IEEE Cipher --- Items from security-related news (E139)




  • Uncle Sam in the Sky with Clouds
    The U.S. Government heads to the cloud to keep America safe
    FOX Business
    By Katie McKenna
    May 31, 2017

    Summary:
    Homeland Security Advisor Tom Bosser has said that cloud services are the security solution for the cyberinfrastructure of the 190 agencies within the Federal government.


  • SCOTUS to Think About Cellphone Towers and Privacy
    Supreme Court to decide if a warrant is needed to track a suspect through cellphone records
    The Washington Post
    June 5, 2017
    By Robert Barnes

    Summary:
    In Carpenter v. U.S., the government is asking for access to the numbers dialed by a cellphone without showing probable cause. Although previous Supreme Court decisions have denied such access, based on Fourth Amendment protections, the Justice Department may argue that such decisions should be re-examined in the light of law enforcement's reliance on technology in its investigations.


  • Summer Power "brown-outs" to be "Russky-Outs"?
    Russia has developed a cyberweapon that can disrupt power grids, according to new research
    The Washington Post
    Jun 12, 2017
    By Ellen Nakashima

    Summary:
    Forensic analysis of malware samples associated with power grid disruptions in the US and the Ukraine shows that Russians are associated with the software development and deployment.

    This report, by the Dragos cybersecurity company, describes the software: CRASHOVERRIDE, Analysis of the Threat, to Electric Grid Operations. It is designed to map out the power control devices on a network and to replace the communication protocols with ones controlled by the adversary. Tor network nodes were apparently involved in at least one attack.


  • Oz on Forefront of Re-Opening Crypto Wars
    George Brandis's salvo in cryptowars could blow a hole in architecture of the internet
    Technology | The Guardian
    Jun 12, 2017
    By Paul Farrell

    Summary:
    The Australian attorney general has suggested that some kind of cross-jurisdictional system would compel communication device makers and social media companies to "cooperate" by providing access to data encrypted by users. Although he has not suggested a "backdoor" for encryption, some experts wonder if there is any alternative solution to Brandis's dilemma.


  • Our Fake Election?
    Russian Cyber Hacks on U.S. Electoral System Far Wider Than Previously Known
    Bloomberg
    Jun 13, 2017
    By Michael Riley and Jordan Robertson

    Summary:
    Attempts to interfere with the nuts and bolts systems associated with voting in the 2016 presidential election were detected in 39 states. The hacking is widely believed to have originated from Russians. "They're coming after America," former FBI director James Comey told the Senate Intelligence Committee investigating Russian interference in the election. "They will be back."


  • North Korea, New Player in the Ransomware Game
    The NSA has linked the WannaCry computer worm to North Korea
    The Washington Post
    Jun 14, 2017
    By Ellen Nakashima

    Summary:
    The NSA says that the WannaCry ransomware worm was likely a product of North Korea. If it was an attempt to finance that secretive country, it was a decisive failure. The few Bitcoins that were paid are traceable, making them an undesirable asset for any currency exchange.


  • New NIST Standard for Digital Identity Guidelines
    Mic Drop - Announcing the New Special Publication 800-63 Suite!
    June 22,2017 10:02 AM
    NIST Press Release
    National Institute of Standards and Technology (NIST):
    More than a year in the making, after a large, cross-industry effort, we are proud to announce that the new Special Publication (SP) 800-63 IS. NOW. FINAL. With your help, Electronic Authentication Guidelines has evolved into Digital Identity Guidelines - a suite of documents covering digital identity from initial risk assessment to deployment of federated identity solutions. Check it out now at 800-63 Suite.


  • Hacking As a Service
    Two charged with running hacking service used in 'major computer intrusions' of U.S. businesses
    The Washington Post
    July 5, 2017
    By Rachel Weiner

    Summary:
    Any software speciality has its vendor, and that includes malware. A recent indictment names a pair of Latvians with a co-conspirator in Virginia that have been running a site that offers a "buffet" of hacking software, including keyloggers and remote access Trojans to their 30K customers.


  • New Security Solution: Partnerships With the Enemy
    Lawmakers blast Trump's plan to work with Russia on cybersecurity
    The Washington Post
    Jul 9, 2017
    By Cleve R. Wootson Jr.

    Summary:
    Using his official communication channel on Twitter, the President of the United States spoke favorably of a partnership with Russia on cybersecurity. The two countries would create some sort of "impenetrable Cyber Security unit so that election hacking, & many other negative things, will be guarded." The idea was met with widespread skepticism and sarcasm. Later, the President said that the partnership could not happen.


  • DoD to start using STARTTLS option for email transport
    The Defense Department will soon use more secure email
    Jul. 6, 2017
    CNN Money
    By Selena Larson

    Summary:
    US Military emails go through the gateway "mail.gov" where they are screened for viruses. The email is not encrypted, and this has attracted the atttention of Senator Ron Wyden. His query to DISA, which runs the gateway, elicited a response blaming old technology for the omission. The servers cannot enable encryption and still scan the email for malware. The computers will be upgraded next year, and at that time the STARTTLS option for SMTP will be enabled by default.


  • Too Much Room at the Top
    White House's dwindling science office leaves major research programmes in limbo
    Nature
    11 July 2017
    by Sara Reardon

    Summary: The US Office of Science and Technology (OSTP) has only a fraction of the number of members that it did under the previous administration. The most significant position, that of science advisor, remain unfilled. The article points out that "... without a science adviser, OSTP career staff cannot establish new working groups, call meetings or approve budgets." This seems to leave cybersecurity without a clear direction.