Editor's News

The cloud is secure enough for what it is used for, but more work needs to be done on cryptography and key management as “distributed computing” will stick. Speaking on a panel at the Trust in the Digital World conference in Madrid, Steve Purser, head of operations at ENISA said that cloud is “secure enough but we need to do more work” to deal with modern risks. He said: “The current state is that ENISA...

The large majority of society are not aware of what is going on with their data and use services on internet regardless, and this is not a sustainable model. Speaking at the Trust in the Digital World conference in Madrid, Richard Benjamins, group director of business intelligence and Big Data at Telefonica DG, said that Big Data and digital trust are not a new thing, but it is “a privacy time bomb”. Benjamins said that...

In a coordinated a joint international operation utilising Europol's European Cybercrime Centre (EC3), the Ramnit botnet has been disrupted to help disinfect 3.2 million computers. Led by investigators from the UK and including Germany, Italy, the Netherlands and partners from private industry including Microsoft, Symantec and AnubisNetworks, the operations worked to shut down command and control servers and redirect 300 domain addresses used by the botnet's operators. The botnet was used to gain remote access...

Gemalto has said that an initial investigation into alleged hacking of its SIM keys by intelligence agencies appears to be true. In a statement following the revelations by The Intercept that GCHQ and NSA hacked into SIM keys to bypass encryption to monitor use, Gemalto has said that the investigation into the intrusion methods described in the document and the sophisticated attacks that Gemalto detected in 2010 and 2011 “give us reasonable grounds to believe...

The time being taken to detect breaches has reduced year-on-year. According to the M-trends report from FireEye, despite one organisation being breached for over eight years, the time it takes organisations to detect that they have been compromised has dropped to 205 days in 2014, down from 229 days in 2013 and 243 days in 2012 Yet the report said that it is becoming harder for organisations to detect that they have been breached, with only...

Sir Malcolm Rifkind has announced that he plans to step down as an MP and resign from his role as chairman of the Intellgence and Security Committee. In a statement, Rifkind said that he is to step down at the next election despite the “tremendous support from my constituency association and from many constituents in Kensington over the last two days”. Rifkind was alleged to have offered his services to a private company after being...

Privdog has announced that is has released a fix for a security issue found in the third party library Calling the threat level “low”, an advisory said that a “minor intermittent defect” was detected in a third party library used by the PrivDog standalone application, which potentially affects a very small number of users. It said: “This potential issue is only present in PrivDog versions, 3.0.96.0 and 3.0.97.0. The potential issue is not present in...

Software named PrivDog will intercept every certificate and replace it with one signed by its root key, according to research.   That includes certificates that weren't valid in the first place. “It will turn your browser into one that just accepts every HTTPS certificate out there, whether it's been signed by a certificate authority or not,” researcher Hanno Böck said.   As well as that, it directs to a webpage that has a self-signed certificate and...

Lenovo has released an automated tool to remove the Superfish tool and is working with security firms to quarantine the certificate quarantined.   According to a statement, Lenovo has tasked Intel Security (formerly McAfee) and Symantec to remove the rogue software, which was accused of stealing web traffic using fake, self-signed, root certificates to inject advertisements into sessions, and monitoring user activity with man-in-the-middle attack techniques to crack secure connections.   Lenovo said that it...

Gemalto has said that it especially vigilant against malicious hackers and is unable to prove a link between past hacking attempts and what has been recently reported.   In a statement, the SIM card manufacturer said that reports were incorrect that attacks were targeted at Gemalto, and instead efforts were made “to try and cast the widest net possible to reach as many mobile phones as possible”.   It said it was unable to verify...