Newsletter: Cyber Security Pulse. Insights about security.

2015 | November 19th. New issues are delivered every week. In this issue:

Analyst Insight

Paris Attacks, Reviving Old Ghosts on Encryption

The reactions to last week's terrorist attacks have also had an impact in the network. Hacktivist groups such as Anonymous or Ghost Security Group have deployed their own Internet platforms so as to report the existence of social networks profiles linked to Daesh. It is known that Twitter is being used by this group to spread their message automatically by using social bots and to recruit new members to the cause. Limited by the 140-character length tweets, they need to move onto other platforms that offer the chance of using other media to put around more complex messages such as pastebin-like, streaming content and file sharing platforms.

Furthermore, the debate about the use of encryption has been reopened since it was published that the ones involved in the attack would have used Telegram (an application in which you can send and received encrypted messages) to keep in touch. In this regard, at the beginning of 2015, David Cameron announced his idea of boosting a plan to prohibit the services and applications using end-to-end encryption in the UK.

Nevertheless, we cannot forget that cryptography plays a necessary, though silent, role in our daily tasks. If we take the risk of criminalizing the use of algorithms and protocols that are responsible for protecting common operations such as emitting banking transactions, publishing content on social networks or even dealing with bureaucratic issues with the government, we will also be questioning the same methods that allow us to use the Internet in the way we do it today.

More information at CNBC

Top Stories

Security by Design in US Weapon Systems

President Barack Obama is set to sign a defense bill ordering the Pentagon to probe every major US weapon system for hackers entryways. According to Defense's annual operational test and evaluation report released in January, an inspection last year of almost entire Pentagon's weapons program revealed "significant vulnerabilities" in cybersecurity throughout in every systems without advanced hacking skills. A key goal of the project will be to establish security controls whenever the systems are being manufactured. The authorized spending cap on the initiative is $200 million for 2016.

More information at Nextgov

Cibersecurity, A Priority in the UK in 2016

The UK's Chancellor of the Exchequer George Osborne has set out a plan today to make Britain one of the safest places to do business online by making cybersecurity a top priority for government. Taking advantage of savings from other government departments –which have had to cut their budgets by an average of 24 percent– Osborne stated that the government would double the amount being spent on cybersecurity, from £950 million over five years to £1.9 billion over the same period. The plan includes the following objectives: the acquisition of defense capabilities in cooperation with other countries and ISPs, the reduction of duplicate capabilities with the creation of National Cyber Security Center which will report directly to the GCHQ director, the development of training plans to address the skills gap in cybersecurity and the creation of an ecosystem of large and strong companies in this sector.

More information at SC Magazine UK

Rest of the Week´s News

Ads Using Inaudible Sounds to Link Your Phone, TV, Tablet, and PC

Privacy advocates have warned US federal authorities of the ability of advertisements that use high-frequency sounds for tracking the behaviour of a user. At the time in which the tablets or smartphones that inaudible sound detected by humans, browser cookies can relate a user to multiple devices.
More information at Ars Technica

56 Million Data Records Exposed Via Cloud-Based Mobile App Backends

Researchers from the Technical University in Darmstadt (Germany) have carried out an extensive study on over two million mobile applications built on top of BaaS (Backend-as-a-Service). The problem found out was the presence of hardcoded authentication credentials for the backend cloud services, right inside the mobile application's code. This exposes both users, who see their personal data exposed, and also developers, who risk having their servers.

More information at Softpedia

FBI Denies Paying $1 Million to Unmask Tor Users

The FBI has denied an accusation leveled against the agency concerning $1 million paid to Carnegie Mellon University to disclose the technique they had discovered to unmask Tor users and their IP addresses, but an FBI spokeswoman said that the allegation was "inaccurate". For now, it is not clear which part is inaccurate: the specific payment or its involvement entirely.

More information at Ars Technica

Further Reading

How to Address Vulnerabilities in Medical Devices

More information at Bloomberg Business

Conflicker Worm, Pre-Installed on Police Body Cams

More information at Ars Technica UK

Tantan, the Chinese Tinder Clone, Does Not Use HTTPS

More information at Softpedia
Copyright © 2015 ElevenPaths. Todos los derechos reservados.
Telefónica Digital Identity & Privacy, S.L.U. es una empresa española con sede social en Distrito Telefónica, Ronda de la Comunicación, s/n, 28050 – Madrid (España), con número de identificación fiscal (CIF) B-86362886 e inscrita en el Registro Mercantil de Madrid, volumen 29508; libro 0; folio 12, Sección 8; Hoja M-531046. Para cualquier información relativa al tratamiento digital de sus datos personales para ejercer su derecho de consulta, modificación o borrado, puede ponerse en contacto con nosotros mediante el correo electrónico