By late 2012, the NSA was cracking 10 million https connections a day | TechCrunch

German news outlet Spiegel published a story about the NSA’s ability to crack encrypted forms of communication, exposing the agency’s routine interception of SSL/TLS, which are used by web servers to transmit sensitive information. The report also exposed the fact that the agency has the ability to decrypt a virtual private network.

http://techcrunch.com/2014/12/29/latest-snowden-revelations-expose-scope-of-nsa-interceptions

And from those 10M * 2 years * 265 days per year intercepts the NSA has prevented exactly zero, zip, nada, not one terrorist attack. Gosh! I feel so much safer - well congress apparently feels safer from us!

Hospitals Are Getting Hacked More Frequently | MIT Technology Review

Cybercriminals are increasingly targeting the computer networks of hospitals—one recently announced theft involved data from 4.5 million people who had received treatment from Community Health Systems (CHS), a company that runs more than 200 hospitals. Malware attacks are on the rise in many industries, but researchers from the security firm Websense say the rate at which attacks on hospitals has grown during the past year is unparalleled.

Data security is often lax within health-care facilities, and hackers are targeting systems that store troves of valuable personal information held in electronic medical records, according to the Websense researchers, who say they’ve observed a 600 percent increase in attacks on hospitals over the past 10 months.

http://www.technologyreview.com/news/530411/hackers-are-homing-in-on-hospitals/

And the feds have made it worse with ObamaCare security issues. 

For an amusing experience ask your healthcare provider how they secure your information.

Cybersecurity Hindsight And A Look Ahead At 2015

This year we witnessed a series of high-profile security breaches, from the aftermath of the Target and Home Depot fiascoes, to a number of attacks on other national retailers, including Michaels, Goodwill and Neiman Marcus. Then there was the massive breach at JP Morgan Chase, which compromised personal information of more than 83 million households and businesses, and finally over 100 terabytes of internal files and films recently stolen from Sony.

Nobody was safe in 2014. 

And it will only get worse in 2015...

http://techcrunch.com/2014/12/28/cyber-security-hindsight-2020-and-a-look-ahead-at-2015/

Feds Invoke “All Writs Act” To Compel Apple To Decrypt Smartphones

Feds Invoke "All Writs Act" To Compel Apple To Decrypt Smartphones

"Privacy advocates were probably over the moon when they heard Apple and Google's new encryption methods which is basically where neither company has the tools to decrypt a user's smartphone and access its data, unless of course the data is stored in the cloud either in iCloud or Google Drive."

http://www.ubergizmo.com/2014/12/feds-invoke-all-writs-act-to-compel-apple-to-decrypt-smartphones/?utm_source=shatterdoc.com

Clearly, however you choose to protect your data, trusting encryption to a third party is just an invitation to the feds to re-purpose ancient laws to strip you of your rights and privacy. 

Take control! Encrypt YOUR data yourself BEFORE trusting it to a third party.

Thanks DrT

Fwd: Edward Snowden’s Privacy Tips: “Get Rid Of Dropbox,” Avoid Facebook And Google | TechCrunch

Edward Snowden's Privacy Tips: "Get Rid Of Dropbox," Avoid Facebook And Google | TechCrunch

"According to Edward Snowden, people who care about their privacy should stay away from popular consumer Internet services like Dropbox, Facebook, and Google."


Snowden said "When you say, 'I have nothing to hide,' you're saying, 'I don't care about this right.' You're saying, 'I don't have this right, because I've got to the point where I have to justify it.' The way rights work is, the government has to justify its intrusion into your rights."

http://techcrunch.com/2014/10/11/edward-snowden-new-yorker-festival/?ncid=rss&cps=gravity&utm_medium=referral&utm_source=shatterdoc.com

Not that we're fond of Snowden, but he does have a point. And if you want to use commercial cloud services then you should consider ShatterDOC. Protect your data yourself before it leaves your computer.
Thanks DrT

Surveillance court judge to Yahoo lawyer: What people don’t know can’t hurt you

Surveillance court judge to Yahoo lawyer: What people don't know can't hurt you

VENTUREBEAT | NOVEMBER 19, 2014

"On June 19, 2008, Yahoo lawyers appeared before the U.S. Foreign Intelligence Surveillance Court of Review, a three-judge panel that convened in Providence, R.I. Yahoo wanted to contest the growing volume of requests it was getting to let federal officials monitor its users’ email and other digital communications.

Not surprisingly, the court ruled against Yahoo."

http://venturebeat.com/2014/11/19/surveillance-court-judge-to-yahoo-lawyer-what-people-dont-know-cant-hurt-you/?utm_medium=referral&utm_source=shatterdoc.com

Now this is really frightening. A secret federal judge tells a US company that hiding information from their customers is OK because uninformed customers won't sue them!

Ignorance is bliss defense.

Thanks DrT

The Data Factory: 12 Essential Facts on Enterprise Cloud Usage & Risk

The Data Factory: 12 Essential Facts on Enterprise Cloud Usage & Risk
CLOUD SECURITY ALLIANCE | NOVEMBER 4, 2014

By Kamal Shah, VP of Products and Marketing

"Between headlines from the latest stories on data breaches and the hottest new apps on the block, it’s easy to be captivated with what people are saying, blogging, and tweeting about the state of cloud adoption and security. But let’s face it: It’s hard to separate the hype from the truth, and stories about security can range from hyperbolic to accurately frightening."

https://blog.cloudsecurityalliance.org/2014/11/04/the-data-factory-12-essential-facts-on-enterprise-cloud-usage-risk/?utm_medium=referral&utm_source=shatterdoc.com

BLOG Team

Mobile and Cloud: BFFs 4Ever

Mobile and Cloud: BFFs 4Ever
CLOUD SECURITY ALLIANCE | OCTOBER 29, 2014

By Krishna Narayanaswamy, Chief Scientist, Netskope 

October 29, 2014 

"We released the Netskope Cloud Report for October today. In it, we analyze the aggregated, anonymized data collected from tens of billions of events across millions of users in the Netskope Active Platform, and highlight key findings about cloud app usage in enterprise as seen in the Netskope Active Platform. This includes our count of enterprise cloud apps (579) and percent that are enterprise-ready (88.7 percent), as well as top apps, activities, and policy violations. But what was really interesting about this quarter’s findings is the level of cloud app activity occurring on mobile devices."

https://blog.cloudsecurityalliance.org/2014/10/29/mobile-and-cloud-bffs-4ever/?utm_medium=referral&utm_source=shatterdoc.com

A New Path to Better Cybersecurity

A New Path to Better Cybersecurity

DISCOVER MAGAZINE | NOVEMBER 26, 2014

Hackers breached the computer systems of major retailers this year. What can be done?

http://discovermagazine.com/2015/jan-feb/4-a-new-path-to-better-cybersecurity?utm_medium=referral&utm_source=shatterdoc.com

May require subscription
BlogTeam

BBC News - FBI warns of destructive malware use by hackers

BBC News - FBI warns of destructive malware use by hackers

Great here we go again.
http://www.bbc.com/news/business-30287679

Google’s new security tools to track and protect online life

Google's new security tools to track and protect online life

ANDROID COMMUNITY | NOVEMBER 25, 2014

"With most of us spending our lives online and a lot of that spent on Google- related sites like Gmail, YouTube, etc, it's only right that the tech company should be concerned about security and protecting your online life. That is why they have released two new security tools that will help users, not just IT managers, track their online life and at the same time help keep it secure."
http://androidcommunity.com/googles-new-security-tools-to-track-and-protect-online-life-20141125/?utm_medium=referral&utm_source=shatterdoc.com

On-the-other-hand, securing your stuff should be a concern of yours.

About That Enterprise File-Sharing Study

About That Enterprise File-Sharing Study

TECHCRUNCH | NOVEMBER 28, 2014

"Earlier this week, TechCrunch published commentary on a report concerning the current popularity of various enterprise cloud file sync and share  products, a group of services usually shortened to the acronym 'EFSS.'

Dropbox was far and away the leader, finding a home within nearly 45 percent of responding enterprise IT pros' businesses. Microsoft's OneDrive had over 25 percent penetration, Google Drive had nearly 25 percent and Box had just under 15 percent.

Smaller players — Amazon, Hightail, SAP Docs, Egnyte, and so forth — each had less than 10 percent apiece."

http://techcrunch.com/2014/11/28/about-that-enterprise-file-sharing-study/?ncid=txtlnkusaolp00000602&utm_medium=referral&utm_source=shatterdoc.com

BUT, the real news in this report is that less than 18% of users are actually PAYING for the service. Is it any wonder then that security is less than ideal? No wonder you need a security product like ShatterDOC!

BLOG Team

'Sophisticated' Regin spyware found

'Sophisticated' Regin spyware found

BBC NEWS | NOVEMBER 24, 2014

An "extremely complex" and "stealthy" spying program has been stealing data from ISPs, energy companies, airlines and research-and-development labs, a...

http://www.bbc.com/news/technology-30145265#?utm_medium=referral&utm_source=shatterdoc.com

Are YOU unprotected?

Thanks Mark

Lessons from Apple iCloud Data Leak

Lessons from Apple iCloud Data Leak
CLOUD SECURITY ALLIANCE | NOVEMBER 19, 2014

By Paul Skokowski, Chief Marketing Officer, Accellion

"The theft of celebrity photos from Apple iCloud is a stark reminder of the need to think twice before storing data. For many people using a Mac the default behavior is to automatically back up and save data to iCloud. It’s wonderfully appealing and convenient and seamlessly integrates into practically everything you do on the Mac.  In fact it is so easy most people don’t think twice about what they are storing and that is where the problem begins."

https://blog.cloudsecurityalliance.org/2014/11/19/lessons-from-apple-icloud-data-leak/?utm_medium=referral&utm_source=shatterdoc.com

Thanks Mark

Windows is vulnerable to web encryption attacks, too

Windows is vulnerable to web encryption attacks, too

ENGADGET | NOVEMBER 12, 2014

Microsoft's software isn't immune to the rash of recent web encryption exploits, it seems. The company has discovered (and thankfully, patched) a Wind...

http://www.engadget.com/2014/11/13/windows-schannel-security-flaw/?ncid=txtlnkusaolp00000602&utm_medium=referral&utm_source=shatterdoc.com

Of course MS didn't patch anything. YOU have to download the patch and install it or let MS do it automagically in secret behind your back which requires the right computer settings. If you're one of the folks that had the automagic approach kill your Office applications then you might have turned off automagic updates.

Yet another case of encryption method failure.

DrT

Fwd: Why Are ISPs Removing Their Customers' Email Encryption?

Why Are ISPs Removing Their Customers' Email Encryption?

GIZMODO | NOVEMBER 12, 2014

Recently, Verizon was caught tampering with its customer's web requests to inject a tracking super-cookie. Another network-tampering threat to user

http://gizmodo.com/why-are-isps-removing-their-customers-email-encryption-1657784170?utm_medium=referral&utm_source=shatterdoc.com

Here ISPs are modifying customer traffic to prevent encryption of their traffic. Users don't know that this is happening. Businesses don't know. ISPs aren't telling anyone!

Thanks DrT

Fwd: Verizon's changes to mobile web traffic limit your privacy

Verizon's changes to mobile web traffic limit your privacy

ENGADGET | OCTOBER 28, 2014

Do you work hard to maintain privacy on your smartphone through tools like Do Not Track? If you're on Verizon, your efforts might not be doing much go...
http://www.engadget.com/2014/10/28/verizon-web-privacy-concern/

This is an outrageous intrusion on Verizon customer's privacy. A thoughtless, uncaring breach of trust.

DrT 

Why The Future Of Digital Security Is Open

Why The Future Of Digital Security Is Open

TECHCRUNCH | OCTOBER 16, 2014
http://techcrunch.com/2014/10/16/why-the-future-of-digital-security-is-open/?ncid=txtlnkusaolp00000602&utm_medium=referral&utm_source=njot

Digital security is a major concern. Few other issues affect everyone, from individuals to companies to entire nations. So what is the future of digital security?
Staff

Poodle – How Bad Is Its Bite? (Here’s the Data)

Poodle – How Bad Is Its Bite? (Here's the Data)

CLOUD SECURITY ALLIANCE | OCTOBER 17, 2014
https://blog.cloudsecurityalliance.org/2014/10/17/poodle-how-bad-is-its-bite-heres-the-data/?utm_medium=referral&utm_source=njot

A major vulnerability affecting the security of cloud services dubbed POODLE (Padding Oracle on Downgraded Legacy Encryption) was reported on October 14th by three Google security researchers.

So trying to secure cloud data with encryption has issues too. Another reason to not put all your digital eggs in one cloud basket.

Thanks DrT

Fwd: Another marketing opportunity

Hi All,

This could not have happened if the celebs had used ShatterDOC! 

DrA

 

'Cloud' concerns after celebrity picture leaks

http://www.bbc.com/news/technology-29011850

 

It is understood some of the images were obtained from services such as Apple iCloud that back up content from devices on to the internet.

Apple is understood to be looking into the issue.

One expert said that private data "becomes much more difficult to control" when using cloud services.

"It is important for celebrities and the general public to remember that images and data no longer just reside on the device that captured it," said Ken Westin, security analyst at Tripwire.

"Although many cloud providers may encrypt the data communications between the device and the cloud, it does not mean that the image and data is encrypted when the data is at rest."
[Internal email]

 

 

What enterprises can learn from the iCloud celebrity photo hack

What enterprises can learn from the iCloud celebrity photo hack

VENTUREBEAT | SEPTEMBER 6, 2014

Following the recent discovery that the very personal photos of numerous female celebrities had been stolen and posted online, Apple is rushing to strengthen security for its popular iCloud service. But, the question remains whether or not these measures will be enough to protect users' private information — and whether enterprise users should be using these services at all.

http://venturebeat.com/2014/09/06/what-enterprises-can-learn-from-the-icloud-celebrity-photo-hack/

Using ShatterDOC provides that additional layer of easy-to-use security ideal for storing and sharing questionable celebrity photos securely.

Thanks DrT

Celebrities get phished, but the cloud gets blamed

Celebrities get phished, but the cloud gets blamed

INFOWORLD | SEPTEMBER 5, 2014

No system is perfectly secure, but the fact is the cloud is more secure than on-premises systems [Really?!!]

It seems that hackers targeted celebrities using research and brute force to figure out how to access information in Apple's iCloud. According to reports circulating on the Web, the hackers managed to access backups on Apple's iCloud servers that occur each night to make sure that your lost or stolen phone does not lead to lost and stolen information. [unlikely on a properly maintained PC behind firewall and router].

http://www.infoworld.com/d/cloud-computing/celebrities-get-phished-the-cloud-gets-blamed-249809

Thanks DrT

Box, AT&T Team Up for More Secure Cloud Access

Box, AT&T Team Up for More Secure Cloud Access

PCMAG | SEPTEMBER 5, 2014

Box and AT&T have announced a new partnership that will let AT&T users more securely access content stored on Box. In mid-2015, those who use AT&T NetBond - which provides a secure VPN connection to the Web - will be able tap into their Box accounts.

http://www.pcmag.com/article2/0,2817,2467502,00.asp

Of course ShatterDOC business software is coming soon too...

Business Choice Awards 2014: Cloud Computing Services

Business Choice Awards 2014: Cloud Computing Services

PCMAG | SEPTEMBER 5, 2014

Not everyone really understands cloud computing, a service where a company's data is stored in and accessible through multiple distributed and connect...

This article explains it - sorta
http://www.pcmag.com/article2/0,2817,2465579,00.asp

One of the Best Cybersecurity Minds on Earth Uses a Pager Not a Phone

One of the Best Cybersecurity Minds on Earth Uses a Pager Not a Phone

GIZMODO | AUGUST 14, 2014

Dan Geer is world-renowned cyber security researcher. He's Chief Information Security Officer at In-Q-Tel, a non-profit venture capital firm.  His company invests in technology to support the CIA. He's knows his s***. And he uses a pager instead of a smartphone.
gizmodo.com/one-of-the-best-cybersecurity-minds-on-earth-uses-a-pag-1621451520

Cynthia WebTeam

The worst cloud outages of 2014 (so far)

The worst cloud outages of 2014 (so far)

INFOWORLD | AUGUST 25, 2014

Which companies have failed the worst when it comes to cloud outages in 2014? Time for the list no one wants to land on.

Cloud services offer a lot of advantages over their local equivalents [plus additional security risks], but like any type of technology, servers in the sky aren't immune to failure.
http://www.infoworld.com/slideshow/162288/the-worst-cloud-outages-of-2014-so-far-248874

Shameless commercial: ShatterDOC technology uses several cloud providers so when one experiences an outage your data is still available.
Cindi Blog Team

White House Cybersecurity Leader: Technical Know-How's a Distraction

White House Cybersecurity Leader: Technical Know-How's a Distraction

GIZMODO | AUGUST 22, 2014

In much the same way that the best heart surgeons have never studied medicine and Supreme Court judges have never really read the law, Michael Daniel, the White House's cybersecurity coordinator thinks that "...being too down in the weeds at the technical level could actually be a little bit of a distraction" in his position.
After all, he explained, he doesn't "have to be a coder in order to do really well." And he is living proof: He's has no cybersecurity experience, is not a coder, and is not a software professional of any kind but he is the top cybersecurity guy in the White House.
gizmodo.com/white-house-cybersecurity-leader-technical-know-hows-a-1625439356

Willful ignorance isn't an argument favoring competence. Rather, it's the argument an arrogant, ignorant, hubris filled apparatchik uses when questioned about their competence.
Thanks, we think, DrT

GeekWire Radio: How cops are moving to the cloud, and what it means for public safety

GeekWire Radio: How cops are moving to the cloud, and what it means for public safety

GEEKWIRE | AUGUST 23, 2014

The recent chaos and tragedy in Ferguson, Mo., have highlighted the importance of accountability and transparency in everyday interactions between police and the public. Can technology make a difference?
Specifically cloud-based service and wearable cameras used by police departments.

http://www.geekwire.com/2014/geekwire-radio-cops-moving-cloud-means-public-safety/

Anyone think moving police information into the cloud might be a problem? Why does confidential police information need to even be connected to the Internet? What happens if police information is hacked or changed? SWAT shows up at the modified address looking for a murder suspect. What could possibly go wrong? Is the really an increase in public safety?
DrT hopes police information is better protected than most commercial business data.

Wyoming, a cloud leader? Take notes, America

Wyoming, a cloud leader? Take notes, America

INFOWORLD | AUGUST 19, 2014

Don't think of Wyoming as a special case -- citizens of all states would benefit from government's cloud shift. Outsourcing its two data centers is an interim step to eventually moving these IT systems to public cloud services. Where Wyoming goes, the rest of the states should follow.
http://akamai.infoworld.com/d/cloud-computing/wyoming-cloud-leader-take-notes-america-248619

Of course this will place Wyoming's Citizens information at great risk based on the current state of cloud security. David Linthicum's blog on cloud computing at InfoWorld.com is far more like advocacy and less like seasoned IT advice. This article doesn't mention the risk associated with cloud based systems or methods to mitigate such risks. We're, of course, a bit biased about ShatterDOC tech but before moving critical information to vender clouds a risk assessment is critical.

DrT Webteam

Apple and China : Encryption Plans

Apple begins storing users' personal data on servers in China

http://in.reuters.com/article/2014/08/15/apple-data-china-idINKBN0GF0NF20140815

 

A source with knowledge of the situation said the encryption keys for Apple's data on China Telecom servers would be stored offshore and not made available to China Telecom.
Apple has said it has devised encryption systems for services such as iMessage that even Apple itself cannot unlock. But some experts expressed skepticism that Apple would be able to withhold user data in the event of a government request.

Thanks DrW : Cindi WebTeam


Add us to the skeptics. 

Protect your own communications

Visit PRISM Break to learn about available technical solutions. For secure text messaging and phone calls, see Open WhisperSystems. Visit the Tor Project to learn how to browse the web more anonymously. Keep an eye on the Dark Mail Alliance in the coming year for a new way to encrypt email.
http://divergentdave.github.io/nsa-o-matic/

Thanks JBT for this link

Alternatively use ShatterDOC to build your own private - very private - email like system. Watch for an announcement of our email replacement product!

QuickDrop Adds Instant Dropbox Uploads and Downloads to Chrome

QuickDrop Adds Instant Dropbox Uploads and Downloads to Chrome

LIFEHACKER | AUGUST 11, 2014

Chrome: Dropbox is one of our (and your) favorite cloud storage providers, but while it has clients for operating systems, there is nothing for the browser.

http://lifehacker.com/quickdrop-adds-instant-dropbox-uploads-and-downloads-to-1619275178

Convenient but is is safe?
Webteam

Edward Snowden Reveals NSA's MonsterMind Program

Edward Snowden Reveals NSA's MonsterMind Program

POPULAR SCIENCE | AUGUST 13, 2014

NSA's Utah Data Center A view of Monstermind's physical lair, photographed from an Electronic Frontier Foundation airship Parker Higgins, Electronic. As described, MonsterMind is a brute force approach to covert cyber war embodied in one program. In order to function, it scans a huge amount of electronic communication, all passing through the 247 acre facility, and looks for attacks. That's the scary part. The dumb part is how it automatically decides where to strike back. That's a problem, Snowden says, because the initial attacks are often routed through computers in innocent third countries. "These attacks can be spoofed," he says. "You could have someone sitting in China, for example, making it appear that one of these attacks is originating in Russia. And then we end up shooting back at a Russian hospital. What happens next?"

http://www.popsci.com/article/technology/edward-snowden-reveals-nsas-monstermind-program

When there is no oversight the results are predictable. It's like letting the kindergartners run the grade school. Kindergartners with billions of our dollars and absolutely no accountability. This might make a great comedy if it wasn't terrifying.

Well, kinda thanks to DrT for sending us this article.
Cyndi Webteam

How to protect your finances from cyber hackers

How to protect your finances from cyber hackers

FORTUNE FINANCE | AUGUST 11, 2014

It seems that every few days we hear about another cyber-hacking case. Last week, reports of a Russian cybercrime group amassing 1.2 billion usernames...
http://fortune.com/2014/08/11/how-to-protect-your-finances-from-cyber-hackers/

The bottom line is - it's not easy. And mostly you'll find out after the fact. But the good news is you'll know about it. An possibly even soon enough to do something to stop it.

Mark WebTeam

FBI used drive-by downloads to track child porn suspects hidden on Tor | Naked Security

The agency not only cracked an unsecured forum for child abuse images hidden on Tor; they then took over three child porn sites and boobytrapped them with drive-by spyware downloads.

The FBI used Tor as a launchpad for what has to be considered malware: software that's downloaded silently without the consent of the target.

Do the means justify the ends, if the ends are catching child abusers?

Beyond that, this case represents yet another abuse of the anonymising network, which strives to shield people, be they up to good or not, from surveillance and detection.

http://nakedsecurity.sophos.com/2014/08/06/fbi-used-drive-by-downloads-to-track-child-porn-suspects-hidden-on-tor/

4 cloud horror stories -- and how to survive them

4 cloud horror stories -- and how to survive them

INFOWORLD | AUGUST 11, 2014

Here are four cloud horror stories along with spoilers, so you can make it out alive.
While vendors claim that cloud services are secure and reliable, that's not always the case. A better way than relying or vendor promises? Make sure your migration plans, budgets, existing infrastructure, security and any ancillary services all match up before making the jump to the cloud.

http://www.infoworld.com/d/cloud-computing/4-cloud-horror-stories-and-how-survive-them-247791

Another thing you should do is secure your data with ShatterDOC.
Thanks DrT - WebTeam

Wonder if you're a victim of the "billion password" breach? Pay $120 to find out

Wonder if you're a victim of the "billion password" breach? Pay $120 to find out
And another scam sucks money from the uninformed.
This time with the help of the New York Times.

http://grahamcluley.com/2014/08/cybervor-pay/

HP finds that “Internet of Things” gadgets are sitting ducks | Naked Security

According to a new report (PDF) from HP Security Research, those smart TVs, those overly intelligent thermostats, and those entirely too spam-spewing refrigerators (email-not-lunch-meat) are all pockmarked with security and privacy holes and probably plotting against us right now.
HP found that 7 out of the 10 internet-enabled devices they tested are vulnerable to some form of attack.
http://nakedsecurity.sophos.com/2014/08/05/hp-finds-that-internet-of-things-gadgets-are-sitting-ducks/

And consider LG TV: http://nakedsecurity.sophos.com/2013/11/20/lg-smart-tvs-phone-home-with-viewing-habits-and-usb-file-names/
That should be made illegal. Period.

Thanks DrT

Revealed: The NSA’s Secret Campaign to Crack, Undermine Internet Security

Revealed: The NSA's Secret Campaign to Crack, Undermine Internet Security
The National Security Agency is winning its long-running secret war on encryption, using supercomputers, technical trickery, court orders and behind-the-scenes persuasion to undermine the major tools protecting the privacy of everyday communications in the Internet age, according to newly disclosed documents.
http://www.propublica.org/article/the-nsas-secret-campaign-to-crack-undermine-internet-encryption
But of course they are just protecting us. 

Synology NAS devices targeted by hackers, demand Bitcoin ransom to decrypt files

Synology NAS devices targeted by hackers, demand Bitcoin ransom to decrypt files

EXTREMETECH | AUGUST 5, 2014

Synology is back in the spotlight for NAS trouble -- this time its devices are being ransomed for Bitcoin. The company has promised an update as soon. An exploit dubbed SynoLocker is locking NASes unless the owners pay a ransom fee to decrypt their files.
http://www.extremetech.com/extreme/187518-synology-nas-devices-targeted-by-hackers-demand-bitcoin-ransom-to-decrypt-files

Thanks MT

Why Google Just Bought a Company That Snoops on Your Chats

Why Google Just Bought a Company That Snoops on Your Chats
WIRED EPICENTER | AUGUST 6, 2014

Google just bought another online communications channel it can fill with ads. .The tech giant confirms it has acquired Emu, a startup that offers a kind of instant messaging tool. The price was not disclosed, but Google's interest in the company isn't hard to divine: Emu has built a system that can monitor chats, infer what people are talking about, and insert relevant links—including ads.
http://www.wired.com/2014/08/google-is-excited-about-monitoring-chats/

That should make chat users feel great!

If they can insert ads then the tech can insert anything - including things you didn't actually say.

Try telling a judge "I didn't type that" when he has a hard copy transcript of your chat conversation.

OneDrive user arrested on child porn charges following tip by Microsoft

OneDrive user arrested on child porn charges following tip by Microsoft
GEEKWIRE | AUGUST 6, 2014

A Pennsylvania man has been arrested on child pornography charges after Microsoft tipped off law enforcement that he had uploaded a pair of illicit images to his OneDrive account, according to a probable cause affidavit obtained by The Smoking Gun. Microsoft was able to detect the images through the use of PhotoDNA, technology that it developed alongside Dartmouth College, which is designed to make it possible to identify images and tip law enforcement without requiring staff to look at the offending files. The same technology is used by a variety of tech companies, including Facebook and Twitter.

http://www.geekwire.com/2014/pennsylvania-onedrive-user-arrested-child-porn-charges-following-tip-microsoft/

Of course Microsoft and LEOs don't report the false positive rate... 

Good thing such an error couldn't ruin your life.

5 reasons Internet crime is worse than ever

5 reasons Internet crime is worse than ever
INFOWORLD | AUGUST 5, 2014

Why does Internet crime remain a menace? These five reasons have enabled us to accept it -- but that complacency may not last
http://www.infoworld.com/d/security/5-reasons-internet-crime-worse-ever-247649

The real question is why aren't governments doing something about it?
Perhaps red light cameras are just easier.

Microsoft Azure, the world's biggest cloud? Someone's fudging

Microsoft Azure, the world's biggest cloud? Someone's fudging
INFOWORLD | AUGUST 5, 2014

Microsoft Azure is on a tear, but only bad math makes Azure's numbers add up to the industry's largest cloud.
http://www.infoworld.com/t/cloud-computing/microsoft-azure-the-worlds-biggest-cloud-someones-fudging-247655

Wait! Microsoft fudging the numbers? Tell me it isn't so.

Evidence of another Snowden-like mole is worrying Feds

It looks like there's at least one more mole in their midst.

The proof: an article posted Tuesday by The Intercept, a site run by Snowden leak publisher Glenn Greenwald. The article references classified government documents obtained from somebody The Intercept describes as a "source in the intelligence community".

http://nakedsecurity.sophos.com/2014/08/07/evidence-of-another-snowden-like-mole-is-worrying-feds/

Helping the enemy or fighting oppression?

Father of PGP encryption: Telcos need to get out of bed with governments
Phil Zimmermann, the creator of Pretty Good Privacy public-key encryption, has some experience when it comes to the politics of crypto. During the "crypto wars" of the 1990s, Zimmermann fought to convince the US government to stop classifying PGP as a "munition" and shut down the Clipper Chip program—an effort to create a government-mandated encryption processor that would have given the NSA a back door into all encrypted electronic communication.

http://arstechnica.com/tech-policy/2014/08/father-of-pgp-encryption-says-telcos-need-to-get-out-of-bed-with-government/

Thanks DrA

 

How US and UK spy agencies defeat internet privacy and security

Revealed: how US and UK spy agencies defeat internet privacy and security
• NSA and GCHQ unlock encryption used to protect emails, banking and medical records
• $250m-a-year US program works covertly with tech companies to insert weaknesses into products
• Security experts say programs 'undermine the fabric of the internet'
http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security

No weakness here...

Are users hoarding data? Here's where to put it | Data Center - InfoWorld

Are users hoarding data? Here's where to put it | Data Center - InfoWorld

Contains a lot of interesting advice. Perhaps the best is "One of the most useful tools in the battle over unreasonable data retention is a simple script that walks through a file tree and records every directory with an atime of greater than n years, and calculates the space savings if that data was moved to a graveyard array or permanently deleted. Some of these results will be shocking, especially if the shares have been around for a while. Finding 3TB that hasn't been touched since 2007 in an 8TB array is not unusual."
http://m.infoworld.com/d/data-center/are-users-hoarding-data-heres-where-put-it-245532

But it you're moving to the Cloud or to a physically insecure location and your data contains business or personal sensitive information, consider ShatterDOC.

ShatterDOC Information Team

Sex, spies, and the cloud: NSA revelations continue to weaken confidence

Sex, spies, and the cloud: NSA revelations continue to weaken confidence

INFOWORLD | JULY 8, 2014

Washington Post investigation asserts that the NSA collects data mostly from ordinary citizens, not potential terrorists
http://www.infoworld.com/d/cloud-computing/sex-spies-and-the-cloud-nsa-revelations-continue-weaken-confidence-245658

ShatterDOC Information Team

US makes it so easy for foreign invaders

http://www.nytimes.com/2014/07/10/world/asia/chinese-hackers-pursue-key-data-on-us-workers.html

Grad student has already made a mark in consumer privacy, U.S. spying

His research showed that the NSA's bulk collection of telephone metadata is far more invasive than officials let on. He and a research partner found that the seemingly bare-bones data could be used to show with some certainty callers' religious affiliations, medical conditions and, in one case, a woman seeking an abortion.

http://www.latimes.com/business/la-fi-himi-mayer-20140601-story.html

So, just another reason to protect your personal, private, data!

Two glimmers of hope for enterprise security

Two glimmers of hope for enterprise security

INFOWORLD | JULY 21, 2014

Will the endless stream of security compromises ever stop? No single security product can deliver salvation, but two new solutions, PingID and Tanium, show real promise
http://www.infoworld.com/t/security/two-glimmers-of-hope-enterprise-security-246622

Don't believe false alarms about Docker containers

Don't believe false alarms about Docker containers

INFOWORLD | JULY 22, 2014

Despite what some people say, Docker containers have plenty of resiliency options when needed. [Really?]

As Docker picks up steam, a few people are suggesting that this approach to cloud workload portability and management may have an Achilles' heel.
Docker containers sit on a shared Linux implementation, which creates the potential for significantly more vulnerabilities that can affect the operation of every container on a server, especially if the underlying OS goes down. In such an event, all containerized workloads could go down as well.

www.infoworld.com/d/cloud-computing/dont-believe-false-alarms-about-docker-containers-246692

US government says online storage isn't protected by the Fourth Amendment

US government says online storage isn't protected by the Fourth Amendment

ENGADGET | JULY 14, 2014

A couple months ago, a New York judge ruled that US search warrants applied to digital information even if they were stored overseas. The decision cam...
www.engadget.com/2014/07/14/fourth-amendment-online-data/

Thanks Apple

Apple May Be Spying On You Through Your iPhone

http://www.huffingtonpost.com/2014/07/26/apple-iphones-allow-extra_n_5622524.html

 

Personal data including text messages, contact lists and photos can be extracted from iPhones through previously unpublicized techniques by Apple Inc employees, the company acknowledged this week.

The same techniques to circumvent backup encryption could be used by law enforcement or others with access to the "trusted" computers to which the devices have been connected, according to the security expert who prompted Apple's admission.

Thanks Dr W
We thought Apple was our friend.

 

USB Stick Security is Fundamentally Broken

Why the Security of USB Is Fundamentally Broken

http://www.wired.com/2014/07/usb-security/

 

Any time a USB stick is plugged into a computer, its firmware could be reprogrammed by malware on that PC, with no easy way for the USB device's owner to detect it. And likewise, any USB device could silently infect a user's computer. "It goes both ways," Nohl says. "Nobody can trust anybody."

 

Trust must come from the fact that no one malicious has ever touched it," says Nohl. "You have to consider a USB infected and throw it away as soon as it touches a non-trusted computer. And that's incompatible with how we use USB devices right now."

 

The alternative is to treat USB devices like hypodermic needles.

Thanks Dr.A

 

Snooping on wearable tech with Raspberry Pi

Wearable users tracked with Raspberry Pi

Researchers could collect enough information to get the databases storing the data to execute commands.

 

People who use wearable gadgets to monitor their health or activity can be tracked with only $70 (£40) of hardware, research suggests.

The work, carried out by security firm Symantec, used a Raspberry Pi computer to grab data broadcast by the gadgets.

The snooping Pi was taken to parks and sporting events where it was able to pick out individuals in the crowds.

 

In addition, the research team looked at the apps associated with some activity monitors or which use a smartphone to gather data. About 20% of the apps Symantec looked at did nothing to obfuscate data being sent across the net even though it contained important ID information, such as name, passwords and birth date.

  http://www.bbc.com/news/technology-28602997

Thanks Dr. A.

New malware can live inside any USB device undetected

New malware can live inside any USB device undetected

ENGADGET | JULY 31, 2014

It turns out that the stalwart USB thumbstick, or any universal serial bus device, isn't as trustworthy as once thought. A pair of security researcher...

http://www.engadget.com/2014/07/31/badUSB-malware/

Thanks Dr A. Now no one will sleep tonight!

CLOUD SECURITY INNOVATORS – Q+A WITH JEFF BLAIR, CISO, CAA

CLOUD SECURITY INNOVATORS – Q+A WITH JEFF BLAIR, CISO, CAA

CLOUD SECURITY ALLIANCE | JULY 31, 2014

By Brandon Cook, Director of Product Marketing, Skyhigh Networks We are thrilled to feature a Q+A session with Jeff Blair, CISO
Q+A session with Jeff Blair, CISO of Creative Artists Agency (CAA) in this month's installment of the Cloud Security Innovators blog series. Jeff works for CAA, which represents the world's biggest athletes and movie stars.  In this fast-paced and creative environment, Jeff is a maverick, helping lead the movement to the cloud with an innovative approach to securing cloud data and systems.

https://blog.cloudsecurityalliance.org/2014/07/31/cloud-security-innovators-qa-with-jeff-blair-ciso-caa/

Do ordinary Citizens need to protect their data?

In NSA-intercepted data, those not targeted far outnumber the foreigners who are

Examples from the Washington Post seem to indicate that the answer is "yes".

"Among the [material collected by NSA] are medical records sent from one family member to another, résumés from job hunters and academic transcripts of schoolchildren.

“None of the hits that were received were relevant,” two Navy cryptologic technicians write in one of many summaries of nonproductive surveillance.

"The NSA treats all content intercepted incidentally from third parties as permissible to retain, store, search and distribute to its government customers."

http://www.washingtonpost.com/world/national-security/in-nsa-intercepted-data-those-not-targeted-far-outnumber-the-foreigners-who-are/2014/07/05/8139adf8-045a-11e4-8572-4b1b969b6322_story.html

Of course you need to protect your data. You close your window blinds at night don't you?

New Study Highlights the Risks of Bring Your Own Cloud

New Study Highlights the Risks of Bring Your Own Cloud

CLOUD SECURITY ALLIANCE | JULY 2, 2014

By Hormazd Romer, Senior Director, Product Marketing, Accellion A new study by the Ponemon Institute, The Insider Threat of ...

https://blog.cloudsecurityalliance.org/2014/07/02/new-study-highlights-the-risks-of-bring-your-own-cloud/

Putting insecure information in insecure places is a disaster just waiting to happen. And, you won't have to wait long!

The EPA doesn't know what clouds it has -- and neither do you | Cloud Computing - InfoWorld

The EPA doesn't know what clouds it has -- and neither do you | Cloud Computing - InfoWorld

the Environmental Protection Agency (EPA) doesn't know how many cloud computing contracts it has or how secure they are, according to a recent audit by the agency's inspector general, in a report released last week. In at least one instance, the EPA may not have had access to a subcontractor's cloud for investigative purposes. Worse, that same subcontractor was not compliant with the Federal Risk and Authorization Management Program (FedRAMP), which sets security standards for cloud providers.
http://m.infoworld.com/d/cloud-computing/the-epa-doesnt-know-what-clouds-it-has-and-neither-do-you-247150

And some folks think the federal government can protect them. Hey, the feds don't even know what clouds it's using!

Tor Anonymity Service Confirms Deanonymizing Attacks, Urges Users To Upgrade Software; What You Need To Know About The Attacks

Tor Anonymity Service Confirms Deanonymizing Attacks, Urges Users To Upgrade Software; What You Need To Know About The Attacks

IDIGITAL TIMES | JULY 30, 2014

Tor anonymity service was attacked and user identities may have been revealed, says Tor project admin. What happened and who is behind the attacks? ...
http://www.idigitaltimes.com/articles/24097/20140730/tor-attack-revealed-anonymous-users-identities-who.htm

The hits keep rolling in.

THE 20 TOTALLY MOST POPULAR CLOUD SERVICES IN TODAY’S ENTERPRISE

THE 20 TOTALLY MOST POPULAR CLOUD SERVICES IN TODAY'S ENTERPRISE

CLOUD SECURITY ALLIANCE | AUGUST 4, 2014

By Brandon Cook, Director of Product Marketing, Skyhigh Networks
CIOs, CISOs, analysts, journalists, and employees alike are …like…the most popular and frequently used in the enterprise. This type of information is useful in that it indicates employee demand for services, divulges potential locations of corporate data in public clouds, and highlights adoption trends.

https://blog.cloudsecurityalliance.org/2014/08/04/the-20-totally-most-popular-cloud-services-in-todays-enterprise/

ShatterDOC works with most cloud providers out of the box. And, we can customized a solution just for you!

Russian gangs take 1.2B passwords, 500M email addresses in biggest Web heist ever

Russian gangs take 1.2B passwords, 500M email addresses in biggest Web heist ever

VENTUREBEAT | AUGUST 5, 2014

Image Credit: illustration via Tom Cheredar Security researchers are calling it the biggest theft of user data ever. A Russian criminal group successfully lifted 1.2 billion passwords and 500 million email addresses from 420,000 websites, Hold Security, an Internet security company said today.

venturebeat.com/2014/08/05/russian-gangs-take-1-2b-passwords-500m-email-addresses-in-biggest-web-heist-ever/

Now this is frightening!

Mobile Cloud Security Company BitGlass Raises $25 Million From NEA, Singtel, Norwest Venture Partners,

Mobile Cloud Security Company BitGlass Raises $25 Million From NEA, Singtel, Norwest Venture Partners,

TECHCRUNCH | AUGUST 4, 2014
http://pulse.me/s/1ZgpCy

BitGlass has announced a fresh $25 million in Series B funding today. The enterprise mobile cloud security solution had already raised $10 million in ...
http://techcrunch.com/2014/08/05/mobile-cloud-security-company-bitglass-raises-25-million-from-nea-singtel-norwest-venture-partners

Google scans your Gmail inbox for child porn to help catch criminals, but don’t worry about loss of privacy (yet)

Google scans your Gmail inbox for child porn to help catch criminals, but don't worry about loss of privacy (yet)

EXTREMETECH | AUGUST 5, 2014

Last week, a man in Texas was arrested by the police for sending child porn to a friend email. This isn't something we'd usually report on, except in...
Google employs and automated system that checks the cryptographic hash (think of it as a digital fingerprint) of every attachment that traverses its servers. Exact technical details of Google's automated system aren't known, but it almost certainly works in the same way as Dropbox's automated copyright/piracy prevention system.

www.extremetech.com/computing/187521-google-scans-your-gmail-inbox-for-child-porn-to-help-catch-criminals-but-dont-worry-about-loss-of-privacy-yet

With a fresh $25M, Bitglass is ready to protect enterprise cloud and mobile assets

With a fresh $25M, Bitglass is ready to protect enterprise cloud and mobile assets

VENTUREBEAT | AUGUST 5, 2014

Above: Nat Kausik, CEO of Bitglass. 
In the modern, mobile- and cloud-based world, IT departments are no longer in control. Bitglass has a way to deal with that. "The corporation doesn't own the network, they don't own the apps, and they don't own the device," Bitglass vice president Rich Campagna says.

venturebeat.com/2014/08/05/with-a-fresh-25m-bitglass-is-ready-to-protect-enterprise-cloud-and-mobile-assets/

Wow! Folks are pouring money into cloud protection.

The right cloud for the job: Multicloud database processing is here

The right cloud for the job: Multicloud database processing is here

INFOWORLD | AUGUST 5, 2014

Today's one-size-fits-all database processing will give way to a cheaper, but more complex heterogeneous approach. This idea has gotten new attention because it is the core idea behind MapReduce, the parallel processing model used by Hadoop in big data analytics. These types of distributed workloads have been used for years, typically with a homogeneous server cluster, meaning it works across lots of the same servers. That homogeneity restricts you to one server cluster or one cloud -- thus, one resource type and cost. But not any more.

www.infoworld.com/d/cloud-computing/the-right-cloud-the-job-multicloud-database-processing-here-247610

Why you need to deploy DNSSec now | Security - InfoWorld

Why you need to deploy DNSSec now | Security - InfoWorld

The Domain Name System -- the distributed network of servers that reconciles the domain names in URLs and email addresses to numerical IP addresses -- is behind every successful Internet transaction. Unfortunately, due to a longstanding vulnerability, it's also behind some of the Internet's most dangerous hacks -- despite the fact that a fix, DNSSec (Domain Name System Security Extensions), has been available for years.

m.infoworld.com/t/security/why-you-need-deploy-dnssec-now-247654

webteam

Build your own private cloud

Build your own private cloud

INFOWORLD | AUGUST 4, 201

Borrowing from public cloud architecture and technologies, the private cloud weaves a new management layer around virtualized data center systems, the private cloud weaves a new management layer around virtualized data center systems.
---------------
And ShatterDOC can ensure that your cloud is secure!
email us: corporatesolutions@shatterdoc.com. Our parent company can help you build a corporate wide secure system.

www.infoworld.com/d/cloud-computing/build-your-own-private-cloud-246819

FortyCloud Teams With Rackspace To Manage Cloud Security

FortyCloud Teams With Rackspace To Manage Cloud Security

TECHCRUNCH | AUGUST 3, 2014

FortyCloud, an Israeli cloud security service, announced today it was joining the Rackspace Marketplace to provide Rackspace customers with cloud security.
techcrunch.com/2014/08/04/fortycloud-joins-rackspace-marketplace-to-manage-cloud-security

Or you could choose a US company, deploy ShatterDOC technology, and be in control of your security.

New Study Highlights the Risks of Bring Your Own Cloud

CLOUD SECURITY ALLIANCE | JULY 2, 2014

A new study by the Ponemon Institute, The Insider Threat of Bring Your Own Cloud (BYOC), analyzes the risks of enterprise employees using cloud services without the permission or oversight of the IT department—a practice that the study's author calls "Bring Your Own Cloud (BYOC)."
https://blog.cloudsecurityalliance.org/2014/07/02/new-study-highlights-the-risks-of-bring-your-own-cloud/

Original study: http://www.computerworlduk.com/white-paper/cloud-computing/3501984/the-insider-threat-of-bring-your-own-cloud-byoc/

ShatterDOC Blog Team

Not exactly Cloud computing but important none-the-less

Your Android May Be Broadcasting Your Location (and How to Stop It)

GIZMODO | JULY 3, 2014

Do you own an Android device? Is it less than three years old? If so, then when your phone's screen is off and it's not connected to a Wi-Fi network, ..
http://gizmodo.com/your-android-may-be-broadcasting-your-location-and-how-1599579458

Thanks DrT

Blog Team

Cybersecurity companies are treating you like an idiot. Here’s an alternative

VENTUREBEAT | JULY 2, 2014

Big Cyber is preaching a puritanical sermon: "We know better; you're too stupid; we'll handle it for you." That's the strident opinion of Surfwatch L...
venturebeat.com/2014/07/02/cybersecurity-companies-are-treating-you-like-an-idiot-heres-an-alternative/venturebeat.com/2014/07/02/cybersecurity-companies-are-treating-you-like-an-idiot-heres-an-alternative/

ShatterDOC Information Team
"Cyndie"

Microsoft Pushes Back against NSA Demands

[MS Chief Attorney's]  comments came as the tech giant is pushing back against a U.S. demand that Microsoft hand over data from a customer in Ireland.

“We are in a business that relies on people’s trust,” said Smith. “We’re offering a world where you should feel comfortable about storing (your information) in the cloud. You need to have confidence that this information is still yours.”

One of the solutions he offered was a sort of information dashboard, where each individual could see where private information was stored and who had access to it.

http://seattle.cbslocal.com/2014/06/24/microsoft-future-bleak-if-government-continues-unlawful-data-collection/

Perils of key management, Android edition

Serious Android crypto key theft vulnerability affects 86% of devices

http://arstechnica.com/security/2014/06/serious-android-crypto-key-theft-vulnerability-affects-86-of-devices/

 

Researchers have warned of a vulnerability present on an estimated 86 percent of Android phones that may allow attackers to obtain highly sensitive credentials, including cryptographic keys for some banking services and virtual private networks, and PINs or patterns used to unlock vulnerable devices.

The vulnerability resides in the Android KeyStore, a highly sensitive region of the Google-made operating system dedicated to storing cryptographic keys and similar credentials, according to an advisory published this week by IBM security researchers. By exploiting the bug, attackers can execute malicious code that leaks keys used by banking and other sensitive apps, virtual private network services, and the PIN or finger patterns used to unlock handsets. The advisory said Google has patched the stack-based buffer overflow only in version 4.4, aka KitKat, of Android. The remaining versions, which according to Google figures run 86.4 percent of devices, have no such fix.

Thanks Dr. W : Blog Team

 

How to choose between custom and commodity clouds

How to choose between custom and commodity clouds

INFOWORLD | JUNE 26, 2014

Dramatic price drops have helped popularize cloud computing. But as Brent Bensten of Carpathia observes, big enterprise workloads often require more configurability and control

http://www.infoworld.com/t/cloud-computing/how-chooose-between-custom-and-commodity-clouds-245018

Blog Team

Germany drops Verizon internet contract over NSA spying fears

Germany drops Verizon internet contract over NSA spying fears

ENGADGET | JUNE 26, 2014

Germany is irked that the NSA spied on its officials (including its Chancellor), and today it responded by hitting the US where it really hurts: the pocketbook.
http://www.engadget.com/2014/06/26/germany-drops-verizon-contract/

The world runs on trust. NSA and the US government destroyed that trust. The ramifications will reverberate for years damaging US companies perhaps fatally in the International market place.

Blog Team

Supreme Court understands that "papers" include "electronic data storage"

Finally there is a glimmer of light that lawyers - at least the Supremes understand that technology has changes the meaning of "papers" to include "data stored electronically".

Police can no longer search your phone without a warrant, rules Supreme Court

 Extending the Fourth Amendment, the Supreme Court ruled today that police need a warrant to access the content on your smartphone.
http://venturebeat.com/2014/06/25/the-supreme-court-just-ruled-that-police-cant-search-your-phone-without-a-warrant/

ShatterDOC Web Team

Microsoft predicts a grim future if the government keeps collecting data illegally

Microsoft predicts a grim future if the government keeps collecting data illegally

VENTUREBEAT | JUNE 24, 2014

Above: Microsoft's Brad Smith. Image Credit: Microsoft The future looks "bleak" if more isn't done to protect individual's private data. That's what...

http://venturebeat.com/2014/06/24/microsoft-says-future-looks-bleak-if-government-continues-unlawful-data-collection/

Blog Team

Update from CBS Seattle affiliate:

"[Brad Smith, Microsoft's top lawyer] comments came as the tech giant is pushing back against a U.S. demand that Microsoft hand over data from a customer in Ireland.

“We are in a business that relies on people’s trust,” said Smith. “We’re offering a world where you should feel comfortable about storing (your information) in the cloud. You need to have confidence that this information is still yours.”

One of the solutions he offered was a sort of information dashboard, where each individual could see where private information was stored and who had access to it.
http://seattle.cbslocal.com/2014/06/24/microsoft-future-bleak-if-government-continues-unlawful-data-collection/

Thanks MW for finding this local source & info: Blog Team

This company sells software that lets governments & law enforcement hack your phone

This company sells software that lets governments & law enforcement hack your phone

VENTUREBEAT | JUNE 25, 2014

Researchers have discovered how governments buy off-the-shelf software to hack citizens' mobile phones and track their location, behavior, and communications...
http://venturebeat.com/2014/06/24/this-company-sells-software-that-lets-governments-law-enforcement-hack-your-phone/

Blog Team

Security Researchers Uncover The Tools Governments Use To Spy On Our Phones

Security Researchers Uncover The Tools Governments Use To Spy On Our Phones

TECHCRUNCH | JUNE 24, 2014

Edward Snowden, whistleblower of the decade, has made it consistently clear that he didn't trust cellphones. While he never described the methods gove...
http://techcrunch.com/2014/06/25/security-researchers-uncover-the-tools-governments-use-to-spy-on-our-phones/

Surprise! It's Italian commercial software sold to anyone.

THE EVOLUTION OF THREATS AGAINST KEYS AND CERTIFICATES

THE EVOLUTION OF THREATS AGAINST
                                                   KEYS AND CERTIFICATES

Threats specifically against keys and certificates go back to 2009 and 2010, where Stuxnet and Duqu provided the virtual blueprint to the cyber criminal communities around the world by using stolen certificates to make the malware infection payload look legitimate.

[Mark: Once again we see that government has worsened the problem. By creating malware to attack Iran what ever State created it also created a template for hackers and other State actors to injure ordinary folks and businesses.]

https://blog.cloudsecurityalliance.org/2014/06/05/the-evolution-of-threats-against-keys-and-certificates/

Thanks Mark - BLOGTeam

The British Government Just Set a Dangerous Precedent for Online Spying

The British Government Just Set a Dangerous Precedent
for Online Spying

GIZMODO | JUNE 17, 2014
http://gizmodo.com/the-british-government-just-set-a-dangerous-precedent-f-1592244249

"Today, the British government revealed its justification for surveilling [SIC] its citizens' every move on Facebook, Twitter, and other social networks."

The suspicion is that many other governments are using this same rational to spy on their own citizens. Certainly the US is using a similar argument to hover up all email traffic.

ShatterDOC Information Team

"Cyndie"  

Chinese cloud provider UCloud brings in $50M to expand into North America

Chinese cloud provider UCloud brings in $50M
to expand into North America

VENTUREBEAT | JUNE 18, 2014
http://venturebeat.com/2014/06/18/chinese-cloud-provider-ucloud-brings-in-50m-to-expand-into-north-america/
http://technode.com/2014/06/17/chinese-cloud-service-provider-ucloud-raised-us50m-series-b-expand-north-america/

The data center in the North America is expected to serve users of Chinese games in that region. The company management told TechNode earlier this year that UCloud eventually go IPO in the U.S.

Posted by: ShatterDOC WebTeam

Murder in the Amazon cloud | Data Center - InfoWorld

Murder in the Amazon cloud | Data Center - InfoWorld

A cautionary real world story of attempted cloud ransom leading to the death of a company - and possibly their customers.

Or why backup, redundancy, and ShatterDOC security is needed as a shield against today's barbarians.

http://m.infoworld.com/d/data-center/murder-in-the-amazon-cloud-244705

Thanks Dr.T - BlogTeam

More cloud insecurity news

More Cloud INsecurity News

Cracks emerge in the cloud: Security weakness of cloud storage services

http://www.sciencedaily.com/releases/2014/06/140619145926.htm

 

The A*STAR-led researchers analyzed the security of three well-known cloud service providers -- Dropbox, Google Drive and Microsoft SkyDrive -- and found that all three had vulnerabilities many users might encounter. They uncovered several risks related to the sharing of secret URLs. Because URLs are saved in various network-based servers, browser histories and Internet bookmarks, frequent opportunities exist for third parties to access private data. Furthermore, the URL recipient may send the link to others without the data owner's consent.

Another danger lies in the practice of URL shortening -- reducing long web addresses to brief alphanumeric sequences for easier sharing on mobile devices. Although the original URL may point to a privately shared file, shortening changes this address into plain text unprotected by encryption. Zhou also notes that because short URLs have very limited lengths, they are susceptible to brute-force attacks that can dig out supposedly secret files.


Thanks Dr.W. for this posting - BlogTeam

Got Insurance?

Think you've got insurance so you can ignore security?

Think again:

Insurer Sues Michaels Over Breach Expenses
Seeks to Avoid Covering Lawsuit Costs

By Jeffrey Roman, June 19, 2014

"An insurance company that provided general liability coverage to Michaels Stores is asking a court to rule that it's not responsible for covering any of the retailer's breach-related lawsuit expenses.

"Safety National Casualty Corp. has filed a lawsuit against Michaels, which faces a consolidated class action lawsuit in the wake of a recent data breach that potentially exposed 3 million payment cards."

http://www.databreachtoday.com/insurer-sues-michaels-over-breach-expenses-a-6971

ShatterDOC Information Team
"Cyberist"

OpenSSL CCS Injection Vulnerability Countdown

OpenSSL CCS Injection Vulnerability Countdown

CLOUD SECURITY ALLIANCE | JUNE 16, 2014
https://blog.cloudsecurityalliance.org/2014/06/16/openssl-ccs-injection-vulnerability-countdown/

By Krishna Narayanaswamy, Netskope Chief Scientist
On June 5, researchers discovered an OpenSSL vulnerability (CVE-2014-0224)

Should be "... discovered another OpenSSL vulnerability..." 

Sending unprotected data over the Internet even with SSL is just foolish.

ShatterDOC Information Team
"Cyberist"