Phone Data Security at Your Fingertips

Researchers from New York University and Michigan State University say the key to phone data vulnerability is at your fingertips. Biometrics, namely fingerprints, are a common means of user authentication. But, is it as secure as it appears to be? In a study published in IEEE Transactions on Information Forensics and Security, researchers considered the possibility of hackers creating a set of synthetic or real “Master Fingerprints” able to log into a high rate of devices.

Smartphones’ sensor for collecting fingerprint data is too tiny to accommodate the whole print. So, users are prompted to give multiple impressions of the same finger when setting it up. A user is prompted to give [...]

Share

Vendor Vulnerabilities: Is NSA Obligated to Let them Know?

Cisco’s Cloud Service Platform customers received word of exposures that could severely risk their data’s privacy. In September 2016, Cisco informed their virtual networking clients of the discovery that more than 840,000 devices are open to two serious vulnerabilities. Fortinet customers’ data were also exposed in the theft. These exploits can lead to man in the middle attacks around the globe.

Shadow Brokers 

A group identifying itself as Shadow Brokers allegedly stole exploits from Equation Group, linked to the National Security Agency three years ago. Using a Twitter account, Shadow Brokers recently announced an auction for firewall exploits they claim they found with a hacking tool used by the NSA. The group demanded Bitcoins in exchange for data with codenames such as EPICBANANA, EGREGIOUSBLUNDER, AND EXTRABACON.

EXTRABACON

One of the exploits that targets Cisco ASA, Cisco Firewall Services [...]

Share

Update: Alleged Clinton Email Hacker Strikes Deal with the Feds

A previous CIPPGuide.org article addressed the ongoing investigation into former US Secretary of State and potential Democratic Party Presidential Nominee Hillary Clinton’s use of a private email account and server. A Romanian hacker known as Guccifer, 44-year-old Marcel Lehel Lazar, has since stepped forward claiming he accessed Clinton’s server and emails.

Lazar was charged with two cybercrimes separate from Clinton: unauthorized computer access and identity theft. Former Secretary of State Colin Powel and previous Clinton adviser Sidney Blumenthal are the victims. Lazar accepted a plea deal in exchange for cooperating with the FBI in the future. The future may be now, [...]

Share

Bureaucratic Denial of Service and the OPM Breach

Millions of American citizens received letters over the last two months of 2015, advising them that the US Office of Personnel and Management (OPM) experienced a data breach. Although the US Government realized the breach in June, it took nearly 6 months for the letters’ delivery.  Included in the letter were references to identity theft, as in social security numbers of everyone within the government employee/contractor’s family.  An offer for two years of credit monitoring for all involved softened the blow.

Most experts’ concern centers on the applicants for Top Secret or Special Compartmentalized Information (SCI) sensitive information access, commonly referred to as [...]

Share