The Biggest Security Threats We’ll Face in 2016:
Hackers are nothing if not persistent. Where others see obstacles and quit, hackers brute-force their way through barriers or find ways to game or bypass them. And they’ll patiently invest weeks and months devising new methods to do so.
There’s no Moore’s Law for hacking innovation, but anyone who follows cybersecurity knows that techniques get bolder and more sophisticated each year. The last twelve months saw several new trends and next year no doubt will bring more.
Source: Wired
Senator Dianne Feinstein, ranking member on the powerful Intelligence committee, said she was working on a bill to outlaw such encryption tools. She recently called encryption - the bedrock for not only privacy and security, but e-commerce and the entire web infrastructure – the “internet’s achilles heel”. Are these the type of technological illiterates we want crafting sweeping laws that will affect our technology for years?
Even Comey admitted this type of law wouldn’t stop terrorists from using encryption. After all, they’ve been using encryption for decades, and even now, the top five encrypted applications Isis supposedly recommends to their followers are either open-source (meaning the code is already all over the internet), made by companies in other countries, or both. As a report by Open Technology Institute released yesterday stated: “When it comes to encryption, the horse is out of the barn, the ship has sailed, and the toothpaste isn’t going back in the tube. The math, and the technology, is already out there.”
So basically what the FBI director is proposing is that we lower everyone’s security for the applications that are popular with hundreds of millions of people – even if terrorists will still be able to use encryption unimpeded. Is this really what we want to do, all in the name of “keeping us safe”?
Source: theguardian.com
Here’s a Spy Firm’s Price List for Secret Hacker Techniques:
The trade in the secret hacker techniques known as “zero day exploits” has long taken place in the dark, hidden from the companies whose software those exploits target, and from the privacy advocates who revile the practice. But one zero-day broker is taking the market for these hacking techniques into the open, complete with a full price list.
In an unprecedented move Wednesday, the zero-day broker startup Zerodium published a price chart for different classes of digital intrusion techniques and software targets that it buys from hackers and resells in a subscription service to customers that include government agencies. The list, which details the sums it pays for attack methods that effect dozens of different applications and operating systems, represents one of the most detailed views yet into the controversial and murky market for secret hacker exploits.
Source: Wired
Here’s a Spy Firm’s Price List for Secret Hacker Techniques:
The trade in the secret hacker techniques known as “zero day exploits” has long taken place in the dark, hidden from the companies whose software those exploits target, and from the privacy advocates who revile the practice. But one zero-day broker is taking the market for these hacking techniques into the open, complete with a full price list.
In an unprecedented move Wednesday, the zero-day broker startup Zerodium published a price chart for different classes of digital intrusion techniques and software targets that it buys from hackers and resells in a subscription service to customers that include government agencies. The list, which details the sums it pays for attack methods that effect dozens of different applications and operating systems, represents one of the most detailed views yet into the controversial and murky market for secret hacker exploits.
Source: Wired
Bekrar explained that the winning team found a “number of vulnerabilities” in Chrome and iOS to bypass “almost all mitigations” and achieve “a remote and full browser-based (untethered) jailbreak.”
If true, this is a considerable feat. No one had found a way (at least that’s publicly known) to jailbreak an iPhone remotely for more than a year, since iOS 7.
Source: Vice Magazine
WikiLeaks Is Publishing the CIA Director’s Hacked Emails:
WikiLeaks may describe itself as an outlet for whistleblowers, but it’s never hesitated to publish stolen documents offered up by a helpful hacker, either. So it’s no surprise that it’s now leaked the pilfered files of the CIA’s director, John Brennan.
Source: Wired
Hackers Make Cars Safer. Don’t Ban Them From Tinkering:
Virtually every new car sold today has some sort of network connection. Most of us are aware of these connections because of the remarkable capabilities they place at our fingertips—things like hands-free communication, streaming music, advanced safety features, and navigation. Today’s cars are a rolling network of small computers that control the drivetrain, braking, and other systems. And just like the entertainment and navigation systems, these computers are “connected,” too.
This connectivity within—and between—vehicles will allow transformative innovations like self-driving cars. But it also will make our cars targets for hackers. The security research community can play a valuable role in helping the auto industry stay ahead of these threats. But rather than encouraging collaboration, Congress is discussing legislation that would make illegal the kind of research that already has helped improve the industry’s approach to security.
Source: Wired
Hackers Can Silently Control Siri From 16 Feet Away:
Siri may be your personal assistant. But your voice is not the only one she listens to. As a group of French researchers have discovered, Siri also helpfully obeys the orders of any hacker who talks to her—even, in some cases, one who’s silently transmitting those commands via radio from as far as 16 feet away.
Source: Wired