Skip to main content

Posts

Showing posts from 2014

Police need more money to fight cyber-crime, finds report

Money is urgently needed from the Government's £860 million National Cyber Security Programme to plug big holes in the police's ability to combat cyber-crime, which is now reaching crisis levels. That's the key finding from an authoritative new  survey   by PA Consulting which finds that only 30 percent of UK police analysts believe they have the skills and tools to effectively combat cyber-crime. “The UK has reached a ‘tipping point' on cyber-crime and tackling the challenges is now urgent,” the report reads. PA Consulting finds that one-third of the 185 analysts questioned from 48 law enforcement organisations have been unable to share information about the cyber-threat, and just five percent believe they have ‘considerable knowledge' of cyber-crime. The respondents predict that the time they will spend analysing cyber-crime will treble over the next three years – yet they already have limited scope to deal with the problem, spending only 10 percent of th...

DNS provider hit by 'massive' DDoS attack on Cyber Monday

DNSimple says that it was hit by a ‘massive' DDoS attack, believed to be the work of Chinese hackers, on Cyber Monday. The Florida-based company revealed on  Twitter  that it had been targeted by a volumetric DDoS attack overwhelming DDoS defences, and was working with its network provider to restore service. After first posting it was seeing a ‘system-wide' DNS outage, the firm added: “We are experiencing a massive DDoS. We are working with our network provider to mitigate it. Apologies.” In a series of posts later on Monday and early Tuesday morning, the firm revealed that it was working with its network provider to mitigate the volume of UDP traffic, including increasing service capacity. Most servers at data centres were fully operational briefly on Tuesday morning, only for attackers to return to target the US west coast data centre before ‘ramping' up DDoS attacks internationally. Cited and more on this story at SC Magazine

'Let's Encrypt' aims to drive adoption of HTTPS

Some of the world's biggest security companies are working together to develop 'Let's Encrypt' - a new certificate authority (CA) offering free and automatically renewable HTTPS web encryption. Due to launch next summer,  Let's Encrypt  has been established by Mozilla, Cisco, Akamai, the Electronic Frontier Foundation, IdenTrust as well as researchers at the University of Michigan  - who are working through the California-based Internet Security Research Group (ISRG). The aim is for the CA to drive the adoption of HTTPS web encryption and to do this by making obtaining the SSL certificate as easy as clicking a button or issuing a simple shell command. The accreditation is free to anyone who owns a web domain, certificates can be reviewed for transparency, while the security companies behind the project say that the management software installed on web servers proves that the domain holder controls the website, has obtained a browser-trusted certificate and h...

Microsoft Azure faults knock websites offline

Faults with Microsoft's cloud computing platform have knocked many third-party sites offline, as well as disrupting the US firm's own products. Microsoft Azure's status page  says problems began at 00:52 GMT across the globe. Its European operations are taking the longest to fix. Access to Microsoft's Office 365 on-line suite of apps and its Xbox Live gaming facility are among services affected. The faults could set back the company's efforts to sell Azure. Microsoft is attempting to make gains on the market leader, Amazon Web Services, as well as IBM, Google and others offering rival products. Their pitch is that it is more efficient for companies to rent computing power from a large tech firm than owning and managing their own computer servers or going to a smaller provider. "Microsoft is investigating an issue affecting access to some Microsoft services," said Adrienne Hall, general manager at the company. "We are working to restore ...
WhatsApp has turned on an encryption system to protect messages sent with the Android version of its app. The WhatsApp Android application has been downloaded about 500 million times. It said the data scrambling system should make it much harder to eavesdrop on the messages users exchange. Tech firms have faced criticism by law enforcement figures who said greater use of encryption made it harder to track criminals and extremists. Data scramble The encryption system being applied to WhatsApp is called TextSecure and has been developed by a non-profit group called Open Whisper Systems. "I do think this is the largest deployment of end-to-end encryption ever," said TextSecure developer Moxie Marlinspike  in an interview with tech news site Wired. WhatsApp said the encryption system would be turned on by default for its huge number of Android users. In October, Facebook completed a $22bn (£14bn) acquisition of WhatsApp. Many sites and organisations shy away from ...