HackDig : Dig high-quality web security articles for hacker

ITsecurity Daily News: 09/16/2014

2014-09-17 10:50
ITsecurity Daily News: 09/16/2014

The ITsecurity daily security briefing: Tuesday, September 16, 2014.
If you find this security briefing useful, please spread the word via social media. If you have any comments or recommendations, please email kevtownsend at gmail dot com.

NewsPapers/ReportsWebThingsEventsM&AAlerts

line

News

FBI logoFBI’s facial recognition database now fully operational
  “The Federal Bureau of Investigation (FBI) Criminal Justice Information Services (CJIS) Division announced today the achievement of full operational capability of the Next Generation Identification (NGI) System. The FBI’s NGI System was developed to expand the Bureau’s biometric identification capabilities, ultimately replacing the FBI’s Integrated Automated Fingerprint Identification System (IAFIS) in addition to adding new services and capabilities.”
  But note, from EPIC http://epic.org/foia/fbi/ngi/, “The FBI’s Next Generation Identification program, a massive biometric system, is set to go fully operational this year; yet the agency has not established civil liberties safeguards. The database will employ facial recognition, iris recognition, and voice recognition. Documents obtained by EPIC under the FOIA indicate the agency is prepared to accept a 20% error rate for recognition techniques.”
That’s high!
FBI:
http://www.fbi.gov/news/pressrel/press-releases/fbi-announces-full-operational-capability-of-the-next-generation-identification-system

Archie: Just another Exploit kit
  AlienVault has published an analysis of the Archie EK. “Archie is a really basic Exploit Kit that uses different exploit modules copied from the Metasploit Framework. When the victim lands on the main page, Archie uses the PluginDetect Javascript library to extract information about Flash, Silverlight and Acrobat Reader versions and the information is sent to the server… The IP address where the Archie Exploit Kit is hosted, and the piece of malware delivered, is also being used for click fraud operations.”
AlienVault:
http://www.alienvault.com/open-threat-exchange/blog/archie-just-another-exploit-kit/

Europe excludes European citizens from involvement with the TTIP
  The Stop-TTIP Alliance instigated a European Citizens’ Initiative (ECI) against the TTIP and CETA international trade & investment agreements. This has been blocked by the European Commission. “The rejection of the ECI only confirms the Commission’s strategy to exclude citizens and parliaments from the TTIP and CETA negotiations. Instead of paying attention to citizens, it is just lobbyists that are being listened to,” said Michael Efler, the ECI contact person.
  If you wonder what the fuss is about, remember that the UK only joined a Common Market (that is, a trade agreement) and has now been sucked into an undemocratic European federation without further reference to the people. A North Atlantic Federation (which already exists in all but name) is the end goal of the TTIP.
Stop TTIP:
http://stop-ttip.org/eu-commission-wants-to-wipe-out-citizens-involvement-in-ttip-and-ceta/

Tracking Down the ‘Anonymous’ Wrongdoer
  The New York Law Journal has an excellent article on the NY court’s attitude towards social media, anonymity, the First Amendment and legal redress against anonymous wrongdoers. It notes that Twitter (for example, in the discussed case of ‘Lemon Juice v. Twitter’) is not totally averse to providing access to personal data, but only with a court order. “A petition for pre-action discovery limited to obtaining the identity of prospective defendants should be granted where the petitioner has alleged facts fairly indicating that he or she has some cause of action.” In this case, Lemon Juice was able to demonstrate just that (ie, an anonymous person had used his name to post a photograph that led to the real Lemon Juice being arrested).
New York Law Journal:
http://www.newyorklawjournal.com/home/id=1202669891809

First Wikieaks saves Bitcoin; then Bitcoin saves WikiLeaks
  In a Reddit AMA, Julian Assange quoted two footnotes from his new book. The first (footnote 23) states that when, in the early days of Bitcoin, WikiLeaks was contemplating accepting donations in bitcoins, Satoshi Nakamoto asked him not to: “You would not stand to get more than pocket change, and the heat you would bring would likely destroy us at this stage.” WikiLeaks complied. But WikiLeaks nevetheless invested in bitcoins. Footnoe 185 comments, “WikiLeaks’ strategic investments in the currency saw more than 8,000 percent return in three years, seeing us through the extralegal US banking blockade.”
Julian Assange AMA:
http://www.reddit.com/r/technology/comments/2ghp54/i_am_julian_assange_ama_about_my_new_book_when/

Transparency Report: Government demands for user info have risen 150% over the last five year
  Google has updated its Transparency Report. Richard Salgado, Legal Director, Law Enforcement and Information Security, blogged yesterday: “we’ve seen a 15% increase since the second half of last year, and a 150% jump since we first began publishing this data in 2009. In the U.S., those increases are 19% and 250%, respectively. This increase in government demands comes against a backdrop of ongoing revelations about government surveillance programs. Despite these revelations, we have seen some countries expand their surveillance authorities in an attempt to reach service providers outside their borders.” That last comment may not be limited to, but certainly includes, the undemocratic ‘emergency’ new law rushed through by David Cameron in the UK.
Google Public Policy Blog:
http://googlepublicpolicy.blogspot.co.uk/2014/09/transparency-report-government-demands_15.html

SNMP-Based DDoS Attack Spoofs Google Public DNS Server
The SANS Internet Storm Center this afternoon reported SNMP scans spoofed from Google’s public recursive DNS server seeking to overwhelm vulnerable routers and other devices that support the protocol with DDoS traffic. “The traffic is spoofed, and claims to come from Google’s DNS server. The attack is however not an attack against Google. It is likely an attack against misconfigured gateways,” said Johannes Ullrich, dean of research of the SANS Technology Institute and head of the Internet Storm Center.
Threatpost:
http://threatpost.com/snmp-based-ddos-attack-spoofs-google-public-dns-server

Protecting Privacy from Big Data: Putting the Cart Before the Horse
  The EFF doesn’t believe that the case for Big Data has been adequately made. “Many seem to be putting the cart before the horse when it comes to big data: before we as a society start worrying about how we can mitigate big data’s privacy risks, we think its proponents first need to show that their analyses are statistically valid. In other words, we need proof that big data is good science and not just snake oil.”
EFF:
https://www.eff.org/deeplinks/2014/09/protecting-privacy-big-data-putting-cart-horse

line

Whitepapers and Reports

ENISA’s Annual Incident Reports 2013
  “System failures are the most common root cause: Most major incidents were caused by ‘System failures’ (61 % of the incidents).
   o Looking more in detail at this root cause category, the most common detailed causes were ‘software bugs’, ‘hardware failures’ and ‘software misconfigurations’.
   o The assets most often affected were switches (e.g. mobile switching and routers) and base stations and controllers…”
ENISA:
https://www.enisa.europa.eu/activities/Resilience-and-CIIP/Incidents-reporting/annual-reports/annual-incident-reports-2013/at_download/fullReport

Smartphone Markets
  Juniper Research’s fifth annual report on worldwide smartphone markets estimates that shipments will increase by 19% to 1.2bn this year – driven by the growth of new low-cost products. “While Apple and Samsung continue to dominate the Ultra-Premium end of the market, these vendors are facing significant pressure from local players in the emerging markets. For example, Xiaomi, the Chinese smartphone vendor, is witnessing tremendous success in China and India as a result of its aggressive price-point offerings.” Note also that Google has just announced the low-cost Android 1 in India (Rs 5,999, or just under $100 – see The Economic Times).
Juniper Research:
http://www.juniperresearch.com/reports.php?id=805

line

Webcasts and Webinars

Due Diligence Made Easy: Open Source Report and Analysis
  Dr. Ron Rymon, a serial entrepreneur, will share his experience as an entrepreneur and investor going through two different open source due diligence processes as part of two M&A transactions. Rami Sass, WhiteSource’s CEO, will share his experience as an R&D executive going through an M&A transaction and how this experience shaped WhiteSource’s product.
Sep 17 2014 7:00 AM – 7:30 AM (PDT)
WhiteSource:
http://marketing.whitesourcesoftware.com/acton/fs/blocks/showLandingPage/a/10846/p/p-001c/t/page/fm/0

line

Events

line

Mergers and Acquisitions

line

Alerts


Source: /2-41025190-swen-yliad-ytirucesti/90/4102/ku.oc.ytirucesti

Read:2035 | Comments:0 | Tags:News Uncategorized

“ITsecurity Daily News: 09/16/2014”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud