×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Microsoft Word Zero-Day Used in Targeted Attacks

wiredmikey Affects more than Word 2010, Including Mac OS (1 comments)

One important piece not included in my original post, is that while the reported attacks are targeting Microsoft Word 2010, other software products affected by the vulnerability include: Microsoft Word 2003, Microsoft Word 2007, Microsoft Word 2013, Microsoft Word Viewer Microsoft Office for Mac 2011. Fortunately for Windows systems, according to the Microsoft engineers, tests showed that EMET default configuration can block the exploits seen in the wild.

about three weeks ago
top

With HTTPS Everywhere, is Firefox now the most secure mobile browser?

wiredmikey HTTPS Doesn't Make a Browser Secure (2 comments)

While HTTPS is great to have, it does nothing to actually make the Browser itself more secure, it simply protects the data traveling between a web browser and a web server. HTTPS does nothing to protect against other vulnerabilities and exploits that could affect browsers. Yes, HTTPS is good, but it's by no means a silver bullet.

about 2 months ago
top

Target has major credit card breach

wiredmikey Re:Skip the Middleman (2 comments)

Agreed, Brian Krebs who Broke the story should get the credit here and his story is better than the Tribune piece. -=M

about 4 months ago
top

Dell Bets $16M on Security Firm Invincea

wiredmikey Didn't Wasn't Only Investor (1 comments)

Just a note to clarify this -- While Dell was a lead investor in the $16 million round, it wasn't all from the pockets of Dell Ventures. The total $16m funding round was led by new investors Aeris Capital and Dell Ventures, and existing investors Grotech Ventures, Harbert Ventures, and New Atlantic Ventures participated.

about 4 months ago
top

New Adobe Reader zero day used in phishing attacks

wiredmikey Adobe Didn't "Confirm" - They Acknowledged Report (1 comments)

Adobe didn't' CONFIRM that latest versions of Reader and Acrobat where affected. While they MAY be, Adobe simply acknowledged the report of a vulnerability and that they were looking into it.

"Adobe is aware of a report of a vulnerability in Adobe Reader and Acrobat XI (11.0.1) and earlier versions being exploited in the wild. We are currently investigating this report and assessing the risk to our customers," the post from Adobe said.

about a year ago
top

Russia's New Secure Android Tablet Keeps Data From Google

wiredmikey Should be "Android-like" (1 comments)

I should have actually out "Android-like" or "Almost Android" as the story has it. It's not officially Android but a "slimmed down" version of it. The operating system has all the functional capabilities of an Android operating system but none of its hidden features that send users' private data to Google headquarters, according to the project manager.

about a year and a half ago
top

Lessons In Campus Cybersecurity

wiredmikey Higher Education Institutions Face Greater Risks (1 comments)

This is an interesting topic. As Rod Rasmussen wrote last April, student Internet use is nothing short of the Wild West. Malware, phishing, infrastructure attacks, social network targeting, and peer-to-peer (P2P) information leakage are not potential threats; they’re actual, daily issues. And here’s the scary part: when a student’s computer on a college network is compromised, it’s not just the student who pays the price—legally, so does the institution. The dangers for a university or college network can lurk everywhere from e-mail to the Internet infrastructure itself. Rod explains many of those risks:

http://www.securityweek.com/college-cyber-security-tightrope-higher-education-institutions-face-greater-risks

about a year and a half ago
top

ICS-CERT Warns of Serious Flaws In Tridium SCADA Software

wiredmikey Re:Of course, since it's SCADA... (34 comments)

It's not really SCADA, it's different. SCADA is from Siemens, this is different and the Niagara Framework is used in places beyond big facilities such as power plants and factories. The Niagra framework reaches offices buildings, hospitals, airports and more.

http://www.securityweek.com/niagara-vulnerabilities-put-office-buildings-airports-hospitals-risk

That being said, this warning was originally issued back in July with ICS-CERT not really adding anything new in this warning.

-M

about a year and a half ago
top

ICS-CERT Warns of Serious Flaws In Tridium SCADA Software

wiredmikey Same Warning Was Issued Back in July (34 comments)

This alert is actually not very new and dates back to July. ICS-CERT re-releases things all the time in order to update small things and be sre people see an update, no matter how minor. Here is the original that came out in July:

http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-195-01.pdf [us-cert.gov] -- It's pretty much identical from what I can see.

about a year and a half ago
top

ICS-CERT Warns of Serious Flaws in Tridium SCADA Software

wiredmikey Not really new (1 comments)

This alert is actually old and dates back to July. ICS-CERT re-releases things all the time in order to update small things and people see an update, no matter how minor. But mainly the updates often apply to their internal processes though. Here is the original that came out in July: http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-195-01.pdf -- It's almost identical.

about a year and a half ago
top

VISA, MasterCard Warn of 'Massive' Breach At Credit Card Processor

wiredmikey Re:Criminal (164 comments)

It's Global Payments, Inc. Will have more info on it shortly!

about 2 years ago
top

51% Of Internet Traffic Is 'Non-Human'

wiredmikey Interesting, But Likely Skewed Data (1 comments)

There is some interesting data here, and bots and malicious spiders are certainly consuming the web big time, but this study is likely skewed. The survey was done across Incapsula's customer base---which tell me that people who have signed up for their service may have a higher likeliness to be attacked or be the target of hackers. It's people who have paid attention to their site and have likely had more to deal with and are making the extra effort to add a layer of security. So that tells me that quite possibly the results would be skewed to show that these sites are attacked more then the overall average across the entire web. In other words, many of these site have had issues, and have signed up for the service as a result. That's my take. Though there are lots of bots and malicious traffic out there.

more than 2 years ago
top

Google Wasting $16 Billion on Projects Headed Nowhere

wiredmikey All Wasted or Part Innovation and R&D Expense? (2 comments)

I don't agree that this is all waste. It's part of being an innovative and creative company. While many of these projects will "fail" or not be put into any profitable use for a company, there is some value. People learn. New projects and successful profit-making projects do some from these crazy ideas. It's innovation, it's challenging engineers in ways that could help in other areas. It may be a bit of a stretch to compare it to the pharma industry, but in the same fashion, so much R&D is "Wasted " if you measure in terms of drugs that failed to launch or are unsuccessful. But is it a total waste? I don't think so. It's part of pushing a company forward, keeping the culture of innovation and challenging us to tackle all sorts of problems. I am confident that Google isn't "wasting" a full $16 billion.

more than 2 years ago
top

Hackers tear down NASDAQ

wiredmikey DDoS Isn't Hacking, Site is Up (1 comments)

First, the site is online and loading fine. Second, DDoS attacks are different from hacking attacks where one tries to obtain unauthorized access to information or a system. The site was down on Tuesday, but the situation was resolved, at least for now....

more than 2 years ago
top

Is Dropbox the next Google?

wiredmikey Not Even Close. (1 comments)

No, DropBox is not the next Google. If it is, they have a LONG way to go and have to expand in many areas and gain traction in those areas as well. While DropBox may be a useful service, it's not even close to being the next Google, or posing a threat to Google or Facebook.

more than 2 years ago

Submissions

top

Russian Officials Dump iPads for Samsung Tablets Over Spy Fears

wiredmikey wiredmikey writes  |  about three weeks ago

wiredmikey (1824622) writes "Russian government officials have swapped their iPads for Samsung tablets to ensure tighter security, the telecoms minister told news agencies on Wednesday. Journalists spotted that ministers at a cabinet meeting were no longer using Apple tablets, and minister Nikolai Nikiforov confirmed the changeover "took place not so long ago." He said the ministers' new Samsungs were "specially protected devices that can be used to work with confidential information." This isn't the first time Russian powers have had concerns over mobile. In August 2012, Russia unveiled a prototype tablet with its own "almost Android" mobile OS that has the remarkably familiar feel of an Android but with bolstered encryption. In an even more paranoid move, this past July a Russian state service in charge of safeguarding Kremlin communications was looking to purchase an array of old-fashioned typewriters to prevent leaks from computer hardware."
Link to Original Source
top

Full Disclosure List Reborn Under New Operator

wiredmikey wiredmikey writes  |  about three weeks ago

wiredmikey (1824622) writes "Less than a week after announcing that it would suspended service indefinitely due to a conflict with an unnamed security researcher and ongoing legal threats, The Full Disclosure mailing list is coming back.

Gordon Lyon (aka Fyodor), who operates several Internet security resources and other mailing lists, has created a replacement list with the blessing of John Cartwright, one of of the creators of Full Disclosure, which served as a forum for the discussion of vulnerabilities and exploitation techniques and other security topics.

Because the list is getting a fresh start and no previous subscriber information appears to be headed to Lyon, interested users will have to manually subscribe which can be done here.

"Some have argued that we no longer need a Full Disclosure list, or even that mailing lists as a concept are obsolete," Lyon said. "I disagree. Mailing lists create a much more permanent record and their decentralized nature makes them harder to censor or quietly alter in the future.""

Link to Original Source
top

Microsoft Word Zero-Day Used in Targeted Attacks

wiredmikey wiredmikey writes  |  about three weeks ago

wiredmikey (1824622) writes "Microsoft warned on Monday of a remote code execution vulnerability (CVE-2014-1761) in Microsoft Word that is being actively exploited in targeted attacks directed at Microsoft Word 2010.

If successfully exploited, an attacker could gain the same user rights as the current user, Microsoft said, noting that users whose accounts are configured to have fewer user rights on the system could be less impacted than accounts with administrative privileges.

“The vulnerability could allow remote code execution if a user opens a specially crafted RTF file using an affected version of Microsoft Word, or previews or opens a specially crafted RTF email message in Microsoft Outlook while using Microsoft Word as the email viewer,” Microsoft explained in the advisory.

Microsoft did not share any details on the attacks that leveraged the vulnerability, but did credit Drew Hintz, Shane Huntley, and Matty Pellegrino of the Google Security Team for reporting it to Microsoft."

Link to Original Source
top

Symantec Fires CEO Steve Bennett

wiredmikey wiredmikey writes  |  about a month ago

wiredmikey (1824622) writes "Symantec on Thursday announced that CEO Steve Bennett was terminated by the security company and has been replaced by Michael Brown as interim president and CEO. Bennett, who also resigned from Symantec's board of directors, took the top position at Symantec in July 2012, after former president and CEO Enrique Salem was pushed out by the Board of Directors.

In April 2013, Bennett, told attendees at its own Vision Conference, that the company was changing, and acknowledged that Symantec “lacked strategy” when it came to dealing with acquisitions. His plan was to move the company forward slowly, but consistently and make Symantec easier to do business with. That strategy, or at least the execution of it, hasn't impressed the board of directors, it seems."

Link to Original Source
top

Google Boosts Security of Gmail Infrastructure

wiredmikey wiredmikey writes  |  about a month ago

wiredmikey (1824622) writes "Google announced on Thursday that its Gmail service would use added encryption to protect against eavesdropping and keep messages secure. "Starting today, Gmail will always use an encrypted HTTPS connection when you check or send email,” Gmail security engineering lead, Nicolas Lidzborski, wrote in a blog post.

Lidzborski said that 100 percent of email messages that Gmail users send or receive are encrypted while moving internally. “This ensures that your messages are safe not only when they move between you and Gmail's servers, but also as they move between Google's data centers—something we made a top priority after last summer’s revelations,” he said.

Joseph Hall, chief technologist at the Center for Democracy and Technology, told AFP that Google's encryption "would make it very difficult" for the NSA or others to tap into email traffic directly. "I'm reluctant to say anything is NSA-proof," Hall said. "But I think what Google is trying to do is make sure they come through the front door and not the back door."

In December, Microsoft said it would “pursue a comprehensive engineering effort to strengthen the encryption of customer data” in order to protect its customers from prying eyes and increase transparency."

Link to Original Source
top

NSA's PRISM Targets Email Addresses, Not Keywords: Officials

wiredmikey wiredmikey writes  |  about a month ago

wiredmikey (1824622) writes "The US government's PRISM Internet spying program exposed by Edward Snowden targets suspect email addresses and phone numbers but does not search for keywords like terrorism, officials said Wednesday. Top lawyers of the country's intelligence apparatus including the NSA and FBI participated Wednesday in a public hearing on the controversial US data-mining operations that intercept emails and other Internet communications including on social media networks like Facebook, Google or Skype.

"We figure out what we want and we get that specifically, that's why it's targeted collection rather than bulk collection," Robert Litt, general counsel at the Office of the Director of National Intelligence, told the hearing.

Under authority of the Foreign Intelligence Surveillance Act, the NSA asks Internet service providers to hand over messages sent from or received by certain accounts such as "terrorist@google.com, the Justice Department's Brad Wiegmann said, using a hypothetical example."

Link to Original Source
top

Malware Attack Infected 25,000 Linux/UNIX Servers

wiredmikey wiredmikey writes  |  about a month ago

wiredmikey (1824622) writes "Security researchers from ESET have uncovered a widespread attack campaign that has infected more than 25,000 Linux and UNIX servers around the world.

The servers are being hijacked by a backdoor Trojan as part of a campaign the researchers are calling 'Operation Windigo.' Once infected, victimized systems are leveraged to steal credentials, redirected web traffic to malicious sites and send as much as 35 million spam messages a day. "Windigo has been gathering strength, largely unnoticed by the security community, for more than two and a half years and currently has 10,000 servers under its control," said Pierre-Marc Bureau, security intelligence program manager at ESET, in a statement.

There are many misconceptions around Linux security, and attacks are not something only Windows users need to worry about. The main threats facing Linux systems aren't zero-day vulnerabilities or malware, but things such as Trojanized applications, PHP backdoors, and malicious login attempts over SSH.

ESET recommends webmasters and system administrators check their systems to see if they are compromised, and has published a detailed report presenting the findings and instructions on how to remove the malicious code if it is present."

Link to Original Source
top

"Robot" Snowden Takes Stage at TED Promising More Spying Revelations

wiredmikey wiredmikey writes  |  about a month ago

wiredmikey (1824622) writes "Edward Snowden's face appeared on a screen as he maneuvered the wheeled android around a stage at the TED gathering, addressing an audience in Vancouver without ever leaving his secret hideaway. He promised more sensational revelations about US spying programs, saying "some of the most important reporting to be done is yet to come."

Internet creator Tim Berners-Lee briefly joined Snowden's interview with TED curator Chris Anderson, and came down in the hero camp. When Anderson posed the question to the TED audience — known for famous, innovative, and influential attendees — the idea that Snowden was a force for good met with applause. "Hero patriot or traitor; I would say I am an American citizen just like anyone else," Snowden said. "What really matters here is the kind of government we want; the kind of Internet we want.""

Link to Original Source
top

Surveys: Cybersecurity Jobs Pay $93k a Year, Pimps Earn 33k a Week

wiredmikey wiredmikey writes  |  about a month ago

wiredmikey (1824622) writes "The overall IT job market has been fairly healthy, and demand for cyber-security professionals remained high in 2013, according to a new jobs study. There were 209,749 national postings for cyber-security jobs in 2013, and the average salary for a cyber-security posting was $93,028, according to the report, which is compiled by reviewing job postings across 32,000 online sites daily. In comparison, the average salary for all IT job postings was $77,642.

Meanwhile, a study released Wednesday by the Urban Institute found that pimps can bring in tens of thousands a week. According to the report, pimps took home anywhere from $5,000 to $33,000 a week, but detailed hefty expenses like hotel rooms, advertisement, and clothing, housing food for their "girls." They typically ran relatively small operations of two to 36 people and sometimes employed drivers, bodyguards, and even nannies, according to the report."

Link to Original Source
top

Microsoft Shares Untold Story Behind Security Development Lifecycle

wiredmikey wiredmikey writes  |  about a month and a half ago

wiredmikey (1824622) writes "Microsoft launched a new web site dedicated to sharing the untold story behind its Security Development Lifecycle (SDL). The Security Development Lifecycle, a process for writing more secure software, is now mandatory within Microsoft, and was the work of early security teams and the impact of Bill Gates’ Trustworthy Computing (TwC) memo in 2002.

The dedicated site, hosted at SDLstory.com, provides never-before-seen video footage and photos from many of the SDL’s key players, and uncovers a collection of little-known anecdotes. For example, Microsoft said that in the early 2000s, the company had to bus engineers to the customer support call center to keep up with high call volumes coming in as a result of security incidents. Microsoft also said that in early February 2002 the entire Windows division shut down development and diverted all developers to focus on security."

Link to Original Source
top

Boeing Unveils Self-Destructing Smartphone

wiredmikey wiredmikey writes  |  about 1 month ago

wiredmikey (1824622) writes "Boeing is launching "Boeing Black phone", a self-destructing Android-based smartphone that the company says has no serviceable parts, and any attempted servicing or replacing of parts would destroy the product. "Any attempt to break open the casing of the device would trigger functions that would delete the data and software contained within the device and make the device inoperable," the company explained.

Boeing's website says its device was developed because there was nothing on the market to meet the needs of the US defense and security communities. "Despite the continuous innovation in commercial mobile technology, current devices are not designed from inception with the security and flexibility needed to match their evolving mission and enterprise environment," the website says.

The device should not be confused with the new encrypted Blackphone, developed by the US secure communications firm Silent Circle with Spanish manufacturer Geeksphone."

Link to Original Source
top

Apple Fixes Dangerous SSL Authentication Flaw in iOS

wiredmikey wiredmikey writes  |  about 2 months ago

wiredmikey (1824622) writes "Users of iOS devices will find themselves with a new software update to install, thanks to a certificate validation flaw in the mobile popular OS. While Apple provides very little information when disclosing security issues, the company said that an attacker with a “privileged network position could capture or modify data in sessions protected by SSL/TLS."

"While this flaw itself does not allow an attacker to compromise a vulnerable device, it is still a very serious threat to the privacy of users as it can be exploited through Man-in-the-Middle attacks" VUPEN's Chaouki Bekrar told SecurityWeek. For example, when connecting to an untrusted WiFi network, attackers could spy on user connections to websites and services that are supposed to be using encrypted communications, Bekrar said. Users should update their iOS devices to iOS 7.0.6 as soon as possible."

Link to Original Source
top

Hackers Steal User Data From Kickstarter

wiredmikey wiredmikey writes  |  about 2 months ago

wiredmikey (1824622) writes "Kickstarter, a web site that serves as a funding platform for creative projects, said on Saturday that malicious hackers gained unauthorized access to its systems and accessed user data.

Yancey Strickler, Kickstarter’s CEO, said the company was notified by law enforcement on Wednesday night that hackers gained unauthorized access to some of its customers' data. According to Strickler, customer information accessed by the attacker(s) included usernames, email addresses, mailing addresses, phone numbers, and encrypted passwords. Strickler said that no credit card data was accessed by the attackers, and that so far only two Kickstarter user accounts have seen evidence of unauthorized activity."

Link to Original Source
top

Apple Publishes Secure Coding Guide for Developers

wiredmikey wiredmikey writes  |  about 2 months ago

wiredmikey (1824622) writes "Apple has published a new secure coding guide designed to help developers of Mac OS and iOS applications build more secure programs by design. “Secure coding is important for all software; if you write any code that runs on Macintosh computers or on iOS devices, from scripts for your own use to commercial software applications, you should be familiar with the information in this document,” Apple advised in the 123-page guide.

According to a study released in Aug. 2013, just 43 percent of respondents said their organizations have a defined software development process in place. Of these, only 69 percent adhere to the defined process, while 21 percent said their organization doesn't. Ten percent were unsure.

“Security is not something that can be added to software as an afterthought; just as a shed made out of cardboard cannot be made secure by adding a padlock to the door, an insecure tool or application may require extensive redesign to secure it,” Apple said in the guide. The Secure Coding Guide from Apple is available in HTML format or as a PDF file."

Link to Original Source
top

IE Zero-Day Exploit Used in Attack Targeting Military Intelligence

wiredmikey wiredmikey writes  |  about 2 months ago

wiredmikey (1824622) writes "Security researchers from FireEye have discovered a new IE 10 Zero-Day exploit (CVE-2014-0322) being used in a watering hole attack on the US Veterans of Foreign Wars’ website. According to FireEye, attackers compromised the VFW website and added an iframe to the site’s HTML code that loads the attacker’s page in the background. When the malicious code is loaded in the browser, it runs a Flash object that orchestrates the remainder of the exploit.

Dubbed “Operation SnowMan” by FireEye, the attack targets IE 10 with Adobe Flash. According to a recently-released report from CrowdStrike, Strategic Web Compromises (SWC), where attackers infect strategic Websites as part of a watering hole attack to target a specific group of users, were a favorite attack method for groups operating out of Russia and China. FireEye believes the attackers behind the campaign, thought to be operating out of China, are associated with two previously identified campaigns: Operation DeputyDog and Operation Ephemeral Hydra. “A possible objective in the SnowMan attack is targeting military service members to steal military intelligence,” FireEye said."

Link to Original Source
top

Got Malware? The FBI Wants It

wiredmikey wiredmikey writes  |  about 2 months ago

wiredmikey (1824622) writes "The FBI has placed malware on its shopping list, and is turning to third parties to help the agency build a massive library of malicious software. According to a 'Request for a Quote' posted on the Federal Business Opportunities website, the FBI is looking for price quotes for malware for the Investigative Analysis Unit of the agency's Operational Technology Division (OTD). The unit's mission is to "Provide technical analysis of digital methods, software and data, and provide technical support to FBI investigations and intelligence operations that involve computers, networks and malicious software," according to the document.

The FBI did not say precisely how the malware will be used, but the document calls the collection of malware from law enforcement and research sources "critical to the success of the IAU's mission to obtain global awareness of malware threat.""

Link to Original Source
top

Syrian Electronic Army Takes Temporary Control Over Facebook.Com

wiredmikey wiredmikey writes  |  about 2 months ago

wiredmikey (1824622) writes "The Sryrian Electronic Army claimed that it took control over the domain Facebook.com, Wednesday evening, likely through hacking into the domain administrator account at the social network's Domain Registrar. In a Tweet Wednesday evening, the hackers wished Facebook founder Mark Zuckerberg a happy birthday, along with an extra note: "Happy Birthday Mark! Facebook.com owned by #SEA," the Tweet read.

A check of the domain WHOIS showed that details of the three domain contacts were modified to be "syrian.es.sy@gmail.com", though the domain name servers were not modified. Around 7:00PM ET, the registrant contact details were restored to "domain@fb.com", indicating that MarkMonitor and Facebook were able to react quickly before any damage was done. The hackers said that in response to being hacked, MarkMonitor took down the domain management portal, and also posted a screenshot."

Link to Original Source
top

Adobe Patches Flash Player Zero-Day Vulnerability

wiredmikey wiredmikey writes  |  about 2 months ago

wiredmikey (1824622) writes "Adobe on Tuesday released an out-of-band security update to address a critical security vulnerability in Adobe Flash Player that could allow an attacker to remotely take control of an affected system.

Adobe said that the vulnerability (CVE-2014-0497), reported to Adobe by Alexander Polyakov and Anton Ivanov of Kaspersky Lab, has an exploit that exists in the wild. Interestingly, Kaspersky Lab said earlier this week that it has been investigating a sophisticated malware that leverages high-end exploits, and includes a bootkit and rootkit, and also has versions for Mac OS and Linux. Neither Adobe nor Kaspersky Lab disclosed if the vulnerability patched today by Adobe has any connection to the cyber-espionage operation that Kaspersky Lab is calling “one of the most advanced threats at the moment”.

“Adobe is aware of reports that an exploit for this vulnerability exists in the wild, and recommends users update their product installations to the latest versions,” the company said in a security advisory. If there is any connection between CVE-2014-0497 and the operation dubbed "The Mask" by Kaspersky Lab, it will not likely be disclosed until the company shares the details of its findings at the Kaspersky Security Analyst Summit next week."

Link to Original Source
top

Vice Admiral Michael Rogers Named New NSA Chief

wiredmikey wiredmikey writes  |  about 3 months ago

wiredmikey (1824622) writes "President Barack Obama has nominated a US Navy officer, Vice Admiral Michael Rogers, to take over as head of the embattled National Security Agency, the Pentagon said Thursday. Rogers, 53, would take the helm at a fraught moment for the spy agency, which is under unprecedented pressure after leaks from ex-intelligence contractor Edward Snowden revealed the extent of its electronic spying.

If confirmed by lawmakers, Rogers would also take over as head of the military's cyber warfare command. Rogers, who trained as an intelligence cryptologist, would succeed General Keith Alexander, who has served in the top job since 2005. He currently heads the US Fleet Cyber Command, overseeing the navy's cyber warfare specialists, and over a 30-year career has worked in cryptology and eavesdropping, or "signals intelligence."

His confirmation hearings in the Senate are likely to be dominated by the ongoing debate about the NSA's espionage, and whether its sifting through Internet traffic and phone records violates privacy rights and democratic values."

Link to Original Source
top

Hackers Steal Law Enforcement Documents from Microsoft

wiredmikey wiredmikey writes  |  about 3 months ago

wiredmikey (1824622) writes "Microsoft on Friday said that attackers breached the email accounts of a “select number” of employees, and obtained access to documents associated with law enforcement inquiries. According to the company, a number of Microsoft employees were targeted with attacks aiming to compromise both email and social media accounts

“..We have learned that there was unauthorized access to certain employee email accounts, and information contained in those accounts could be disclosed,” said Adrienne Hall, General Manager at Microsoft's Trustworthy Computing Group. “It appears that documents associated with law enforcement inquiries were stolen,” Hall said.

Targeted attacks like this are not uncommon, especially for an organization like Microsoft. What’s interesting about this is that the incident was significant enough to disclose, indicating that a fair number of documents could have been exposed, or that the company fears some documents will make their way to the public if released by the attackers—which may be the case if this was a “hacktivist” attack."

Link to Original Source

Journals

wiredmikey has no journal entries.

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...