Large Attacks Hide More Subtle Threats In DDoS Data
An interesting article from Dark Reading in there Security Monitoring section :
The massive avalanche of data in March that crashed down on Spamhaus, the maintainer of a number of spam blacklists, made headlines as the largest distributed denial-of-service (DDoS) attack witnessed to date.
Along with the ongoing campaign against financial institutions by a group of attackers calling themselves the Cyber Fighters of Izz ad-din Al Qassam, the attacks drove the bandwidth of the average DDoS to nearly 50 Gbps during the first quarter of 2013, a sevenfold increase over the past three months of 2012, according to a quarterly report by DDoS mitigation firm Prolexic.
Yet those large attacks are not the most significant denial-of-service (DoS) threat for most companies, according to DDoS mitigation experts.
“The big gigabit, the big DNS reflection attacks — those get all the press, but the ones that are devastating are the ones that knock the application down,” says Vann Abernethy, senior product manager for NSFOCUS, a Beijing-based DDoS-mitigation and network-security firm.
To read more click here:
Apple iPhone Decryption Backlog Stymies Police
A posting from InfromationWeek in there Security section: pple is overwhelmed by requests from law enforcement agencies to decrypt seized iPhones, and its waiting list is so long that it may take months before new requests get handled.
That revelation, first reported by CNET, was gleaned from a search warrant affidavit for a seized iPhone last summer by a federal agent who was investigating a Kentucky man on crack cocaine distribution charges.
The Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF) agent, Rob Maynard, said in court documents that he’d “attempted to locate a local, state or federal law enforcement agency with the forensic capabilities to unlock” an iPhone 4S seized during the investigation, but every contacted law enforcement agency said that it “did not have the forensic capability.” Apple, meanwhile, told him that the wait time for recovering data from an iPhone — which the technology firm copied to a USB key then provided to investigators — was approximately seven weeks, though Maynard ultimately had to wait about four months.
To read more click here:
Google security: You (still) are the weakest link
A posting from Cnet News in there Security and Privacy section:
AN FRANCISCO–Two of Google’s top Chrome and Google Apps security experts confessed that the problem of passwords will continue to plague the people who use them and computer security for the foreseeable future.
On the second day of the company’s I/O conference here on Thursday, Eran Feigenbaum, the director of security for Google Apps, suggested that people follow three recommendations to stay safer online.
“You should turn on two-step verification, make sure [the browser] is up to date, and make sure your password recovery options are set,” the six-year veteran of Google said.His colleague, Parisa Tabriz, the head of Chrome security whose official title is “Security Princess,” offered two more. “In Chrome you can set up multiple profiles, and you can use Incognito,” she said, to avoid the technique of switching browsers while keeping profile information separate.
To read more click here:
FT hacked. Syrian Electronic Army hijacks Financial Times blogs and Twitter accounts
A posting from Naked Security:
The Syrian Electronic Army has struck again – this time adding the scalp of the prestigious Financial Times to its collection of hijacked accounts belonging to well-known media organisations.
Hackers from the Syrian Electronic Army appear to have stolen the usernames and passwords of FT staff with access to the newspaper’s social media accounts, and posted unauthorised blog entries and tweets earlier today.
In recent weeks Syrian Electronic Army hackers have successfully broken into online accounts belonging to the likes of The Guardian, the BBC, NPR, and CBS with apparent ease, prompting Twitter take the unusual step of reaching out to news and media organisations to warn them about the current attacks, and offer advice on defensive measures.
The problem is compounded by Twitter’s current system of insisting that every Twitter account only has one username/password connected with it.
This is unlike the way Facebook pages work where individual users can be assigned different rights for managing and administering their firm’s online presence. Combined with two factor authentication (known as Login Approvals on Facebook) this provides a higher level of security, and greater granularity about what users can do.
To read more click here:
CISPA cybersecurity bill backers hope second time’s a charm
An interesting article from NBC News in there Technology section:
WASHINGTON (Reuters) – Six months after a U.S. cybersecurity bill died in the Senate, some Obama administration officials and lawmakers are optimistic they can get a new law passed amid heightened public awareness of hacking attacks and cyber espionage.
With top intelligence officials warning that cyber attacks have replaced terrorism as the leading threat against the United States, the White House and lawmakers have spent months discussing how to improve the flow of information between the government and the private sector.
A second go-around for the Cyber Intelligence Sharing and Protection Act (CISPA) was approved by the Republican-controlled House of Representatives in a bipartisan vote on April 18, though the White House has again threatened to veto the bill unless more protections for privacy and civil liberties are added.
To read more click here:
