Joseph's Feed
Nov 6, 2015

Insight – NSA says how often, not when, it discloses software flaws

SAN FRANCISCO (Reuters) – The U.S. National Security Agency, seeking to rebut accusations that it hoards information about vulnerabilities in computer software, thereby leaving U.S. companies open to cyber attacks, said last week that it tells U.S. technology firms about the most serious flaws it finds more than 90 percent of the time.

The re-assurances may be misleading, because the NSA often uses the vulnerabilities to make its own cyber-attacks first, according to current and former U.S. government officials. Only then does NSA disclose them to technology vendors so that they can fix the problems and ship updated programs to customers, the officials said.

Nov 6, 2015

NSA says how often, not when, it disclosures software flaws

SAN FRANCISCO, Nov 6 (Reuters) – The U.S. National Security
Agency, seeking to rebut accusations that it hoards information
about vulnerabilities in computer software, thereby leaving U.S.
companies open to cyber attacks, said last week that it tells
U.S. technology firms about the most serious flaws it finds more
than 90 percent of the time.

The re-assurances may be misleading, because the NSA often
uses the vulnerabilities to make its own cyber-attacks first,
according to current and former U.S. government officials. Only
then does NSA disclose them to technology vendors so that they
can fix the problems and ship updated programs to customers, the
officials said.

Oct 19, 2015

China tried to hack U.S. firms even after cyber pact-CrowdStrike

Oct 19 (Reuters) – Hackers associated with the Chinese
government have tried to penetrate at least seven U.S. companies
in the three weeks since Washington and Beijing agreed not to
spy on each other for commercial reasons, according to a
prominent U.S. security firm.

CrowdStrike Inc said software it placed at five U.S.
technology and two pharmaceutical companies had detected and
rebuffed the attacks, which began on Sept. 26.

Oct 17, 2015

IBM says some governments allowed to review its source code

SAN FRANCISCO (Reuters) – International Business Machines Corp said on Friday it allows certain countries to review, under strict control, portions of the U.S. technology company’s product source code to detect any security flaws in its software.

China is among those countries, a person familiar with the company’s policy there said. The reviews must be done using an IBM security application and the company “does not let people take the code out of the room,” the source said on condition of anonymity due to the sensitivity of the matter.

Oct 8, 2015

In lawsuit over hacking, Uber probes IP address assigned to Lyft exec – sources

SAN FRANCISCO (Reuters) – Eight months after disclosing a
major data breach, ride service Uber is focusing its
legal efforts on learning more about an internet address that it
has persuaded a court could lead to identifying the hacker.
That address, two sources familiar with the matter say, can be
traced to the chief of technology at its main U.S. rival, Lyft.

In February, Uber revealed that as many as 50,000 of its
drivers’ names and license numbers had been improperly
downloaded, and the company filed a lawsuit in San Francisco
federal court in an attempt to unmask the perpetrator.

Oct 8, 2015

Exclusive: In lawsuit over hacking, Uber probes IP address assigned to Lyft exec – sources

SAN FRANCISCO (Reuters) – Eight months after disclosing a major data breach, ride service Uber [UBER.UL] is focusing its legal efforts on learning more about an internet address that it has persuaded a court could lead to identifying the hacker. That address, two sources familiar with the matter say, can be traced to the chief of technology at its main U.S. rival, Lyft.

In February, Uber revealed that as many as 50,000 of its drivers’ names and license numbers had been improperly downloaded, and the company filed a lawsuit in San Francisco federal court in an attempt to unmask the perpetrator.

Oct 8, 2015

EXCLUSIVE: In lawsuit over hacking, Uber probes IP address assigned to Lyft exec – sources

SAN FRANCISCO (Reuters) – Eight months after disclosing a major data breach, ride service Uber is focusing its legal efforts on learning more about an internet address that it has persuaded a court could lead to identifying the hacker. That address, two sources familiar with the matter say, can be traced to the chief of technology at its main U.S. rival, Lyft.

In February, Uber revealed that as many as 50,000 of its drivers’ names and license numbers had been improperly downloaded, and the company filed a lawsuit in San Francisco federal court in an attempt to unmask the perpetrator.

Oct 6, 2015

Cisco security researchers disable big distributor of “ransomware”

SAN FRANCISCO, Oct 6 (Reuters) – Cisco Systems Inc
said it had managed to disrupt the spread of one of the most
pernicious systems for infecting Internet users with malicious
software such as so-called ransomware, which demands payment for
decrypting users’ data.

The investigators from Cisco’s Talos security unit were
looking at the Angler Exploit Kit, which analysts at several
companies say has been the most effective of several kits at
capturing control of personal computers in the past year,
infecting up to 40 percent of those it targeted.

Sep 19, 2015

Chinese computer hack attacks slow ahead of Obama summit: experts

WASHINGTON (Reuters) – Major intrusions by Chinese hackers of U.S. companies’ computer systems appear to have slowed in recent months, private-sector experts say, ahead of a meeting between China’s president and President Barack Obama with cyber security on the agenda.

Three senior executives at private-sector firms in the field told Reuters they had noticed a downtick in hacking activity.

Aug 28, 2015

Exclusive: Russia’s Kaspersky threatened to ‘rub out’ rival, email shows

SAN FRANCISCO (Reuters) – In 2009, Eugene Kaspersky, co-founder of one of the world’s top security companies, told some of his lieutenants that they should attack rival antivirus software maker AVG Technologies N.V. (AVG.N: Quote, Profile, Research, Stock Buzz) by “rubbing them out in the outhouse,” one of several previously undisclosed emails shows.

He was quoting from Vladimir Putin’s famous threat a decade earlier to pursue Chechen rebels wherever they were: “If we catch them in the toilet, then we will rub them out in the outhouse.”

    • About Joseph

      "Joseph Menn is the technology projects reporter for Reuters in San Francisco and the author of "All the Rave: The Rise and Fall of Shawn Fanning’s Napster and Fatal System Error: The Hunt for the New Crime Lords who are Bringing Down the Internet.""
    • More from Joseph

    • Contact Joseph

    • Follow Joseph