Items from security-related news (E107.Mar-2012)

The Secret is in the Finger
Bypassing the Password
New York Times
Digital Domain
Published: March 17, 2012

DARPA funded research at CMU, led by Roy Maxion, looks at the detailed biometrics of keystrokes as an identification method.

Admistration Pushes for Greater Authority Over Cybersecurity in Private Firms
New Interest in Hacking as Threat to Security
New York Times
Published: March 13, 2012

"The legislation the administration is pressing Congress to pass would give the federal government greater authority to regulate the security used by companies that run the nation's infrastructure. It would give the Homeland Security Department the authority to enforce minimum standards on companies whose service or product would lead to mass casualties, evacuations or major economic damage if crippled by hackers."

NSA in the Rockies
New NSA Data Center Concerning Utahns

A huge NSA data center in Utah is causing local notice.

When Keys Go Bad
Ron was wrong, Whit is right
Maxime Augier, Arjen K. Lenstra, James P. Hughes, Joppe W. Bos, Thorsten Kleinjung, and Christophe Wachter
IACR preprint archive

A clever mathematical analysis of a large number of RSA keys advertised on the Internet shows that a surprisingly large number are insecure.

Linked In To ... Insecurity?
LinkedIn is a hacker's dream tool
By Stacy Cowley @CNNMoneyTech
March 12, 2012: 5:24 AM ET

LinkedIn and little bit of social engineering turned a security investigator into a trusted employee of a company that had never heard of him.

Afraid to Flash?
Adobe Confirms New Zero-day Flash Bug
By Gregg Keizer, Computerworld
Feb 16, 2012 5:27 am

Active attacks using cross-scripting bedevil Internet Explorer, leading Adobe to update Flash Player 11 and Flash Player 10. No information was given about How Long Has This Been Going On?

Stux Redux
U.S. accelerating cyberweapon research
Washington Post
By Ellen Nakashima, Published: March 18

"The Pentagon is accelerating efforts to develop a new generation of cyberweapons capable of disrupting enemy military networks even when those networks are not connected to the Internet, according to current and former U.S. officials."

Kaigham J. Gabriel, DARPA deputy director, recently said that DARPA will focus a greater portion of its cybersecurity research on offensive weapons.

Other DoD officials have expressed willingness to spend more money if they could find effective outlets.