Government

The United States Senate says it will prioritize the passage of a comprehensive cybersecurity bill designed to fortify the nation’s public and private IT systems in this session of Congress.

Google received more than 8,000 requests for user data from the U.S. government in the second half of 2012, and nearly all of them were the result of a subpoena or search warrant. The number of those requests that the company complied with by producing some or all of the data in question is still relatively high, at 88 percent, but declined slightly from the first half of last year.

The Java saga continued when unknown, and apparently well concealed goons exploited recent Java and Internet Explorer zero-days to compromise the website of the French-based, free-press advocacy group, Reporters Without Borders. The attack, which attempted to take advantage of the time-gulf that separates Oracle’s patch release from their users’ application of it, is part of a watering hole campaign also targeting Tibetan and Uygur human rights groups as well as Hong Kong and Taiwanese political parties and other non-governmental organizations.

The networks of government agencies and the military are under constant attack from a variety of sources, and the U.S., like most other countries, relies on those networks to not just run daily operations, but to support missions around the world. In the face of those attacks, the Department of Defense’s advanced research group, DARPA, is looking for new technologies that can collect and analyze massive amounts of network data and enable security teams to get quick reads on attacks happening across a broad, department-level network.

A Canadian college student was expelled after reporting a vulnerability in the school’s Web site that potentially exposed private data on more than 250,000 students.The high-achieving computer science major, Hamed Al-Khabaz and another student, Ovidiu Mija, in November were developing a mobile app using Omnivox Web portal software when they discovered “sloppy coding” that could lead to a major data breach. Ominvox is used at hundreds of Canadian campuses, including theirs at Montreal’s Dawson College.

Every time a story emerges up about malware popping up on an industrial control system or someone remotely hacking into some piece of critical infrastructure, there is a reliable and justifiable chorus of experts wagging their fingers and asking, “Why in the world was that system connected to the Internet in the first place?” At this point, pretty much everyone agrees that sensitive control systems should be air-gapped, or completely disconnected from the Internet. In this way, physical, human interaction should be the only way to access such systems, which is a considerable problem for those in the business of conducting cyberwarfare.

For five years, it hid in the weeds of networks used by Eastern European diplomats, government employees and scientific research organizations, stealing data and infecting more machines in an espionage campaign rivaling Flame and others of its ilk. The campaign, called Rocra or Red October by researchers at Kaspersky Lab, focused not only on workstations, but mobile devices and networking gear to gain a foothold inside strategic organizations. Once inside, attackers pivoted internally and stole everything from files on desktops, smartphones and FTP servers, to email databases using exploits developed in China and Russian malware, Kaspersky researchers said.