Archive for August, 2013

U.S. appetite for Internet user data not unique

From: ComputerWorld (Australia)

Jaikumar Vijayan

For all the privacy concerns raised by Edward Snowden’s leaks about government data collection activities, the U.S. is not alone or even always the most demanding when it comes to law enforcement requests for customer data from Internet service providers.

A whitepaper released by Washington-based law firm Hogan Lovells this week shows that law enforcement agencies in several other countries in Europe and elsewhere have equally, if not even more, voracious appetites for such data.

Mobile banking – shaping the future of regulation in EU and the UK

From: Out-Law.com

Financial services sector head John Salmon and the Pinsent Masons financial services sector team bring you insight and analysis on what really matters in the world of financial services.

This week the Financial Conduct Authority (FCA) published its initial look into mobile banking. Described as a thematic review, the regulator’s interim report lists a number of aspects of mobile banking that need further investigation.

These are not entirely surprising: fraud; security; the use of third parties; consumer awareness; ‘technology risk and interruptions to service’, and anti-money laundering systems and controls. Each issue however, was given no more than two paragraphs, indicating just how early a stage the FCA is at in its review process.

Deutsche Telekom admits staff data security breach

From: telecompaper

There has been a breach of security of Deutsche Telekom employees’ personal data, Handelsblatt reported. A company spokesman confirmed a report in Manager Magazin to this effect, and said a limited number of staff members have had access to employees’ personal data that ought to have been kept in anonymous form only. He added that there were no signs that the information had been misused. He said the supervisory board had apologised to staff. An external auditor will be commissioned to investigate the privacy breach, and the works council wants a lawyer to be involved, too.

Amazon ‘wish list’ is gateway to epic social engineering hack

From: CBS News

By Chenda Ngak

Comedian Erik Stolhanske didn’t know what he was getting himself into when he let a cybersecurity expert at SecureState take a crack at hacking him. The “Super Troopers” actor gave the company the green light to try to access his Twitter account with nothing more than his name. What he found out was that his entire digital life could have been compromised using simple techniques.

SecureState profiling consultant Brandan Geise went on a mission to hack into Stolhanske’s Twitter account, but instead was also able to gain access to his Amazon, AOL, Apple and Dropbox accounts, as well his Web hosting account.

The Cybersecurity Market in Brazil to 2023: Market Brief

Editor’s Note:  The CRE Brazil website is available in English here and Portuguese here.

From: ReportStack

Publication DateAug 2013

Publisher Strategic Defence Intelligence
Product Type Report
Pages 14
Single User License $ 75.00
Site User License $                       150.00
Corporate User License $                       225.00

Synopsis
SDI’s “The Cybersecurity Market in Brazil to 2023: Market Brief” provides a top-level, category specific view of the forecast market value of Cybersecurity expenditure in Brazil.

Contractors Are Now Using Encrypted Calls and Texts for Legal Advice

From: Nextgov

By Aliya Sternstein

With economic espionage and domestic surveillance creating a climate of cyber insecurity, some intellectual property attorneys now employ encrypted communications to correspond with federal contractor clients.

Tools such as RedPhone, a mobile voice app, and Silent Circle, a text, video and voice service, are among the more user-friendly technologies in use. Civil liberties activists, dissidents and some journalists have long resorted to cryptography to protect information, but some assembly was always required. The new secret message techniques still require trading a little convenience for confidentiality.

Poison Ivy RAT becoming the AK-47 of cyber-espionage attacks

From: The Register

Just because it’s simple to use doesn’t mean the user is low-rent

By John Leyden

The Poison Ivy Remote Access Tool (RAT) – often considered a tool for novice “script kiddies” – has become a ubiquitous feature of cyber-espionage campaigns, according to experts.

Research by malware protection firm FireEye has revealed that the tool served as lynchpin of many sophisticated cyber attacks, including the compromise of RSA SecurID data in 2011 and the “Nitro” assault against chemical makers, government offices, defence firms and human-rights groups last year.

Who’s Behind the “Biggest Cyberattack” in China’s History

From: The Diplomat

By Tyler Roney

In what is being called the “biggest cyberattack in its history”, China’s internet was brought down by widespread distributed denial-of-service (DDoS) attacks on Sunday.

As The Wall Street Journal reported, no one is quite sure where the attacks came from, but the timing is certainly interesting from a number of standpoints. Furthermore, some reports are saying that the attack was so simple that it could have involved hundreds of hackers or a single individual with a really big botnet.

Cybersecurity And Privacy Specialists In Short Supply

From: Forbes

Greg McNeal

A cover story in the Los Angeles Daily Journal (subscription required) reported that the need for privacy and cybersecurity legal specialists has exploded in California, yet general counsel say there is a shortage of qualified practitioners who can do the job.  LinkedIn Corp.’s General Counsel Erika Rottenberg was featured in the story, she speculated that technology companies in Silicon Valley were hiring most of the qualified attorneys, leaving less talent for law firms.  Amidst a legal job market in which law graduates are clamoring to find jobs, the demand for privacy and cybersecurity specialists may present an opportunity for the law schools that are nimble enough to respond to the demand.

Cyber, security and liberty

From: Financial Review (Australia)

Christopher Joye

This is the edited text of a talk delivered by Christopher Joye to the Centre for Independent Studies’ Consilium Conference on Friday. Joye sat on a panel with David Irvine, ASIO’s Director General, and Major General Stephen Day, who is Deputy Director of the Defence Signals Directorate.

Today I want to apply a financial economist’s approach to thinking about cyber risk and briefly reflect on the trade-off between national security and liberty. Before I do, I’d like to thank David and Stephen for participating—it is rare to get two of the top representatives from the Australian Security Intelligence Organisation and the Defence Signals Directorate to publicly engage in a forum like this.