F.B.I. Cyberattacks

The former LulzSec leader “Sabu,” working as an FBI informant, coordinated hundreds of online attacks against foreign websites throughout 2012, directing other hackers to steal everything from authentication credentials to bank records by exploiting a vulnerability in the Plesk website hosting control panel software. Monsegur, a leading light in Anonymous and head of the hacktivist

How we HACKED mobile voicemail

Voicemail inboxes on two UK mobile networks are wide open to being hacked. An investigation by The Register has found that even after Lord Leveson’s press ethics inquiry, which delved into the practice of phone hacking, some telcos are not implementing even the most basic level of security. Your humble correspondent has just listened to

Bank of England to oversee ‘ethical hacking’

High quality global journalism requires investment. Please share this article with others using the link below, do not cut & paste the article. See our Ts&Cs and Copyright Policy for more detail. Email ftsales.support@ft.com to buy additional rights.  Top financial institutions face simulated attacks on their computer infrastructure as authorities step up attempts to assess

Is there anyone you can trust?

An investigation spurred by one of the customers of their security product has lead researchers of security company Bkav to an unexpected discovery: the servers provided by Amazon’s Cloud IaaS Service are riddled with vulnerabilities. The customer in question complained about his server having been infected with spying and information-stealing malware despite the use of

Who Should Control The Internet?

The U.S. has agreed to give up supervision of the Internet policy-making body that controls domain names, hoping to satisfy countries that want more international control over the Internet. This week, Washington will find out if its actions have eased global tensions over its cyberspying activities. World representatives are arriving in Brazil for Net Mundial,

Router backdoor

Eloi Vanderbeken discovered the existence of a backdoor in his Linksys router last Christmas, so he spurred other hackers to check what other routers have the same backdoor. The results of this investigation was that 24 DSL router models from Cisco, Linksys, Netgear, and Diamond were confirmed to be vulnerable. The backdoor has been tied with

The True Price of Encryption

In the wake of recent events like Heartbleed, the search for cost-effective, easy, and scalable encryption solutions has never been more important. I’m sure many of you have had mixed experiences with encryption techniques, architectures, and implementations that, in the wake of Heartbleed and the Dual_EC_DRBG scandal, point out the importance of getting encryption right

Secure cloud storage may not be

Some cloud storage providers who hope to be on the leading edge of cloud security adopt a “zero-knowledge” policy in which vendors say it is impossible for customer data to be snooped on. But a recent study by computer scientists at Johns Hopkins University is questioning just how secure those zero knowledge tactics are.

Microsoft releases Threat Modeling Tool 2014

The Microsoft Threat Modeling Tool 2014 is the latest version of the free Security Development Lifecycle Threat Modeling Tool that was previously released back in 2011.

Lavabit crypto keys

In the summer of 2013, Lavabit was ordered to provide real-time e-mail monitoring of one particular user of the service, believed to be Snowden, the former NSA contractor turned whistleblower. Instead of adequately complying with the order to turn over the private SSL keys that protected his company’s tens of thousands of users from the

Anti Theft [tracking] Software

Want to find a stolen laptop, tablet or smartphone? The more you use your laptop, smartphone or tablet, the more you have to lose if it’s stolen. The material cost of the loss may be taken care of by your insurance, but consider the fact that your email is now in the hands of a

A Password Manager Reality Check

Is a password manager an effective defense against vulnerabilities like Heartbleed, or just another way to lose data to hackers? Post-Heartbleed, for anyone – or any business – not using a password manager, now is a great time to start, so you can assign a unique password to every website you use. “A password manager

Netcraft adds Heartbleed sniffer

Internet stats clearinghouse Netcraft has released a new tool aimed at letting consumers know when the sites they visit might have been compromised by the Heartbleed encryption bug.  There are lots of tools available that can scan servers to determine whether they’re affected by the Heartbleed vulnerability right now, albeit of varying effectiveness. What makes

Security by obscurity

Most security professionals deride the idea of “security by obscurity.” Is it time to re-evaluate the conventional wisdom? One of the first maxims I remember learning when I began my formal information security (InfoSec) training was, “Security by obscurity is no security at all.” If you haven’t heard this saying before, security by obscurity refers

Hacked – 35 # Michaels

In the wake of the highly publicized Target and Neiman Marcus breaches, Texas-based arts and crafts store chain Michaels has stated in January that it has been targeted by cyber crooks that were after their customers’ payment card data. The breach has now definitely been confirmed, and the impact is huge: approximately 3 million payment