Google is stepping up their security game in a big way for the second time this year: introducing a more secure browsing method known as forward secrecy in Gmail and a number of other Web-based services, according to a post on the GoogleOnlineSecurity blog.
Calling it a form of “electronic civil disobedience,” hacktivist group Anonymous took aim at a special agent from the California Department of Justice on Friday. The group spilled 38,000 e-mails containing “computer forensics techniques, investigation protocols as well as highly embarrassing personal information,” according to a press release on Pastebin.
Gamers who use the digital distribution network Steam were warned that their account information may have been exposed to hackers following a compromise of the company’s Web page and back end databases. The incident yielded a slew of sensitive customer information, including user’s passwords and encrypted credit card numbers, Steam said.
The creators of banking trojan programs in Brazil are using sophisticated block ciphers to encrypt their malware, making detection by anti virus products more difficult.
by Dan GeerEditor’s Note: As the CISO of In-Q-Tel, the CIA-backed strategic investment firm focused on developing technologies for the intelligence community, Dan Geer gets paid to help find the answers to big questions about computer security, national security, privacy and technology. Headlines proliferate about sophisticated cyber attacks, the looming specter of cyber warfare and ongoing espionage by nations like China and Russia. That means Dan’s job gets more important with each passing day. So what’s on Dan Geer’s mind these days? We asked him what questions he was mulling and, as usual, the answers we got back were both eye-opening and provocative. Here, in Monday morning ‘shot of espresso’ format (and with as little editing as possible) is our three minute speed date with Dan’s brain.
Another Dutch certificate authority, KPN, has stopped issuing digital certificates after finding attack tools on a server in its Web infrastructures. The CA said that while it doesn’t have evidence right now that it’s CA infrastructure was compromised, it is taking the actions as a precaution.
UPDATED–A certificate authority in Malaysia has had to revoke 22 certificates it issued with weak keys and missing extensions. The problem has prompted Mozilla to revoke trust in the intermediate certificate authority from Digicert Sdn. Bhd., and Microsoft said it plans to take the same actions, as well.
The Linux Foundation has released a document outlining ways in which the UEFI secure boot specification can be used to support the installation of Linux and other open operating systems on UEFI-enabled hardware. As long as hardware vendors set up their systems in the proper way, UEFI should be no obstacle to using Linux or other alternate operating systems on forthcoming systems, they say.
Microsoft Research has proposed a mitigation for a known potential attack against verifiable electronic voting machines that could help prevent insiders from being able to alter votes after the fact. The countermeasure to the “trash attack” involves adding a cryptographic hash to the receipts that voters receive.
The EFF, through the use of its SSL Observatory, has taken a look at the data from certificate revocation lists for SSL certificates in recent months, and found that there were four separate CAs compromised in the last four months.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
