CyberSecurity Pulse 2016-03-17
|“Once the decision has been made, close your ear even to the best counterargument: sign of strong character. Thus an occasional will to stupidity”|
|Friedrich Nietzsche (1844-1900) – German philosopher|
Mass Surveillance Programs Under the Label of National Security
The interview has not exactly gone unnoticed and the US government has sent a statement saying that they "have not carried out any activity of foreign intelligence surveillance unless there is a specific purpose and validated for reasons of national security". Similarly, Alberto Garzón, deputy of Izquierda Unida-Unidad Popular, has recorded a battery of questions to the Spanish government to see if the authorities have taken part in such programs, either supporting them or providing some coverage to such activities.
Sometimes being yourself and your circumstances has many repercussions. Snowden with his complaint, has preferred to lose her nationality to his voice. At least that is his speech. The reality is that he is currently living in Russia without guarantees of a fair trial in case he decided to return home. With these expectations, would you be an Edward Snowden?
New Chapter in the Legal Battle Between Apple and FBI
The legal battle between Apple and FBI is revealing a new chapter every day. This week, Polk County Sheriff, Grady Judd, has sent a message to Apple CEO Tim Cook: "The first time we do have trouble getting into a cell phone, we're going to seek a court order from Apple. And when they deny us, I am going to lock up the CEO of Apple". On the other hand, it seems that Whatsapp will be the next company that will have trouble with the FBI. Following the decision to offer end-to-end encryption to text messages as well as VoIP calls, last week, a federal judge had approved a wiretap in a criminal investigation, but WhatsApp's encryption hindered investigators.
White House Draft Source Code Policy
The White House's draft Source Code Policy would require federal agencies to share custom code funded by the government with other agencies, and for agencies to share third-party custom code with the open-source community. One of the policy's goals is to reduce duplicative spending. The draft policy is available on Github for community comments until April 11, 2016. Amongst the issues being discussed we can find several topics related to the licensing policies, the long-term maintenance of the code and the criteria to measure whether the 20% of the new code is being released or not.
Rest of the Week´s News
Big-name Sites Hit by Rash of Malicious Ads Spreading Crypto Ransomware
A number of high-profile and very high-traffic websites such as The New York Times (NYT), BBC, AOL, MSN, the NFL and others have all been serving up malicious adverts to unsuspecting users that ultimately results in files being held to ransom by the malware. The attackers have used these websites with lots of traffic to reach a wider audience of potential victims.
Malware for installing root certificates
ElevenPaths has discovered malware samples intended for the installation of root certificates obliterating the security window by pressing the keys for installation, without giving the user a chance to repent. Such attacks are likely to become a trend that could take advantage of banking malware.
Anti-DDoS Firm Staminus Hacked
Staminus Communications, a California-based hosting and DDoS (Distributed Denial of Service) protection company, is recovering a massive data breach after hackers broke down into its servers and leaked personal and sensitive details of its customers. The leak was composed of more than 48 GB of data including database dumps and other files.