Week in review: NSA records a country’s phone calls, SSL innovations, and (IN)SECURE Magazine special issue

Here’s an overview of some of last week’s most interesting news, podcasts, reviews, videos, interviews, and articles:

US announces transition of oversight over Internet’s domain name system
As the first step, NTIA is asking the Internet Corporation for Assigned Names and Numbers (ICANN) to convene global stakeholders to develop a proposal to transition the current role played by NTIA in the coordination of the Internet’s domain name system (DNS).

What do a hacker expo and cutting-edge research have in common? Amsterdam!
Dhillon Andrew Kannabhiran is the Founder and CEO of Hack in The Box, and in this interview he introduces HITBSecConf Amsterdam and offers insight on what attendees can expect to see at the event this May.

SSL innovations
In this podcast recorded at RSA Conference 2014, Wayne Thayer, the General Manager of Security Products at GoDaddy and a member of the CA Security Council, compares and explains certificate transparency, certificate authority authorization and certificate pinning.

Mt. Gox CEO doxing was a ploy to spread Bitcoin-stealing malware
The recent hacking and defacing of the blog and Twitter account of Mt. Gox CEO Mark Karpeles, and the leaking of a 716 Mb archive file that allegedly contained trade data, database dumps, personal information about Karpeles, and an app for remotely accessing Mt. Gox data, has apparently been a clever ruse to make users download Bitcoin-stealing malware.

EU sets huge fines for firms who violate users’ privacy
MEPs inserted stronger safeguards for EU citizens’ personal data that gets transferred to non-EU countries in a major overhaul of the EU’s data protection laws voted on Wednesday.

IBM: We never shared client data with NSA
IBM is the latest tech giant to deny any involvement in NSA’s PRISM data collection program and to claim that they have not set up backdoors in their products.

Eight cyber security tips I learned from The Walking Dead
What can popular movies, TV shows, books, or video games teach us about cyber security? Maybe nothing, maybe everything.

25,000 UNIX servers hijacked by backdoor Trojan
The ESET security research team, in collaboration with CERT-Bund, the Swedish National Infrastructure for Computing and other leading agencies, has uncovered a widespread cybercriminal campaign involving a Backdoor Trojan which seized control of more than 25,000 UNIX servers worldwide.

You can now buy smartphones with preinstalled spyware
MTechnology LTD has released four popular smartphone models preloaded with its well-received mSpy monitoring software.

(IN)SECURE Magazine special issue released
(IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics. Featured in this magazine are the most important news and companies from RSA Conference 2014.

Gang wielding ColdFusion exploits expands botnet of hacked e-commerce sites
A German website of French automaker Citro?«n is the latest of the wide array of higher-profile webshop sites that have been compromised by a hacker gang leveraging Adobe ColdFusion vulnerabilities.

Fake Malaysia Airlines Flight 370 video hides a backdoor
As the search for the missing Malaysia Airlines Flight 370 nears the end of the second week, cyber crooks are diversifying the attacks against users curious to know what really happened.

Tor warns of malicious Tor browser offered on the App Store
A public plea made on Twitter by Runa A. Sandvik, a (former?) developer with The Tor Project has turned the spotlight on a still unresolved issue of an apparently fake Tor Browser app equipped with spyware being offered for download on Apple’s App Store.

Thinking with Data: How to Turn Information into Insights
With the advent of computer systems and the Internet, data has become plentiful and easily accessible. The problem now is to separate the wheat from the chaff, and discover what of it is useful. This book explains how.

Edward Snowden: Here’s how we take back the Internet
Appearing by telepresence robot, Edward Snowden speaks at TED2014 about surveillance and Internet freedom.

NSA records a country’s phone calls, keeps the records for a month
By leveraging a surveillance system dubbed MYSTIC, the US National Security Agency has been recording all phone calls made in a foreign country for a period of 30 days, newly revealed documents from Edward Snowden’s trove show.

Full Disclosure mailing list closure elicits mixed reactions
The Full Disclosure mailing list has long been the perfect place for security researchers to disclose and discuss newly found vulnerabilities. But John Cartwright, one of its creators, has pulled the plug on the list on Wednesday.

Over 31,000 IoT devices and computers infected by cryptocoin-mining worm
A new version of the Darlloz Linux worm, which targets Internet-enabled devices such as home routers and security cameras, computers running Intel x86 architectures as well as some architectures that are usually found on routers and set-top boxes, has been analyzed by Symantec researchers.

US tech firms knew about and assisted with PRISM data collection
In a testimony before the Privacy and Civil Liberties Oversight Board, the NSA general council Rajesh De and his colleague stated on Wednesday that the tech companies that denied giving access to user data via the PRISM program were, in fact, lying.

Product pitch: DigiCert Certificate Inspector
In this product pitch recorded at RSA Conference 2014, Jason Sabin, VP of Research & Development at DigiCert, introduces Certificate Inspector, which scans the user’s network detecting all certificates in use, their configuration and implementation, and then displays the results in an intuitive and interactive dashboard.

Whitepaper: The new prescription for privacy
This whitepaper looks at the challenges and requirements of protecting confidential patient data online, the risk of security breaches in the world of EHR, and the measures that healthcare organizations must take in order to achieve and maintain compliance.

Microsoft accessed Hotmail account to uncover internal leaker
This week’s charging of a former Microsoft employee for stealing the company’s trade secrets could have passed almost unnoticed were it not for an important detail revealed in the court filing: in order to discover his identity, Microsoft has resorted to rifling through another person’s private Hotmail account.

Mobile data leakage
In this podcast recorded at RSA Conference 2014, Mike Raggo, Security Evangelist at MobileIron, discusses mobile data leakage, and provides tips on how to secure email, public and in-house apps, illustrates data exposure, and much more.

NSA targets sys admins to breach computer networks
A newly analyzed document from Edward Snowden’s trove show that the NSA collects personal and account information on system administrators and uses it to compromise their computers in order to access the networks they manage.




Share this