In case you’ve somehow missed all the hoopla, the Internet has been in various states of uproar over PRISM and the allegations that several major companies give the government unrestricted access to their servers. Apple, Google, and others have been vocal about such statements, saying they are not true, but that has not stymied the
The Obama administration and NSA have been under extreme public fire lately after a report by The Washington Post revealed a project called PRISM, which snowballed into a variety of other leaks and such that revealed what we already knew: the government is spying on Internet users. In retaliation, an Internet trolling operation has been
Yesterday, it was revealed that a secret court order initiated by the FBI strong-armed Verizon into handing over detailed phone records of millions of US consumers to the NSA. Such an action made it obvious that other activities of a similar nature are likely taking place, something confirmed today by The Washington Post, which says
According to The Guardian, the National Security Agency is presently mining millions of records from Verizon, which it slapped with a court order back in April. The order was sent in its entirety to the media company by an unspecified source, and details that such records are being handed over to the government without consumer
Apple introduced two-factor authentication (or two-step verification if you’d like to call it that) with iCloud back in March, adding an extra layer of security to its cloud backup system. However, security researchers say that iCloud is still vulnerable to a break-in if your password is stolen.
ElcomSoft, a company that specializes in password-cracking software, says that there are security holes in Apple’s two-factor authentication process, saying that “Apple’s implementation does not apply to iCloud backups, allowing anyone and everyone knowing the user’s Apple ID and password to download and access information stored in the iCloud.” When you log in to your iCloud account, you’ll have “full information to everything stored there without being requested any additional logon information.”
The company says that they were able to download an iCloud backup using login details without ever using two-factor authentication, and the physical iOS device that the backup came from wasn’t needed for credential purposes. Of course, this doesn’t mean your iCloud data is out in the open. As long as your password is secure, no one can access your iCloud backup.
ElcomSoft also mentions another security issue, which is the fact that Apple sends verification codes directly to an iOS device’s lockscreen. This means that the verification code is exposed to whoever can turn on the display and look at the lockscreen, meaning that you don’t need to unlock an iOS device in order to see the code. ElcomSoft says that the code should obviously not be displayed on the lockscreen, but rather require users to unlock the device first in order to see it.
However, two-factor authentication does prevents hackers from resetting a user’s Apple ID password, but it doesn’t keep hackers from copying or deleting files that are stored in iCloud. ElcomSoft thinks that Apple’s two-factor authentication “does not look like a finished product,” and “it’s just not as secure as one would expect this solution to be.”
VIA: Ars Technica
SOURCE: ElcomSoft
iCloud not protected by Apple’s two-factor authentication, say researchers is written by Craig Lloyd & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.
Twitter CEO Dick Costolo spoke at the D11 conference today and discussed a wide range of topics involving the social media serivce, including Twitter’s new two-factor authentication that they just recently started rolling out. Twitter was one of the few big services to play catch-up with the security feature, and Costolo knows it.
Costolo says that the company takes security issues “super seriously,” and he notes that Twitter has a “responsibility to helping these organizations that people view as authorities.” Of course, he’s referring to the recent hackings of high-profile Twitter accounts, like the AP, which a bogus tweet was sent out onto their feed.
Costolo says that security is “going to be an ongoing challenge,” saying that Twitter has “a bunch of security people working diligently on it.” He also admitted that the company hasn’t “moved quickly enough there,” pointing to the goal that he wants to improve Twitter’s security team and prevent further hacks in the future.
Costolo admitted that Twitter was extremely late to the game when it came to rolling out two-factor authentication for the social media service, but he says that he wants to do more about Twitter’s security. He didn’t say what things that he wanted to get done nor what the expect from the company in the future, but we can guess that Twitter will soon become more secure as time goes on.
Accounts getting hacked certainly isn’t anything new, and it happens on all popular social media services, but Twitter has seen an alarming number of account hijacks recently, with popular brands getting hacked, as well as authoritative news outlets, including BBC and CBS. Jeep, Burger King, and Fisker also had their Twitter accounts hacked recently.
SOURCE: AllThingsD
Twitter CEO on security: “we haven’t moved quickly enough” is written by Craig Lloyd & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.
It seems you can’t go a day without hearing a new report about hackers, whether they’re of the annoying Twitter-hijacking variety or the more troublesome DDoSing type. Some, however, are more insidious, including the Iranian hackers who are actively attacking the United States’ energy industry. Now a leaked government document shows that Chinese hackers have accessed designs for some of the nation’s most advanced weapons.
The information is said to come from a report that was made for the Pentagon detailing a breach of data in which Chinese hackers gained access to the blueprints of advanced US weapons systems. According to The Washington Post, in excess of two dozen “major” systems were compromised, including ones said to be essential to the nation’s defense against missiles.
The report was created by the Defense Science Board, which is comprised of a combination of civilian and government experts. Such experts say that the Chinese government getting its hands on such sensitive data as weapons designs could have two-fold ramifications: on one side of the scale, it could fuel China’s development of such weapons, and on the other side it could weaken the US’ advantage that results from having these systems.
According to officials who are said to have knowledge of the situation, most of these breaches are parts of China’s overall cyberattacks that have been hitting companies – particularly of the media variety – for some time now. The attacks are said to be against both the US government’s various agencies, as well as its defense contractors.
While specific information on what the hackers acquired isn’t available, it is said that the missile system PAC-3, ballistic missile system Terminal High ALtitude Area Defense/THAAD, and ballistic missile defense Aegis of the US Navy were all compromised. Likewise, the F/A-18, Black Hawk heli, V-22 Osprey, and Littoral Combat Ship all had designs compromised.
SOURCE: The Washington Post
Chinese hackers steal US advanced weapons blueprints according to report is written by Brittany Hillen & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.
The Internet-using public is no stranger to off-the-wall plans and ideas to stop the so-called blight of copyrighted content sharing, but a new proposal recently submitted to the government is perhaps unlike any before it in terms of craziness. In a report, the Commission on the Theft of American Intellectual Property proposed many ways piracy can be combated, including infecting alleged violators’ computers with malware that can wreck havoc, including and up to destroying the user’s computer.
In the proposal, which spans 84-pages, the Commission stated that software can be pre-installed on computers for the purpose of monitoring and identifying copyright-violating activity, which is comprised of storing, using, or copying such content. If the software detects copyright-violating activities of any of those sorts, it would cause the computer or its files to being locked.
Once the files and/or computer was locked, it would show up with a dialog that requires a password in order to unlock the system, as well as instructions telling the computer user to contact a law enforcement agency, which will have the password necessary to unlock the computer. The obvious part of this being, one will theoretically end up confessing to piracy.
The proposal states that such a method of combating piracy wouldn’t violate any laws, but would “stabilize” an infringement situation and get police involved. While that method is allegedly legal, the next one – which is arguably crazier than the first – is not: deliberately infecting computers with malware designed to do several things, including snapping a picture of the computer user with their webcam without their permission.
The malware would allow companies to gather data off a computer, change data located on the network, and destroy it if it feels such an action is necessary – all without permission, obviously. There’s also suggestions that it could be used to do other things as well, including up to destroying the user’s computer and/or network. We’ll have to wait for the official response on this, but we’re guessing it’ll be something akin to throwing the report against the wall.
SOURCE: The Next Web
Proposal seeks to lock copyright infringing computers, force owners to contact police is written by Brittany Hillen & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.
Unnamed United Stated officials, both current and former, spoke with the folks at the Wall Street Journal, revealing that hackers backed by the Iranian government have ramped up cyberattacks against the US, specifically zeroing in on the control systems that manage the energy industry. Unlike the Chinese hackers who have infiltrated various US companies, the intent behind the Iranian hackers appears to be sabotage.
The United States is no stranger to cyberattacks from Iran, which has been carrying on DDoS attacks against various bank websites for some time now. The difference with the latest attack from the nation is the potential for damage it provided, as well as showing a different area of intent behind the hackers’ motives, one that points toward wrecking havoc and causing disruption.
Reportedly, this newest attack by the hackers, according to a former US official, provided them with access to the control system for various gas and oil pipelines. Such a breach went “far enough to worry people.” That’s not all, however, with it also being reported that the hackers are using surveillance to access data, having accessed information on how to destroy or otherwise harm the systems controlling company operations.
It was suggested by one official that Iran could end up provoking a response from the United States if it does not back off its cyberattacking efforts: “This is representative of stepped-up cyber activity by the Iranian regime. The more they do this, the more our concerns grow. What they have done so far has certainly been noticed, and they should be cautious.”
Which oil, gas, and electric companies are being targeted was not specified, with the officials only saying that some of them lie along the US and Canadian border. Likewise, the proof that Iran is behind the attacks wasn’t specified either, with the officials merely saying that there is “technical evidence.” Not surprisingly, Iran denies having engaged in any such activities, but did point out that it has suffered these kind of attacks from the US.
SOURCE: Wall Street Journal
Image via Energy.gov
US energy industry under cyberattack by Iranian hackers is written by Brittany Hillen & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.
As tipped late last month, Twitter has begun rolling out two-factor authentication. This will allow users to require both a password and a verification code that gets sent to them via SMS on their mobile phone. The feature is disabled by default, so you’ll need to go into your account settings in order to enable it.
All you do once you’re in Account Settings on Twitter is checkmark “Require a verification code when I sign in,” and then click on “add a phone.” From there, you’ll enter in your mobile phone number. Once that’s done, you’ll always be sent a six-digit code that you’ll use to sign in each time to Twitter. This is to prevent other people from logging into your account, even if they know your password.
Any existing applications that you have connected to Twitter will continue to work after you’ve enabled two-factor authentication, and you shouldn’t have to allow access to them again. If you want to sign into Twitter on multiple devices or sign into Twitter in third-party apps, you can generate a temporary password to log in and authorize such devices and apps.
Twitter finally joins the ranks of other online services using two-factor authentication, including Facebook, Google, Yahoo, and Dropbox. If you haven’t yet enabled two-factor authentication for these services, you should probably go ahead and do yourself a big favor by enabling it for that services that you use. You’ll most likely thank yourself later.
SOURCE: Twitter Blog
Twitter two-factor authentication rolling out now is written by Craig Lloyd & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.
This is site is run by Sascha Endlicher, M.A., during ungodly late night hours. Wanna know more about him? Connect via Social Media by jumping to about.me/sascha.endlicher.
