top five industries for targeted attacks, a new whitepaper said
Cyberwar increasingly defined by espionage and regional conflicts, argues FireEye (ComputerWorld) The world is still in the foothills of the cyberwar era but already online confrontation is being defined by an unstable and possibly dangerous mixture of proxy conflicts and old-fashioned espionage mixed with lower-level digital activism, security firm FireEye has said
Malware makers turn to cloud (ZDNet) The cloud is becoming an increasingly appealing place for malware distributors to host their code
Amazon and GoDaddy are the biggest malware hosters (Help Net Security) The United States is the leading malware hosting nation, with 44 percent of all malware hosted domestically, according to Solutionary. The U.S. hosts approximately 5 times more malware than the
Security concerns are still holding back cloud adoption (Help Net Security) There are significant differences in public cloud infrastructure concerns between the cloud-wise, organizations that are currently using cloud services, and the cloud-wary, organizations that are not
Data transparency moves increase cyber-attack risks (Pharma Times) The drive for transparency of clinical-trial data in the pharmaceutical industry and associated sectors will inevitably increase the vulnerability of data networks to cyber-attacks, warns a hacking expert at professional services organisation Ernst & Young
Internet security New Year's resolutions: Europe needs to wise up on mobile and Mac insecurity (TechNews) A startling proportion of Europeans still believe their systems are completely safe to use without any security software, with many convinced their smartphones and Macs don't need any protection
Marketplace
Attacks spur surge in cyber insurance sales (Financial Times) Sales of "cyber insurance" policies have surged almost a third at AIG, the biggest standalone insurer in the US, as companies seek to protect themselves from a growing onslaught of cyber attacks and data breaches
Net Neutrality Change Already Turns Some Companies Into Winners (24/7 Wall Street) Verizon Communications Inc. (NYSE: VZ) is on the winning end of an argument about Net Neutrality. A US appeals court has overturned certain aspects of the so-called Net Neutrality laws, which effectively required Internet service providers to treat all web traffic equally without regard to the source. The court ruled that the FCC does not have the right to force providers to force carriers to be neutral
By winning on net neutrality, US internet service providers may really have lost (Quartz) Today, Netflix shares are falling, and one reason for the sell-off is yesterday's US court decision overthrowing "net neutrality" rules—but investors may be acting prematurely
Security startup Impermium joining Google (NetworkWorld) Google expects Impermium to fit in with Google's own spam and abuse teams
What Google can really do with Nest, or really, Nest's data (Ars Technica) Hint: it's not home automation. Google's acquisition of Nest for $3.2 billion this week has been heralded as the company's big move into home automation. Nest has made overtures about customer privacy, but given the size and profitability of its new owner's advertising and personal data business, the new relationship needs a closer examination
IDA-FireEye collaboration to boost cyber security in S'pore (Channel NewsAsia) Cyber security in Singapore will get a boost with the opening of a centre dedicated to developing expertise in the area. To staff the centre, global network security company FireEye aims to hire more than 100 cyber security professionals over the next two years
Private Messaging App Vendor Wickr Offers Hackers $100,000 for Bugs (Threatpost) Bug bounty programs, for the most part, have been the domain of large software vendors and Web companies such as Google, Mozilla, Microsoft, PayPal and Facebook. But some smaller companies are now getting involved, with the latest one to announce a bounty being Wickr, the maker of secure messaging apps for Android and iOS, and
John Sutton: QinetiQ North America-BroadSoft Team Focuses on Cloud Security (Executive Mosaic) QinetiQ North America and BroadSoft have moved to extend their partnership to develop unified communications services for federal, defense and intelligence customers
Why HP chose India as its way back into the smartphone market (Quartz) The short answer: India will be, after China, the single largest market for smartphone sales in 2014, according to a recent forecast
Best big data value opportunity for investors (FierceBigData) Not everyone investing in big data is doing so by buying tools for their own use. Investors are eyeing vendor stock in hopes of reaping big returns too. If you're into investing in big data via the stock market, then you'll likely find the Splunk-Tableau-Verient debate interesting
BAE continues intelligence analysis system development (UPI) BAE Systems says it is to continue to lead a team effort simplify the work of intelligence analysts in processing mass, complex data from multiple sources
NYPA shores up cyber defenses (FierceSmartGrid) The New York Power Authority (NYPA) is partnering with the Center for Internet Security (CIS) to facilitate real-time information sharing to reinforce NYPA's cyber defense capabilities and critical infrastructure assets against potential cyber threats. The partnership will allow NYPA access to the very best security analysis, and the sharing of information will boost NYPA's cyber defenses and ability to respond to cyber occurrences
Amazon's Workers Reject Union, But Its People Problem Won't Go Away (Wired) As Amazon grows ever-larger, and customer demand for efficiency along with it, the pressure on its workers will only increase, as will the potential for unrest
KPMG scales down sponsorship of the Cyber Security Challenge because of a 'lack of credible candidates' (Computing) 'Big Four' professional services firm KPMG has scaled down its sponsorship of the Cyber Security Challenge (CSC) because of a lack of credible talent for the firm to recruit
Cyber Security Challenge CEO hits back at KPMG's 'lack of credible candidates' claim (Computing) The CEO of the Cyber Security Challenge, Stephanie Daman, has hit back at claims that the series of national events designed to encourage talented professionals to join the UK IT security sector has failed to attract suitable candidates
Gaining the attention of Gen Y (SC Magazine) The increasing number of breaches continues to create awareness at enterprises that are increasingly bulking up their security programs. But, as the workforce demand continues to rise, the industry needs to get the attention of millennials to fill positions
Thomas Kennedy to Become Raytheon CEO March 31; William Swanson to Retire (Executive Mosaic) Thomas Kennedy, executive vice president and chief operating officer at Raytheon (NYSE: RTN) since April 2013, will serve as CEO of the defense technology maker starting on March 31. William Swanson, CEO for 10 years and a 41-year company veteran, will retire from the chief executive role on that date and continue to serve as chairman of the board of directors
Symantec appoints Sanjay Rohatgi as President of India Sales (Business Standard) Cyber security software provider Symantec today appointed Sanjay Rohatgi as President of Sales for India
Paul Casey Named Northrop UAE Intl Business Development Head (Executive Mosaic) Paul Casey has been appointed to serve as director of international business development for the United Arab Emirates at Northrop Grumman, Monday. Casey will lead the business development activities in the UAE and the rest of the Middle East region, the company announced Tuesday
Products, Services, and Solutions
Latest in privacy protection tools: GPS shifting for smartphones (FierceBigData) In the topsy turvy world we live perhaps it shouldn't come as surprise (although it is a bit shocking, actually) that a social discovery mobile dating app is among the first to come up with a feature to dislocate your location. Yes, you heard me right. A dating app that allows you to see other people that are close to your current location also enables you to cast a different location to others than where you are actually standing. It also lies about where you are to Facebook and other social media, to pesky retailers tracking you in their store and even to quite a few data brokers
DuckDuckGo continues to gain larger audience (FierceContentManagement) DuckDuckGo reported phenomenal growth last year, and it's no wonder. In a time when our privacy is continually being eroded, and every day there seems to be a new revelation about government surveillance, many people are looking away from major search engines like Google and Bing and moving to DuckDuckGo, a service that guarantees it doesn't save your search information
DissidentX from BitTorrent creator hides messages inside other messages (Slashgear) Recent events in the US and elsewhere have given rise to renewed and more mainstream interest in cryptography. But while the more popular methods are slowly proving to be inadequate, a stronger option might soon be available in the form of DissidentX, a software made by Bram Cohen, more popular for having created the BitTorrent file sharing protocol
A10 Networks offers a DDoS protection appliance based on ADC platform (TechTarget SearchNetworking) ADC vendor A10 Networks announces the Thunder TPS, an anti-DDoS appliance for enterprises and service providers
All Twitter Apps Must Deploy SSL/TLS (Threatpost) Twitter has begun enforcing HTTPS connections between applications and its API
Bitrot and atomic COWs: Inside "next-gen" filesystems (Ars Technica) Most people don't care much about their filesystems. But at the end of the day, the filesystem is probably the single most important part of an operating system. A kernel bug might mean the loss of whatever you're working on right now, but a filesystem bug could wipe out everything you've ever done… and it could do so in ways most people never imagine
Close look awaits NIST cybersecurity framework due next month (Federal Times) Almost a year after President Obama issued an executive order aimed at bolstering protections against computer hacking attacks, a key juncture comes next month when the government releases a framework for reducing the risks of cyber threats
Tiger Team Sets 2014 Privacy Agenda (HealthCareInfoSecurity) Privacy issues involved when patients authorize individuals to securely access their electronic health information on their behalf are among the topics the Privacy and Security Tiger Team will tackle this year
Next-generation authentication technologies emerge to restore balance (TechTarget SearchSecurity) Cloud and mobility in the enterprise has caused a heightened need for organizations to take a closer look at next generation authentication technologies. This handbook discusses emerging authentication technologies that reduce organizational risk while limiting user inconvenience
Anomaly Detection, Knowing Normal Is the Key to Business Trust and Success (SecurityWeek) Threats and attacks are steadily increasing, and business executives face new challenges with trust exploits. While organizations adopt cloud computing and allow employee-owned devices onto the network, the challenge of securing company data increases exponentially. When it comes to advanced persistent threats (APTs), bad actors take advantage of every exploit to steal information, and look for the weakest link in enterprise security systems
When can you trust web services to handle your data? (Help Net Security) A new report by the EU's cyber security agency ENISA analyses the conditions under which online security and privacy seals help users to evaluate the trustworthiness of a web service
Why Cyber Security Is Not Enough: You Need Cyber Resilience (Forbes) With breaches on the rise, companies should focus on cyber resilience, not just cyber security. It's true. Cyber attackers have an edge on you. Just look at recent incidents of credit card information being stolen from Target and SnapChat users' names and cell phone numbers being published online
How to mitigate Atlassian Crowds SSO vulnerability (TechTarget SearchSecurity) Network security expert Brad Casey advises how to mitigate the vulnerability in SSO product Atlassian Crowd until an upgrade can be performed
Using the Google Transparency Report to enhance website blacklisting (TechTarget SearchSecurity) Threats expert Nick Lewis explores whether Google's Transparency Report can be used to enhance blacklisting of malicious websites in the enterprise
How do you know if your cloud is actually down? (Trend Micro Simply Security) These days, it is difficult to determine whether a cloud has actually gone down. There might be a brief outage, but caching and other systems kick in, and it is largely invisible. If your cloud-resident application is available and working for 90% of your audience, but not the other 10, is the cloud up or down? Is there an in between
5 Surprising Security Gains Achieved From Security Analytics (Dark Reading) Getting the most out of big data sets and seemingly unrelated security information
Research and Development
New Fujitsu Labs tech can do batch searches of encrypted data (Infoworld) Method based on public-key encryption uses homomorphic encryption to batch-search 16,000 characters per second using any search term
Security warnings do better if they use scammers' tricks, research finds (Naked Security) Researchers at University of Cambridge's Computer Laboratory actually modeled their security warnings on scammers' messages in their research, using techniques such as authoritative voice and clear descriptions of risks to see if people would resisting clicking through to malware
Symantec Patents Method To Weed Out Fake Or Malicious Torrents (Ubergizmo) For the most part when it comes to downloading torrents, spotting a fake or one laced with malware is relatively easy as you would only have to scan the comments and the negative votes. However there are times when the torrent might be new or unpopular which means that comments and votes are not available, so how do you tell then if the torrent you are about to download is a fake or contains malware? Well thanks to a Symantec patent, it seems that the anti-virus company is hoping to help make your future torrent downloads a safer and much more informed one at that. After all no one likes spending hours downloading a torrent only to find out it's a dud, right
Penn State to Offer New Option in Cybersecurity and Information Assurance for its Master's Degree in Information Sciences (PR Web) In today's interconnected society, information systems are vulnerable to a myriad of threats such as unwanted intrusions, illicit insider corruption or dissemination of data, and unexpected losses from natural or man-made disaster. As a result, government and industry need to hire individuals who have the knowledge and training to combat the onslaught of cyber-attacks. To meet that demand, Penn State's College of Information Sciences and Technology (IST) has created a new option within its Master of Professional Studies (MPS) in Information Sciences program that is designed to prepare graduates to work in the areas of cybersecurity and information assurance in the federal government or private sector
Student Programmer Competition Promotes Creativity, Diversity (SIGNAL Magazine) A competition for student programmers will recognize the importance of other disciplines and focus areas than the ones commonly associated with science, technology, engineering and mathematics (STEM), such as art (design), diversity and digital literacy. "Dream it. Code it. Win it." is organized by MIT and TradingScreen and will award more than $50,000 in scholarships and prizes to winners of the competition. Entrants must be at least 18 years old and enrolled at accredited colleges and universities in the United States. The deadline for entry is March 30, 2014
Cyber-Security in Corporate Finance (ICAEW) New initiative tackles cyber-security threat to corporate finance sector. Understanding, anticipating and managing cyber-security risks in corporate finance is crucial for all company directors and advisers; it is not an issue to be dealt with only by IT and technical specialists
New rules tighten rights, atrocity criteria in U.S. weapons shipments (Reuters) New guidelines for providing U.S. conventional weapons to other countries make rules on human rights more explicit and prohibit policymakers from approving weapons shipments they anticipate will be used to commit atrocities, U.S. officials said
Hill Intel Leaders Downplay Need for NSA Reforms (National Journal) Lawmakers atop the Intelligence committees are resisting pressure from liberals and conservatives alike
Obama Is Not About to Reform the NSA, Insiders Say (Foreign Policy) When President Barack Obama gives his much-anticipated speech on NSA surveillance Friday, he's unlikely to seize the opportunity to rein in the agency's vast surveillance programs. Instead, he will punt. Of the 43 recommendations from a panel that reviewed the agency's programs, Obama is expected to embrace very few, according to U.S. officials and news reports, leaving the harder task of long-term surveillance reform to Congress and the courts
U.S. spy agency's push for secrecy seen as another failing of Obama's transparency pledge (Miami Herald) The federal polygraph training academy, known as the National Center for Credibility Assessment, says it has operated in the unclassified domain for virtually its entire existence. The academy, established in 1951, is now being asked by the Defense Intelligence Agency to keep much of what it does secret
Homeland security subcommittee approves the National Cybersecurity and Critical Infrastructure Protection Act of 2013 (GSN) The Homeland Security Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies has approved the National Cyber Security and Critical Infrastructure Protection Act of 2013. The legislation primarily aims to fortify and codify many of the pre-existing national cyber security initiatives while prohibiting new regulatory authority at the Department of Homeland Security (DHS). It also allows private entities to interact with federal authorities to increase the level of cybersecurity across the board
Cyber Command, network defenses bolstered in spending bill (FCW) The $1 trillion omnibus appropriations bill for fiscal 2014 would more than double Defense Department spending on U.S. Cyber Command and would boost the Department of Homeland Security's funding to defend government networks
Juan Zarate on his Latest Book 'Treasury's War', Private-Public Financial Collaboration in National Security Efforts, and the Power of the 'Carrot' of Financial Inclusion (ExecutiveBiz) On the heels of the late 2013 release of his second book, Treasury's War: The Unleashing of a New Era of Financial Warfare, Juan Zarate caught up with ExecutiveBiz to discuss his and the Treasury Department's work in the years after 9/11 to promote U.S. national security interests through sophisticated global financial campaigns
New laws to stem cyber crime in Kenya (Daily Nation) New laws are being drafted to fight cyber crime in Kenya, the Director of Public Prosecutions has said
Complaint filed against Neiman Marcus, slams breach response (SC Magazine) A class-action complaint was filed against Neiman Marcus in the Eastern District of New York on Monday, just days after the major retailer announced that an undisclosed number of payment cards may have been stolen in a breach
High Court: 'Google privacy case can be heard in UK' (The Telegraph) Google vows to fight High Court decision that it can be sued for an alleged breach of privacy in UK despite being based in the US
San Diego Company Admits to Defrauding Defense Department of Millions (Department of Defense Inspector General) United States Attorney Laura E. Duffy announced today that San Diego-based Vector Planning & Services, Inc. ("Vector") entered into an agreement with the United States Attorney's Office in which it admits to criminally defrauding the Defense Department, and in which it agrees to pay restitution. Vector, which also has offices in Chantilly, Virginia, entered the agreement this afternoon in federal court in San Diego before U.S. Magistrate Judge William McCurine, Jr
Hackers Used Amazon's Cloud To Scrape LinkedIn User Data (Business Insider) Hackers have been using Amazon's powerful data center computers to scrape data from thousands of LinkedIn accounts in order to create fake profiles on the site, according to a new complaint the company has filed in the U.S. district court of Northern California
Philippines web abuse ring smashed in UK-led operation (BBC) A paedophile ring that streamed live child abuse from the Philippines over the internet has been broken up after an operation by UK police and their counterparts in Australia and the US