Thursday, March 24, 2011

Cyber summit signs training deal

A conference on cyber security has ended with a university deal to train a new generation of experts in fighting off criminal and terrorist IT attacks.

The summit in Cardiff agreed that the UK and the US would need to produce many thousands of people with this expertise over the next few years.

Delegates at the University of Wales event included the UN, the US defence department, Microsoft and IBM.

The US says government systems are under continued attack.

The US federal government recently announced plans to spend more than $13bn a year within the next five years on protecting its systems.

In the UK, cyber crime is costing the economy up to �27bn every year, it is estimated.

US officials say cyber criminals, terrorists and other nations are getting better at penetrating state and private networks, whether to spy, to steal data or damage critical infrastructure.

"Start Quote

Cyber-physical security is now considered the number one threat to national security"

End Quote Professor John Williams Geospatial Data Centre, MIT

Last week, the head of the Pentagon's cyber command said the US military lacked the people and resources to defend the country adequately from concerted cyber attacks.

The two-day summit was organised by the University of Wales Global Academy and the Geospatial Data Center of the Massachusetts Institute of Technology (MIT) in the US.

It also included professors from Harvard University, the University of Oxford, University of Memphis, Boston University and the University of Central Florida.

'Overriding issue'

The University of Wales and the Geospatial Data Centre at MIT signed an agreement to jointly develop cyber security leadership and training programmes.

University of Wales vice-chancellor Professor Marc Clement said he believed the summit was a "major coup" for Wales and the deal signed would put Wales at the forefront of cyber security defence.

He said the university hoped to "work closely with many of the participating academics to take forward the agenda identified by the summit and to advance relations between MIT and the University of Wales".

He added: "We now plan to develop a joint training programme for taking forward educational developments in the field of cyber-physical security, an area that the summit agreed was the overriding issue for government, business, and universities."

Professor John Williams, director of the Geospatial Data Centre, said: "Cyber-physical security is now considered the number one threat to national security, being deemed more critical than conventional nuclear attacks.

"Last year alone, the US logged over 300,000 virus attacks on their networks and noted that organised crime now makes more money from cyber crime than any other activity."



Powered By WizardRSS.com | Full Text Feeds | Amazon PluginsHud-1

Iran accused in 'dire' net attack

Hackers in Iran have been accused of trying to subvert one of the net's key security systems.

Analysis in the wake of the thwarted attack suggests it originated and was co-ordinated via servers in Iran.

If it had succeeded, the attackers would been able to pass themselves off as web giants Google, Yahoo, Skype, Mozilla and Microsoft.

The impersonation would have let attackers trick web users into thinking they were accessing the real service.

Fake identity

The attack was mounted on the widely used online security system known as the Secure Sockets Layer or SSL.

This acts as a guarantee of identity so users can be confident that the site they are visiting is who it claims to be. The guarantee of identity is in the form of a digital passport known as a certificate.

Analysis of the attack reveals that someone got access to the computer systems of one firm that issue certificates. This allowed them to issue bogus certificated that, if they had been used, would have let them impersonate any one of several big net firms.

It appears that the attackers targeted the SSL certificates of several specific net communication services such as Gmail and Skype as well as other popular sites such as Microsoft Live, Yahoo and the Firefox browser.

SSL certificate issuer Comodo published an analysis of the attack which was carried out via the computer systems of one of its regional affiliates.

It said the attack exhibited "clinical accuracy" and that, along with other facets of the attack led it to one conclusion: "this was likely to be a state-driven attack."

It is thought it was carried out by the Iranian authorities to step up scrutiny of opposition groups in the country that use the web to co-ordinate their activity.

The bogus certificates have now been revoked and Comodo said it was looking into ways of improving security at its affiliates.

Browsers have also been updated so anyone visiting a site whose credentials are guaranteed by the bogus certificates will be warned.

Writing on the blog of digital rights lobby group the Electronic Frontier Foundation, Peter Eckersley, said the attack posed a "dire risk to internet security".

"The incident got close to � but was not quite � an internet-wide security meltdown," he said.

"We urgently need to start reinforcing the system that is currently used to authenticate and identify secure websites and e-mail systems," said Mr Eckersley.



Powered By WizardRSS.com | Full Text Feeds | Amazon PluginsHud-1

US hacker denies fleeing justice

The American hacker who unlocked Sony's PS3 has denied fleeing the country to avoid legal action.

George Hotz, also known as Geohot, said his trip had been planned for months and added that he was still in contact with his lawyers.

Sony had raised questions about the reason for his sudden disappearance in recent legal papers that it filed in California.

The company is suing him for computer fraud and breach of copyright.

To explain his absence, Mr Hotz wrote on his blog: "Factually, it's true I'm in South America, on a vacation I've had planned and paid for since November. I mean, it is Spring break; hacking isn't my life."

He continued: "Rest assured that not a dime of legal defense money would ever go toward something like this."

The blog was written in reaction to reports of his departure which speculated that he may have paid for the trip with money donated by supporters, intended to pay for pay for his legal costs.

Serious question

His absence was brought to light in the latest court documents filed by Sony Computer Entertainment America (SCEA) to the San Francisco court where he is being sued.

They raise concerns, both about Mr Hotz whereabouts and the condition of computer equipment he was due to submit for examination.

The filing states: "SCEA learned that Hotz had deliberately removed integral components of his impounded hard drives prior to delivering them to a third party neutral and that Hotz is now in South America, an excuse for why he will not immediately provide the components of his hard drives as requested by the neutral.

"Hotz's attempts to dodge this Court's authority raise very serious questions."

Sony launched its legal action in California where its US subsidiary is headquartered. It also claims that information relating to the hack was posted on several California-based websites, including Twitter and Youtube.

However, Mr Hotz has disputed the court's jurisdiction, claiming that he is a resident of New Jersey and that the PS3 is made in Japan.

Mr Hotz developed his system for unlocking the PlayStation 3 in 2009. It makes it possible for users to play "homebrew" software and copied games, although he denies that it was his intention to enable piracy.

Sony is taking legal action against Mr Hotz and more than 100 other defendants who, it claims, downloaded the hack.

In previous hearings, George Hotz has been ordered to hand over the IP addresses of users who accessed his website.



Powered By WizardRSS.com | Full Text Feeds | Amazon PluginsHud-1