The cost of cybercrime is frequently used to justify the cost of security products and the implementation of new – and invariably more stringent – cyber laws. But what if those figures are wrong? Could it mean that industry, and government, gets its en…
Poison Ivy Dissected: Commodity Tool or APT Weapon?
The contradiction behind a remote access trojan (RAT) such as Poison Ivy is that while it is easy to use and widely used, it can also indicate a sophisticated – or APT-style – attack designed to exfiltrate specific data from major organizations.
NIST Updates Patching and Malware Avoidance Guides
The US National Institute of Standards and Technology (NIST) has updated two of its computer security guides to help system managers protect their systems from hackers and malware.
Microsoft Warns of Permanent Zero-Day Exploits for Windows XP
When Microsoft announced that it would discontinue support for Windows XP starting on April 8, 2014, many companies began the long process of transitioning to modern operating systems like Windows 7 or Windows 8. But there are others that won’t – and t…
Android Bitcoin Wallet Issue Points Out Critical Need for Mobile App Management
The previously disclosed flaw in Android’s Bitcoin wallet has now been quantified in terms of its scope: the vulnerability has left over 360,000 applications up for attack, subsequently compromising the data of thousands of users, as well as their cybe…
The Detention of David Miranda Raises Serious Issues
Over the weekend David Miranda, partner of Glen Greenwald – the Guardian journalist who published the first of a series of reports detailing United States and British mass surveillance programs, based on documents obtained by Edward Snowden – was deta…
Google Responds to British Lawsuit: UK Privacy Laws Don’t Apply
There have been two new developments in the British lawsuit against Google for allegedly overriding Safari privacy settings to track users’ internet habits: firstly the High Court granted permission to serve on Google Inc, putting the papers into the p…
Are Encryption Keys Protected by the Fifth Amendment?
A man was arrested in Wisconsin this week as the latest move in a long-running battle by the authorities to force him to hand over decryption keys for hard drives believed to contain child pornography.
Washington Post (& CNN, & Time, but not NYT) Hacked by Syrian Electronic Army
The Washington Post yesterday issued a brief statement confirming that it had indeed been breached by SEA. At around the same time, the New York Times claimed that a brief outage on Wednesday had been caused by maintenance rather than hacking.
Error 451 – Unavailable for Legal Reasons
The Open Rights Group has launched a campaign for the adoption of a new HTTP 400 range status code: Error 451, designed to indicate that access to a page or website is unavailable by court order.