More than three months after Edward Snowden revealed details of NSA secret surveillance activities, intelligence officials are still assessing the fallout from the former contractor's disclosures. But they already know how the leaks happened.
Raising troubling questions about the reliability of government-mandated cryptography certifications used around the world, scientists have unearthed flaws in Taiwan's secure digital ID system that allow attackers to impersonate some citizens who rely on it to pay taxes, register cars, and file immigration papers.
The Foreign Intelligence Surveillance Court has published an opinion, written on August 29, 2013, by Judge Claire Eagen, explaining the legal reasoning behind its order authorizing the NSA to collect data on all US telephone calls.
A pedophile who posed as Justin Bieber on the internet to target and blackmail young girls all over the world has been jailed in a case described as one of the worst the courts have ever seen. The "sadistic exploitation" conducted by Robert Hunter, of Middlesbrough, UK, was so extensive that an international operation through Interpol was sparked.
While the National Institute of Standards and Technology reopens public review of several of its cryptographic standards, it is “strongly” advising against using one of the standards for elliptic curve cryptography — a standard that cryptographers have long suspected contained a back door, whether it was put there intentionally or not.
Computer security experts have discovered a group of highly sophisticated computer hackers operating for hire, a U.S. computer security firm says, and it linked the group to some of the best-known cyber-espionage attacks out of China in recent years.
The discovery of a vulnerability in popular open source web application framework Django has recently demonstrated that using a long password is not always the best thing to do. Django uses the PBKDF2 algorithm to hash user passwords, making it extremely difficult for brute-force attacks to be executed successfully. Unfortunately, this complexity can also be used as an attack vector.
Brazil plans to divorce itself from the U.S.-centric Internet over Washington's widespread online spying, a move that many experts fear will be a potentially dangerous first step toward politically fracturing a global network built with minimal interference by governments.
The term “bank heist” may conjure up an Ocean's 11-style strike involving laser alarms and perhaps even a contortionist or two, but the everyday reality is much more mundane. Take, for instance, the alleged plot by 12 men to steal millions from a branch of European bank Santander remotely, using a cheap and readily available keyboard video mouse device.
Belgium says it was investigating suspected foreign state espionage against its main telecoms company, which is the top carrier of voice traffic in Africa and the Middle East, and a newspaper pointed the finger at the United States. Federal prosecutors said in a statement that the former state telecoms monopoly Belgacom had filed a complaint in July about the hacking of several servers and computers.
Recent leaks about the NSA's Internet spy programs have sparked renewed interest in government surveillance, though the leaks touch largely on a single form of such surveillance — the covert one. But so-called "open source intelligence" (OSINT) is also big business — and not just at the national/international level.
Utica College has announced formation of its new Northeast Cyber Forensics Center (NCFC), a laboratory that provides criminal forensic investigation of digital evidence for local, state and federal law enforcement agencies, as well as other private and public sector entities.
Denial-of-service attacks have long been considered the blunt wooden club of online hazards, a multi-gigabit stream of shock and awe. Yet, increasingly the noisy attacks are being used to hide more subtle infiltrations of a target's network.
A Wisconsin trucker who joined a cyber attack on Koch Industries has admitted his role in the onslaught organized by the computer hacking group known as "Anonymous" that took the Wichita-based company's website offline for about 15 minutes in February 2011. Eric Rosol, 37, of Black Creek, Wis., pleaded guilty to one misdemeanor count of accessing a protected computer in a deal with prosecutors for reduced charges.
Standing accused of NSA interference in its processes, and backdoors in its algorithms, NIST now says our crypto standards and processes are sound — but don't use the elliptic curve algorithm. NIST has not admitted to a backdoor in the algorithm, and its warning against use of the algorithm makes no mention of the NSA.