Commission Finds U.S. Is Unprepared for Major Cyberattacks

The Cyberspace Solarium Commission released a report based on a months-long study that showed the U.S. government’s lack of ability to block cyber threats. The Commission lists 75 recommendations for major structural changes, including the creation of Congressional committees dedicated to cybersecurity and a White House-based national cybersecurity director to be confirmed by the Senate. The report is blunt in its assessment that the U.S. government’s current approach to cyberattacks is “fundamentally flawed.” Continue reading Commission Finds U.S. Is Unprepared for Major Cyberattacks

NSA Discovers Windows Vulnerability — and Tells Microsoft

The National Security Agency (NSA) discovered a vulnerability in versions of Windows and, instead of retaining it, reported it to Microsoft, which is now patching the flaw in its handling of certificate and cryptographic messaging functions. The vulnerability could have enabled attackers to use malicious code that would pretend to be legitimate software. Microsoft also warned all current users of Windows 7 Home Basic, Home Premium, Professional or Ultimate to upgrade immediately. Continue reading NSA Discovers Windows Vulnerability — and Tells Microsoft

Cyber Threat Alliance’s Early Sharing Aims to Stop Hackers

The nonprofit Cyber Threat Alliance (CTA) has organized its members, which includes some big tech companies such as Cisco, McAfee, Palo Alto Networks and Symantec, to share knowledge about software bugs and hacking threats, to alert their customers and limit the damage. To do so, the companies have decided to put cybersecurity ahead of the competition. Dubbed “early sharing,” the strategy goes into action as government-linked groups in China, Iran, North Korea and Russia run devastating hacking campaigns. Continue reading Cyber Threat Alliance’s Early Sharing Aims to Stop Hackers

Facebook Offers More Hack Details, Exposes Web Scraping

Facebook downgraded the number of users hacked two weeks ago to 30 million, revealing that the personal information stolen was more substantial for 14 million of the those hacked, including gender, religion, telephone number, email addresses and computing devices used to connect to Facebook. Hackers also captured the last 15 people or things the user had searched for on Facebook and the last 10 physical locations he had checked into. Another 15 million profiles were scraped for names and contact information. Continue reading Facebook Offers More Hack Details, Exposes Web Scraping

New Uber CEO Faces the Impact of Undisclosed Data Breach

Uber Technologies acknowledged that one year ago it paid hackers $100,000 to hide a data breach that impacted 47 million accounts. The company fired then-chief security officer Joe Sullivan and deputy Craig Clark for both the breach itself and concealing it. The hackers got the names, emails and phone numbers of millions of riders as well as 600,000 drivers’ license numbers, although apparently Social Security numbers and credit card numbers were not accessed. Uber says it will inform those impacted by the breach in “coming days.” Continue reading New Uber CEO Faces the Impact of Undisclosed Data Breach

Major Cyberattack Hits 150 Countries, Could Keep Spreading

A cyberattack impacted computer systems in more than 150 countries over the weekend. The weapon used to initiate the attack is believed to be based on recently published vulnerabilities stolen from the National Security Agency. The attack, one of the largest ever, took over computers, encrypted their files and demanded payment in Bitcoin of $300 or more. Among the major institutions and government agencies impacted were FedEx in the U.S., the Russian Interior Ministry and Britain’s National Health Service. The attack also hit smaller venues, such as a car manufacturing factory in Romania owned by Renault. Continue reading Major Cyberattack Hits 150 Countries, Could Keep Spreading

In a First, Yahoo Secretly Scans All Incoming Emails for Feds

In response to a classified edict from the National Security Agency or the FBI, Yahoo scanned all of its users’ incoming emails for a specific “set of characters,” keeping the scans and the software system it built to do so a secret. Millions of emails were scanned, but neither federal agency nor Yahoo will say if they found what they were looking for. Experts say this is the first case of a U.S. Internet company agreeing to search all arriving emails, rather than stored messages or a small number of email accounts. Continue reading In a First, Yahoo Secretly Scans All Incoming Emails for Feds

Twitter Withholds Data, Tensions Rise Between Police, Tech

The battle over encryption is heating up on Capitol Hill where Manhattan district attorney Cyrus R. Vance Jr. said his office hasn’t been able to decrypt 230 iPhones possibly containing important crime-related information. Google general counsel Kent Walker and Microsoft president Brad Smith also visited lawmakers to make the counter-argument that weakened encryption would make their technology less secure. These latest salvos are part of a battle that ignited when Apple refused to decrypt a mass-shooter’s iPhone. Continue reading Twitter Withholds Data, Tensions Rise Between Police, Tech

RSA Conference Reveals More Nuances in FBI-Apple Battle

By now, everyone knows the general outline of the argument between Apple and the FBI, over the latter’s request for a backdoor into the San Bernardino shooter’s iPhone. Apple’s refusal to do so has sparked a war of words and legal actions between Apple and other proponents of data protection/digital privacy and the government, as well as others who believe national security trumps digital privacy. More recently, at the RSA Conference, an information security event, more nuances were revealed. Continue reading RSA Conference Reveals More Nuances in FBI-Apple Battle

Whistleblower Edward Snowden Virtually Attends CES 2016

Edward Snowden, the former government contractor who famously leaked thousands of classified NSA documents, made an appearance at the Suitable Technologies booth during CES by way of a video chatting device on wheels. Snowden used a Beam telepresence device by Suitable to chat with founder of the Xprize Foundation Peter Diamandis about the future of technology and government surveillance. Snowden faces arrest if he returns the United States, so he touted the Beam technology as a way to stay connected. Continue reading Whistleblower Edward Snowden Virtually Attends CES 2016

Leaked Documents Offer Details of U.S. Military’s Drone Wars

Two years after government contractor Edward Snowden famously leaked secret NSA documents, another release of classified information has occurred. This time, The Intercept — which is staffed by journalists who previously worked with Snowden — has published what it claims is a comprehensive breakdown of the U.S. government’s military drone program. The report, featuring documents provided by another whistleblower, offers details regarding U.S. strategy to kill foreign targets in Afghanistan, Somalia and Yemen — and highlights the unintended consequences involved with drone wars. Continue reading Leaked Documents Offer Details of U.S. Military’s Drone Wars

European Court Rules Data Transfer Pact with U.S. is Invalid

The European Union’s highest court, the European Court of Justice, dealt a blow to the American tech industry yesterday when it struck down the international Safe Harbor agreement that previously allowed companies to move digital information between the EU and the U.S. The pact allowed companies to transfer data such as social media updates and online search histories. However, the court ruled that Safe Harbor was flawed since the U.S. government used it to access the online information of Europeans, an issue that was raised by NSA whistleblower Edward Snowden. Continue reading European Court Rules Data Transfer Pact with U.S. is Invalid

New Initiative: U.S. Offers Cybersecurity Tech to Private Sector

Cybersecurity technology from Los Alamos National Laboratory is now available to banks and other private sector businesses, via the consulting firm Ernst & Young. The New Mexico lab, benefitting from the $1 billion the U.S. spends a year on unclassified cybersecurity research, has developed a great deal of relevant technology, but is not set up to market the results of its own research. Ernst & Young, which consults on cybersecurity, will communicate the lab’s products and add its own expertise. Continue reading New Initiative: U.S. Offers Cybersecurity Tech to Private Sector

U.S. Renews Contract with ICANN, Delays Giving Up Oversight

The Department of Commerce announced that it would renew its contract with the Internet Corporation for Assigned Names and Numbers (ICANN) for one year (with options to extend it another three years), delaying its plans to relinquish oversight of one aspect of Internet governance. Commerce has overseen ICANN’s management of the Internet’s domain-name system since 1998. But last year, the Obama administration proposed transferring the oversight to international stakeholders, a plan that has met criticism regarding the potential impact to free expression. Continue reading U.S. Renews Contract with ICANN, Delays Giving Up Oversight

Google’s Fall From Grace in EU Culminates in Antitrust Suit

Google, which enjoyed enormous popularity and usage numbers in the European Union, now suffers blowback from information revealed in the NSA documents leaked by Edward Snowden. Not long ago, free-speech advocates in many countries applauded Google for shutting down its China site rather than face censorship, and Google has also been seen on the right side of history during the Arab Spring and in Syria. But now, the EU is accusing the tech giant of abusing its power — and it is looking for payback via an antitrust suit. Continue reading Google’s Fall From Grace in EU Culminates in Antitrust Suit