Archive for October, 2015

Chinese hackers targeted insurer … to learn about the U.S. healthcare system

Chinese hacking

30 October 2015 – When Anthem revealed a data breach that exposed the details of more than 80 million people, the incident raised a lot of questions: who would conduct such a hack against a health insurance firm? Investigators finally have some answers… and they’re not quite what you’d expect. Reportedly, the culprits were Chinese hackers helping their nation understand how US medical care works. It may be part of a concerted campaign to get ready for 2020, when China plans to offer universal health care.

Next, maybe we should outsource politicians from China to fix our healthcare system.

 Read more

Experts: “We have no confidence that we can protect cars and streets from hackers”

Hacker typing

 

18 October 2015 – Cars and streets are now connecting to the Internet for a long list of transportation and safety benefits but the new tech has drawbacks. Experts from government, industry, and academia say they have no confidence they’ll develop a secure system that can protect users from tracking and privacy breaches. Their opinions were captured in a recent survey (PDF) from the Government Accountability Office:

“The government is coordinating with the transportation industry on the Security Credential Management System (SCMS), a project to verify that basic road-safety messages come from authorized devices. … At this point, it’s not clear who would even run such a system. Previous plans pointed toward car industry control, but the Transportation Department is now looking into playing ‘a more active leadership role’ for V2I as well as V2V (vehicle-to-vehicle) networks. That role would include setting security and privacy standards when V2I and V2V networks become operational.”

 Read more

Stealing passwords from the cloud. Scary stuff from Las Vegas …

Amazon Web Service re Invent conference

 

Gregory P. Bufithis

Eric De Grasse

 

7 October 2015 – Thousands of cloud fanatics have descended on Las Vegas this week for Amazon Web Service’s re:Invent conference. One item that grabbed our attention was the announcement of a group of researchers from Massachussets who published a concept test which uses a failure in the AWS virtual machines to steal their RSA cryptographic passes. Nowadays the failure is already patched, but according to the researchers we really need to think more seriously about the security on the cloud.

 

The group of professors … at Worcester Polytechnic Institute … demonstrated in a recently published paper named “Seriously, get off my cloud! Cross-VM RSA Key Recovery in a Public Cloud,” a proof of concept hack of secret cryptography keys used in an AWS virtual machine. The now-patched flaw – which was not specific to AWS — showed that a hacker could theoretically gain a user’s secret keys that are used to encrypt sensitive data.

 

Security experts say the risk of this specific attack being used is quite low … Read more