The Military

The Marshall Islands, Nuclear Testing, and the NPT 57

Posted by samzenpus
from the big-booms dept.
Lasrick writes: Robert Alvarez, a senior scholar at the Institute for Policy Studies and a former senior policy adviser to the Energy Department's secretary and deputy assistant secretary for national security and the environment, details the horrific consequences of nuclear weapons testing in the Marshall Islands and explains the lawsuits the Marshallese have filed against the nuclear weapons states. The lawsuits hope to close the huge loophole those states carved for themselves with the vague wording of Article VI of the NPT (Nuclear Non-proliferation Treaty), wording that allows those states to delay, seemingly indefinitely, implementing the disarmament they agreed to when they signed the treaty.
Democrats

Obama Asks Congress To Renew 'Patriot Act' Snooping 365

Posted by Soulskill
from the it-makes-you-safer-because-reasons dept.
mi writes: President Obama has asked the Senate to renew key Patriot Act provisions before their expiration on May 31. This includes surveillance powers that let the government collect Americans' phone records. Obama said, "It's necessary to keep the American people safe and secure." The call came despite recent revelations that the FBI is unable to name a single terror case in which the snooping provisions were of much help. "Obama noted that the controversial bulk phone collections program, which was exposed by National Security Agency contractor Edward Snowden, is reformed in the House bill, which does away with it over six months and instead gives phone companies the responsibility of maintaining phone records that the government can search." Obama criticized the Senate for not acting on that legislation, saying they have necessitated a renewal of the Patriot Act provisions.
Security

Insurer Won't Pay Out For Security Breach Because of Lax Security 114

Posted by Soulskill
from the ounce-of-prevention-is-worth-a-ton-of-green dept.
chicksdaddy writes: In what may become a trend, an insurance company is denying a claim from a California healthcare provider following the leak of data on more than 32,000 patients. The insurer, Columbia Casualty, charges that Cottage Health System did an inadequate job of protecting patient data. In a complaint filed in U.S. District Court in California, Columbia alleges that the breach occurred because Cottage and a third party vendor, INSYNC Computer Solution, Inc. failed to follow "minimum required practices," as spelled out in the policy. Among other things, Cottage "stored medical records on a system that was fully accessible to the internet but failed to install encryption or take other security measures to protect patient information from becoming available to anyone who 'surfed' the Internet," the complaint alleges. Disputes like this may become more common, as insurers anxious to get into a cyber insurance market that's growing by about 40% annually use liberally written exclusions to hedge against "known unknowns" like lax IT practices, pre-existing conditions (like compromises) and so on.
Security

IRS: Personal Info of 100,000 Taxpayers Accessed Illegally 82

Posted by Soulskill
from the disincentive-to-pay-your-taxes dept.
An anonymous reader writes: The Associated Press reports that an online service provided by the IRS was used to gather the personal information of more than 100,000 taxpayers. Criminals were able to scrape the "Get Transcript" system to acquire tax return information. They already had a significant amount of information about these taxpayers, though — the system required a security check that included knowledge of a person's social security number, date of birth, and filing status. The system has been shut down while the IRS investigates and implements better security, and they're notifying the taxpayers whose information was accessed.
Transportation

Amtrak Installing Cameras To Watch Train Engineers 281

Posted by Soulskill
from the call-it-amtraking dept.
An anonymous reader writes: In the aftermath of the derailment of an Amtrak train in Philadelphia a couple weeks ago, the company has caved to demands that it install video cameras to monitor and record the actions of the engineers driving their trains. The National Transportation Safety Board has been recommending such cameras for the past five years. Amtrak CEO Joe Boardman says the cameras will improve train safety, though the engineers' union disagrees. In 2013, the union's president said, "Installation of cameras will provide the public nothing more than a false sense of security. More than a century of research establishes that monitoring workers actually reduces the ability to perform complex tasks, such as operating a train, because of the distractive effect."
Social Networks

Linux/Moose Worm Targets Routers, Modems, and Embedded Systems 110

Posted by Soulskill
from the moose-is-the-penguin's-natural-enemy dept.
An anonymous reader writes: Security firm ESET has published a report on new malware that targets Linux-based communication devices (modems, routers, and other internet-connected systems) to create a giant proxy network for manipulating social media. It's also capable of hijacking DNS settings. The people controlling the system use it for selling "follows," "likes," and so forth on social media sites like Twitter, Instagram, Vine, Facebook, and Google+. Affected router manufacturers include: Actiontec, Hik Vision, Netgear, Synology, TP-Link, ZyXEL, and Zhone. The researchers found that even some medical devices were vulnerable to the worm, though it wasn't designed specifically to work with them.
Security

Exploit Kit Delivers Pharming Attacks Against SOHO Routers 30

Posted by timothy
from the north-of-houston-you're-ok dept.
msm1267 writes: For the first time, DNS redirection attacks against small office and home office routers are being delivered via exploit kits. French security researcher Kafeine said an exploit kit has been finding success in driving traffic from compromised routers to the attackers' infrastructure. The risk to users is substantial, he said, ranging from financial loss, to click-fraud, man-in-the-middle attacks and phishing.
Spam

Attackers Use Email Spam To Infect Point-of-Sale Terminals 83

Posted by samzenpus
from the protect-ya-neck dept.
jfruh writes: Point-of-sale software has meant that in many cases where once you'd have seen a cash register, you now see a general-purpose PC running point-of-sale (PoS) software. Unfortunately, those PCs have all the usual vulnerabilities, and when you run software on it that processes credit card payments, they become a tempting target for hackers. One of the latest attacks on PoS software comes in the form of malicious Word macros downloaded from spam emails.
Privacy

Sniffing and Tracking Wearable Tech and Smartphones 53

Posted by samzenpus
from the all-the-better-to-follow-you-with dept.
An anonymous reader writes: Senior researcher Scott Lester at Context Information Security has shown how someone can easily monitor and record Bluetooth Low Energy signals transmitted by many mobile phones, fitness monitors, and iBeacons. The findings have raised concerns about the privacy and confidentiality wearable devices may provide. “Many people wearing fitness devices don’t realize that they are broadcasting constantly and that these broadcasts can often be attributed to a unique device,” said Scott says. “Using cheap hardware or a smartphone, it could be possible to identify and locate a particular device – that may belong to a celebrity, politician or senior business executive – within 100 meters in the open air. This information could be used for social engineering as part of a planned cyber attack or for physical crime by knowing peoples’ movements.” The researchers have even developed an Android app that scans, detects and logs wearable devices.
Firefox

Firefox's Optional Tracking Protection Reduces Load Time For News Sites By 44% 205

Posted by Soulskill
from the definition-of-a-win-win dept.
An anonymous reader writes: Former Mozilla software engineer Monica Chew and Computer Science researcher Georgios Kontaxis recently released a paper (PDF) that examines Firefox's optional Tracking Protection feature. The duo found that with Tracking Protection enabled, the Alexa top 200 news sites saw a 67.5 percent reduction in the number of HTTP cookies set. Furthermore, performance benefits included a 44 percent median reduction in page load time and 39 percent reduction in data usage.
Security

Researchers Devise Voting System That Seems Secure, But Is Hard To Use 103

Posted by Soulskill
from the find-the-candidate-and-hand-them-your-vote dept.
An anonymous reader writes: According to an article in ReadWrite, a team of British and American researchers have developed a hacker resistant process for online voting called Du-Vote. It uses a credit card-sized device that helps to divide the security-sensitive tasks between your computer and the device in a way that neither your computer nor the device learns how you voted (PDF). If a hacker managed to control the computer and the Du-Vote token, he still can't change the votes without being detected.
Security

Hacker Warns Starbucks of Security Flaw, Gets Accused of Fraud 107

Posted by Soulskill
from the biting-the-hand-that-doesn't-steal-from-you dept.
Andy Smith writes: Here's another company that just doesn't get security research. White hat hacker Egor Homakov found a security flaw in Starbucks gift cards which allowed people to steal money from the company. He reported the flaw to Starbucks, but rather than thank him, the company accused him of fraud and said he had been acting maliciously.
Security

Adult Dating Site Hack Reveals Users' Sexual Preference, Extramarital Affairs 173

Posted by Soulskill
from the another-day,-another-breach dept.
An anonymous reader notes this report from Channel 4 News that Adult FriendFinder, one of the largest dating sites in the world, has suffered a database breach that revealed personal information for 3.9 million of its users. The leaked data includes email addresses, IP addresses, birth dates, postal codes, sexual preferences, and information indicating which of them are seeking extramarital affairs. There even seems to be data from accounts that were supposedly deleted. Channel 4 saw evidence that there were plans for a spam campaign against these users, and others are worried that a blackmail campaign will follow. "Where you've got names, dates of birth, ZIP codes, then that provides an opportunity to actually target specific individuals whether they be in government or healthcare for example, so you can profile that person and send more targeted blackmail-type emails," said cybercrime specialist Charlie McMurdy.
Android

Factory Reset On Millions of Android Devices Doesn't Wipe Storage 92

Posted by samzenpus
from the stucking-around dept.
Bismillah writes: Ross Anderson and Laurent Simon of Cambridge University studied a range of Android devices and found that even though a "factory reset" is supposed to fully wipe storage, it often doesn't. Interestingly enough, full-device encryption could be compromised by the incomplete wiping too. ITnews reports: "The researchers estimated that 500 million Android devices may not fully wipe device disk partitions. As many as 630 million phones may not wipe internal SD cards. Five 'critical failures' were outlined in the researchers' Security Analysis of Android Factory Resets paper.
Google

NSA Planned To Hijack Google App Store To Hack Smartphones 94

Posted by samzenpus
from the all-the-better-to-see-you-with dept.
Advocatus Diaboli writes: A newly released top secret document reveals that the NSA planned to hijack Google and Samsung app stores to plant spying software on smartphones. The report on the surveillance project, dubbed "IRRITANT HORN," shows the U.S. and its "Five Eyes" alliance: Canada, the United Kingdom, New Zealand and Australia, were looking at ways to hack smartphones and spy on users. According to The Intercept: "The top-secret document, obtained from NSA whistleblower Edward Snowden, was published Wednesday by CBC News in collaboration with The Intercept. The document outlines a series of tactics that the NSA and its counterparts in the Five Eyes were working on during workshops held in Australia and Canada between November 2011 and February 2012."
Security

Netgear and ZyXEL Confirm NetUSB Flaw, Are Working On Fixes 34

Posted by samzenpus
from the protect-ya-neck dept.
itwbennett writes: In follow-up to a story that appeared on Slashdot yesterday about a critical vulnerability in the NetUSB service, networking device manufacturers ZyXEL Communications and Netgear have confirmed that some of their routers are affected and said they are working on fixes. ZyXEL will begin issuing firmware updates in June, while Netgear plans to start releasing patches in the third quarter of the year.
United States

What Was the Effect of Rand Paul's 10-Hour "Filibuster"? 381

Posted by samzenpus
from the lets-keep-talking dept.
An anonymous reader writes: Sen. Rand Paul held up a vote on the Fast Track Authority for an eleven hour dissertation on the flaws of: the Patriot Act, the replacement the USA Freedom Act, bulk data collection including credit card purchases, the DEA and IRS's use of NSA intel. for "parallel construction", warrant-less GPS bugs on vehicles, as well as the important distinction of a general warrant versus a specific one. "There is a general veil of suspicion that is placed on every American now. Every American is somehow said to be under suspicion because we are collecting the records of every American," Paul said. The questions is what did the "filibuster" really accomplish? The speeches caused a delay in Senate business but it's unclear what larger effect, if any, that will have.
Businesses

Security Researchers Wary of Wassenaar Rules 34

Posted by samzenpus
from the rules-of-the-game dept.
msm1267 writes: The Commerce Department's Bureau of Industry and Security today made public its proposal to implement the controversial Wassenaar Arrangement, and computer security specialists are wary of its language and vagaries. For starters, its definition of "intrusion software" that originally was meant to stem the effect of spying software such as FinFisher and Hacking Team, has also apparently snared many penetration testing tools. Also, despite the Commerce Department's insistence that vulnerability research does not fall under Wassenaar, researchers say that's up for interpretation.
Security

Stanford Researcher Finds Little To Love In Would-Be Hacker Marketplace 75

Posted by timothy
from the it-is-what-it-is dept.
An anonymous reader writes: What if there were an Uber for hackers? Well, there is. It's called Hacker's List, and it made the front page of the New York Times this year. Anyone can post or bid on an 'ethical' hacking project. According to new Stanford research, however, the site is a wreck. 'Most requests are unsophisticated and unlawful, very few deals are actually struck, and most completed projects appear to be criminal.' And it gets worse. 'Many users on Hacker's List are trivially identifiable,' with an email address or Facebook account. The research dataset includes thousands of individuals soliciting federal crimes.