` Joint Investigations are Under-Way in US States Over Alleged Cyber-Attacks and Ebays Security Practices '


#AceSecurityNews – UNITED STATES – May 23 – Several U.S. states, including Connecticut, Florida, and Illinois, are jointly leading an investigation into eBay’s security practices, following eBay’s reveal this week of a massive cyber-attack which the company says compromised a large number of users’ personal information.

Courtesy of LoopNews

Though eBay claims that financial data, which was stored separately, was not acquired during this breach, these U.S. States Attorney Generals’ offices are taking the matter seriously after a series of high-profile attacks at retailers like Target, Neiman Marcus and Michael’s have left U.S. consumers vulnerable to identity theft.

` NSA Records Almost All Domestic and International Phone Calls in Afghanistan ‘


#AceSecurityNews – NSA – May 23 – The NSA records almost all domestic and international phone calls in Afghanistan, similar to what it does in the Bahamas, WikiLeaks’ Julian Assange said.

Reports in the Washington Post and the Intercept had previously reported that domestic and international phone calls from two or more target states had been recorded and stored in mass as of 2013.

Both publications censored the name of one victim country at the request of the US government, which the Intercept referred to as ‘Country X’.

Assange says he cannot disclose how WikiLeaks confirmed the identity of the victim state for the sake of source protection, though the claim can be “independently verified” via means of “forensic scrutiny of imperfectly applied censorship on related documents released to date and correlations with other NSA programs.”


This is not the first time it has been revealed mass surveillance was being conducted on Afghanistan by the NSA. According to a book released by Der Spiegel entitled ‘Der NSA Komplex’, a program called ACIDWASH collects 30-40 million telephony metadata records per day from Afghanistan. ACIDWASH has been identified as being part of the MYSTIC program.

WikiLeaks cannot be complicit in the censorship of victim state X. The country in question is #Afghanistan. https://t.co/vWwU4DJw0I#afpak
— WikiLeaks (@wikileaks) May 23, 2014
The Intercept, which Glenn Greenwald, who first broke the Edward Snowden revelations helped to found, had earlier named the Bahamas as having their mobile calls recorded and stored by a powerful National Security Agency (NSA) program called SOMALGET.

SOMALGET is part of a broader NSA program called MYSTIC, which the the NSA is using to gather metadata – including the numbers dialled and the time and duration of the calls – from phone calls in the Bahamas, Mexico, Kenya and the Philippines. SOMALGET by its nature is far more controversial, however, as it stores actual phone conversations for up to 30 days.

WikiLeaks initially opted not to reveal the name of ‘Country X’ as they were led to believe it could “lead to deaths” by Greenwald. WikiLeaks later accused The Intercept and its parent company First Look Media of censorship, saying they would go ahead and publish the name of the NSA-targeted country.

“We do not believe it is the place of media to ‘aid and abet’ a state in escaping detection and prosecution for a serious crime against a population,” Assange said in the statement.

Read More at: RT – 23/05/2104 – http://tinyurl.com/paehpu9

#ANS2014

` Anti-Secrecy Group WikiLeaks Plans to Publish Name of Country Targeted by NSA ‘


#AceSecurityNews – UNITED STATES – May 21  – Despite warnings that doing so “could lead to increased violence” and potentially deaths, anti-secrecy group WikiLeaks says it plans to publish the name of a country targeted by a massive United States surveillance operation.

Wikileaks and Intercept

On Monday this week, journalists at The Intercept published a report based off of leaked US National Security Agency documents supplied by former contractor Edward Snowden which suggested that the NSA has collected in bulk the contents of all phone conversations made or received in two countries abroad. 

Only one of those nations, however — the Bahamas — was named by The Intercept. The other, journalists Ryan Devereaux, Glenn Greenwald and Laura Poitras wrote this week, was withheld as a result of “credible concerns that doing so could lead to increased violence.”

WikiLeaks has since accused The Intercept and its parent company First Look Media of censorship and says they will publish the identity of the country if the name remains redacted in the original article. The Intercept’s Greenwald fired back over Twitter, though, and said his outlet chose to publish more details than the Washington Post, where journalists previously reported on a related call collection program but chose to redact more thoroughly. 

“We condemn Firstlook for following the Washington Post into censoring the mass interception of an entire nation,” WikiLeaks tweeted on Monday.

“It is not the place of Firstlook or the Washington Post to deny the rights of an entire people to know they are being mass recorded,” WikiLeaks added. “It is not the place of Firstlook or WaPo to decide how people will [choose] to act against mass breaches of their rights by the United States.”

When Greenwald defended his decision to publish the names of four countries where telephony metadata is collected by the NSA but withhold a fifth where content is recorded as well, WikiLeaks said it could be interpreted as meaning that the unknown country doesn’t deserve to know they’re being surveilled, but Greenwald said

The Intercept was “very convinced” it could lead to deaths.

Later, WikiLeaks equated this as an act of racism.

But as the conversation escalated, the WikiLeaks Twitter announced it would disclose the nation’s identify if The Intercept did not, despite requests from the US government to leave that information redact over fears of what the response could be. 

When has true published information harmed innocents?” WikiLeaks asked.“To repeat this false Pentagon talking point is to hurt all publishers.” 

 

“We will reveal the name of the censored country whose population is being mass recorded in 72 hours,” WikiLeaks wrote at 6:35 p.m. EST Tuesday evening.

If the organization intends to uphold that promise, that the identity of the country could be revealed before the weekend. 

Read More at: RT

#ANS2014 

Enhanced by Zemanta

` Google Must Comply with European Laws on Privacy by Amending Search Results ‘


#AceSecurityNews – EU COURT Of JUSTICE – May 13 – Google must comply with the European laws on privacy and amend some search results, a top EU court ruled on Tuesday, May 13.

English: Google Logo officially released on Ma...
English: Google Logo officially released on May 2010 (Photo credit: Wikipedia)

The European Union Court of Justice said that ordinary people can ask Google to remove some sensitive, irrelevant or outdated information from Internet search results.

Earlier, the search engine stated that it does not control search results and bears no responsibility for personal data that is “in open access”. The responsibility lies with the owner of the website that provides the information, and Google merely presents the user with a link.

The case was brought by a Spanish man who complained that an auction notice of his home that could be found on Google infringed upon his privacy.

Around 180 similar complaints have been filed in Spain.

#ANS2014

Enhanced by Zemanta

` US House of Representatives Approves Legislation to Prevent Bulk Collection of Data ‘


#AceSecurityNews – UNITED STATES – WASHINGTON – NSA – May 08 –  A US House of Representatives committee approved legislation on Wednesday that would limit the National Security Agency’s bulk collection of domestic telephone metadata. By a vote of 32 to 0, the House Judiciary Committee advanced the USA Freedom Act, which would end the NSA’s wholesale gathering and storage of American phone data, leaving telecommunications companies responsible for retaining the records.

The bill would still allow the NSA to collect a person’s phone records, and those of people two “hops” or contacts away, if a judge on the Foreign Intelligence Surveillance Act court, which has been very generous to NSA spying requests in recent years, signs off on the request based on reasonable suspicion of so-called terrorism involvement.

A reform bill deemed as the toughest clampdown yet on the NSA’s collection of phone metadata is expected to move through a key US House committee this week, setting up a showdown between the bill and less stringent legislation supported by House leaders.

House of Representatives Judiciary Committee Chairman Bob Goodlatte (R-VA) will reportedly act on the USA Freedom Act on Wednesday after the bill sat dormant since its introduction in October by former judiciary committee chair and US Patriot Act author Jim Sensenbrenner (R-OH).

The bill is the favored legislative vehicle for privacy advocates that want to see reform of the NSA’s bulk collection of domestic phone call data. Congressional aides believe the bill will pass through the committee with bipartisan support, the Guardian reported. Privacy advocates believe the bill has real potential to pass in a general House vote should it get the chance.

The House Judiciary Committee’s USA Freedom Act was left for dead by House Republican leadership after a competing NSA reform bill was offered in March by House Intelligence Committee Chairman Mike Rogers. The intel committee’s proposal would allow the NSA to continue gathering domestic call data without a prior judicial order.

Hours after the Judiciary Committee announced it would markup its NSA bill on Wednesday, the Intelligence Committee said it would do the same with its own reform bill, the FISA Transparency and Modernization Act, on Thursday. FISA, or the Foreign Intelligence Surveillance Act, dictates US surveillance of “foreign intelligence information” that can include American citizens or permanent residents suspected of terrorism.

Goodlatte’s support for the USA Freedom Act was reportedly in doubt before House Republican leaders decided to bypass his committee effort to reform the NSA in favor of the Intelligence Committee’s more lukewarm legislation.

The Intelligence Committee’s Rogers has criticized the USA Freedom Act for going too far in curbing bulk collection capabilities that, he says, are vital for national security reasons.

Sensenbrenner’s USA Freedom Act was initially more strict in limiting NSA collection abilities, positing that it would “end bulk collection under Section 215 of the Patriot Act, in light of the massive intrusion on Americans’ privacy and the lack of evidence of its effectiveness.”

Ace Related News:

1. FOIA – http://www.gpo.gov/fdsys/pkg/BILLS-113hr3361ih/pdf/BILLS-113hr3361ih.pdf

2. FISA – http://judiciary.house.gov/_cache/files/d4c6f7fd-4768-4b30-813d-47109cac271a/fisa-anos-001-xml.pdf

RT – March 27

Tweet or Share adding @AceNewsServices or #ANS2014  

 

Enhanced by Zemanta

NSA: ` Complex Analysis of Electronic Surveillance used to Target Lethal Drone Attacks ‘


#AceSecurityNews – Guest Post – May 06 – The National Security Agency is using complex analysis of electronic surveillance, rather than human intelligence, as the primary method to locate targets for lethal drone strikes – an unreliable tactic that results in the deaths of innocent or unidentified people.

According to a former drone operator for the military’s Joint Special Operations Command (JSOC) who also worked with the NSA, the agency often identifies targets based on controversial metadata analysis and cell-phone tracking technologies. Rather than confirming a target’s identity with operatives or informants on the ground, the CIA or the U.S. military then orders a strike based on the activity and location of the mobile phone a person is believed to be using.

The drone operator, who agreed to discuss the top-secret programs on the condition of anonymity, was a member of JSOC’s High Value Targeting task force, which is charged with identifying, capturing or killing terrorist suspects in Yemen, Somalia, Afghanistan and elsewhere.

His account is bolstered by top-secret NSA documents previously provided by whistleblower Edward Snowden. It is also supported by a former drone sensor operator with the U.S. Air Force, Brandon Bryant, who has become an outspoken critic of the lethal operations in which he was directly involved in Iraq, Afghanistan and Yemen.

In one tactic, the NSA “geolocates” the SIM card or handset of a suspected terrorist’s mobile phone, enabling the CIA and U.S. military to conduct night raids and drone strikes to kill or capture the individual in possession of the device.

The former JSOC drone operator is adamant that the technology has been responsible for taking out terrorists and networks of people facilitating improvised explosive device attacks against U.S. forces in Afghanistan. But he also states that innocent people have “absolutely” been killed as a result of the NSA’s increasing reliance on the surveillance tactic.

One problem, he explains, is that targets are increasingly aware of the NSA’s reliance on geolocating, and have moved to thwart the tactic. Some have as many as 16 different SIM cards associated with their identity within the High Value Target system. Others, unaware that their mobile phone is being targeted, lend their phone, with the SIM card in it, to friends, children, spouses and family members.

Some top Taliban leaders, knowing of the NSA’s targeting method, have purposely and randomly distributed SIM cards among their units in order to elude their trackers. “They would do things like go to meetings, take all their SIM cards out, put them in a bag, mix them up, and everybody gets a different SIM card when they leave,” the former drone operator says. “That’s how they confuse us.”

Courtesy of By  and  10 Feb 2014, 12:03 AM EDT

Ace Related News:

  1. First Look

Share or Tweet with #ANS2014 

 

 

 

 

Enhanced by Zemanta

` Telekom Obliged by Law to Give Security Agencies Information to Monitor under the Four Eyes Principle ‘


AceSecurityNews – BERLIN – May 05 – PRESS RELEASE – Telekom is obliged by law to give security agencies under certain conditions and information to enable monitoring. To ensure transparency, the Telekom now publishes the annual figures.

The Telekom pays strict attention to the compliance of telecommunications secrecy and data protection. If authorities intervene in these fundamental rights of citizens, Deutsche Telekom provides the legally impeccable machining state monitoring and requests for information secure. In particular, it is guaranteed that Telekom is active only if the legal conditions are met.

Support services for surveillance activities are thereby rendered strictly in accordance with the four-eyes principle, ie there are always two people involved that monitor each other.

This procedure protects against work errors. The individual processing steps are documented and subject to regular inspection by the safety representative and by the Federal Network Agency. In addition, check the Privacy Officer and the Internal Audit Department of Deutsche Telekom.

The following table shows for the period 2013 arranged by state authorities against the telecom connection monitoring and beauskunfteten traffic data sets, participants inventory data and IP addresses:

Ace Related News:
1. German Telekom Press Release – May 05 – http://tinyurl.com/o4kvkyu
2. Sueddeutsche.de – Article – May 05 – http://tinyurl.com/oxrda4k

#ANS2014

` Global Financial Crisis in the Cloud Could Lead to Worst Scenario as Data Here Today and Gone Tomorrow ‘


#AceSecurityNews – UNITED STATES – May 04 – Zurich Insurance has drawn a parallel between the mortgage market problems, which resulted in the global financial crisis seven years ago, and a potential major cloud provider failure, the consequences of which might be just as grave.

“Just imagine if a major cloud service provider had a ‘Lehman moment’, with everyone’s data there on Friday and gone on Monday,” the report written by the Swiss insurance group in cooperation with the Atlantic Council think tank says. “If that failure cascaded to a major logistics provider or company running critical infrastructure, it could magnify a catastrophic ripple running throughout the real economy in ways difficult to understand, model or predict beforehand.”

Problems in the US sub-prime mortgage market in 2008 led to banking crisis which later resulted in a global economic downturn.

The current “interconnected nature of the internet” leads to the increasing danger of cyber risks, spurring similar type of scenario.

“Few people truly understand their own computers or the internet, or the cloud to which they connect, just as few truly understood the financial system as a whole or the parts to which they are most directly exposed,” Chief Risk Officer at Zurich Insurance, Axel Lehman, said in a statement.

The new study says part of the problem in 2008 was that before the credit crunch “risks were assessed by financial institutions individually” and urges governments and organizations not to repeat the same mistake when it comes to tackling cyber threats.

The study warns people against being misled by the fact “the internet has been incredibly resilient (and generally safe) for the past few decades.” With the system getting ever more complex and ever more connected to real life, bigger shocks to it are unavoidable.

A company should no longer focus primarily on its own internal cyber security as an threat might be coming from outsourced services it’s getting or from its suppliers. Those are on the list of the seven “risk pools” the study outlines.

Seven hundred and forty million data files were potentially exposed or stolen worldwide in 2013, making the year the worst in terms of the internet security thus far, according to the statistics given by the On-line Trust Alliance and cited in the survey, which warns that the situation is only going to become aggravated.

“While our society’s reliance on the internet grows exponentially, our control of it only grows linearly, limited by outdated government procedures and ineffective governance.”

One of the major proposals in the report is supporting the idea put forward earlier by Microsoft, of establishing a G20+20 group, 20 governments and 20 global information and communications technology firms – to work out ways of ensuring viable security in cyberspace.

RT – NEXUS – News Sources

Ace Related News:
1 . Swiss Insurance Report – http://www.zurich.com/internet/main/SiteCollectionDocuments/insight/risk-nexus-april-2014-en.pdf

#ANS2014

` White House Seeks to Obtain Legislator's Approval over Legal Immunity for Companies Handing over Data '


#AceSecurityNews – WASHINGTON – WHITE HOUSE – (Guardian) – The White House has asked legislators crafting competing reforms of the National Security Agency to provide legal immunity for telecommunications firms that provide the government with customer data, the Guardian has learned.

In a statement of principles privately delivered to lawmakers some weeks ago to guide surveillance reforms, the White House said it wanted legislation protecting “any person who complies in good faith with an order to produce records” from legal liability for complying with court orders for phone records to the government once the NSA no longer collects the data in bulk.

The brief request, contained in a four-page document, echoes a highly controversial provision of the 2008 Fisa Amendments Act, which provided retroactive immunity to the telecommunications companies that allowed the NSA to access calls and call data between Americans and foreigners, voiding lawsuits against them. Barack Obama’s vote for that bill as a senator and presidential candidate disappointed many supporters.

(PressTV) – A senior US administration official described the provision as typical for surveillance law that aims to protect firms that comply with Fisa court orders for customer data.

“This would refer to any new orders issued by the court under the new regime we are proposing. This is similar to the way the rest of Fisa already operates, and Fisa already contains virtually identical language for its other provisions, including Section 215,” the official stated.

A congressional aide said such companies were anticipated to “fight hard” for the provision in order to survive in any other surveillance bill.

Press TV – Guardian
Fisa 2008 Act – http://www.gpo.gov/fdsys/pkg/BILLS-110hr6304enr/pdf/BILLS-110hr6304enr.pdf

#ANS2014

` US Department of Homeland Security Advises Users of Microsoft’s Explorer Browser to Use Alternatives ‘


#AceSecurityNews – BOSTON (Reuters) – The U.S. Department of Homeland Security advised computer users to consider using alternatives to Microsoft Corp’s Internet Explorer browser until the company fixes a security flaw that hackers have used to launch attacks.

The bug is the first high-profile security flaw to emerge since Microsoft stopped providing security updates for Windows XP earlier this month.
That means PCs running the 13-year old operating system could remain unprotected against hackers seeking to exploit the newly uncovered flaw, even after Microsoft figures out how to defend against it.

The United States Computer Emergency Readiness Team, a part of Homeland Security known as US-CERT, said in an advisory released on Monday morning that the vulnerability in versions 6 to 11 of Internet Explorer could lead to “the complete compromise” of an affected system.

“We are currently unaware of a practical solution to this problem,” Carnegie Mellon’s Software Engineering Institute warned in a separate advisory, that US-CERT linked to in its warning.

FireEye, whose Mandiant division helps companies respond to cyber attacks, declined to name specific victims or identify the group of hackers, saying that an investigation into the matter is still active.

“It’s a campaign of targeted attacks seemingly against U.S.-based firms, currently tied to defense and financial sectors,” said FireEye spokesman Vitor De Souza on Sunday. “It’s unclear what the motives of this attack group are, at this point.

It appears to be broad-spectrum intel gathering.”

Ace Related News:

  1. April 28 – http://tinyurl.com/m4re4p2

#ANS2014

` Hacker with Activist Group ` Anonymous ' Became Informant for FBI Directing Cyber-Attacks against Foreign Governments '


#AceSecurityNews – WASHINGTON April 26 – (DWN) – A hacker who became an informant for the FBI directed hundreds of cyber attacks against the websites of foreign governments, including Brazil, Iran, Pakistan, Syria and Turkey, the New York Times reported Thursday.

It was unclear whether the FBI explicitly ordered the digital attacks, but court documents and interviews suggest “that the government may have used hackers to gather intelligence overseas,” the Times wrote.

The figure at the centre of the case is Hector Xavier Monsegur, who had become a prominent hacker with the activist group Anonymous, which has staged cyber assaults on MasterCard, PayPal and other commercial and government targets.

Monsegur was arrested by the Federal Bureau of Investigation and became an informant, helping the law enforcement agency identify other members of Anonymous.

Monsegur’s location is unknown and his sentencing hearing has been delayed repeatedly, fuelling speculation that he remains an informant for the US government, the Times wrote.

The report reinforces allegations that the US government has exploited flaws in Internet security to spy on foreign targets.

The FBI was not immediately available for comment.

Dawn News – New York Times – Media News Report

#ANS2014

` Heartbleed Open SSL Virus Leads Companies to Take Action Under Multi-Million Dollar Project '


#AceSecurityNews – WWW – April 24 – The Core Infrastructure Initiative is a multi-million dollar project housed at The Linux Foundation to fund open source projects that are in the critical path for core computing functions. Inspired by the Heartbleed OpenSSL crisis, The Initiative’s funds will be administered by the Linux Foundation and a steering group comprised of backers of the project as well as key open source developers and other industry stakeholders.

The steering group will work with an advisory board of esteemed open source developers to identify and fund open source projects in need. Support from the initiative can include funding for fellowships for key developers to work full time on the open source project, security audits, computing and test infrastructure, travel, face-to-face meeting coordination and other support.

Early supporters include: Amazon Web Services, Cisco, Dell Fujitsu, Google, IBMIntel, Microsoft, NetApp, Qualcomm, Rackspace, vmware

We expect more to follow suit in the coming weeks and months.

Members of CII will evaluate open source projects that are essential to global computing infrastructure and are experiencing under-investment. These companies recognize the need for directed funds for highly critical open source software projects they all consume and that run much of modern day society.

They also value and invest in developers and collaborative software development and want to support this important work.

Ace Related News:
1. http://www.linuxfoundation.org/programs/core-infrastructure-initiative
2. http://www.linuxfoundation.org/programs/core-infrastructure-initiative/faq
3. http://www.theinquirer.net/inquirer/news/2338750/openssl-security-bug-heartbleed-exposes-two-thirds-of-webservers-to-attack

#ANS2014

` Heartbleed Virus Could Infect Those that Used The `Health.Gov Website ‘ to Enrol in Insurance Plans ‘


#AceSecurityNews – UNITED STATES – April 19 – US citizens who used the healthcare.gov website to enrol in insurance plans under the government’s healthcare reform law are being told to change their passwords to protect against the notorious Heartbleed internet security error.

The Heartbleed bug is an encryption bug that silently puts the passwords, personal information, and credit card data of millions at risk.

However, a post on the website says there is no indication that any personal information is at risk.

#ANS2014

` Who Owns Your Data When Visiting White House.Gov and other Sites According to Obama Open Domain ‘


#AceSecurityNews – UNITED STATES – April 18 – (DWN) – A new Obama administration privacy policy released Friday explains how the government will gather the user data of on-line visitors to WhiteHouse.gov, mobile apps and social media sites, and it clarifies that on-line comments, whether tirades or tributes, are in the open domain.

“Information you choose to share with the White House (directly and via third party sites) may be treated as public information,” the new policy says.

The Obama Administration also promises not to sell the data of on-line visitors.

But it cannot make the same assurances for users who go to third-party White House sites on Facebook, Twitter or Google Plus.

There will be no significant changes in actual practices under the new policy. But legal jargon and bureaucratic language has been stripped out, making it easier for readers to now understand that the White House stores the date, time and duration of on-line visits; the originating Internet

Protocol address; how much data users transmit from WhiteHouse.gov to their computers; and more.

The administration also tracks whether emails from the White House are opened, forwarded or printed.

The updates were needed because “Our old privacy policy was just that – old,” blogged Obama’s digital director Nathaniel Lubin.

#ANS2014

` Heartbleed Bug has Attacked ` Mumsnet and a Canadian Tax Authority ' with Data and Social Insurance Numbers Stolen '


#AceSecurityNews – UK – Canada – April 14 – (BBC) – A leading UK site for parents and the Canadian tax authority have both announced they have had data stolen by hackers exploiting the Heartbleed bug.

Mumsnet – which says it has 1.5 million registered members – said that it believed that the cyber thieves may have obtained passwords and personal messages before it patched its site.

The Canada Revenue Agency said that 900 people’s social insurance numbers had been stolen.

These are the first confirmed losses.

The Mumsnet site’s founder Justine Roberts told the BBC that it became apparent that user data was at risk when her own username and password were used to post a message on-line.

She said the hackers then informed Mumsnet’s administrators that the attack was linked to the Heartbleed flaw and told them the company’s data was not safe.

“On Friday 11 April, it became apparent that what is widely known as the Heartbleed bug had been used to access data from Mumsnet users’ accounts,” the London-based website added in an email to its members.

“We have no way of knowing which Mumsnetters were affected by this.

“The worst case scenario is that the data of every Mumsnet user account was accessed.

“It is possible that this information could then have been used to log in as you and give access to your posting history, your personal messages and your personal profile, although we should say that we have seen no evidence of anyone’s account being used for anything other than to flag up the security breach, thus far.”

Read More: http://www.bbc.co.uk/news/technology-27028101

Ace Related News – April 11 – 15.49 GMT – #AceSecurityNews – UNITED STATES -NSA – April 12 – (ALJ) – The US government has warned banks and other businesses to be on alert for hackers seeking to steal data exposed by the “Heartbleed” bug, as a German programmer took responsibility for the widespread security crisis. http://wp.me/p165ui-4L1

#ANS2014

` US Government Warns of the Bug that can Shut-Down over 60 Percent of the Websites Today ‘


#AceSecurityNews – UNITED STATES -NSA – April 12 – (ALJ) – The US government has warned banks and other businesses to be on alert for hackers seeking to steal data exposed by the “Heartbleed” bug, as a German programmer took responsibility for the widespread security crisis.

On a website for advising critical infrastructure operators about emerging cyber threats, the Department of Homeland Security asked organisations to report any Heartbleed-related attacks, adding that hackers were attempting to exploit the bug in widely used OpenSSL code by scanning targeted networks.

The German government also called the bug “critical” and the Canadian government has shut down federal websites as a precaution.

Federal regulators also advised financial institutions to patch and test their systems to make sure they are safe.

OpenSSL is technology used to encrypt communications, including access to email, as well as websites of big Internet companies like Facebook Inc, Google Inc and Yahoo Inc.

The bug, which surfaced on Monday, allows hackers to steal data without a trace. No organisation has identified itself as a victim, yet security firms say they have seen well-known hacking groups scanning the web in search of vulnerable networks.

The vulnerability went undetected for several years, so experts worry that hackers have likely stolen some keys, leaving data vulnerable to spying.

Technology analyst Carmi Levy told Al Jazeera that the bug was a “watershed moment in Internet security”, adding that the flaw would force everyone to take security on-line much more seriously.

Deutsche Telecom – News media report about a bug in the widely used Open SSL encryption software. Telekom also was affected in its e-mail service and in the business market place of this error. Immediately after the announcement, we have closed the gap. To give our customers the greatest possible security, we replace the server-side SSL certificates and lock them for further use. Furthermore, we explore other services to potential vulnerability.

T-Systems has also initiated in close coordination with its clients the necessary steps: The company has customers, both server as well as certificates of T-Systems refer informed after learning of the gap and started cleaning up the affected server. In addition, exchanges , T-Systems from the server-side certificates for these customers.

All other customers, has T-Systems immediately informed of the necessary steps. For further inquiries contact persons are available. http://www.telekom.com/verantwortung/sicherheit/222572

#ANS2014

NSA and GCHQ : ` Targeted Private and German Companies ' Spying on 122 World Leaders '


#AceSecurityNews – UNITED STATES – The NSA’s data-base contains information obtained during the surveillance of over a hundred world leaders, new leaks by NSA whistle-blower Edward Snowden revealed.

Der Spiegel has looked through a top secret presentation by NSA’s Centre for Content Extraction, which is responsible for automated analysis of all types of text data.

According to the document, the leaders of 122 states were among the high-ranked targets of the US intelligence.

However, only 12 names were revealed by the German journalists in the publication as an example – http://www.spiegel.de/international/germany/gchq-and-nsa-targeted-private-german-companies-a-961444.html

ANS2014

` China's Google invokes ` First Amendment ' to beat ` United States ' Anti-Censorship Lawsuit '


#AceSecurityNews – UNITED STATES – March 29 – A US court dismissed a lawsuit against a Chinese internet giant Baidu, which the plaintiff argued blocks material critical of China’s democratic credentials, a decision that could have far-reaching impact on how US search engines sift information – http://on.rt.com/1bbcrf

The lawsuit was brought forward by a group of New York content editors who alleged that Baidu’s search engine was programmed to filter out material in the United States that touches upon the Chinese government’s harsh censorship laws, calling this a violation of the US Constitution.

According to the ruling http://sdnyblog.com/wp-content/uploads/2014/03/11-Civ.-03388-2014.03.27-Opinion-Granting-Motion-for-Judgment-on-Pleadings.pdf on Thursday, “Plaintiffs, self-described ‘promoters of democracy in China through their writings, publications and reporting of pro-democracy events,’ allege that Baidu conspires to prevent ‘pro-democracy political speech’ from appearing in its search-engine results here in the United States,” it read.

US District Judge Jesse Furman in Manhattan disagreed, comparing Baidu’s algorithms to a newspaper’s editorial stance: “The First Amendment protects Baidu’s right to advocate for systems of government other than democracy (in China or elsewhere) just as surely as it protects plaintiffs’ rights to advocate for democracy.”

The First Amendment (Amendment I) to the United States Constitution prohibits the making of any law respecting an establishment of religion, impeding the free exercise of religion, abridging the freedom of speech, infringing on the freedom of the press, interfering with the right to peaceably assemble or prohibiting the petitioning for a governmental redress of grievances. It was adopted on December 15, 1791, as one of the ten amendments that comprise the Bill of Rights.

#ANS2014

` British Secret Services ` Threatened ‘ to ` Shut-Down ‘ the `Guardian ‘ as it was Publishing its Expose of US Surveillance ‘


#AceSecurityNews – LONDON – March 27 – British secret services threatened to shut down the Guardian newspaper as it was publishing its exposé of US massive surveillance based on Edward Snowden leaks.

The story was the most difficult piece of reporting the paper has ever done.

“We were threatened that we would be closed down. We were accused of endangering national security and people’s lives. It left us in a very difficult position,” Guardian deputy editor Paul Johnson told the Radiodays http://www.radiodayseurope.com/highlight/guardian%C2%B4s-inside-story-snowden-case Europe conference in Dublin.

A senior civil servant had told the paper’s editor, Alan Rusbridger, that the “prime minister, the deputy prime minister, the foreign secretary, the home secretary and the attorney general have got a problem with you,” Johnson said, as cited by the Irish Times.

The attitude of the British authorities was a sharp contrast to that of the Americans, he said.

In the US Snowden leaks led to a nationwide debate on surveillance and privacy while in the UK the authorities just assumed that national security trumps press freedom.

Read More: Press Freedom – RT News – http://on.rt.com/tyy7u1

#ANS2014

` Kaspersky has `Launched ‘ a `New Project ‘ that ` Demonstrates ‘ the `On-Going ‘ and `Real-Time ‘ Cyber-Attacks ‘


#AceSecurityNews – KASPERSKY – March 27 – The Internet has a service clearly demonstrates the ongoing real-time computer incidents worldwide.

According to the press service of Kaspersky Lab launched the project, an interactive map shows E-mail antivirus detected vulnerability and cyber-attacks.


“Our new map allows to see a scale of cyber-attacks actions in real time,” he said.

“Users can turn the globe and zoom to get an idea about the local situation in any part of the world. The different types identified threats on the globe pointed by different colours in real-time,” the company explained.

The user can display a description of each threat and if he want to turn off the display uninteresting types of threats.

The link for checking a computer for malicious software is also available on the company’s Web site – http://free.kaspersky.com/

According to the head of corporate communications Kaspersky Lab Denis Zenkina experts handle more than 300,000 malware every day.

#ANS2014