Are you the publisher? Claim or contact us about this channel


Embed this content in your HTML

Search

Report adult content:

click to rate:

Account: (login)

More Channels


Showcase


Channel Catalog


Channel Description:

The latest news on INFOSEC from Business Insider

older | 1 | 2 | 3 | (Page 4)

    0 0

    Neiman Marcus Boston

    (Reuters) - Hackers breached the computer networks of luxury department store chain Neiman Marcus as far back as July, an attack that was not fully contained until Sunday, the New York Times reported, citing people briefed on the investigation.

    Neiman Marcus said on Friday that hackers may have stolen customers' credit and debit card information, the second cyber attack on a retailer in recent weeks.

    Neiman Marcus had said it first learned in mid-December of suspicious activity that involved credit cards used at its stores.

    However, in a call with credit card companies on Monday, Neiman acknowledged that the attack had only been fully contained a day earlier, and that the time stamp on the first intrusion was in mid-July, the paper said. (http://link.reuters.com/kyd26v)

    Neiman Marcus spokeswoman Ginger Reeder declined to comment to Reuters on the New York Times report about the July hack attack.

    "We did not get our first alert that there might be something wrong until mid-December. We didn't find evidence until January 1," Reeder told Reuters late on Thursday.

    Neiman Marcus did not say how many credit cards were affected but said that customer social security numbers and birth dates were not compromised.

    "Customers that shopped online do not appear at this time to have been impacted by the criminal cyber-security intrusion. Your PIN was never at risk because we do not use PIN pads in our stores," Chief Executive Karen Katz wrote in a letter to customers, a copy of which was posted on the company's website.

    Katz said the company has taken steps to contain the situation, including working with federal law enforcement, disabling the malware and enhancing security tools.

    The company is also assessing and reinforcing its related payment card systems, Katz said.

    The U.S. government on Thursday provided merchants with information gleaned from its confidential investigation into the massive data breach at Target Corp, in a move aimed at identifying and thwarting similar attacks that may be ongoing.

    (Reporting by Sakthi Prasad in Bangalore and Jim Finkle in Boston; Editing by Supriya Kurane)

    Join the conversation about this story »


    0 0

    snowden

    A popular encryption tool used and endorsed by ex-NSA contractor Edward Snowden abruptly shut down on Wednesday, with its website telling users the tool is "not secure" without giving additional detail.

    The decade-old tool — called TrueCrypt — allowed users to encrypt sensitive files and hard drives and was a favorite of security-minded individuals. One of those people was Edward Snowden, who hosted a "Crypto Party" in Dec. 2012 to teach a group of people how it to encrypt hard drives and USB sticks, while still working as a contractor for the NSA in a Hawaii.

    But the sudden closure of TrueCrypt has led some to speculate the anonymous developers behind it had aroused the eye of the U.S. government and they decided to just throw in the towel. (Snowden's encrypted email service, Lavabit, suffered a similar fate).

    The "advisory comes as a shock to the security community, though no one has been able to confirm its authenticity so far,"wrote Runa Sandvik, a developer of the Tor anonymous web browser, in Forbes.

    Interestingly, the shut down came as a full-scale professional security audit of the TrueCrypt software was underway, led by Matthew Green, a cryptographer and professor at Johns Hopkins University, journalist Brian Krebs reported.

    So far, the audit had not found anything suspicious in the code, but Green told Brian Krebs the fact TrueCrypt has been taken down could lead some to believe there's some "big evil vulnerability in the code."

    "I was starting to have warm and fuzzy feelings about the code, thinking [the developers] were just nice guys who didn’t want their names out there,” Green told Brian Krebs. "But now this decision makes me feel like they’re kind of unreliable. Also, I’m a little worried that the fact that we were doing an audit of the crypto might have made them decide to call it quits."

    Join the conversation about this story »


    0 0

    smart fridge

    The surge of Web-connected devices -- TVs, refrigerators, thermostats, door locks and more -- has opened up huge opportunities for cyberattacks because of weak security, researchers said Tuesday.

    A study by the Hewlett-Packard security unit Fortify found 70 percent of the most commonly used "Internet of Things" devices contain vulnerabilities, including inadequate passwords or encryption, or lax access restrictions.

    "While the Internet of Things will connect and unify countless objects and systems, it also presents a significant challenge in fending off the adversary given the expanded attack surface," said Mike Armistead, vice president and general manager for Fortify's enterprise security.

    "With the continued adoption of connected devices, it is more important than ever to build security into these products from the beginning to disrupt the adversary and avoid exposing consumers to serious threats."

    The study comes amid recent security warnings about hacking of medical devices, cars, televisions and even toilets that have an Internet connection.

    The researcher scanned the most popular devices and their cloud components and found on average 25 vulnerabilities per device. These products included TVs, webcams, home thermostats, remote power outlets, sprinkler controllers, hubs for controlling multiple devices, door locks, home alarms, scales and garage door openers.

    The study said eight of 10 devices tests leaked private information that could include the user's name, email address, home address, date of birth, credit card or health information.

    Most of the devices lacked passwords, making it easier for hackers or others to gain access while some included simple default passwords such as "1234."

    Some 70 percent of the devices analyzed failed to use encryption for communicating with the Internet and local network, another weakness that makes for easy outside access.

    HP said that while demand for these devices is surging, security has failed to keep pace, and this "opens the doors for security threats" from a variety of sources.

    The study said some estimates indicate as many as 26 billion devices will be connected to the Internet by 2020.

    "Fortunately, there's still time to secure devices before consumers are at risk," the report said.

    Join the conversation about this story »


    0 0

    U.S. Department of Homeland Security analysts work at the National Cybersecurity & Communications Integration Center (NCCIC) located just outside Washington in Arlington, Virginia on September 24, 2010.

    WASHINGTON (Reuters) - A company that performs background checks for the U.S. Department of Homeland Security said on Wednesday it was the victim of a cyber attack, adding in a statement that "it has all the markings of a state-sponsored attack."

    The computer breach at Falls Church, Virginia-based US Investigations Services (USIS) probably involved the theft of personal information about DHS employees, according to the Washington Post, which first reported the story.

    DHS has suspended all work with the company amid an investigation by the FBI, the Post reported. A U.S. government official confirmed to Reuters that the FBI is investigating the breach.

    The Office of Personnel Management has also suspended work with USIS out of an abundance of caution, it said, adding that government officials do not believe the breach has affected non-DHS employees.

    “Our forensic analysis has concluded that some DHS personnel may have been affected, and DHS has notified its entire workforce” of the attack, department spokesman Peter Boogaard was quoted by as saying by the newspaper.

    "We are working collaboratively with OPM and DHS to resolve this matter quickly and look forward to resuming service on all our contracts with them as soon as possible," USIS said in the statement on its website.

    "We will support the authorities in the investigation and any prosecution of those determined to be responsible for this criminal attack," it said.

    "Experts who have reviewed the facts gathered to-date believe it has all the markings of a state-sponsored attack," the company said.

    USIS says it is the biggest commercial provider of background investigations to the federal government, has over 5,700 employees and provides services in all U.S. states and territories, as well as abroad.

    (Reporting by Eric Walsh; Editing by Eric Beech)

    This article originally appeared at Reuters. Copyright 2014. Follow Reuters on Twitter.

    Join the conversation about this story »


    0 0

    cybersecurity

    Browsing the web may be easy, but ensuring your digital safety is not.

    That's why there are hundreds of companies around providing numerous products to safeguard consumers and companies from malicious actors. While many of these companies offer seemingly identical products, some of the best are not only protecting users but researching what hackers are doing and exposing them.

    Here are a few of the most influential companies on the market today, the people behind these firms, and some of the important vulnerabilities they've brought to light.

     

    Kaspersky Lab: Eugene Kaspersky

    Kaspersky Lab was founded in 1997 by the storied Russian security specialist Eugene Kaspersky. From the beginning it has provided anti-virus software to large companies. But in the 2000s it expanded to offer more wide-reaching products including consumer and mobile security products.

    Its researchers have been known to expose some of the most famous hacking groups and their malware. These include Flame — which was discovered in 2012 as a highly advanced cyber espionage program — as well as the Equation group, which was just announced this year as a clandestine computer spying ring. Kaspersky Labs’ headquarters are in Moscow, although it has over 30 offices globally. 



    FireEye: Dave DeWalt

    FireEye is a California-based network security firm. It offers services meant to manage networks for potential threats as well as offer its customers detailed threat intelligence. The company has joined forces with federal authorities, universities, and other security groups to discover and combat various malware. Most recently, FireEye discovered a group of hackers known as FIN4, which was targeting Wall Street to steal insider information.

    Its CEO, Dave DeWalt, is a well-known heavyhitter in the cybersecurity scene. He worked as CEO of the security company McAfee, and then reportedly turned down 40 other positions until he settled on taking the helm at FireEye.



    Palo Alto Networks: Nir Zuk

    Founded in 2005, Palo Alto Networks is a network security company known for building advanced firewalls directed toward enterprise customers. Its founder, Nir Zuk, worked as an engineer at Check Point and NetScreen Technologies.

    Most of Palo Alto Networks’ products revolve around network traffic. The company has also made some important malware discoveries, most recently a family of malware known as “WireLurker” that took direct aim at Apple products. 



    See the rest of the story at Business Insider

    0 0

    ofer vilenski hola ceo vpn botnet accusation vulnerability

    It has not been a good week for Hola.

    The Israeli company is behind a wildly popular browser plugin and app that disguises users' identities online. Over the last few days, it has been hit with a deluge of negative press after it emerged that users of the service had had their computers hijacked and used as a giant "botnet" to attack a website

    A botnet is a network of (normally) unwitting computers hijacked by a third party, and used to launch some kind of malicious attack, or just to overwhelm a web site or server with fake requests or traffic.

    Exacerbating the criticism is the fact that Hola is openly selling its users' bandwidth via a commercial side project called Luminati, and researchers claim to have discovered a number of serious security vulnerabilities in the software.

    After reports that users' computers had been hijacked and the company was selling users' bandwidth, Hola CEO Ofer Vilenski told Business Insider that the company"has been listening to the conversations about Hola... [and] have decided to provide more details about how this works."

    Then, following the publication of two highly critical reports from security researchers, one accusing the company of"negligence, plain and simple," we reached out to Vilenski again. He told me the company has experienced some "growing pains," but that the security issues have since been patched — and hopes to grow into a "great billion dollar company."

    What is Hola?

    Based in Israel, Hola has 75 employees (around 35 of which are developers), and has received more than $20 million in venture capital funding since its launch. Before the current firestorm it had enjoyed positive press coverage, including CNN Money and here on Business Insider. Its website says it has more than 47 million users around the world.

    So what does it do?

    Hola lets users access websites that are unavailable or censored on their connections. A user might want to circumvent a workplace's block on Facebook, or to access a video streaming service not available in their country. To do this, Hola uses what is known as a VPN, or virtual private network.

    Most commercial VPN services require users to pay to use them, but Hola is totally free (though offers a paid option). Why? Because while most companies like this own or rent dedicated servers to act as "exit nodes" through which the user accesses the internet, Hola pursues a different approach. Everyone is an exit node.

    So, for example, when a British user sets their location on the tool as Norway, their internet traffic is being routed through the connection of a randon Norwegian user on the Hola network. And simultaneously, the British user's connection may be used as the exit node for a South African user to connect to the web. It's a peer-to-peer network that does away with the need for dedicated hardware — allowing it be offered as a free service.

    Hola doesn't hide the fact it works on a peer-to-peer system, although it wasn't always immediately clear from the website that users will by default act as an exit node. (Users can also pay a premium subscription fee to opt out of this.)

    Hola also sells its users' bandwidth

    Hola also operates a second service — one that sells Hola users' bandwidth for profit. It's called Luminati, and its customers can hire the Hola network for their own purposes. The company suggests it can be used for brand monitoring or anti ad-fraud checks, but a salesperson told security researchers that the company has"no idea what [customers] are doing on our platform."

    This can have dangerous implications — as Fredrik Brennan found out. He claims the Hola network was used to attack his website last week.

    Brennan, often known by the online moniker "Hotwheels," is the administrator of 8chan, a countercultural online messageboard. The site was targeted by thousands of "legitimate-looking" posts, he wrote in a blog post, "prompting a 100x spike over peak traffic."

    The Hola network — and the computers of users on it — had been used as a giant botnet, a network of hijacked machines intended to overwhelm the site, Brennan claims.

    Before recent events, there was only a brief acknowledgement on Hola's site that the network might be used for "commercial" purposes, and no mention at all of Luminati, which has been in operation since at least October 2014. (A fuller explanation has since been added.) As such, it's doubtful that many users realise Hola is selling their bandwidth.

    A Reddit thread from last week discussing the subject was filled users expressing their surprise and asking how to uninstall it. (And in an unscientific strawpoll of people I know who use Hola, none were aware that they were being used as an exit node on the network — much less that their bandwidth was being sold by Hola.)

    "Even if they had said it all along in their FAQ,"wrote one commenter on news site Hacker News, "it's still infuriatingly disingenuous for someone to act as if anyone ever browses to Hola's site and reads their FAQ either before or after installing the Hola malware extension. No ordinary person will ever do this."

    Vilenski did not comment on how many clients Luminati has.

    Security researchers pile on

    Vilenski confirmed that Luminati had been used to mount the attack, though he told me last week that there was nothing uniquely vulnerable about Hola's VPN — the hacker "could have used any commercial VPN network, but chose to do so with ours." The attacker has since been blocked from the service.

    Since then, however, security researchers have pointed out a number of further vulnerabilities in Hola's software.

    It began with a report entitled "Adios, Hola!" that urged users to "immediately uninstall" the service. It said that Hola:

    • Lets users "be tracked across the internet, no matter what you do."
    • Makes users less secure by "[sending] traffic of strangers through your internet connection"— a reference to Hola's peer-to-peer model where everyone is an exit node.
    • "[Sells] access to third parties, and [doesn't] care what it's used for." When a researcher asked the company how it enforces its terms of service for Luminati, the company responded "we don't... we have no idea what you are doing on our platform."
    • Lets "anybody execute code on your computer." The researchers say they found a vulnerability in Hola that lets websites remotely execute code on a user's computer. They built an example that opened a calculator on Windows users' computers — but it could also be used for far more malicious purposes. Here's a video of the demonstration:

    Following the publication of the report, Hola moved to patch the vulnerabilities, and Vilenski told me that the security vulnerabilities have now been fully patched.

    But an update to the Adios Hola post disputes this, saying that "many of the issues are ignored, and some claims [in a Hola statement] are simply false."

    It continues: "The vulnerabilities are *still* there, they just broke our vulnerability checker and exploit demonstration. Not only that; there weren't two vulnerabilities, there were six."

    One of the researchers told Motherboard that"while some bugs were fixed, the most critical ones haven't been, making it still possible to hack Hola users."

    Vilenski countered that he disagrees, and that he cares "more about my users than what that website says." He invites the researchers behind Adios Hola to present details of the six vulnerabilities that are allegedly still in effect.

    That's not all: Vulnerabilties in Hola have allegedly been exploited in the past. A second security report, this time from Vectra, discovered 5 pieces of malware online "that contain the Hola protocol."

    If true, this means that anyone who has used Hola in the past may have been actively targeted by hackers.

    "Unsurprisingly," Vectra writes, "this means that bad guys had realised the potential of Hola before the recent flurry of public reports by the good guys."

    Vilenski confirmed to me Hola was not aware of its vulnerabilities until the publication of the first report.

    Hola hasn't alerted its users

    Following an avalanche on negative publicity everywhere from the BBC to Motherboard, Hola updated its FAQ to explain more clearly the Luminati service, as well as a blog post in which the company says it fixed the vulnerabilities identified. The company's website now has a banner across the top explaining clearly that users' bandwidth may be used by others.

    hola website

    But Hola users may not understand the technical details of how their computers are being used by the company, and unless they visit the website again, they're unlikely to find out — because as Vilenski told me, the company has made no attempt to contact existing users to explain how the tool works or that their bandwidth is being sold for profit. Hola can't contact them. It apparently has no way to.

    This also means Hola has not alerted users about the vulnerabilities on the platform either — vulnerabilities that have been used to target Hola users in the past (and according to some security researchers, are still active).

    (The company also hasn't alerted its users via its Facebook or Twitter profiles, neither of which has been updated in several months.)

    In theory, Hola could use its browser plugin to display a message explaining the peer-to-peer system, the nature of Luminati, and the vulnerabilities that may have compromised their computers. When I asked if he would commit to doing so, Vilenski told me that while it's a "good idea," but he "cannot make that promise."

    The company does not want to be "technically intrusive."

    Hola defends itself

    Again, Vilenski claims that all the vulnerabilities Hola knows about have been patched, and says that researchers should explain exactly what they've found to the contrary, instead of accusing him of negligence.

    Vilenski also says it's important to keep this in proportion. He argues that the vulnerabilities amount to "growing pains," similar to what has happened to other big companies in the past. If you put a "big enough bounty" on any product, vulnerability will be found, and Hola has "just become big enough to become attractive to this scrutiny."

    He also argues that Hola's peer-to-peer system is analogous to Skype, which also uses a similar method to transmit data. But Skype will only route voice data through the computers of users on the network, while Hola uses web data — and also caches content on users' machines, Vectra's report says.

    This means if you were being used as an exit node for someone browsing child pornography, then that illegal material would be being saved on your machine. Vilenski counters that it would be unwise to use Hola for illegal activity, as they keep a map of the traffic between nodes, and will cooperate fully with law enforcement.

    Vilenski also says that, on average, a user will only give up 6 MB of bandwidth per day using Hola, and only when their device is idle. It will not use devices' bandwidth when not plugged in so as not to waste battery power, for example. However, he couldn't put a figure on what the maximum bandwidth usage might be.

    The future of Hola?

    Vilenski remains positive about the future of the platform. It has seen no meaningful decrease in users as a result of the recent news (though this may be at least in part because they haven't been widely notified), and every developer at the company is currently working to improve security. Hola is also paying for a security audit from one of the"big 4 auditing companies' cyber auditing team," and launching a bounty program to encourage researchers to discover and declare more bugs.

    Looking ahead, Hola plans to launch a B2B video product that could cut the cost of distributing video on the internet by 90%. The aim is to "build a great billion dollar company," Vilenski told me.

    It remains to be seen whether it can win back users' trust, however — or convince security professionals that its services can be relied on. And there are more immediate hurdles to overcome: The company's Google Chrome plugin, which once had more than 16 thousand positive reviews, has now been removed by Google from the Chrome Web Store.

    Join the conversation about this story »

    NOW WATCH: A Computer Just Solved A 400-Year-Old Math Problem About The Best Way To Stack Balls


    0 0

    drill sergeant

    The American military has been breeding the US' top leaders since the day the Declaration of Independence was signed. 

    But once they're done serving their country, many head to the financial services sector. 

    That means bringing four-star general experience onto corporate boards, and, the mettle forged in jet fighting missions into management. 

    That includes David Petraeus, who headed the CIA before resigning, and, later, taking a post at private equity firm KKR. Others might be surprised to see our list include Blackstone Group CEO Stephen Schwarzman. 

    There are a lot of other Wall Street hot-shots, too. Big name banks like JPMorgan and Bank of America have launched ambitious initiatives to bring the military's finest to the forefront of financial services. Often, they're competing with private equity firms like Blackstone and KKR for top talent. 

    They come from all branches of the US military: Army, Navy, Air Force and Marines. They also hail from the reserves. 

    For this Veterans Day, Business Insider takes a look at some of the financial sector pros who first learned about hard knocks from a drill instructor. Have a look:

    Kelsey Martin was a fighter pilot before joining Goldman Sachs

    Kelsey Martin spent more than a decade with the US military, first studying economics at the US Naval Academy and then as a fighter pilot and as an electronic warfare instructor. After his time in the Navy, he headed to the Booth Business School at the University of Chicago for his MBA. A short stint at Morgan Stanley was followed by a 10-year run at Goldman Sachs, where he's currently employed, according to his LinkedIn profile. 



    Steve Schwarzman did a stint in the reserves before launching his finance career

    After a short stint at investment bank Donaldson Lufkin & Jenrette, a young Steve Schwarzman would briefly take a turn in the US Army Reserves before returning to the world of finance. Following his time in the reserves, Schwarzman would head to Harvard Business School, and then into Lehman Brothers, where his career in finance would take off. Today, he's the 38th richest man in the US, according to Forbes. 



    Wesley Clark ran for president, then, ran to private equity

    Former General Wesley Clark left the US Army at the rank of General after more than three decades of service in 2000. He would then go on to run for President of the United States — as a Democrat — in 2004 and remained active in politics afterwards. Clark made his move to PE in 2013, joining Steve Schwarzman's Blackstone Group. 



    See the rest of the story at Business Insider

    0 0

    voting-station

    During the 2012 American presidential election, 129 million people cast ballots, while 106 million eligible voters neglected to do so. That’s only a 54.9 percent conversion rate, not to mention the 51 million voters who weren’t registered. Meanwhile, in 2015, there were almost 172 million Americans making purchases online. Those are apples and oranges, admittedly, but the ease with which the shopping occurs only helps its proliferation.

    If the ultimate goal is maximizing the country’s voting turnout, shouldn’t we develop an Internet voting system? Voting from a computer at home could be far easier than waiting in long lines at polling stations or filling out mail-in forms.

    But can it ever happen?

    “For as far into the future as I can see, the answer is no,” says David Jefferson, a computer scientist in the Center for Applied Scientific Computing at Lawrence Livermore National Laboratory. In May 2015, Jefferson examined the possibility of Internet voting in a paper called “Intractable Security Risks of Internet Voting.” For anyone who has ever owned a personal computer, the first problem is obvious: malware.

    “Unless we were to re-design the Internet from the ground up, there’s not likely to be a solution to these problems.”

    “We’re not even remotely close to guaranteeing that there’s no malware on your computer,” Jefferson says. The malware can do whatever task it’s programmed to accomplish, from erasing votes cast to changing them. And they can do these things without leaving any trace. “The malware might erase itself a half second later, and so there might be no evidence. And that’s one of half a dozen of problems.”

    There are also the standard risks that come with any online activity. Denial-of-service attacks can shut down the voting system by overloading it. Mirror sites can trick voters into thinking their votes have been submitted, when really the information travels nowhere. Potential ransomware attacks can steal and encrypt votes, to be sold to the highest bidder. “Imagine the crisis if somebody encrypted the votes and said [to the government], ‘For one million, I’ll give you the key,’” Jefferson says. “Who would pay?”

    Other scenarios are more insidious. A person using spyware can see who someone has voted for, allowing for scenarios that secret ballot attempts to solve: a person being outed for an unpopular vote, or punished for not voting a certain way. It might also increase the likelihood of selling votes: Spyware would allow an outside party to verify that a seller followed through, a prerequisite for any smart buyer.

    “The only way to avoid bribery and/or coercion with remote voting is to have complicated voting and registration processes that allow voters to vote multiple times or use different passwords for true and bogus votes,” writes Poorvi Voorha, a professor of computer science at George Washington University, in an email. That means developing a system so complex and secure it takes away a lot of what makes the prospect of online voting appealing.

    “Unless we were to re-design the Internet from the ground up, there’s not likely to be a solution to these problems,” Jefferson says.

    The United States has attempted online voting before. In 2000, Arizona used it in the Democratic primary through the private website election.com. And while the stakes were relatively low (the amount of people voting in the primary was far below that of the general election), the system was still under heavy coercion from outside forces. “There was definitely an external attack on that system,” Jefferson says. This year, Utah gave it a whirl during the Republican primary, and while the effectiveness of that trial is still being weighed, the system involved a 30-digit PIN number that many voters did not receive in time to vote.

    voting-estonia

    Yet the country of Estonia has somehow, supposedly, already figured it out. The small country has been offering its 1.3 million citizens the ability to vote on the Internet since 2005; more than 30 percent of the country’s votes are cast online. How can a relatively small country with a gross domestic product one-fifth the size of the state of California do something America can’t? Because the Estonian system isn’t that great.

    In 2014, an independent team from Michigan took a look at the Estonian voting procedures and found plenty of issues. The system uses home computers that are trusted not to be infected by malware. Vote counting is done on servers, hidden away from outside scrutiny, unlike the physical counting of ballots. “There are protections in place to make sure the servers aren’t compromised,” says J. Alex Halderman, an assistant professor of computer science and engineering at the University of Michigan who worked on the report. “But if they are, they can output any vote totals they want.”

    “The only way to avoid bribery and/or coercion with remote voting is to have complicated voting and registration processes that allow voters to vote multiple times or use different passwords for true and bogus votes.”

    In fact, the lessons from the Estonia system may simply be how good the old system is at preventing fraud. Sure, there are stories every election of votes being lost or miscast, and voter disenfranchisement and district re-jiggering are real problems that deserve scrutiny. But those problems are relatively out in the open, where they can be examined and corrected, and not hidden in the ones and zeroes of the digital world.

    “There are advantages of old technology,” Halderman says. “If you make things less efficient to count, you are making fraud less efficient. Voting on paper has inconveniences and its share of flaws, but the problem with online voting is a single attacker who finds a single flaw.”

    Halderman knows from experience. In the 2010 general election, Washington, D.C., piloted an Internet voting system. It was unique in that the officials urged the public to hack into the system as a way to test vulnerabilities and, perhaps, provide the public with proof of concept. Halderman and his team took them up on it. “Forty-eight hours after they started, we’d hacked in and changed all the votes from here in Michigan,” he says.

    Right now, things aren’t looking good for Internet voting. But everything advances; technology adapts. At some point in the future, maybe even soon, the security flaws of online voting might be solved, right?

    “I’m not sure we’re going to be able to get there, to be honest with you,” Halderman says. “In security, it comes down to the cat and mouse game. And the attackers are getting better as fast, if not faster, than the defenders.”

    SEE ALSO: 11 things everyone is going to love about Apple's iOS 10

    Join the conversation about this story »

    NOW WATCH: How much money you need to save each day to become a millionaire by age 65


    0 0

    Sonic

    • At least 14 retailers were hacked and likely had information stolen from them since January 2017.
    • Many of these were caused by flaws in payment systems taken advantage of by hackers.

    At least 14 separate security breaches occurred from January 2017 until now. Many of them were caused by flaws in payment systems, either online or in stores.

    Data breaches are on the rise in both retailers and other businesses. According to Business Insider Intelligence, data breaches are a real danger for both brands and customers, and can affect customer's trust in brands.

    According to a study by KPMG, 19% consumers would completely stop shopping at a retailer after a breach, and 33% would take a break from shopping there for a extended period.

    SEE ALSO: I ordered the same items from Amazon and Walmart to see which site does it better — and they both had major flaws

    Sears

    Sears alerted customers on April 4 of a "security incident" with an online support partner [24]7.ai that may have resulted in up to 100,000 people having their credit-card information stolen.

    The incident affected shoppers who bought items online from September 27, 2017 to October 12, 2017



    Kmart

    Kmart, which is owned by Sears Holdings, was also affected by the breach, the company reported on April 4.



    Delta

    Delta used the same online support service as Sears and was also affected by the reported breach.

    The airline said customer payment information may have been vulnerable but did not estimate how many of its customers were affected.



    See the rest of the story at Business Insider

older | 1 | 2 | 3 | (Page 4)