Hacking & Security
Cyber attacks on large US companies result in an average of $12.7 million in annual damages, an increase of 9.7 percent from the previous year, according to the fifth Cost of Cybercrime report published by the Ponemon Institute on Wednesday.
The report, sponsored this year by Hewlett Packard’s Enterprise Security division, found that business disruption and information loss account for nearly three-quarters of the cost of cybercrime incidents. The study also confirmed that companies that make security a priority have lower costs associated with security incidents during the year. In particular, companies that use technology that helps flag potential intrusions into critical systems have lower costs, by an average of $2.6 million.
“Business disruption, information loss and the time it takes to detect a breach collectively represented the highest cost to organizations experiencing a breach,” Larry Ponemon, chairman and founder of the Ponemon Institute, said in a statement.
In this article series, we will look at a tool named Wifite suitable for automated auditing of wireless networks. Most of you who have experience in wireless pentesting would use tools like airmon-ng, aireplay-ng, airodump-ng, aircrack-ng to crack wireless networks. This would involve a sequence of steps, like capturing a [...]
Android fans such as myself have been eagerly anticipating the upcoming new stable version of Android, 5.0 Lollipop. Android 5.0 was introduced with the codename “Android L” at the Google I/O convention in June 2014. At the time, we didn’t know if “Android L” was going to be 4.5 or [...]
On Thursday, the Guardian reported that the developers of Whisper, a social media platform that allows individuals to post anonymous messages that can be seen by others based on a number of factors, isn’t all that anonymous after all. Whisper, which is advertised as “the safest place on the Internet,” tracks geolocation data of posters and uses their location data for a number of purposes—including censorship and reporting of posts from military bases to the Department of Defense. Whisper’s chief technology officer took to YCombinator’s Hacker News to defend the company against the report, but his explanation was torn apart by security and privacy experts in the discussion that followed.
Much like its competitor Secret, Whisper allows individuals to post anonymous messages overlaid on images or photos to share with others for comment. The application uses geolocation data to determine where the poster is and who should be able to see its contents. It has become popular with a number of communities, including members of the military.
The Guardian was exploring a potential editorial relationship with Whisper, and staff from the news organization spent three days at Whisper’s offices in Los Angeles. While there, the Guardian team witnessed Whisper employees using an in-house geolocation tool to track posts made from various locations and found that the company is tracking specific Whisper users believed to be “potentially newsworthy,” including members of the military, government employees, and employees of companies such as Disney and Yahoo. The company also shares information about posters and their locations with the Defense Department, FBI, and the UK’s MI5, the Guardian’s Paul Lewis and Dominic Rushe reported.
The expanding options for communicating over the Internet and the increasing adoption of encryption technologies could leave law enforcement agents “in the dark” and unable to collect evidence against criminals, the Director of the FBI said in a speech on Thursday.
In a post-Snowden plea for a policy more permissive of spying, FBI Director James B. Comey raised the specters of child predators, violent criminals, and crafty terrorists to argue that companies should build surveillance capabilities into the design of their products and allow lawful interception of communications. In his speech given at the Brookings Institute in Washington DC, Comey listed four cases where having access to a mobile phone or laptop proved crucial to an investigation and another case where such access was critical to exonerating wrongly accused teens.
All of that will go away, or at least become much harder, if the current trend continues, he argued.
Na dnešním prvním dni konference Black Hat informoval profesor Adi Shamir o svém výzkumu přenosu dat z a do systémů oddělených od Internetu. Během přednášky objasnil, jakým způsobem může malware využít multifunkční tiskárny k přenosu dat. Se svými spolupracovníky také takovýto přenos dat pomocí laseru a skeneru multifunkční tiskárny vyzkoušel.
Bezpečnostní expert Federico Fazzi odhalil závažnou zranitelnost ve službě Addthis.com, která umožňuje útočníkům převzít kontrolu nad libovolným účtem.