recentpopularlog in

jerryking : software_bugs   10

Software as Weaponry in a Computer-Connected World - The New York Times
JUNE 7, 2016 | NYT | By NICOLE PERLROTH.

On average, there are 15 to 50 defects per 1,000 lines of code in delivered software, according to Steve McConnell, the author of “Code Complete.” Today, most of the applications we rely on — Google Chrome, Microsoft, Firefox and Android — contain millions of lines of code. And the complexity of technology is increasing, and with it the potential for defects.

The motivation to find exploitable defects in widely used code has never been higher. Governments big and small are stockpiling vulnerabilities and exploits in hardware, software, applications, algorithms and even security defenses like firewalls and antivirus software.

They are using these holes to monitor their perceived enemies, and many governments are storing them for a rainy day, when they might just have to drop a payload that disrupts or degrades an adversary’s transportation, energy or financial system.

They are willing to pay anyone who can find and exploit these weaknesses top dollar to hand them over, and never speak a word to the companies whose programmers inadvertently wrote them into software in the first place.
adversaries  software  hackers  books  coding  vulnerabilities  exploits  software_bugs  bounties  black_markets  arms_race  cyber_warfare  cyber_security  Stuxnet  espionage  Iran  security_&_intelligence  malware  cyberweapons  weaponry  stockpiles  financial_system 
june 2016 by jerryking
U.S. Directs Cyberweapons at ISIS for First Time - The New York Times
APRIL 24, 2016 | NYT | By DAVID E. SANGER.

The United States has opened a new line of combat against the Islamic State, directing the military’s six-year-old Cyber Command for the first time to mount computer-network attacks that are now being used alongside more traditional weapons....The NSA, which specializes in electronic surveillance, has for years listened intensely to the militants of the Islamic State, and those reports are often part of the president’s daily intelligence briefing. But the N.S.A.’s military counterpart, Cyber Command, was focused largely on Russia, China, Iran and North Korea — where cyberattacks on the United States most frequently originate — and had run virtually no operations against what has become the most dangerous terrorist organization in the world...The goal of the new campaign is to disrupt the ability of the Islamic State to spread its message, attract new adherents, circulate orders from commanders and carry out day-to-day functions, like paying its fighters....The N.S.A. has spent years penetrating foreign networks — the Chinese military, Russian submarine communications, Internet traffic and other targets — placing thousands of “implants” in those networks to allow it to listen in.

But those implants can be used to manipulate data or to shut a network down. That frequently leads to a battle between the N.S.A. civilians — who know that to make use of an implant is to blow its cover — and the military operators who want to strike back. N.S.A. officials complained that once the implants were used to attack, the Islamic State militants would stop the use of a communications channel and perhaps start one that was harder to find, penetrate or de-encrypt.
ISIS  cyber_warfare  NSA  security_&_intelligence  terrorism  cyberweapons  exploits  hackers  software_bugs  vulnerabilities  Pentagon  U.S._Cyber_Command  campaigns  David_Sanger 
april 2016 by jerryking
F.B.I. Director Suggests Bill for iPhone Hacking Topped $1.3 Million - The New York Times
APRIL 21, 2016 | NYT | By ERIC LICHTBLAU and KATIE BENNER

The F.B.I. declined to confirm or deny Thursday whether the bureau had in fact paid at least $1.3 million for the hacking, and it declined to elaborate on Mr. Comey’s suggestive remarks.

But that price tag, if confirmed, appears in line with what other companies have offered for identifying iOS vulnerabilities.

Zerodium, a security firm in Washington that collects and then sells such bugs, said last fall that it would pay $1 million for weaknesses in Apple’s iOS 9 operating system. Hackers eventually claimed that bounty. The iPhone used by the San Bernardino gunman ran iOS 9.

“A number of factors go into pricing these bounties,” said Alex Rice, the co-founder of the security start-up HackerOne CTO, who also started Facebook’s bug bounty program. Mr. Rice said that the highest premiums were paid when the buyer didn’t intend to disclose the flaw to a party that could fix it.
bounties  FBI  hacking  encryption  James_Comey  iPhone  cyber_security  Apple  hackers  software_bugs  vulnerabilities  cryptography  exploits 
april 2016 by jerryking
Apple Policy on Bugs May Explain Why Hackers Would Help F.B.I. - The New York Times
MARCH 22, 2016 | NYT | By NICOLE PERLROTH and KATIE BENNER.

As Apple’s desktops and mobile phones have gained more market share, and as customers began to entrust more and more of their personal data to their iPhones, Apple products have become far more valuable marks for criminals and spies.....Exploits in Apple’s code have become increasingly coveted over time, especially as its mobile devices have become ubiquitous, with an underground ecosystem of brokers and contractors willing to pay top dollar for them (flaws in Apple’s mobile devices can typically fetch $1 million.)....Unlike firms like Google, Microsoft, Facebook, Twitter, Mozilla, Uber and other tech companies which all pay outside hackers, via bug bounty programs, to turn over bugs in their products and systems, Apple doesn't do this. So it's not surprising that a third party approached the F.B.I. with claims of being able to unlock an iPhone--and not Apple.
black_markets  exploits  arms_race  FBI  bounties  cyber_security  Apple  hackers  software_bugs  vulnerabilities  cryptography  encryption 
march 2016 by jerryking
‘The Director,’ by David Ignatius, a Novel About the C.I.A.
June 3, 2014 | NYTimes.com |By MICHIKO KAKUTANI.

Mr. Ignatius writes that “The Director” is “ultimately about American intelligence in the age of WikiLeaks, and whether it can adapt to a more open digital world and still do the hard work of espionage.” And the novel does provide a harrowing sense of the vulnerability of governments and ordinary people alike to cybercrime, surveillance and digital warfare in this day when almost anything and everything can be stolen or destroyed with some malicious pieces of code and a couple clicks of a mouse.....giving an intimate sense of American intelligence operations in a post-Sept. 11 world, and puts them in historical perspective with operations from the World War II and Cold War eras. He also provides a detailed, energetically researched account of how hackers inside and outside the government operate: how malware and back doors and worms actually work, how easily security and privacy shields can be breached, how relatively defenseless many financial networks are.
back_doors  books  book_reviews  CIA  cyber_security  cyber_warfare  David_Ignatius  espionage  exploits  fiction  hackers  hard_work  malware  security_&_intelligence  software_bugs  vulnerabilities  WikiLeaks 
june 2014 by jerryking
How Google intends to dominate with its Android plan
May. 21 2013 | The Globe and Mail| by OMAR EL AKKAD
- TECHNOLOGY REPORTER.

Android’s importance to Google is two-fold. First, it allowed a company that developed its search services for the desktop age to gain a foothold in the mobile world. Second, it allows Google to put the products where it does make money – primarily, its search engine – front and centre on all Android-based devices. Indeed, whatever revenue-generating software comes up in the future has a natural home on the hundreds of millions of Android devices already on the market...Google is giving away a platform, not a product. The company that dominated the Internet search market by acting as an advertising middleman in billions of user queries is taking the same approach to the mobile world. Rather than looking to profit off the sale of its software, Google is aiming for a critical mass, and attempting to put Android everywhere....Android is now one part of a much wider strategy at Google, whereby the company builds platforms and technologies on which all kinds of other services can run, and then gives them away for free. The other well-known example of this strategy is Chrome, the browser-based operating system....
Android  Google  Omar_el_Akkad  Samsung  platforms  BugSense  mobile_applications  software_bugs  upgrade_cycles 
may 2013 by jerryking
Spyware Becomes Increasingly Malicious - WSJ.com
July 12, 2004 | WSJ | By LEE GOMES.

Spyware Is Easy to Get, Difficult to Remove, Increasingly Malicious
computer_viruses  malware  software_bugs 
january 2013 by jerryking
Ottawa set to ban Chinese firm from telecommunications bid - The Globe and Mail
STEVEN CHASE

OTTAWA — The Globe and Mail

Last updated Wednesday, Oct. 10 2012

One presentation, which discusses the damage foreign adversaries can inflict on computer systems, mentions the "Farewell dossier" incident. That was a Cold War episode in which the Central Intelligence Agency was reported to have deliberately transferred faulty technology to the Soviets – including a computer virus that triggered a major pipeline explosion.
computer_viruses  cyber_security  Huawei  adversaries  malware  software_bugs  vulnerabilities 
october 2012 by jerryking

Copy this bookmark:





to read