In the specific case of JPMorgan, the bank thinks it was infiltrated in June.
By the time the breach was discovered in July, it was clear that hackers had “obtained the highest level of administrative privilege to dozens of the bank’s computer servers,” the New York Times notes in its very thorough account of the breach.
.. criminals using a novel, custom malware to evade detection. Approximately 56 million “unique payment cards” used at stores in the U.S. and Canada were put at risk for the intrusion, which is believed to have lasted from April to September of this year.
via Home Depot Announces Hackers Stole 56 Million Credit and Debit Cards – Nextgov.com.
Former employees also said that the company used outdated security software, which led to some of them even warning friends to use cash instead of credit cards at Home Depot stores.
via The Home Depot reportedly ignored warnings from its own cybersecurity team | The Verge.
It is not uncommon for cybersecurity companies to research and hype threats that could drive sales.
The cybersecurity market and its customers would benefit from government regulation and research to help buyers separate good and bad security products and get objective reports on emerging cyber threats
via Crime Ring Revelation Reveals Cybersecurity Conflict of Interest – Scientific American.
There’s zero inherent value in changing an uncompromised password to a different uncompromised password.
If your password is compromised today, it doesn’t really make a difference if you changed it last week or last year. You’re not making it any harder to access your account; you’re just making it harder on yourself.
“Android smartphones are the easiest malware target, but Windows laptops are still the favorite of hard core professional cybercriminals.”
“The quality and sophistication of most Android malware is still behind the more mature Windows PC varieties. Android malware makes no serious effort to conceal itself and relies on unsuspecting people to install an infected app.”
.. so-called ransomware infections have surged, encrypting billions of documents.
Hackers demand hundreds or thousands of dollars to provide the key that unscrambles files so you can view and use them again.
One particularly virulent strain, called CryptoWall, has infected about 625,000 systems and encrypted more than 5.25 billion files since mid-March, according to new research from Dell SecureWorks.
via Ransomware Tells Small Business Owners, ‘Your Money or Your Files’ – Businessweek.
The NSA and the FSB want to puncture Tor anonymty and expose the identities of the people using it because the Tor browser erases identifying browser fingerprints.
Almost everyone who uses the internet has a unique traceable fingerprint.
An Internet user can check his or her own internet uniqueness in a few seconds with Panopticlick, a one-click test created by the Electronic Freedom Foundation (EFF).
Most people find themselves to be pretty unique; 1 in 4.5 million to be exact. Go ahead, try it.
via Russia’s bid to find users and law enforcement’s relationship with Tor.
“The business model of the internet is surveillance. We build systems that spy on people in exchange for services. Corporations call it marketing.”
via We wanted the web for free – but the price is deep surveillance | Technology | The Observer.
You can’t kill email! It’s the cockroach of the Internet, and I mean that as a compliment. This resilience is a good thing.
via Email Is Still the Best Thing on the Internet – The Atlantic.
The infection is invisible to the user.
“There is no user click involved — just load the page and the next thing you know, you are redirected, and that’s because of the relationship these websites have with the ad exchanges”
via Invisible Web Infection Poses Threat to Federal Computers – Nextgov.com.
Rackspace’s offering now comes as a bundle: Customers buy not only the infrastructure as a service compute, storage, databases and a variety of other products as a service, but they also purchase a support package to go along with it.
Prices range from 1/2 a cent per GB hour of compute capacity for a basic package, to $0.02 cents per GB hour for a broader package, with a $50 minimum.
.. network-attached storage (NAS) devices from multiple manufacturers revealed that they typically have more vulnerabilities than home routers, a class of devices known for poor security and vulnerable code.
via Network-attached storage devices more vulnerable than routers, researcher finds | Network World.
A Russian crime ring has amassed the largest known collection of stolen internet credentials, including 1.2 billion username and password combinations and more than 500 million email addresses
via A Russian gang reaps a billion web passwords – The Economic Times.
The only person or persons who have your key can decrypt your message.
Once the message has been encrypted by you and decrypted by your recipients, the One Time Pad keys are discarded (shredded, burned, what have you) and never used again.
This manual One Time Pad system is useful if you are going to communicate by mail.
You meet with your friends periodically for a nice game of Scrabble (or Boggle) and when you are finished, generate enough keys to accommodate the number of messages you think you’ll send until you meet again for the next game of Scrabble.
Developed originally with the help of the U.S. Navy, Tor is now supported, like many open-source software projects, by a nonprofit foundation, and is a thorn in the side of intelligence services everywhere.
Tor is a distributed network in which encrypted information bounces between servers run by thousands of volunteers, making the data hard to track.
The layered structure explains the original name, The Onion Router, now shortened to Tor.
Despite the system’s complexity, nontechnical people can easily download and use Tor software.
via Putin's Next Pursuit: Exposing Tor Network – Bloomberg View.
“If anything, it is privacy that will have to give way to openness, not the other way around… Repressive governments will be working hard to stop the spread of information. As today, there will be both good and bad news continually in that area, but over time more integration, access, and sharing will be a driving force.”
via Net Threats | Pew Research Center's Internet & American Life Project.
“It’s very hard to figure out how big the queues need to be. … This has been a difficult question since 1960.”
Making them too big can slow performance, while making them too small can lead to dropped packets and time-consuming retransmissions.
via MIT invention to speed up data centers should cheer developers | Network World.
The trick is a new way of dividing up the processing power needed to calculate transmission timings among multiple cores.
In essence, Fastpass organizes workloads by time slot, rather than by source and destination pair.
A core gets its own time slot, and schedules requests to the first free servers it can find, passing everything else on to the next core, which follows suit.
via MIT may have just solved all your data center network lag issues | Network World.
.. why hasn’t everyone just switched over to IPv6?
Well, IPv6 is not backward compatible with IPv4, meaning network operators need to run a dual stack IPv4/IPv6 network for years to come.
And for IPv6 to work, it needs to be implemented end to end, meaning IPv6 has to be enabled by network hardware vendors, transit providers, access providers, content providers, and endpoint hardware makers.
And there’s no economic incentive to being the first to invest in revamping your protocol support
via Whatever happened to the IPv4 address crisis? | Network World.
News links 