News Items, Security Related News, Cipher E113, March 19, 2013

RC4 Encryption Demonstrably Breakable
Andy Greenberg, Forbes Staff, 3/13/2013
Cryptographers show mathematically crackable flaws in common web encryption

The RC4 encryption algorithm, widely used on the Internet because of its simple design and speed, is less secure than previously believed.

Evernote User Data Compromised
Doug Gross
March 4, 2013
  • 50 million compromised in Evernote hack

    Data in the cloud may have pie-in-sky security. The firm Evernote announced that its usernames and email addresses (but not passwords) had been revealed to hackers. The passwords are encrypted, but we hope that RC4 was not the algorithm.

    The Washington Post
    By Ellen Nakashima
    Mar 16, 2013
  • FBI survillance tool is ruled unconstitutional

    National security letters, a warrantless communication surveillance method used by the FBI, has been ruled unconstitional by a Federal Appeals Court in California.

    The Washington Post
    By Ellen Nakashima
    Jan 28, 2013
    Pentagon to boost cybersecurity force

    The Pentagon announced plans for a three-pronged "CyberCommand" to utilize 5 times as many people as are currently involved in such activities.
    By Kevin Voigt
    Feb 1, 2013
  • Chinese cyber attacks on West are widespread, experts say

    Apparently successful "spear-phishing" attacks against major US newspapers originate in China, according to unnamed experts.

    The Washington Post
    By Ellen Nakashima
    Feb 10, 2013
  • U.S. said to be target of massive cyber-espionage campaign

    According to a classified report called the "National Intelligence Estimate", the US is the target of cyberespionage mounted by several countries. "Cyber-espionage, which was once viewed as a concern mainly by U.S. intelligence and the military, is increasingly seen as a direct threat to the nation's economic interests."

    New York Times
    By David E. Sanger, David Barboza and Nicole Perlroth
    Feb 19, 2013
  • China's Army Is Seen as Tied to Hacking Against U.S.

    Is one building in China the source of concerted attacks against US cyberassets?

    The Washington Post
    By William Wan and Ellen Nakashima
    Feb 19, 2013
  • Report ties cyberattacks on U.S. computers to Chinese military

    A 60-page report by a US company, Mandiant, is the first non-governmental assessment of the source of attacks on US computers to lay the blam on the Chinese military.

    The New York Times
    By David E. Sanger and Thom Shanker
    Feb 4, 2013
    Broad Powers Seen for Obama in Cyberstrikes

    The US executive branch has been considering rules governing actions of its new "Cyber Command". "The implications of pre-emption in cyberwar were specifically analyzed at length in writing the new rules. One major issue involved in the administration’s review, according to one official involved, was defining "what constitutes reasonable and proportionate force" in halting or retaliating against a cyberattack."

    The Washington Post
    Feb 13, 2013
  • Pentagon creates new medal for extraordinary work by cyber and drone warriors. [Cipher Ed.: This story has been withdrawn from the Washington Post website].
    New York Times
    By Michael S. Schmidt and Nicole Perlroth
    February 12, 2013
    Obama Order Gives Firms Cyberthreat Information

    A stopgap measure aimed at bolstering US resistance to cyberattacks, the President signed an executive order for sharing threat information between the government and private companies.

    USA Today
    Byron Acohido
    February 27, 2013

    Security tools reveal cyberintruders' trickery

    The buzz at the annual RSA Conference was about how large organizations are putting more effort into discovering how they were hacked, and they are also starting to share that information.

    New York Times
    By Mark Landler and David E. Sanger
    March 11, 2013
  • U.S. Demands That China End Hacking and Set Cyber Rules

    Tom Donilon, President Obama's national security advisor, said that the White House wants China to crackdown on hackers and enter into a dialogue about standards.

    New York Times
    By Nicole Perlroth, David E. Sanger and Michael S. Schmidt
    Mar 4, 2013
  • U.S. Weighs Risks and Motives of Hacking by China or Iran

    The US government expresses some confusion over the perpetrators of large-scale hacking attacks. Although the countries of origin appear to be China and Iran, the administration is unsure whether individuals, the military, or both, are behind the majority of the attacks.

    New York Times
    By Michael D. Shear and Nicole Perlroth
    Mar 14, 2013
  • Obama Discusses Computer Security With Corporate Chiefs

    The White House was the location for a meeting on March 13 for the purpose of enlisting support for pending legislation giving the executive branch powers and funds to combat cyberespionage and to thwart or counter cyberwarfare. The legislation was proposed but not passedin 2011. Last month, an executive order was signed, setting the stage for information sharing with privated companies, and this meeting may have resulted as a consequence of that order.

    New York Times
    By Mark Mazzetti and David E. Sanger
    Mar 14, 2013
  • Security Chief Says Computer Attacks Will Be Met

    Gen. Keith Alexander, head of the US Cybercommand, talked to Congress about the defensive part of his 3-part command structure.

    New York Times
    By David Barboza
    Mar 14, 2013
  • China Calls for Global Hacking Rules

    China joined the media blitz about cyberespionage by calling for new dialogue on rules and cooperation while denying official involvement in misdeeds.

    New York Times
    Mar 14, 2013
  • Australian Central Bank Hit by Cyberattack

    The Australian central bank, said that although news reports about it being hacked were partially true, the bank believes that it was successful in isolating the attacks and avoiding any information disclosure.

    New York Times
    By Amy Chozick Mar 15, 2013
  • Thomson Reuters Editor Is Charged in Hacking of News Site

    An admitted Twitter addict, Thomson Reuters' deputy social media editor Matthew Keys may also be a malicious hacker. He has been charged with hacking the Los Angeles Time website and altering headlines.