Are all the stories about seamless Wi-Fi switching and Google Street View wardriving getting you down? Is your WPA2 password, well, "password"? Fear not, worried Wi-Fi lovers; researchers from Institut Polytechnique Grenoble and the Centre Technique du Papier have you covered -- literally -- with their spiffy new Wi-Fi blocking wallpaper.
The US's cyber strategy sucks – just ask the Pentagon. They're not shy about the problem, and in fact, just yesterday they were all too ready to provide an example; earlier this spring, "foreign intruders" managed to get hold of over 24,000 Pentagon files in one of the worst security breaches in US military history.
Keeping a list of complex hacker-vexing passwords is an absolute must for every computer user’s security plan. It’s also a royal pain in the neck. As we visit more and more sites, we consequently collect more login credentials, making for a motley collection of username and password combinations. In a bid to save their sanity, some PC owners opt to use the same login information for every site they frequent. Others resort to recording all of their login information on a piece of paper or pasting it into a Word document. With insecure stop-gap measures like these for keeping track of the keys to your digital kingdom, you may as well send hackers your personal information via email and be done with it.
Step one: take out all the transportation. Step two: the financial base and telecoms. Step three: You get rid of all the utilities. Gas, water, electric, nuclear. that's why they call it a fire sale, because everything must go.
That's Justin Long, lecturing an audience that includes Bruce Willis about the magnificent scale of a cyber attack threatening the United States. In the fictional universe of Live Free and Die Hard, and most other movies that deal with cybersecurity, a skilled hacker can bring national infrastructures to their knees with a minute or two of harried typing. Maybe from his parents' basement. Definitely on a black-and-green-screened computer that beeps every time a key is pressed. In other words? Not real. Not at all.
Let's try this again: The ongoing cyber attack brings down SecureTrade-a computer-based, electricity trading platform for the Eastern Interconnection. Coupled with several other factors already stressing the power grid, this causes blackouts across the East Coast, sparks public panic, shuts down financial markets, and complicates ongoing recovery efforts. Advisers ultimately decide that the President might have to use his Article II Constitutional powers to nationalize utilities and call out the National Guard.
A US Senate committee today approved an expansive cyber security bill that many fear could harm the Internet. The legislation can now move on to the Senate floor for a vote, where it will likely pass. Some have suggested the bill would allow the President to shut down parts of the Internet in the event of a terrorist attack. The so-called Protecting Cyberspace as a National Asset Act is backed by several Senators, but Joseph Lieberman has been perhaps its staunchest supporter.
Backers of the legislation say that there is no provision for an "Internet kill-switch" as some have warned. Instead the bill only expands existing powers of the President to close "any facility or stations for wire communication" in case of war. The main purpose of the law would be to establish a centralized White House Office for Cyberspace Policy. Through this office, network operators could be ordered to implement emergency response plans in the event of attack. We suppose that could mean shutting something down, but the bill is unclear.
The vagueness of the bill is what concerns civil libertarians and security experts so much. It's true the bill would expand executive authority over communication infrastructure, but it is not entirely clear what is covered. There may not be a straight up "Internet kill-switch" in the bill, but we can't help but feel a little fretful about it. Where do you come down?
We all know that the increasing sophistication of technology opens up literally dozens of new opportunities for those wanting to inflict harm on that technology’s users. The Internet is, if anything, an object lesson for this truism. Once the Internet became mainstream, so to did viruses, spybots, DOS attacks, and all the other nastiness we collectively refer to as malware. One long term weaknesses in the security armor of the Internet is cross-site scripting (XSS). For the better part of a decade it has for Internet users left a door wide open to an unwanted destructive potential.
Michael Sutton, the vice president of security research at Zscaler, says that XSS typically needs a user to click a link, such as those that appear in spam or phishing efforts, which then strikes back at the user. But, he continues, XSS is becoming more sophisticated. Rather than being limited to a user-web site interaction, Sutton says that XSS efforts can now work within a web platform, such as a social networking environment, spreading itself readily among all users in the social network’s ecosystem.
Sutton also says that such sophisticated attacks, so far, have been by “[b]ored and bright individuals...tinkering with the concept”, and that “true criminals wait on the sidelines ready to move in when traditional techniques fail to achieve desired goals.” Translation: another malware threat to be concerned about. Not today, perhaps, but definitely tomorrow.
Solutions aren’t all that difficult. Users could quit doing stupid things. For instance, if you don’t know where an email originated, don’t click the link it contains. But, let’s face it, there’ll always be one or two of us who do it anyway. Which means that another level of protection is needed. Sutton says that’s got to be developers--they need to be more vigilant about writing into code the necessary protections for web programs, such as Microsoft has done with Internet Explorer 8.