Links to News from the
Media,
Cipher
Issue E125, March 2015
Why Health Insurers Are Frequent Targets
China suspected in major hacking of health insurer
The Washington Post
Drew Harwell and Ellen Nakashima
Feb 5, 2015
Health insurance company Anthem said it had been the victime of
'a very sophisticated attack'. There is a potential for hackers to
steal private health data that is valued on the black market as tools
for extortion, fraud or identity theft. Anthem said this attack did
not reveal health data, but it did compromise identifying information
for members and employees. Chinese hackers are suspected, perhaps
because of the level of expertise shown in the attack.
Related story:
Massive
data hack of health insurer Anthem potentially exposes millions
The Washington Post
Fred Barbash and Abby Phillip
Feb 5, 2015
Related story:
Data Breach at Anthem May Lead to Others
NYTimes.com
Reed Abelson and Julie Creswell
Feb 6, 2015
Obama to create new agency to examine cyberthreats
AP via KSL.com
Ken Dilanian, Associated Press
February 10th, 2015
Can the creation of a new "Cyber Threats Intelligence Integration
Center" help the Federal government deal with cyberattacks like the
Sony hack? White House cybersecurity coordinator Michael Daniel
thinks that coordinating the many individual cybersecurity efforts in
the government will help streamline detection and response.
The 'JASBUG' Windows hole - beyond the hype, what you need to know
Naked Security
Paul Ducklin
Feb 12, 2015
Downgrade attacks on Windows SMB and Active Directory Group Policy
have been fixed, a year after their discovery, and some years after
their origination.
Bank Hackers Steal Millions via Malware
NYTimes.com
David E. Sanger and Nicole Perlroth
Feb. 14, 2015
Kaspersky Labs scored another expose last month in uncovering malware
that surreptiously redirected millions of dollars of funds without
detection. The software afflicted 100 financial institutions in 30
countries. Keeping a very low profile, the software enabled remote
monitoring and execution.
The Best Hackers Ever Are the Ones You Never Heard Of: The Equation Group
Kaspersky Labs released a report about an unknown group reponsible for
the widespread distribution of malware that was so stealthy that it
resisted detection for 14 years.
Omnipotent Hackers
Arstechnica
Dan Goodin
Feb 16, 2015 12:00pm MST
Report:
Equation Group Questions and Answers
Related story:
Russian researchers expose breakthrough in U.S. spying program
Reuters
Joseph Menn
February 17, 2015
Related story:
U.S. Embedded Spyware Overseas, Report Claims
NYTimes.com
Nicole Perlroth and David E. Sanger
Feb. 16, 2015
Lenovo to stop pre-installing controversial software ,
Reuters
Paul Carsten
Feb 19, 2015
The world's largest PC maker, Lenovo, reacted to the discovery that
notebooks sold in late 2014 had a piece of software that hijacked web
connections. The purpose was to display ads. The objectionable
feature was that it injected ads into what otherwise appeared to be a
connection with authentication and encryption, i.e. "trusted".
Secrecy around police surveillance equipment proves a case's undoing
The Washington Post
Ellen Nakashima
February 22, 2015
Rather than reveal information about "fake cellphone tower" equipment, the
FBI scuttled a case against a small time pot dealer. The devices can find
detailed location information for phones, down to the room in a house.
Here's how the clash between the NSA Director and a senior Yahoo executive went down.
The Washington Post
Andrea Peterson
Feb 23, 2015
At a public cybersecurity meeting, the NSA director spoke about the
need for the government to have access to all encrypted material on
the Internet. In case you think this is impossible, review the history
of "key escrow".
SIM Chip Encryption Key Compromised?
Cell phone maker Gemalto said that persons unknown tried to get
information that would let them compromise the SIM card encryption.
The attacks occurred in 2010. Recent information has led the company
to connect them to the US and British governments. But, were they
successful?
Chip Maker to Investigate Claims of Hacking by N.S.A. and British Spy Agencies
New York Times
Mark Scott
Feb. 20, 2015
U.S. and British Agencies May Have Tried to Get SIM Encryption Codes, Gemalto Says
NYTimes.com
Mark Scott and Aurelien Breeden
Feb 25, 2015
How To Sabotage Encryption Software (And Not Get Caught)
WIRED
Andy Greenberg
Feb 27, 2015
This article is about a new paper and a book by Bruce Scheier. The
integrity of standards for Internet cryptography was called into
question a few years ago with news that NSA seemed to have used its
influence to introduce a weakness into a standard for random number
generation. In the interim, there has been a great deal of thought
put into how to produce standards that are free from undermining. The
papers discusses the avenues by which weaknesses can be introduced.
The paper:
"Surreptitiously Weakening Cryptographic Systems"
by Bruce Schneier, Matthew Fredrikson, Tadayoshi Kohno, and Thomas Ristenpart
The article mentions Bruce Scheier's book "Data and Goliath", reviewed in this Cipher issue.
A "Zombie from the 90's": FREAK, the Vulnerability Against Apple and Google Users
Secure access to websites is something that we have begun to take for
granted, but it seems that a combination of man-in-the-middle and downgrade
attacks can force many websites into using encryption so weak that
an eavesdropper can read it without an extraordinary amount of work.
'FREAK' flaw undermines security for Apple and Google users, researchers discover
The Washington Post
Craig Timberg
Mar 3, 2015
Microsoft reacted to the FREAK vulnerability later than Apple and Google
Slate.com
Lily Hay Newman
Mar 7, 2015
So much for the claim that Apple Pay would be 'secure'
Los Angeles Times
Michael Hiltzik
Mar 8, 2015
This article shows that "security" is a bigger concept than just
authentication and encryption. By shifting some responsibility for
safeguards for credit card registration from itself to banks, Apple
enabled a corridor for easy use of stolen credit cards.
Samsung tablets spy-proof with IBM software
Bloomberg Business News
March 14, 2015
At CeBIT 2015, Secusmart announced its high-security tablet based the Samsung
Galaxy Tab S 10.5. The device allows non-secure apps to exist
alongside "wrapped" secure apps. The device is targeted at government
officials.