Microsoft is considering adding public-key pinning–an important defense against man-in-the-middle attacks–to Internet Explorer. The feature is designed to help protect users against the types of MITM attacks that rely on forged certificates, which comprise a large portion of those attacks.
Attackers use forged or stolen certificates to trick victims’ browsers into trusting a malicious site that the attacker controls. Public-key pinning helps prevent those attacks by binding a set of public keys issued by a trusted certificate authority to a specific domain. With that defense in place, if the user visits the site and is presented with a key that’s not part of the pinned set, the browser will reject the secure connection.
Read moreInternational bank HSBC said that its operations in Turkey had been hacked and the personal data of some million customers’ credit cards had been compromised, while emphasizing that there is no financial risk for the clients. HSBC Turkey identified the attack through its internal controls.
The information compromised consisted of card numbers and linked account numbers, card expiry dates and card holders’ names, the bank said. There is no evidence that any of its customers’ other financial information or personal information was compromised. The bank stated that its customers may continue to perform all banking transactions as usual.
Read moreSerious concessions have been made about privacy post-Snowden, in particular about how personal information is processed and consumed online. Results from a survey show that the leaks have raised consumers’ consciousness about not only government, but commercial, collection of personal data.
Americans lack the confidence that they have any control over their personal data. The survey asked about six modes of communication: landlines; cell phones; text messaging; email; chat or IM; and social media. People, according to the results, are less worried about their physical location being disclosed, as well as the content of text messages, whom they’re texting or calling.
Read moreIn the world of infrastructure security, a little bit of knowledge can go a long way toward protecting your organization. That's why Incapsula is always working hard to learn what's going on with the current state of DDoS attacks, including the top trends in DDoS attacks and how DDoS attackers are changing their methods.
During our work, we noticed that there's little understanding out there about exactly how DDoS attacks put businesses at risk. Some companies seem to ignore the risk altogether, while others know the danger is real, but are unsure exactly what that entails. We thought that it would be a good idea to show the actual impact that DDoS attacks can have on a business.
Read moreAT&T says it has stopped using a controversial mobile technology that could be misused by advertising networks to track online users regardless of their wishes. Until last week, the company had been inserting a unique identifier in web traffic sent by phones and other devices on its wireless network.
It was doing this as part of a test program, which has now been stopped. Privacy advocates hate these unique identifiers, because there’s no way to turn them off. That means that they can be used by advertising networks to circumvent privacy tools such as do-not-track lists or private browsing settings.
Read moreThe prototype real time social media monitor will only look at publicly available data though, according to the plans. Germany's foreign intelligence agency reportedly wants to spend on technology that would let it spy in real time on social networks outside of Germany.
The system for real time social network monitoring is still in the construction phase. But a prototype is expected to be launched next June with the aim of monitoring publicly available data on Twitter and blogs. The program should filter out and discard data in the German language. Moreover, a plan to monitor Internet exchanges outside Germany is also in the works.
Read moreFacebook simplified and shortened by two-thirds its description of how it uses data, responding to concerns that users didn’t understand its policies. The goal is to get more people to read and comprehend the terms they must agree to in order to use the service.
Earlier, Facebook has taken steps to engage with privacy advocates and educate users on its policies. The changes don’t affect how much data Facebook collects, much of which it uses to target ads at users. It began allowing marketers to advertise to Facebook users who visit or live near a business. Now it would expand to more countries the program that targets ads based on browsing habits; it previously only operated in the U.S.
Read moreCybercriminals have started a new trend for conducting distributed denial-of-service attacks and rely on a type of DNS amplification that leverages text records for making the operation more effective; in some campaigns, parts of a press release from the White House have been observed by researchers.
The tactic is not new, but more and more incidents of this sort have been recorded. The entertainment sector is the most targeted. Attackers have used large TXT records in reflection attacks in the past. Cybercriminals often use intermediate victims to reflect the bad traffic to their target.
Read moreIt's hard not to get caught up in the romance of delivery drones, especially when start-ups keep producing spiffy promotional videos set in a fantastical land of airborne courier services. But underneath all this hoopla, progress is certainly being made.
London-based company has begun trials of its autonomous drone delivery service, claiming it is capable of shipping small objects at the touch of a smartphone button. The team has engineered its drones over a number of years at London's TechCity. Their system is aimed at tapping into the ubiquity of smart devices and enable anybody to book their own delivery drone within seconds.
Read moreThe Justice Department is scooping up data from thousands of mobile phones through devices deployed on airplanes that mimic cellphone towers, a high-tech hunt for criminal suspects that is snagging a large number of innocent Americans, according to people familiar with the operations.
The technology in the two-foot-square device enables investigators to scoop data from tens of thousands of cellphones in a single flight, collecting their identifying information and general location. People with knowledge of the program wouldn’t discuss the frequency or duration of such flights, but said they take place on a regular basis.
Read moreAxarhöfði 14,
110 Reykjavik, Iceland