There are many potential dangers to using the internet, and most people are familiar with the idea of identity theft, unauthorized access to online accounts and the like. But there's another hazard which has come to prominence recently: doxing. The idea is not new, having its roots back in the 90s, but there have been numerous high profile cases of celebrities who have fallen victim to "document dropping".
This involves releasing personal information about someone to the internet -- information that could be embarrassing, personally revealing, or something that the victim would just rather keep to themselves. Interestingly, doxing is not necessarily illegal, but that doesn't mean that the ramifications are not far-reaching.
Technology firms in the US have written to the Chinese government asking for a postponement to the introduction of rules that would oblige companies to hand over source code as well as providing backdoors into hardware and security products sold to Chinese banks. A group of companies wrote to the Communist Party committee on cybersecurity to express disapproval at plans to underrcut the requirements later in the year.
China says that it is concerned solely with cybersecurity and wants foreign technology companies to submit to audits in addition to complying with the other demands. Outside China, the feeling is that the proposed regulations have been designed to either control outside business, or to scare companies out of the market, opening the way for Chinese firms.
For many in the cyber security field, this year’s State of the Union speech was particularly notable, as information security took the spotlight alongside other major international and domestic issues.
President Obama said he would propose several sensible new security measures, including:
One of the major worries for online businesses is being subject to a DDoS attack. As well as damaging reputations these can have a serious effect on finances too.
According to a new study by Kaspersky Lab the average cost of a DDoS attack ranges between $52,000 and $444,000 dollars depending on the size of the business.
The recent breaches of large corporation internal systems has lead some security analysts to believe indifference from employees is a key factor, rather than rogue nations attacking the private sector.
Identity management firm SailPoint claims employees would be willing to sell corporate information like passwords for as little as £100 and routinely use the same passwords for almost all applications.
As demand to access company information on the move and from mobile devices increases it places extra strain on security resources.
Existing web applications firewalls (WAFs) monitor traffic but don't have an understanding of the logic of data flows and the behavior of applications. This can make it hard for them to distinguish between legitimate traffic and attacks on apps such as SQL injection and cross-site scripting.
Despite many reports to the contrary, there is nothing to suggest that downtime experienced by Facebook, Instagram and Tinder was anything to do with Lizard Squad. Earlier today, the three services were inaccessible for a short while and Lizard Squad took to Twitter to announce the outages.
The tweet, which read "Facebook, Instagram, Tinder, AIM, Hipchat #offline #LizardSquad" was taken as an admission of guilt and reported as such by many, many websites. Even when Facebook announced that the downtime came as a result of a system change by Facebook, site after site continued to report that Lizard Squad was to blame.
The "pay or lose your files" concept of ransomware seems to have taken off with hackers and crime syndicates, becoming the modern cyber equivalent of the mob shakedown. Sort of like paying "protection money".
Now a new ransomware variant has been spotted in the wild, spreading via email, just as previous ones had. The latest is being referred to by the catchy name of Trojan.DownLoad3.35539, and appears in a message as a ZIP file with hopes that unsuspecting recipients will launch it.
With more and more websites requiring passwords to access them, people are looking for ways to manage their surfing that don't require multiple IDs.
Increasingly the answer they're turning to is social media and in particular Facebook. A new infographic from identity management specialist Gigya shows that the social network accounted for over 60 percent of logins in the fourth quarter of last year.
In the race to the bottom of security, Flash has remained a strong contender, competing with Java to win the competition. It's really nothing against Adobe, the company seems to try fairly hard to keep things safe. It's more that Flash is so popular that it becomes a primary target. Something Microsoft would know a thing or two about, given the success of Windows.
The company has issued its latest security bulletin. It isn't the best of news -- the report seems to encapsulate two vulnerabilities, and both are being exploited in the wild.
President Barack Obama made clear in his State of the Union address earlier this week that he intends to push through new legislation aimed at tightening corporate cyber security standards across the US. Just as the US’s Sarbanes Oxley Act of 2002, designed to improve the accuracy and reliability of corporate disclosures in the wake of the Enron scandal, effectively forced companies wanting to partner or do business with US corporations to comply with its rulings, so Obama’s proposed cyber laws are likely to have a global ripple effect across businesses outside America. Companies based in countries like the UK will need to tighten their own cyber security if they expect to do business with American firms which might otherwise see them as a weak link and potential vulnerability in their communications and data networks.
In his address to the nation on Tuesday (January 20th 2015), Obama said: "I urge this Congress to finally pass the legislation we need to better meet the evolving threat of cyber-attacks, combat identity theft, and protect our children’s information. That should be a bipartisan effort. If we don’t act, we’ll leave our nation and our economy vulnerable".
There was a time when Kim Dotcom was hardly out of the news, but it's been a little quieter for him of late. He popped up recently when he apparently intervened and persuaded Lizard Squad to stop attacking the PlayStation Network and Xbox Live. Dotcom used the opportunity and attention he drew to himself to advertise his Mega storage service, and anyone following him on Twitter can't help but have noticed constant references to MegaChat.
Well, the time for talking about MegaChat is over. The browser-based, ultra-secure chat service that offers end-to-end encryption is now ready for you to talk through. Dotcom refers to it being a Skype-killer, but it remains to be seen just how much trust people are willing to place in the service.
Microsoft's Bill Gates predicted the death of the password as long ago as 2004, yet we're still heavily reliant on them for our day-to-day security.
Part of the reason the password has lingered so long is the lack of solutions that provide security combined with ease of use.