Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Category Archives: Cybercrime

The Spy in the Sandbox – Practical Cache Attacks in Javascript

The Spy in the Sandbox — Practical Cache Attacks in Javascript. Yossef Oren, Vasileios P. Kemerlis, Simha Sethumadhavan, Angelos D. Keromytis (Submitted on 25 Feb 2015 (v1), last revised 1 Mar 2015 (this version, v2))
“We present the first micro-architectural side-channel attack which runs entirely in the browser. In contrast to other works in this genre, this attack does not require the attacker to install any software on the victim’s machine — to facilitate the attack, the victim needs only to browse to an untrusted webpage with attacker-controlled content. This makes the attack model highly scalable and extremely relevant and practical to today’s web, especially since most desktop browsers currently accessing the Internet are vulnerable to this attack. Our attack, which is an extension of the last-level cache attacks of Yarom et al., allows a remote adversary recover information belonging to other processes, other users and even other virtual machines running on the same physical host as the victim web browser. We describe the fundamentals behind our attack, evaluate its performance using a high bandwidth covert channel and finally use it to construct a system-wide mouse/network activity logger. Defending against this attack is possible, but the required countermeasures can exact an impractical cost on other benign uses of the web browser and of the computer.” Cite as arXiv:1502.07373 [cs.CR]

New GAO Reports – Cybersecurity, Management of Excess Uranium, Homeland Security, Indian Affairs

Cybersecurity: Actions Needed to Address Challenges Facing Federal Systems, GAO-15-573T: Published: Apr 22, 2015. Publicly Released: Apr 22, 2015. Department of Energy: Management of Excess Uranium, GAO-15-475T: Published: Apr 22, 2015. Publicly Released: Apr 22, 2015. Homeland Security Acquisitions: Addressing Gaps in Oversight and Information is Key to Improving Program Outcomes, GAO-15-541T: Published: Apr 22,Continue Reading

Cyber In-securIty II Closing the Federal Talent Gap

Partnership for Public Service and Booz Allen Hamilton – Cyber In-securIty II Closing the Federal Talent Gap, April 2015. “Technology has changed our lives. Individuals can email, text and talk to each other, take pictures, get directions, watch television, control their home appliances, read the news, play games and manage their schedules using a device thatContinue Reading

House Reconsiders Data Breach Bill

EPIC – “Members of the Energy and Commerce Committee have convened to rework the Data Security and Breach Notification Act. The Act, introduced by Reps. Blackburn and Welch, would require businesses to notify consumers of a data breach “unless there is no reasonable risk of identity theft or financial harm.” The bill would also preemptContinue Reading

Verizon 2015 Data Breach Investigations Report

“Verizon’s “2015 Data Breach Investigations Report,” released today, reveals that cyberattacks are becoming increasingly sophisticated, but that many criminals still rely on decades-old techniques such as phishing and hacking. According to this year’s report, the bulk of the cyberattacks (70 percent) use a combination of these techniques and involve a secondary victim, adding complexity toContinue Reading

Financial malware explained

IBM Software Thought Leadership White Paper. Financial malware explained – Explore the lifecycle of fraudulent transactions and how to take action against emerging threats. December 2014. “Financial malware—that is, malicious software designed to enable fraudulent transactions—is a growing concern for line-of- business executives, heads of retail and commercial banking, readers of global compliance operations, andContinue Reading

H.R. 1560, Protecting Cyber Networks Act

“H.R. 1560 would establish within the Office of the Director of National Intelligence (ODNI) a center that would be responsible for analyzing and integrating information from the intelligence community related to cyber threats. In addition, the bill would require the government to establish procedures for sharing information and data on cyber threats between the federalContinue Reading

Consensus-as-a-service: a brief report on the emergence of permissioned, distributed ledger systems

Via Great Wall of Numbers this Report by Tim Sanson, April 6, 2015 – Highlights: •”Distributed ledgers and cryptocurrency systems are fundamentally different. •The key difference involves how transactions are validated: Bitcoin uses pseudonymous and anonymous nodes to validate transactions whereas distributed ledgers require legal identities – permissioned nodes to validate transactions. •Consequently, distributed ledgersContinue Reading

New GAO Reports – Indian Housing Block Grant Program, Defense Acquisitions, FDIC Info Security, Tanker Aircraft

Data Use and Regulatory Status of the Indian Housing Block Grant Program, GAO-15-353R: Published: Mar 10, 2015. Publicly Released: Apr 9, 2015. Defense Acquisitions: Assessments of Selected Weapon Programs [Reissued on April 9, 2015], GAO-15-342SP: Published: Mar 12, 2015. Publicly Released: Mar 12, 2015. Information Security: FDIC Implemented Many Controls over Financial Systems, but OpportunitiesContinue Reading

Hearts Continue to Bleed – Heartbleed One Year Late

Venafi Labs Analysis: Hearts Continue to Bleed Heartbleed One Year Later – Vast Majority of Global 2000 Organizations Remain Vulnerable to Cyberattacks Executive Summary – “Using the recently released Venafi TrustNet certificate reputation service, the Venafi Labs team re-evaluated SSL/TLS vulnerabilities in Q1 2015 and found that most Global 2000 organizations have failed to completelyContinue Reading

CRS – Cyberwarfare and Cyberterrorism

Cyberwarfare and Cyberterrorism: In Brief, Catherine A. Theohary, Specialist in National Security, Policy and Information Operations. John W. Rollins, Specialist in Terrorism and National Security. March 27, 2015. “Recent incidents have highlighted the lack of consensus internationally on what defines a cyberattack, an act of war in cyberspace, or cyberterrorism. Cyberwar is typically conceptualized asContinue Reading

White House Announces A New Tool Against Cyber Threats

“It’s one of the great paradoxes of our Information Age — the very technologies that empower us to do great good can also be used by adversaries to inflict great harm. The same technologies that help keep our military strong are used by hackers in China and Russia to target our defense contractors and systems that supportContinue Reading