IEEE Cipher --- Items from security-related news (E142)

  • Cyber Attack Opportunities Knock
    Cyberattacks are becoming big opportunities for some small businesses
    By Gene Marks
    The Washington Post
    December 13, 2017

    How to create an environment "free from malware"? Some companies are raising a lot of venture capital to achieve that goal for corporate clients. Some seek to provide an isolated environment with a strong "gatekeeper" for all web transactions.

  • US Points WannaCry Finger at (surprise) North Korea
    U.S. declares North Korea carried out massive WannaCry cyberattack
    By Ellen Nakashima and Philip Rucker
    The Washington Post
    Dec 19, 2017

    North Korea's cybercrime capabilities have grown rapidly, and the US acknowledged this in attributing the WannaCry ransomware attack to the reclusive country. The attack caused a great deal of damage in Europe, though it may not have garnered much ransom payment. There are few ways to increase pressure against North Korea without causing even more suffering to the general populace which seems to face constant food shortages and forced labor.

  • Watching the Inauguration Through Hacked Police Cameras?
    Romanian hackers took over D.C. surveillance cameras just before presidential inauguration, federal prosecutors say
    By Rachel Weiner
    The Washington Post
    Dec 28, 2017

    A year ago two Romanians manged to take over nearly 200 DC police cameras. Their motive seemed to be establishing a spam botnet, but it left the surveillance system inoperative during the presidential inauguration. The alleged culprits are facing extradition from Romania to the US. It is possible that they simply unleashed the malware and had no idea where it landed. The Internet of Things is sometimes a welcoming Petri dish.

  • From the DNC to the US Senate, Russian Hackers Push the Boundaries
    Russian hackers who compromised DNC are targeting the Senate, company says
    By Shane Harris
    The Washington Post
    Jan 12, 2018

    The security firm Trend Micro reports that the Russian hacking group that stole Democratic Nation Committee emails and gave them to Wikileaks is actively preparing for the November midterm elections. The group known as Fancy Bear (aka Pawn Storm) is using spear phishing emails to direction Senate staffers to websites that mimic trusted sites for Senate documents and email. This allows the hackers to steal login credentials from unwary users.

  • Be Secure, Be Slow
    Here's how, and why, the Spectre and Meltdown patches will hurt performance By Peter Bright
    Ars Technica
    Jan 11, 2018

    Modern computers speculate. They execute computer instructions before they are needed, while something slower is going on, and if the result is needed, it can be used immediately. This clever technique of speculative execution makes software run fast but not securely. The computer retains information about the side effects of the execution, even if the result is not used because of permission violations. This can cause a significant leakage of information on a shared server or in a browser with compromised Javascript code. Two ways of exploiting this principle emerged recently. The attacks, named Spectre and Meltdown, require fundamental changes in operating systems, and those changes, which are just now emerging as patches, make computer systems run noticeably more slowly. The slowdown may be a few per cent or much more, depending on the application.