secuirty
Latest
FCC says sharing DDoS attack details undermines security
Back in May, HBO's John Oliver exhorted viewers to add their public comment on the FCC's website for net neutrality. While at first it seemed as if the server couldn't handle the extra load of commenters, the FCC said that the site had been a victim of multiple distributed denial-of-service (DDoS) attacks. When asked for evidence of the cyberattack by regulators, senators and journalists, the FCC refused to share any data. Last month, a group of ranking House committee members sent a letter to the FCC Chairman Ajit Pai, which expressed concerns about the agency's "cybersecurity preparedness, and the multiple reported problems with the FCC's website in taking public comments in the net neutrality proceeding." Pai's response — dated July 21st and posted on July 28th — was predictably vague in responding to the specific queries from the Representatives. He said "it would undermine our system's security to provide a specific roadmap of the additional solutions to which we have referred."
2015's big hacks, attacks and security blunders
The security breaches, blunders, and disasters of 2015 tanked our trust in health insurance providers, credit agencies, the IRS, car manufacturers, connected toys for kids, and even "adult" dating sites. These stories shaped 2015, and forever changed the way we see data privacy and security. Most importantly, these painful moments in computer security affected millions, shaped government policy and validated our paranoia.
People tweeted their phone number and got spammed with cat facts
There are people who share their real phone numbers via a tweet. Yes, really. One programmer decided to teach those folks a lesson by spamming them with cat facts. Using phone numbers that were beamed out in public tweets, the joke included sending text messages about cats until the person tweeted at Edward Snowden "Meow, I <3 catfacts." Although Snowden isn't in on the gag, he is a bit of a feline fanatic. He was also quite forthcoming about his own Twitter faux pas. In this case, automated script pulls data from the Twitter API before blasting out the messages full of meow-based facts with an anonymous texting app. The programmer says the goal of the stunt is to teach users who are so loose with their personal details a lesson on how a more ruthless hacker might attack their mobile devices. Pretty solid way to do so, if you ask us. [Image credit: AFP/Getty Images]
Root password flaw leaves wireless Seagate drives open to attack
Own a wireless hard drive? Was it made by Seagate? You'll want to download an update. Researchers at Tangible security have discovered a vulnerability in certain Seagate wireless drives that could give unauthorized users root access to the device. The flaw? A default username and password that activates undocumented Telnet services. It's a terrifyingly simple vulnerability. Luckily, the fix is almost as simple -- all you have to do is patch your drive's firmware.
NSA Privacy Director says fears of government spying are unwarranted
It was one of the final questions of the NSA's open Q&A today, and one that's weighed heavily on the minds of American citizens since the Prism scandal last year: "Are our fears of being discreetly spied on merited?" They aren't, according to NSA Civil Liberties and Privacy Director Rebecca Richards . "NSA is a foreign intelligence agency," she explained. "Our mission is to collect critical intelligence on foreign powers or their agents necessary to defend the country." The response is almost dismissive, but technically correct: the NSA isn't supposed to keep tabs on domestic threats, that's the FBI's job. That said, Richards did admit that some intelligence collection against US citizens is unavoidable. "For example, a foreign intelligence target may communicate with or about a U.S. Person," she explained. "NSA's minimization procedures have been designed to account for this possibility and other cases where NSA may incidentally acquire U.S. Person information."
Google, Yahoo and others are getting fed up with government gag orders
The EFF may be handing out gold stars to firms that publish their own transparency reports, but earning that recognition isn't easy. Government data requests are often coupled with gag orders, barring firms from telling users that security agencies are thumbing through their data. Now Google, Yahoo, Microsoft and Facebook are arguing that these orders are a violation of the First Amendment.
NSA review group tells Obama to ditch bulk phone surveillance
2013 has been a hard year for the White House. It's been working overtime to try and manage the PR nightmare sparked by Edward Snowden's NSA whistleblowing -- fighting the outcry of angry citizens, CEOs and major tech firms. President Barack Obama eventually created a panel to review the government's surveillance programs and propose changes that will help restore public's trust. Today, the group's recommendations are in, and in summary, they aren't too surprising: don't spy on your citizens.The report's most public facing suggestion mandates ending the NSA's habit of collecting US phone call metadata. The agency would still be allowed to collect some records, of course, but the panel suggests that this data be maintained by a private third party, or the phone companies themselves. More importantly, this data would only be accessible with an order from the Foreign Intelligence Surveillance Court. That's hardly the panel's only critique, either: the 308 page document actually makes a total of 46 recommendations. It suggests putting international spy operations under heavier scrutiny, for instance, and says that decisions to monitor such communications need to be made by the Commander in Chief -- not the nation's intelligence agencies. It even suggests major tweak to the NSA's structure, asking the president to consider making the next Director of the NSA a civilian.
Macworld on security
Ah, Mac security, one of my favorite topics. I am often considered the Cassandra of the Mac community, warning people that someday Macs will be exploited but no one believes me (and I am sure someone in the comments will tell me I don't know what I am talking about because Macs are magically immune to all kinds of tampering, and why don't I just give this topic a rest). However, I am not the one thinking about Mac security today, Rebecca Freed of PC World is.It is her opinion that you should have a reasonable view on Mac security. Keep the firewall on, don't download strange things, and scan you Mac for viruses (yes, yes there have been no known OS X viruses but that doesn't mean there won't be one in the future. Forewarned is fore armed).
