SpiderOak Takes Novel Approach To Data Privacy

Ethan Oberman has a problem with cloud computing. “A person should be able to use cloud technologies without relinquishing his or her privacy,” explained Oberman, CEO of cloud storage service SpiderOak, in a phone interview.

Given Internet companies that rely on mining data about users for revenue, government agencies that have the capability to monitor online activities and read personal communications, businesses seeking competitive intelligence, and hackers hammering at the data piggy banks, maintaining a comfortable degree of privacy isn’t easy.

The problem is that cryptography isn’t easy. Cryptography doesn’t ensure security. It’s merely an element of a broader security strategy. But it has become a necessary element, given the inadequacy of perimeter-based protection. Because barriers can be penetrated or bypassed, data deserves additional protection.

SpiderOak is one of a handful of companies that have adopted a “zero-knowledge” approach to cloud computing services: It does not keep copies of users’ encryption keys, so it cannot provide access to a user’s files on demand or otherwise. From a liability and compliance perspective, ignorance is bliss.

In an effort to spread the gospel of ignorance, SpiderOak has been working on a zero-knowledge open-source application framework called Crypton that will allow developers to integrate strong cryptography into cloud-based applications. It can be used to ensure that servers running an application cannot read the data created and stored by the application. Decryption is done in the client, whether that’s a browser or a native app.

Source:
https://www.informationweek.com/security/privacy/spideroak-takes-novel-approach-to-data-p/240159315

Posted in Coding, Internet, Privacy, Security, Software | No Comments

Car hacking code released at Defcon

You may hate parallel parking, but you’re going to hate it even more when somebody commandeers control of your car with you in it.

That was the scary scenario painted over the first two hours at the 21st annual Defcon hacker conference.

“Car hacking is definitely coming,” said Zoz, of Cannytophic Design, who presented on how to hack autonomous cars.

Zoz’s talk on vulnerabilities that autonomous autos will face followed a fast-paced explanation by well-known computer security experts Charlie Miller and Christopher Valasek of how they spent the past 10 months hacking the self-driving features of two popular cars. Miller, Valasek, and Zoz all spoke to standing-room only crowds of more than 1,000 people.

While car hacking made a big splash at Defcon in 2010 and 2011, those hacks were not publicly documented. “We want it to take two months for everybody to do this,” Miller said to loud applause from the packed house.

Before going into their hacking explanation, Miller and Valasek admitted that they were not hardware hackers, and had little experience on hardware basics like splicing wires. But they only had one requirement for their test car: that it be able to drive itself.

From there, hilarity ensued. Instead of following Toyota’s guide to removing the dash of their test 2010 Prius, they used a crowbar. Subsequent videos and photos showed them driving around with a laptop wired to the open dash of a car, much to the amusement of the crowd.

Source:
http://news.cnet.com/8301-1009_3-57596847-83/car-hacking-code-released-at-defcon/?part=rss&subj=news&tag=2547-1_3-0-20

Posted in Hardware, Security | No Comments

Why I willingly handed over my credit card and PIN to a fraudster

“Hello Mr Welch. Visa Card Services here.” That was the line with which my nightmare started one Sunday morning, hungover, sitting on the sofa trying to piece together the night before. The landline rang. I was surprised because I’d only given the number to about three people.

The person on the other end of the phone – Mark – told me there had been a number of fraudulent transactions on my bank account since midnight, adding up to about £1,100. I’d never heard of Visa Card Services before, but then I’d never had money stolen like this before. Maybe this is what happens?

He then confirmed the last genuine withdrawal I’d made – at the Barclays opposite Highbury & Islington station – gave me a reference number and told me to ring the number on the back of my bank card.

I did just that, quoted the reference number and spoke to someone who knew all about the supposed fraud. These cunning tricksters had apparently cloned my card at the ATM I’d used and then treated themselves to a few things in the Apple Store on Regent Street. Something didn’t ring true about the whole thing – why would someone with a stolen bank card only spend £400 in the Apple Store, for starters? But I watch enough bullshit consumer TV, the kind of thing presented by that estuary gargoyle Dominic Littlewood, to know that these things happen.

The person now helping me, Rajesh Khan in HSBC’s card protection department, had all my details; full name, date of birth and, crucially, my address. That was the clincher for me, and when he said a courier was on the way to collect my bank card for further examination, I didn’t need to tell him where I lived. I initially flinched at the idea, but when he explained it was needed to properly analyse the chip, it seemed to make sense. After all, I’d called the bank myself, this was no cold call, and he had all my details already. That’s probably the same reason I typed my PIN number into the keypad of my phone.

Source:
http://www.newstatesman.com/voices/2013/07/why-i-willingly-handed-over-my-credit-card-and-pin-fraudster

Posted in Internet, Privacy, Security | No Comments

RIP – Barnaby Jack

The world lost a great hacker/security researcher on Thursday, just days before he was going to present his talk on hacking implantable medical devices. He stated it was possible to remotely control a pacemaker (aka kill someone) from 30 feet away and worked with the device manufacturers to secure the units and help prevent this from happening.

Here is one of my favorite talks of his (or anybody’s actually) called Jackpotting Automated Teller Machines.

BLACK HAT- Barnaby Jack – Jackpotting Automated Teller Machines

Posted in Hardware, Internet, Security | No Comments

Sophisticated Malware Is Stumping Security Pros

The ferocious nature of modern malware is wreaking havoc on some organizations, forcing security professionals to reassess current security policies and consider spending on modernizing defenses to detect attacks, according to a new survey.

The study, released this week by Enterprise Strategy Group and commissioned by Malwarebytes, surveyed 315 security professionals at companies in North America. It found that 74 percent of respondents have increased their security budgets over the past two years in direct response to more sophisticated malware threats.

Businesses need to assess their current defenses to avoid making impulsive spending decisions, said Jon Oltsik, senior principal analyst at Enterprise Strategy Group, in his “Malware and the State of Enterprise Security” report.

“Many organizations lack the right staff size or skills necessary to address malware threats, but given their current workload and the information security skills shortage, it is unlikely they can fill this void quickly,” Oltsik said in his report. “The best technologies will address antimalware requirements with highly tuned intelligence, algorithms and automation.”

The current crop of firewalls and intrusion-prevention systems are missing a greater amount of malware, according to the survey. Sixty-two percent of those surveyed believe their host-based security software is not effective for detecting zero-day attacks and other malware designed to bypass the software and remain stealthy on systems.

Source:
http://www.crn.com/news/security/240158935/sophisticated-malware-is-stumping-security-pros.htm

Posted in Internet, Privacy, Security, Software | No Comments