Last month Adrian Lamo, a man once hunted by the FBI, did something
contrary to his nature. He picked up a payphone outside a Northern
California supermarket and called the cops. Read the full article. [Wired]
Physicists have mounted the first successful attack of its kind on a
commercial quantum cryptography system. Read the full article. [Technology Review]
Scientists have devised a chip design to ensure microprocessors haven’t
been surreptitiously equipped with malicious backdoors that could be
used to siphon sensitive information or receive instructions from
adversaries. Read the full article. [The Register]
Computer scientists at the University of Hertfordshire have found a way
to share information online securely for a fraction of the cost of
existing systems. Researchers working in collaboration with the
University of Aston, have been awarded a UK patent for a fibre optics
system which uses a ‘beacon’ to enable cryptic communication between two
users online. Read the full article. [Science Daily]
IT professionals are fearful that sensitive data will fall into the
wrong hands if cloud-based services are used by their organizations, but
many acknowledge that the risks are being ignored by some employees who
may already be using cloud computing, according to a new survey. Read the full article. [TechTarget]
Visa is warning financial institutions that it has
received reliable intelligence that an organized criminal group plans to
attempt to move large amounts of fraudulent payments through a merchant
account. Read the full article. [KrebsonSecurity]
Dennis Fisher talks with analyst Rich Mogull of Securosis about his new report on database encryption, the value and danger of storing credit-card data and why more companies don’t get rid of sensitive data more quickly.
Yesterday (Wednesday) the last of the 13 authoritative root servers for the domain name system switched over to
the DNS Security Extensions (DNSSEC) security protocol. DNSSEC is
intended to prevent DNS exploits such as cache poisoning. All 13 root
servers are now serving a signed version of the root zone. However, it
is not possible to validate these signatures at present as the public
key remains undisclosed. Read the full article. [The H Security]
A 605-page NSA document from 2004 reads like a listing of the pros and cons for a
huge array of defensive and counterintelligence approaches and
technologies that an entity might adopt in defending its networks. There is a key section on deception technologies that discusses the use of honeynet technology to learn more about
attackers’ methods, as well as the potential legal and privacy aspects
of using honeynets. Read the full article. [KrebsonSecurity]
Google has restored its “personalized” search suggestions after purging the tool of a critical vulnerability that allowed attackers to steal a user’s web history. Read the full article. [The Register]
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
