They say that your worst fears and your fondest dreams are rarely realized. That may well be true in most walks of life, but in the information security world, 2013 was the year that our worst fears were not only confirmed, but so were some things that few but the most paranoid among us thought possible.
A pair of academic researchers decided to have a look at whether the NSA–and by extension, the American people–is getting anything worthwhile for the untold millions spent on the metadata program.
A group of hundreds of academics from countries around the world have started a petition that demands Western governments, such as those in the United States and UK, stop the mass surveillance programs they have in place and “effectively protect everyone’s fundamental rights and freedoms”.
Dennis Fisher and Mike Mimoso talk about the year that was in the security industry, including the last six months of NSA drama, the Microsoft bug bounty program, exploit sales and attacks against major banks.
The Federal Election Commission (FEC) is highly vulnerable to intrusions and data breaches after an audit discovered “significant deficiencies” in the FEC’s IT security program.
Rather than trying to rank the NSA revelations on any sort of scale, we’ve put together an admittedly simplified list of some of the more interesting NSA-related stories to emerge in 2013.
A new set of malware campaigns targeted at Syrian activists, journalists and NGOs has emerged, and security researchers say that the attackers are employing a variety of tactics, including a new OS X Trojan that could be part of a “false flag” operation. The details of the new round of attacks on government opposition groups […]
One of the key tenets of the argument that the National Security Agency and some lawmakers have constructed to justify the agency’s collection of phone metadata is that the information it’s collecting, such as phone numbers and length of call, can’t be tied to the callers’ names. However, some quick investigation by some researchers at Stanford University who have been collecting information voluntarily from Android users found that they could correlate numbers to names with very little effort.
The report that the NSA paid RSA Security $10 million in 2004 to implement a compromised random-number generator as the default in one of its key products–has shaken the security community and sent shockwaves through the industry that may be felt for years to come.
The volume of government requests to Google for user data is continuing to increase, something that should come as no surprise in the current climate. In its latest transparency report, the company said that it received more than 25,000 requests for user data in the first six months of 2013, an increase of about 18 percent.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
