Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Category Archives: PC Security

WSJ – Level 3 Tries to Waylay Hackers

Drew Fitzgerald – WSJ.com – “Earlier this month, Brett Wentworth took Level 3 Communications Inc. into territory that most rivals have been reluctant to enter. The director of global security at the largest carrier of Internet traffic cut off data from reaching a group of servers in China that his company believed was involved in an active hacking attack. The decision was reached after a broad internal review. The Broomfield, Colo., company is taking an aggressive—and some say risky approach—to battling criminal activity. Risky because hackers often hijack legitimate machines to do their dirty work, raising the risk of collateral damage by sidelining a business using the same group of servers. Such tactics also run against a widely held belief that large carriers should be facilitating traffic, not halting it. And carriers are reluctant to create the expectation that they will police the Internet. Yet with attacks on the rise, Level 3 three years ago decided it is worth the risks. At a rate of about once every few weeks, the carrier is shutting down questionable traffic that doesn’t involve any of its clients. When the source of the trouble is hard to pinpoint, it often casts a wide net and intercepts traffic from large blocks of Internet addresses. Recently, that meant stopping traffic from a powerful network of computer servers controlled by a group of hackers that security researchers dubbed SSHPsychos. The group used rented machines in a data center to hack other computers that could bring down target websites by flooding them with junk traffic. Level 3 blocked a broad swath of the Hong Kong-registered data center’s IP addresses from the Internet.”

UN Report Champions Encryption and Anonymity

EPIC – “The UN Special Rapporteur on Freedom of Expression released a report today supporting strong encryption and anonymity tools. The Rapporteur finds that, “States should not restrict encryption and anonymity, which facilitate and often enable the rights to freedom of opinion and expression.” EPIC previously urged the UN to support secure, anonymous communications, stating,Continue Reading

What Every Librarian Needs to Know About HTTPS

EFF – “Librarians have long understood that to provide access to knowledge it is crucial to protect their patrons’ privacy. Books can provide information that is deeply unpopular. As a result, local communities and governments sometimes try to ban the most objectionable ones. Librarians rightly see it as their duty to preserve access to books,Continue Reading

The Spy in the Sandbox – Practical Cache Attacks in Javascript

The Spy in the Sandbox — Practical Cache Attacks in Javascript. Yossef Oren, Vasileios P. Kemerlis, Simha Sethumadhavan, Angelos D. Keromytis (Submitted on 25 Feb 2015 (v1), last revised 1 Mar 2015 (this version, v2)) “We present the first micro-architectural side-channel attack which runs entirely in the browser. In contrast to other works in thisContinue Reading

House Reconsiders Data Breach Bill

EPIC – “Members of the Energy and Commerce Committee have convened to rework the Data Security and Breach Notification Act. The Act, introduced by Reps. Blackburn and Welch, would require businesses to notify consumers of a data breach “unless there is no reasonable risk of identity theft or financial harm.” The bill would also preemptContinue Reading

CRS – Cyberwarfare and Cyberterrorism

Cyberwarfare and Cyberterrorism: In Brief, Catherine A. Theohary, Specialist in National Security, Policy and Information Operations. John W. Rollins, Specialist in Terrorism and National Security. March 27, 2015. “Recent incidents have highlighted the lack of consensus internationally on what defines a cyberattack, an act of war in cyberspace, or cyberterrorism. Cyberwar is typically conceptualized asContinue Reading

Even more unwanted software protection via the Safe Browsing API

Google Online Security Blog: ” Deceptive software disguised as a useful download harms your web experience by making undesired changes to your computer. Safe Browsing offers protection from such unwanted software by showing a warning in Chrome before you download these programs. In February we started showing additional warnings in Chrome before you visit aContinue Reading

The Emergence of Cybersecurity Law

Prepared for the Indiana University Maurer School of Law by Hanover Research | February 2015 “This paper examines cyberlaw as a growing field of legal practice and the roles that lawyers play in helping companies respond to cybersecurity threats. Drawing on interviews with lawyers, consultants, and academics knowledgeable in the intersection of law and cybersecurity,Continue Reading

Report – Largest global manufacturer of SIM cards hacked

The Intercept – Jeremy Scahill and Josh Begley – “American and British spies hacked into the internal computer network of the largest manufacturer of SIM cards in the world, stealing encryption keys used to protect the privacy of cellphone communications across the globe, according to top-secret documents provided to The Intercept by National Security AgencyContinue Reading

Paper – The Quest to Replace Passwords

The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes, by Joseph Bonneau, Cormac Herley, Paul C. van Oorschot, Frank Stajano. “We evaluate two decades of proposals to replace text passwords for general-purpose user authentication on the web using a broad set of twenty-five usability, deployability and security benefits that anContinue Reading

Hearing Before the Senate On Protecting America from Cyber Attacks: The Importance of Information Sharing

CDT – “Greg Nojeim’s testimony for the January 28th hearing before the Senate Homeland Security and Government Affairs Committee on Protecting America from Cyber Attacks. He will explain how Congress can embrace cybersecurity information sharing policies with appropriate authorities and safeguards that enhance both privacy and security, first describing the cybersecurity threat then identifying different approachesContinue Reading

Prying Eyes: Inside the NSA’s War on Internet Security

By SPIEGEL Staff: “…Software giant Microsoft, which acquired Skype in 2011, said in a statement: “We will not provide governments with direct or unfettered access to customer data or encryption keys.” The NSA had been monitoring Skype even before that, but since February 2011, the service has been under order from the secret US ForeignContinue Reading