background preloader

HTTB Direct Distributions 25-28 August 2012 (V3)

Facebook Twitter

Researchers Counter Massive Onslaught of Fake Torrents. One third of all torrents uploaded to The Pirate Bay point to malware or scams, researchers report.

Researchers Counter Massive Onslaught of Fake Torrents

While Pirate Bay moderators are usually quick to remove suspect torrents they can't prevent millions of people from downloading these fake files. To counter this threat the researchers have published TorrentGuard, a tool that allows users to identify fake torrents. The Pirate Bay and several large public trackers are eager to collaborate with the researchers to optimize and implement the new technology.

With an estimated quarter billion active users per month, BitTorrent is a lucrative target for scammers and malware peddlers. New Megaupload Will Be Massive Global Network To Change The World. Several weeks ago Kim Dotcom informed the world that Megaupload would be back, bigger and better than ever.

New Megaupload Will Be Massive Global Network To Change The World

Toyota Accuses Former Contractor of Hacking Website to Steal Trade Secrets. Toyota representatives have filed a complaint against former contractor Ibrahimshah Shahulhameed, accusing the man of violating Kentucky's Trade Secret Act by hacking into the toyotasupplier.com website – utilized by the firm to exchange sensitive information with suppliers – to copy sensitive data and alter software.

Toyota Accuses Former Contractor of Hacking Website to Steal Trade Secrets

Lessons for CISOs of Apple-Samsung Case. Patent Infringement Liability Can Extend to Users of Technology ACQ Subscribe One takeaway from the $1-billion-plus verdict against Android-maker Samsung for infringing Apple patents is that the users of infringed technology also could be held legally liable, patent attorney Jim Denaro says.

Lessons for CISOs of Apple-Samsung Case

"It's actually quite possible for end users to be sued for patent infringement for using widely available open-source solutions for information security products," Denaro, of the CipherLaw Group, says in an interview with Information Security Media Group. On Aug. 24, a federal jury found Samsung guilty of willfully infringing on Apple patents in creating its own mobile products. Samsung says it would appeal the verdict, which recommends damages exceeding $1 billion. Denaro says he doubts that Apple would file infringement suits against users of Samsung Android products, but that still doesn't mean users can't be sued for patent infringement.

Handling Security in a Centralized HIE. CEO of Maine Exchange Describes Strategy As those developing health information exchanges weigh various data architecture models, the CEO of Maine's HealthInfoNet argues that its model, which relies on a central data repository, offers the best security.

Handling Security in a Centralized HIE

Rethinking Security Best Practices. Researcher Provides Insights Based on Ongoing Project ACQ Subscribe Healthcare organizations need to rethink security best practices and tap new technologies as a result of the growth in health information exchange and the use of mobile devices, says researcher Carl Gunter.

Rethinking Security Best Practices

Dramatic changes in healthcare delivery are presenting significant security and privacy challenges, says Gunter, a professor of computer science at the University of Illinois at Urbana-Champaign, who's leading an ambitious federally funded research project. "There's been a big change in healthcare environments. Where data [once] came from sensors in hospitals ... now [it comes from] mobile devices ranging from health and fitness devices like pedometers to implanted medical devices," he says in an interview with HealthcareInfoSecurity. As a result, Gunter and his fellow researchers are considering how security best practices - such as for access control and encryption - need to evolve. Is the death knell sounding for traditional antivirus? Antivirus developers need to run malcode in their labs in order to create malware-identifying signatures. What happens if they can't? Developers of traditional antivirus depend on: The ability to run malware in their labs.

The ability to automatically analyze malware. What if they couldn't do either? DDoS attack stymies vote in Miss Hong Kong beauty contest. So much for democracy in Hong Kong.

DDoS attack stymies vote in Miss Hong Kong beauty contest

Residents of the island, a Special Administrative Region of China, are up in arms after plans for a popular vote in the Miss Hong Kong beauty pageant were sidelined by a distributed denial-of-service attack that knocked the voting system offline. The attack on Sunday evening swamped systems used for the vote with millions of bogus votes – far more than contest organizers had anticipated. Organizers were forced to cancel the online vote and ask the pageant judges to elect the winner themselves, according to a story in The Standard.

What is the TPP, and why should you care? Remember the furore surrounding SOPA/PIPA in the US, or ACTA in the EU?

What is the TPP, and why should you care?

It seems like acronym-tagged agreements with far-reaching IP agendas are causing quite a stir this year. Now there is a new one to watch out for: TPP, the Trans-Pacific Partnership Agreement Intellectual Property Chapter. This multinational 'free trade' agreement has been under secret negotiation since 2008. Nine Pacific nations are at the table, including the US, Australia and New Zealand. It includes provisions that extend intellectual property protection and enforcement on an international plane.

NFC token for Android smartphones. The YubiKey Neo hardware token represents an interesting new concept for one-time passwords on NFC-capable Android smartphones.

NFC token for Android smartphones

Rather than typing them in, the token uses the near field communication (NFC) standard to send generated one-time passwords to a smartphone. To unlock items such as the password safe application LastPass, the YubiKey key fob token is simply brushed across the back of the phone after logging in. The token can be configured to open a chosen URL after NFC contact, with the one-time password appended as a parameter. No special software needs to be installed: the key fob uses a feature known as Android Beam, which was added to the mobile operating system in Ice Cream Sandwich. ICS-CERT: Oil and Natural Gas Pipeline Intrusion Campaign.

ICS-CERT continues to gather information on the recent Oil and Natural Gas (ONG) pipeline intrusion campaign.

ICS-CERT: Oil and Natural Gas Pipeline Intrusion Campaign

This campaign, as first outlined in the April issue of the Monthly Monitor, refers to an active series of cyber intrusions targeting natural gas pipeline sector companies. Air Force Openly Seeking Cyber-Weapons. Your Organizational Chart Tells a Security Story. Article by Shawna Turner-Rice. Cyberwar! Let’s Work Through This, Shall We... Proposed Import Ban on Intel Chips Extends to Apple, HP.