now browsing by tag


#nationalcybersecuritymonth | Rochdale News | News Headlines | Internet savvy Whitworth girls reach semi-final of national competition

Source: National Cyber Security – Produced By Gregory Evans

Date published: 05 March 2020

Three students from Whitworth Community High School got to pit their skills against other schools in the semi-final of a national competition held at PricewaterhouseCoopers office in Leeds.

Grace Campbell-Ousey, 12, Skye Wilkinson, 12, and Elizabeth Gack, 12, were selected for the second round of the The CyberFirst Girls Competition, set up by GCHQ’s National Cyber Security Centre.

The competition is aimed at promoting the industry as a career option to girls to increase diversity in the workforce.

Skye said: “The top 12 girls were split into groups of three for the first part of the competition which we completed online.

“We had four categories, networking, logic and coding, cryptography and cyber security, and we had a series of tasks at beginner, intermediate and expert levels.

“There was a lot of pressure and we had four hours, with a break for lunch, in which to complete as many tasks as we could.”

Both Grace and Elizabeth said they enjoyed the networking tasks best, but Grace said the cryptography was hard. Although all the tasks offered hints, they resulted in points being deducted if they were used.

Skye said: “My favourite part was speaking to the people who were running the competition and I learnt a lot from what they had to say.”

The competition certainly inspired Skye and Grace because they have both signed up for a development day workshop at a university in June and they are looking at computing careers.

Source link

The post #nationalcybersecuritymonth | Rochdale News | News Headlines | Internet savvy Whitworth girls reach semi-final of national competition appeared first on National Cyber Security.

View full post on National Cyber Security

Internet of Things Candle – Schneier on Security

Source: National Cyber Security – Produced By Gregory Evans

About Bruce Schneier

Bruce Schneier

I am a public-interest technologist, working at the intersection of security, technology, and people. I’ve been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998. I’m a fellow and lecturer at Harvard’s Kennedy School and a board member of EFF. This personal website expresses the opinions of neither of those organizations.

Source link

The post Internet of Things Candle – Schneier on Security appeared first on National Cyber Security.

View full post on National Cyber Security

#cyberfraud | #cybercriminals | FBI Publishes 2019 Internet Crimes Report Causing 3.5 Billion Dollars Loss

Source: National Cyber Security – Produced By Gregory Evans

As the internet has become an indispensable part of our lives, crimes committed on the internet have started to increase significantly. In the 2019 report of the FBI, it was emphasized that cybercrime cost $ 3.5 billion.

The Federal Bureau of Investigation (FBI) published the ‘2019 Internet Crimes Report’. According to the published report, the number of crimes complained during the year reached 467 thousand 361. The cost of the crimes complaining exceeds $ 3.5 billion.

Cybercrime increased in 2019
The Internet Crime Complaints Center (IC3), an FBI source that reports suspected cybercrime activities, was established in May 2020 and reached a total number of 4,883,231 complaints with 2019 reports.

While the number of complaints received in the last five years has reached 1.7 million, the total annual loss has increased from $ 1.1 billion (2015) to $ 3.5 billion (2019). The damage of cybercrime to individuals and businesses in the US has exceeded $ 10 billion in the past five years. 2019 was the worst year in this respect. During the year, the highest cyber crime complaints ever made, while the victims of cyber crime have also suffered their greatest losses. In the fight against cybercrime, an amount of $ 300 million was saved.

Company emails
In the fraudulent activities carried out via company e-mails, more than $ 1.7 billion was lost. A total of 23,775 complaints were made in this area in 2019. Business email scams have become the most dangerous group in cybercrime.

“Many organizations have been vulnerable to email attacks because criminals are developing their methods to compromise traditional email,” said Cencornet CEO Ed Macnair. The attackers targeted the most CEOs and staff working in the financial department in these areas.

Macnair said that cybercriminals trick employees and steal valuable information by using e-mail addresses similar to trusted companies’ e-mails. Macnair said this method is very difficult to catch by traditional defense systems and companies need to improve their security techniques.

The FBI warned about the magnitude of the ransomware’s impact on businesses and organizations. In the ransomware attack against the city of New Orleans in December 2019, it was revealed that the FBI’s warnings were not taken seriously.

In 2018, there were some reductions in complaints about ransomware attacks, but this number increased again in 2019 and reached the highest number of complaints after 2016. Ransomware attacks caused $ 2.4 million of damage in 2016, up from $ 8.9 million in 2019.

Source link

The post #cyberfraud | #cybercriminals | FBI Publishes 2019 Internet Crimes Report Causing 3.5 Billion Dollars Loss appeared first on National Cyber Security.

View full post on National Cyber Security

#cyberfraud | #cybercriminals | 5 bag jail terms for $1.2m internet scams, seized assets to go to FBI

Source: National Cyber Security – Produced By Gregory Evans Chukwuma David Chinaka: one of the five persons convicted for cyber scam today Justice Oluwatoyin Taiwo of the Special Offences Court, Ikeja, Lagos has sentenced five persons, Obaro James Omemi, Ehizojie Slyvanus Omokhuale, Eghosa Atekha Osunde, Chukwuma David Chinaka and Quincy Peter Patrick to one year […] View full post on

#cybersecurity | #infosec | Microsoft’s Internet Explorer zero-day workaround is breaking printers

Source: National Cyber Security – Produced By Gregory Evans As I reported earlier this month, there’s an unpatched zero-day vulnerability in Internet Explorer that is being exploited in targeted attacks. Microsoft still hasn’t issued an official patch for what is technically known as CVE-2020-0674, but did detail what it described as a “workaround” in its […] View full post on

An Open Source Bid to Encrypt the Internet of Things

Source: National Cyber Security – Produced By Gregory Evans

End-to-end encryption is a staple of secure messaging apps like WhatsApp and Signal. It ensures that no one—even the app developer—can access your data as it traverses the web. But what if you could bring some version of that protection to increasingly ubiquitous—and notoriously insecure—Internet of Things devices?

The Swiss cryptography firm Teserakt is trying just that. Earlier this month at the Real World Crypto conference in New York it introduced E4, a sort of cryptographic implant that IoT manufacturers can integrate into their servers. Today most IoT data is encrypted at some point as it moves across the web, but it’s challenging to keep that protection consistent for the whole ride. E4 would do most of that work behind the scenes, so that whether companies make home routers, industrial control sensors, or web cams, all the data transmitted between the devices and their manufacturers can be encrypted.

Tech companies already rely on web encryption to keep IoT data secure, so it’s not like your big-name fitness tracker is transmitting your health data with no protection. But E4 aims to provide a more comprehensive, open-source approach that’s tailored to the realities of IoT. Carmakers managing dozens of models and hundreds of thousands of vehicles, or an energy company that takes readings from a massive fleet of smart meters, could have more assurance that full encryption protections really extend to every digital layer that data will cross.

“What we have now is a whole lot of different devices in different industries sending and receiving data,” says Jean-Philippe Aumasson, Teserakt’s CEO. “That data might be software updates, telemetry data, user data, personal data. So it should be protected between the device that produces it and the device that receives it, but technically it’s very hard when you don’t have the tools. So we wanted to build something that was easy for manufacturers to integrate at the software level.”

Being open source is also what gives the Signal Protocol, which underpins Signal and WhatsApp, so much credibility. It means experts can check under the hood for vulnerabilities and flaws. And it enables any developer to adopt the protocol in their product, rather than attempting the fraught and risky task of developing encryption protections from scratch.

Aumasson says that the Signal Protocol itself doesn’t literally translate to IoT, which makes sense. Messaging apps involve remote but still direct, human-to-human interaction, whereas populations of embedded devices send data back to a manufacturer or vice versa. IoT needs a scheme that accounts for these “many-to-one” and “one-to-many” data flows. And end-to-end encryption has different privacy goals when it is applied to IoT versus secure messaging. Encrypted chat apps essentially aim to lock the developer, internet service providers, nation state spies, and any other snoops out. But in the IoT context, manufacturers still have access to their customers’ data; the goal instead is to protect the data from other entities and Teserakt itself.

It also only hardens IoT defenses against a specific type of problem. E4 looks to improve defenses for information in transit and offer protection against data interception and manipulation. But just like encrypted chat services can’t protect your messages if bad actors have access to your smartphone itself, E4 doesn’t protect against a company’s servers being compromised or improve security on IoT devices themselves.

“I think it’s a good idea, but developers would need to keep in mind that it covers only one part of data protection,” says Jatin Kataria, principle scientist at the IoT security firm Red Balloon. “What’s the security architecture of the embedded device itself and the servers that are receiving this data? If those two endpoints are not that secure then end-to-end encryption will only get you so far.”

Teserakt has been consulting with big tech companies in aerospace, healthcare, agriculture, and the automotive and energy sectors to develop E4, and plans to monetize the tool by charging companies to customize implementations for their specific infrastructure. The company has not yet open-sourced full server code for E4 alongside the protocol details and cryptography documentation it released, but says that final step will come as soon as the documentation is complete. Given the glacial pace of investment in IoT security overall, you probably shouldn’t expect E4 to be protecting the whole industry anytime soon, anyway.

The Original Source For This Story: Source link

The post An Open Source Bid to Encrypt the Internet of Things appeared first on National Cyber Security.

View full post on National Cyber Security

The Debate Over How to Encrypt the Internet of Things

Source: National Cyber Security – Produced By Gregory Evans Internet-connected gadgets like lightbulbs and fitness trackers are notorious for poor security. That’s partly because they’re often made cheaply and with haste, which leads to careless mistakes and outsourcing of problematic parts. But it’s also partly due to the lack of computing power in the first […] View full post on

Russia’s sovereign internet law comes into force – Naked Security

Source: National Cyber Security – Produced By Gregory Evans

The Russian government calls it the “sovereign internet” law and from 1 November it compels the country’s ISPs to forward all data arriving and departing from their networks through special gateway servers.

Promoted since 2018, from the government’s point of view the sovereign internet is a way of protecting the country from the bad stuff the internet – or other countries – might throw at it.

To its critics, Runet, as it’s also known, is a straight power grab by a government obsessed with the idea of control, surveillance and censorship of its population.

If this sounds a bit like China’s infamous Great Firewall, senior Russian politicians downplay the comparison. Said Prime Minister Dmitri Medvedev earlier this year:

Certainly, we won’t have Chinese-style regulations. No firewall will emerge here.

On the contrary, he said, Runet was more about pushing back against the historic regulation of the internet by one country, the US, which had the power to threaten the integrity of Russia’s internet infrastructure.

DPI paranoia

At face value, it seems the government’s solution in Runet is to build a sort of parallel national internet, which is connected to global networks but can be disconnected from it if the government decides that’s necessary.

It sounds like an intranet of the sort Iran once proposed – a separate network with connections to the outside world – but its design is closer to that of a giant proxy through which traffic can be made to pass some of the time.

The simplest element of this will be deep packet inspection (DPI), a technology already universally used by ISPs across the world to prioritise traffic, block unwanted protocols, and prioritise specific applications.

But unlike conventional quality of service DPI, this won’t be controlled by ISPs, which will pass traffic to servers in the same racks controlled by communications regulator Roskomnadzor to do Runet’s heavy lifting.

Arguably, this is similar to the Great Firewall because its design sets up government-controlled servers as gateways capable of blocking traffic to applications, websites, and keywords the authorities want to stop citizens from accessing.