A highly sophisticated “hacker for hire” group operating out of China has surfaced. Not quite a crouching tiger or a hidden dragon, but somewhere in between, the “Hidden Lynx” hacking group is a team of professionals with a strong capacity and proven a…
Digital Advertising Alliance Leaves the Do Not Track Working Group
The W3C working party tasked with defining the mechanisms that will underpin Do Not Track processes is now in serious danger of collapse following the third major defection in as many months.
Surveillance Court: NSA’s Data Collection Does Not Violate Fourth Amendment
The Foreign Intelligence Surveillance Court yesterday published an opinion, written on August 29 by Judge Claire Eagen, explaining the legal reasoning behind its order authorizing the NSA to collect data on all US telephone calls.
The Stealthy Hardware Trojan that Can Affect Intel Ivy Bridge Processors
A team from universities in the US, Netherlands, Switzerland and Germany have published research demonstrating that subtle changes below the gate level of chips can alter functionality in a controlled but covert manner.
Mobile Pwn2Own to Pay $300K for iPhone and Android Zero-day Exploits
Itching to jailbreak Apple’s iOS 7? Ready to root a Samsung KNOX phone? Frothing at the mouth to show vulnerabilities in the iPhone 5S fingerprint reader? And get paid for it? Well if so, you’re in luck: HP’s Zero Day Initiative (ZDI) has announced the…
Solving the TPM Uptake Challenge
Trusted platform modules (TPM) have been around for more than 10 years, but adoption of them by users has been slow going. Led by Infosecurity magazine’s Drew Amorosi, a panel of industry experts came together at the Trusted Computing Conference in Orl…
OSINT: You Don’t Need to Work for the NSA or GCHQ to Spy on People
While the world has been hearing about the surveillance techniques of the spy agencies in the US and UK, the capabilities available to anyone through Open Source Intelligence (OSINT) products have been quietly expanding.
Symantec to Revoke SSL Certificates Starting Oct. 1
The deadline for abandoning SSL certificates with less than 2048-bit keys is approaching, and as of Dec. 31 of this year will be revoked. At least one vendor is setting an earlier deadline: for Symantec, it’s Oct. 1.
Belgacom Hacked; NSA Involvement Suspected
Coinciding with a report in De Standaard, Belgian telecoms firm Belgacom issued a statement yesterday saying it had successfully cleansed its internal network of “an unknown virus in a number of units in our internal IT-system.”
(ISC)² Dishes Out Latest Scholarships to Combat IT Security Workforce Lag
The (ISC)² Foundation has announced the recipients of its 2013 information security scholarships.