Police Pay Cryptolocker Ransom

From The Herald News:
A computer virus that encrypts files and then demands that victims pay a “ransom” to decrypt those items recently hit the Swansea Police Department.
The department paid $750 for two Bitcoins — an online currency — to decrypt several images and word documents in its computer system, Swansea Police Lt. Gregory Ryan said.
“It was an education for (those who) had to deal with it,” Ryan said, adding that the virus did not affect the software program that the police department uses for police reports and booking photos. . . .

CryptoLocker, a new Windows ransomware virus sweeping across the country, hit the Swansea Police Department on Nov. 6. The virus encrypted several files that could only be decrypted through the purchase of Bitcoins, an unregulated digital currency, to pay for the special “decryption key.” A countdown clock appeared on a computer screen showing how much time the department had to buy the key before all the files were deleted.
Posted by on No comments:
Labels: ,

Bitcoin Blows Past $600

From CNBC:
Bitcoin touched a fresh all-time high on Monday as the digital currency continued to gain favor with investors.  The virtual currency rose to just under $619 on Mt. Gox exchange Monday afternoon in Asia, up by over 25 percent from the same time on Sunday.
Its latest gains come as the potential for regulation hangs over the market. The U.S. Senate Committee on Homeland Security and Governmental Affairs (HSGAC) is set to begin a hearing at 3.00 p.m. Washington time on Monday. The event will bring representatives from different federal agencies and representatives from the bitcoin community to discuss virtual currencies.
Posted by on No comments:
Labels:

Executive Computer Illiteracy a Threat to Consumer Data Security

Here's an interesting new study from Threat Track Security, a "blind survey of 200 security professionals dealing with malware analysis within U.S. enterprises."  From the release:
ThreatTrack Security today published a study that reveals mounting cybersecurity challenges within U.S. enterprises. Nearly 6 in 10 malware analysts reported they have investigated or addressed a data breach that was never disclosed by their company.

These results suggest that the data breach epidemic - totaling 621 confirmed data breaches in 2012, according to Verizon's 2013 Data Breach Investigations Report - may be significantly underreported, leaving enterprises' customers and data-sharing partners unaware of a wide array of potential security risks associated with the loss of personal or proprietary information. Moreover, the largest companies, those with more than 500 employees, are even more likely to have had an unreported breach, with 66% of malware analysts with enterprises of that size reporting undisclosed data breaches. 
Despite their gravity, the reasons behind these breaches are rather funny:
malware analysts revealed a device used by a member of their senior leadership team had become infected with malware due to executives:
  • Visiting a pornographic website (40%)
  • Clicking on a malicious link in a phishing email (56%)
  • Allowing a family member to use a company-owned device (45%)
  • Installing a malicious mobile app (33%)
Posted by on No comments:
Labels:

Wikileaks Obtains Draft Text of TPP Copyright Agreement

From the Guardian:
WikiLeaks has released the draft text of a chapter of the Trans-Pacific Partnership (TPP) agreement, a multilateral free-trade treaty currently being negotiated in secret by 12 Pacific Rim nations.
The full agreement covers a number of areas, but the chapter published by WikiLeaks focuses on intellectual property rights, an area of law which has effects in areas as diverse as pharmaceuticals and civil liberties.
Negotiations for the TPP have included representatives from the United States, Canada, Australia, New Zealand, Japan, Mexico, Malaysia, Chile, Singapore, Peru, Vietnam, and Brunei, but have been conducted behind closed doors. Even members of the US Congress were only allowed to view selected portions of the documents under supervision.
Posted by on No comments:
Labels: ,

HTTPS: Toward a Secure Internet

From W3.org:
There seems to be strong consensus to increase the use of encryption on the Web, but there is less agreement about how to go about this. The most relevant proposals were: 
A. Opportunistic encryption for http:// URIs without server authentication -- a.k.a. "TLS Relaxed" as per draft-nottingham-http2-encryption.

B. Opportunistic encryption for http:// URIs with server authentication -- the same mechanism, but not "relaxed", along with some form of downgrade protection.

 C. HTTP/2 to only be used with https:// URIs on the "open" Internet. http:// URIs would continue to use HTTP/1 (and of course it would still be possible for older HTTP/1 clients to still interoperate with https:// URIs).

In subsequent discussion, there seems to be agreement that (C) is preferable to (B), since it is more straightforward; no new mechanism needs to be specified, and HSTS can be used for downgrade protection. (C) also has this advantage over (A), and furthermore provides stronger protection against active attacks. The strongest objections against (A) seemed to be about creating confusion about security and discouraging use of "full" TLS, whereas those against (C) were about limiting deployment of better security.

Keen observers have noted that we can deploy (C) and judge adoption of the new protocol, later adding (A) if neccessary. The reverse is not necessarily true.
Posted by on No comments:
Labels:

Shielding Yourself from Prying Eyes and Algorithms on Google, Facebook and Twitter

A quick how-to on shielding yourself from online tracking by Google, Facebook and Twitter, from Mashable:
Many sites, apps and browsers are using your information in ways you might not entirely comply with if you'd take the time to read their privacy policies. Often, opting out is only a click away, though it may be difficult to find out where exactly to click. We've compiled this list of ways various Internet companies are tracking and using your data — plus, given you the tools to opt out, if you wish . . .
Posted by on No comments:
Labels: ,

Sunday US Mail Delivery for Amazon

From the Washington Post:
Amazon is teaming up with the U.S. Postal Service to deliver packages on Sundays.  The Seattle company says Sunday delivery will be available this week to customers in the New York and Los Angeles metropolitan areas. Amazon and the Postal Service plan to roll out service to “a large portion of the U.S. population” next year, including the cities of Dallas, Houston, New Orleans, and Phoenix.
Mail on Sunday?!

Posted by on No comments:
Labels:
Subscribe to: Posts (Atom)