Tag: problem | Page 3

Is cybersecurity an unsolvable problem? – Ars Technica

May 28, 2023/in Internet Security

In November 1988, a graduate student at Cornell University named Robert Morris, Jr. inadvertently sparked a national crisis by unleashing a self-replicating computer worm on a VAX 11/750 computer in the Massachusetts Institute of Technology’s Artificial Intelligence Lab. Morris had no malicious intent; it was merely a scientific experiment to see how many computers he could infect. But he made a grievous error, setting his reinfection rate much too high. The worm spread so rapidly that it brought down the entire computer network at Cornell University, crippled those at several other universities, and even infiltrated the computers at Los Alamos and Livermore National Laboratories.

Making matters worse, his father was a computer scientist and cryptographer who was the chief scientist at the National Security Agency’s National Computer Security Center. Even though it was unintentional and witnesses testified that Morris didn’t have “a fraudulent or dishonest bone in his body,” he was convicted of felonious computer fraud. The judge was merciful during sentencing. Rather than 15–20 years in prison, Morris got three years of probation with community service and had to pay a $10,000 fine. He went on to found Y Combinator with his longtime friend Paul Graham, among other accomplishments.

The “Morris Worm” is just one of five hacking cases that Scott Shapiro highlights in his new book, Fancy Bear Goes Phishing: The Dark History of the Information Age in Five Extraordinary Hacks. Shapiro is a legal philosopher at Yale University, but as a child, his mathematician father—who worked at Bell Labs—sparked an interest in computing by bringing home various components, like microchips, resistors, diodes, LEDs, and breadboards. Their father/son outings included annual attendance at the Institute of Electrical and Electronics Engineers convention in New York City. Then, a classmate in Shapiro’s high school biology class introduced him to programming on the school’s TRS-80, and Shapiro was hooked. He moved on to working on an Apple II and majored in computer science in college but lost interest afterward and went to law school instead.

With his Yale…

Source…

How machine learning can help crack the IT security problem

April 9, 2023/in Computer Security

Join top executives in San Francisco on July 11-12, to hear how leaders are integrating and optimizing AI investments for success. Learn More

Less than a decade ago, the prevailing wisdom was that every business should undergo digital transformations to boost internal operations and improve client relationships. Next, they were being told that cloud workloads are the future and that elastic computer solutions enabled them to operate in an agile and more cost-effective manner, scaling up and down as needed.

While digital transformations and cloud migrations are undoubtedly smart decisions that all organizations should make (and those that haven’t yet, what are you doing!), security systems meant to protect such IT infrastructures haven’t been able to keep pace with threats capable of undermining them.

As internal business operations become increasingly digitized, boatloads more data are being produced. With data piling up, IT and cloud security systems come under increased pressure because more data leads to greater threats of security breaches.

In early 2022, a cyber extortion gang known as Lapsus$ went on a hacking spree, stealing source code and other valuable data from prominent companies, including Nvidia, Samsung, Microsoft and Ubisoft. The attackers had originally exploited the companies’ networks using phishing attacks, which led to a contractor being compromised, giving the hackers all the access the contractor had via Okta (an ID and authentication service). Source code and other files were then leaked online.

Event

Transform 2023

Join us in San Francisco on July 11-12, where top executives will share how they have integrated and optimized AI investments for success and avoided common pitfalls.

Register Now

This attack and numerous other data breaches target organizations of all types, ranging from large multinational corporations to small startups and growing firms. Unfortunately, in most organizations, there are simply too many data points for security engineers to…

Source…

Biden admin’s cloud security problem: ‘It could take down the internet like a stack of dominos’

March 10, 2023/in Internet Security

The cloud has “become essential to our daily lives,” Kemba Walden, the acting national cyber director, said in an interview. “If it’s disrupted, it could create large potentially catastrophic disruptions to our economy and to our government.”

In essence, she said, the cloud is now “too big to fail.”

The fear: For all their security expertise, the cloud giants offer concentrated targets that hackers could use to compromise or disable a wide range of victims all at once. The collapse of a major cloud provider could cut hospitals off from accessing medical records; paralyze ports and railroads; corrupt the software that help financial markets hum; and wipe out databases across small businesses, public utilities and government agencies.

“A single cloud provider going down could take down the internet like a stack of dominos,” said Marc Rogers, chief security officer at hardware security firm Q-Net Security and former head of information security at the content delivery provider Cloudflare.

And cloud servers haven’t proved to be as secure as government officials had hoped. Hackers from nations such as Russia have used cloud servers from companies like Amazon and Microsoft as a springboard to launch attacks on other targets. Cybercriminal groups also regularly rent infrastructure from U.S. cloud providers to steal data or extort companies.

Among other steps, the Biden administration recently said it will require cloud providers to verify the identity of their users to prevent foreign hackers from renting space on U.S. cloud servers (implementing an idea first introduced in a Trump administration executive order). And last week the administration warned in its national cybersecurity strategy that more cloud regulations are coming — saying it plans to identify and close regulatory gaps over the industry.

In a series of interviews about this new, tougher approach, administration officials stressed that they aren’t giving up on the cloud. Instead, they’re trying to ensure that rapid growth doesn’t translate to new security risks.

Cloud services can “take a lot of the security burden off of end users” by relieving them of difficult and time-consuming…

Source…

Security researcher says Eufy has a big security problem

November 29, 2022/in Mobile Security

What you need to know

Security researcher Paul Moore has discovered several security flaws in Eufy’s cameras.
User images and facial recognition data are being sent to the cloud without user consent, and live camera feeds can purportedly be accessed without any authentication.
Moore says some of the issues have since been patched but cannot verify that cloud data is being properly deleted. Moore, a U.K. resident, has taken legal action against Eufy because of a possible breach of GDPR.
Eufy support has confirmed some of the issues and issued an official statement on the matter saying an app update will offer clarified language.

Update Nov 29 11:32 am: Added Paul Moore’s response to Android Central.

Update Nov 29 3:30 pm: Eufy issued a statement explaining what’s going on which can be seen below in Eufy’s explanation section.

Based on Eufy’s statement below, many of the issues Mr. Moore encountered will not appear so long as users don’t enable thumbnails for camera notifications. It’s these thumbnails that are being sent to the cloud for push notification purposes. No actual video footage is being sent to Eufy’s AWS cloud.

For years, Eufy Security has prided itself on its mantra of protecting user privacy, primarily by only storing videos and other relevant data locally. But a security researcher is calling this into question, citing evidence that shows some Eufy cameras are uploading photos, facial recognition imagery, and other private data to its cloud servers without user consent.

A series of Tweets (opens in new tab) from information security consultant Paul Moore seems to show a Eufy Doorbell Dual camera uploading facial recognition data to Eufy’s AWS cloud without encryption. Moore shows that this data is being stored alongside a specific username and other identifiable information. Adding to that, Moore says that this data is kept on Eufy’s Amazon-based servers even when the footage has been “deleted” from the Eufy app.

Furthermore, Moore alleges that videos from cameras can be streamed via a web browser by inputting the right URL and that no authentication information needs to be present to view said videos. Moore shows evidence that videos from Eufy cameras that are encrypted…

Source…

Tag Archive for: problem

Event

What you need to know