Shellshock shows web ‘built on thin ice’

The Shellshock bug that has left vast swaths of the internet vulnerable to cyber criminals for more than 20 years highlights how the basic foundations of the network are not fit for the 21st century web, security experts have warned.

The fundamental flaw that was discovered on Wednesday has been described as the worst bug exposed for about a decade, as it left the computer systems of governments, the military and companies open to manipulation from afar.

Tal Klein, vice-president of strategy and marketing at US-based cloud security company Adallom, warned there could be more bugs like this to be discovered because the whole internet was built on a “sheet of very thin ice”.

Copyright: The Financial Times Limited 2014.

Full article at: http://www.ft.com/cms/s/0/27961e52-44d9-11e4-ab0c-00144feabdc0.html

Shellshock bug threatens internet’s backbone, analysts warn

Governments and companies around the world have been scrambling to shore up their cyber defences in the past 48 hours after the discovery of a fundamental flaw – dubbed Shellshock – in software used in everything from the servers that form the backbone of the internet to iphones.

The vulnerability is being described as one of the most acute and pervasive online security loopholes ever identified and far more severe than the “Heartbleed” bug which panicked cyber security professionals in April after leaving thousands of businesses and millions of consumers open to attack worldwide.

Even the most sophisticated government and military systems have been rendered exploitable by Shellshock, according to security analysts.

Attacks have already begun as hostile governments and criminal organisations look to exploit the flaw.

Copyright: The Financial Times Limited 2014.

Full article at: http://www.ft.com/cms/s/0/2f7d00d0-44a8-11e4-ab0c-00144feabdc0.html

Tor Challenge Inspires 1,635 Tor Relays

By Rainey Reitman for Electronic Frontier Foundation

Good news for whistleblowers, journalists, and everyone who likes to browse the Internet with an added cloak of privacy: the Tor network got a little stronger. Tor—software that lets you mask your IP address—relies on an international network of committed volunteers to run relays to help mask traffic. And that network is stronger now, thanks to the 1,000+ volunteers who participated in our second-ever Tor Challenge.

The goal of the Tor Challenge is simple: to improve the Tor network by inspiring people to run relays.

Full article at: https://www.eff.org/deeplinks/2014/09/tor-challenge-inspires-1635-tor-relays

The Dark Web Gets Darker With Rise of the ‘Evolution’ Drug Market

By Andy Greenberg

In the digital drug trade as in the physical one, taking out one kingpin only makes room for another ready to satisfy the market’s endless demand. In the case of the FBI’s takedown of the Silk Road, the latest of the up-and-coming drug kingpins is far more evolved than its predecessor—and far less principled.

Since it launched early this year, the anonymous black market bazaar Evolution has grown dramatically, nearly tripling its sales listings in just the last five months. It now offers more than 15,000 mostly illegal products ranging from weapons to weed, cocaine, and heroin. That’s thousands more than the Silk Road ever hosted.

Copyright: Wired.com

Full article at: http://www.wired.com/2014/09/dark-web-evolution/

The Cyber Threat and FBI Response

Statement Before the Senate Committee on Homeland Security and Governmental Affairs
Washington, D.C.

September 10, 2014

Good morning, Chairman Carper and Ranking Member Coburn. I appreciate the opportunity to appear before you today to discuss cyber, terrorism, and other threats to our nation and how the FBI is collaborating with our partners in government, law enforcement, and the private sector to prevent and combat them.

The Cyber Threat and FBI Response

We face cyber threats from state-sponsored hackers, hackers for hire, global cyber syndicates, and terrorists. They seek our state secrets, our trade secrets, our technology, and our ideas— things of incredible value to all of us. They seek to strike our critical infrastructure and to harm our economy.

Given the scope of the cyber threat, agencies across the federal government are making cyber security a top priority.

Full article at: http://www.fbi.gov/news/testimony/cyber-security-terrorism-and-beyond-addressing-evolving-threats-to-the-homeland

Are we leaving our digital front doors wide open?

We give hackers a hand by being less than imaginative with security, says Izabella Kaminska.

“Target. Home Depot. Jennifer Lawrence. Everyone gets hacked ”
FT, September 12

As we spend more of our lives and money online, our vulnerability to cyber attacks is clearly rising, but how serious is the risk?

As Donald Rumsfeld once said, it’s the unknown unknowns we have to fear most, and the cyber security threat falls distinctly into that category.

Surely it’s a known unknown?

Not necessarily. As the world gets more connected, hackers – whether financially or politically motivated – are becoming increasingly creative. More worryingly, technology tends to outpace the efforts of legislators and security services, creating the possibility of significant blind spots in national cyber defences.

Don’t we sometimes walk straight into the hackers’ traps?

Are you talking about phishing vulnerability, or storing naked pictures on the cloud?

Copyright: Financial Times, 2014.

Full article at: http://www.ft.com/cms/s/0/9f912ace-3f38-11e4-a861-00144feabdc0.html

Home Depot Breach Bigger Than Target’s

Five-Month Attack on Terminals Put 56 Million Cards at Risk

By Robin Sidel

Home Depot Inc. said 56 million cards may have been compromised in a five-month attack on its payment terminals, making the breach much bigger than the holiday attack at Target Corp.

It was the first time the do-it-yourself retailer had defined the scale of a breach it said it was alerted to on Sept. 2. It also said for the first time that the malware has been eliminated from its systems.

The attack further highlighted the vulnerability of U.S. retailers to hackers that have been targeting their payment systems. Home Depot began a project to fully encrypt its payment terminal data this year, but was outpaced by the hackers, people familiar with the matter have said. The company said Thursday that the project is now complete in the U.S.

Copyright: Wall Street Journal, 2014.

Full article at: http://online.wsj.com/articles/home-depot-breach-bigger-than-targets-1411073571