IEEE Cipher --- Items from security-related news (E129.Nov-2015)

  • Cybersecurity Hall of Fame Inductees

    Congratulations to Cynthia Irvine, Jerome Saltzer, Ron Ross, Steve Lipner, and Susan Landau on being honored by the National Cybersecurity Hall of Fame for their numerous contributions to computer security research, policy, and practice.

  • Data, data, who's got your data?
    Data Transfer Pact Between U.S. and Europe Is Ruled Invalid
    The New York Times
    By Mark Scott
    Oct. 6, 2015

    Summary: The US and Europe have several data-sharing agreements in place. Recently, a European court ruled that one of them gives US authorities nearly unfettered access to the private data of Europeans using online services, such as Facebook. This violates European privacy laws. The decision cannot be appealed. The response by European data providers and Internet companies is being weighed.

  • Cyberinsecurity opens door to terrorism
    U.S. accuses hacker of stealing military members' data and giving it to ISIS The Washington Post
    By Ellen Nakashima
    Oct 16, 2015

    Summary: A Kosovo citizen is accused of using hacking techniques to compile a database of personal information regarding over 1000 members of the US military and other government segments. The information may have been share with an Islamic State member for the purpose of attacking these people. The information was obtained from an online retail service.

  • Complexity Secures the US Energy Grid?
    ISIS is attacking the U.S. energy grid (and failing) CNN Money
    By Jose Pagliery
    Oct 16, 2015

    Summary: GridSecCon, held by the North American Electric Reliability Corporation, featured a talk by a Homeland Security official. The overall message was that the US power grid, while short on security, is high on obscurity, making it difficult to use generic methods to attack it. The bad news is that it is constantly under attack.

  • Pandas, Stop Hacking Us!
    Cybersecurity Firm Says Chinese Hackers Keep Attacking U.S. Companies
    The New York Times
    By Paul Mozur
    Oct 19, 2015

    Summary: In October the US and China announced a agreement to stop hacking commercial sites in order to steal intellectual property. The US compandy Crowdstrike says that hacks against pharmaceutical companies have continued unabated. They call the perpetrator group "Deep Panda". Perhaps the ballyhooed agreement has no teeth. [We note that pandas are vegetarian].

  • Soured Apple Apps
    Apple bans hundreds of iPhone apps that secretly gathered personal info
    CNN Money
    Oct. 19, 2015
    By David Goldman

    Summary: Apple has been dealing with a spate of privacy encroaching apps, and in some cases, the app developers were unaware of the behavior. As a result, Apple has banned a large number of apps. An SDK that was widely used surreptiously stole user info and uploaded it to a server. In another case, encrypted communication was revealed without authorization.

  • The Cybersecurity Bill that May Never Be
    Cybersecurity bill advances in Senate, but hurdles remain
    The Washington Post
    Oct 22, 2015
    Karoun Demirjian

    Summary: The US Senate has approved its version of a controversial cybersecurity bill. The bill is meant to make it easier for US companies to share attack information with the US government, and vice versa. The details of that sharing have raised questions, as has the overall premise that it will improve cybersecurity.

  • Roses are Red, Violets are Blue, My Favorite Password is Dreaming of You
    These researchers have discovered the perfect password that's also easy to remember
    The Washington Post
    By Ana Swanson
    Oct 22, 2015

    Summary: Researchers Marjan Ghazvininejad and Kevin Knight of the University of Southern California have come up with a combination of art and psychology that might lead to a revolution in memorable passwords. It is difficult to create a password that sticks in a person's mind because memory, at least without extensive training, is limited and unreliable. A good password has to be fairly long to have enough entropy to survive random guessing by an opponent. Rhymes, though, have long been recognized as aids to memorization. The recently published paper by the researchers shows that doggerel can be used as a secret password.

  • Technology FAQs for Terrorists
    Top questions asked on the ISIS 'Help Desk'
    By Erica Fink and Laurie Segall
    Nov 21, 2015

    Summary: A group of IT specialists is available to help ISIS followers who need help with staying under the radar of law enforcement. Some of the most frequently fielded questions seem related to the sort of privacy preserving practices that any Internet user might want. Most are about security communication using encrypted services.