US considers blocking Chinese nationals from hacking conferences

Following its decision to charge five Chinese officials for allegedly stealing trade secrets, the US is apparently ready take further action. Reuters reports that the US government may impose visa restrictions on Chinese computer experts, stopping them from attending the high-profile Def Con and Black Hat hacking conferences in August. Black Hat currently has three Chinese speakers lined up to present, while Def Con has none on its roster. The move is said to be part of a "broader effort to curb Chinese cyber espionage," after cybercriminals were said to have infiltrated six American private-sector companies to help give Chinese state-owned firms a competitive advantage. Organizers of both events, which include the founder of Def Con and Black Hat Jeff Moss, were unaware of the government's plans, but Moss did note on Twitter that such actions would not help build a "positive community." While an official block has yet to be imposed, stopping Chinese nationals already in the country from attending could prove difficult: Def Con's privacy-conscious setup requires attendees to pay using only cash and they never have to share their name.

Pay with Your Fingerprint

Samsung’s Galaxy S5 is the first smartphone that can use a fingerprint to authorize payments in stores and online.

Anyone with an iPhone 5 can use its fingerprint reader to unlock the device and pay for apps or music in Apple’s iTunes store. Owners of Samsung’s latest flagship device, the Galaxy S5 smartphone, which launches on April 11, will be able to make much broader use of their fingerprints to pay for things. If they visit a website or app that accepts PayPal using the device, they can authorize payments by swiping a finger across the phone’s home button. And PayPal’s own mobile app can be used to pay for goods in some physical stores in the U.S.

Fingerprint payments are likely to be offered on many more smartphones in the near future. The Galaxy S5’s payments system is the first commercial deployment of a new protocol developed by the FIDO Alliance, a group founded by tech companies to end our reliance on insecure passwords (see “PayPal, Lenovo Launch Campaign to Kill the Password”). Indeed, fingerprint readers are expected to become commonplace on mobile devices over the next year or so (see “A Technological Assault on the Password”).

“Today people are having to type in nine-digit passwords everywhere, including one-handed on the subway,” says Joel Yarbrough, senior director of global product solutions at PayPal. This leads many people to use simple passwords and to reuse them across multiple services. This, in turn, makes it easier for criminals to take control of accounts. “Building a smart biometric experience solves both usability and dramatically increases the security level,” says Yarbrough.

To start using your finger for payments on the new Samsung phone, you have to go through a short setup process that registers the identity of the device, based on its cryptographic chip, and links your fingerprint to a PayPal account. Afterward, PayPal’s software asks for a fingerprint swipe anytime an app or site would usually show a log-in screen.

mobile phone showing UI
Fingertip swipe: The fingerprint sensor in Samsung’s upcoming flagship smartphone can be used to make PayPal payments online, in mobile apps, and in physical stores.

The FIDO protocol is designed so that a record of your fingerprint never leaves your device. Instead, the fingerprint reader’s output is used to generate cryptographic keys that are combined with those from the device’s cryptographic chip to create a new key that can’t be used to copy the fingerprint used to make it.

The Galaxy S5 is so far the only device to support PayPal’s new FIDO-based fingerprint system, and PayPal is cagey about how soon others might appear. But Yarbrough acknowledges that Samsung isn’t the only gadget maker looking at fingerprint readers. “It’s our impression that a lot of manufacturers are investing time in this technology,” he says. Brett McDowell, senior security advisor at PayPal and vice president of the FIDO alliance, says widespread adoption is “core to the mission of the alliance.”

The FIDO Alliance was launched in early 2013, and now has over 100 members, including Microsoft, Google, device manufacturers such as Lenovo and LG, and representatives of the payments industry such as PayPal and Mastercard. Apple, which has its own fingerprint authentication technology, is not a member of the FIDO Alliance.


Sebastien Taveau, formerly chief technology officer of Validity, a fingerprint sensor company acquired in October by Synaptics, says fingerprint sensors will soon be widespread. Apple and Samsung—the two largest mobile device makers—have now made fingerprint authentication major features of their flagship devices, he points out, and competitors will likely follow their lead. “It is expected that other devices, like tablets, will be incorporating a sensor.”


Most of the core technology needed for biometric authentication has been around for years. Taveau says that cultural change means we are now ready to embrace the idea. “With the transformation of user interactions with content from local to cloud-based and the collapse of trust in existing authentication mechanisms, a real change is happening,” he says, pointing to the public awareness of security flaws heightened by the NSA leaks and the Target debit card breach. “Trust in security and credentials need to be reëstablished.”

Via: MIT Technology Revi

Hackers plot Brazil World Cup 2014 cyber attacks

Hackers are planning to launch cyber attacks to disrupt the 2014 World Cup, with one cyber security expert telling Reuters: “It's not a question of whether the cup will be targeted but when.”

GettyImagesThe eyes of the world will be on Brazil this summer.

Brazil has already endured significant problems in the build-up to this summer’s tournament, with the public launching large-scale protests over the exorbitant cost of hosting.

Reuters reports that online activists are now planning to launch attacks ranging from jamming websites to data theft.

Brazil has significant problems with internet crime but, despite concerns over a lack of investment in online security, the head of the cyber command for the nation’s army, General Jose Carlos dos Santos, is remaining cautiously optimistic.

It appears supporters are not the intended targets, with one activist telling Reuters: “The attacks will be directed against official websites and those of companies sponsoring the cup.”“It would be reckless for any nation to say it's 100 percent prepared for a threat, but Brazil is prepared to respond to the most likely cyber threats,” he said.

However, Terra reported earlier this month that hackers are looking to steal data and spread viruses by sending out emails claiming supporters have the opportunity to win tickets.

Nelson Barbosa, of computer security corporation Symantec, said: “Threats relating to the World Cup can affect people all around the world. This has been carried out in South Africa, Russia and other European countries.”

With hackers viewing the World Cup as an opportunity to attract the attention of a global audience, William Beer, a cyber security expert with consultancy firm Alvarez & Marsal, said online attacks were inevitable.

“It's not a question of whether the cup will be targeted but when, so resilience and response become extremely important,” he said.

Make your passwords harder to crack

Password Hacking has become common now

There’s nothing you can do if hackers get into a database with your password in it, but you can still protect yourself for all the other worst-case scenarios involving hacking. In this video, we go over ways to make your passwords harder to crack.

First, don’t make it easy on hackers by choosing a common password. Splashdata uses security breaches to gather 'most popular passwords' lists each year. The word 'password', number sequences, and other simplistic phrases or numbers fill the top spots. Also, don’t use your name, a password related to another one you might have on a different site, or a login name.

Instead, experts recommend using 15 characters, upper-case letters, better yet nonsensical words with special characters and numbers inside them.

Need help? Check out some free websites, like Strong Password Generator. This Macworld article on security in the iCloud age  also has some suggestions on strong password creation.

The 'Worst' and Most 'common' password of 2013

“123456” is finally getting some time in the spotlight as the world's worst password, after spending years in the shadow of “password.”

Security firm Splashdata, which every year compiles a list of the most common stolen passwords, found that “123456” moved into the number one slot in 2013. Previously, “password” had dominated the rankings.

The change in leadership is largely thanks to Adobe, whose major security breach in October affected upwards of 48 million users. A list of passwords from the Adobe breach had “123456” on top, followed by “123456789” and “password.” The magnitude of the breach had a major impact on Splashdata's results, explaining why “photoshop” and “adobe123” worked their way onto this year's list.

Fans of “password” could reasonably petition for an asterisk, however, given that the stolen Adobe passwords included close to 100 million test accounts and inactive accounts. Counting those passwords on the list is kind of like setting a home run record during batting practice. Don't be surprised if “password” regains the throne in 2014.

Weaker passwords are more susceptible to brute-force attacks, where hackers attempt to access accounts through rapid guessing. And when encrypted passwords are stolen, weaker ones are the first to fall to increasingly sophisticated cracking software.

As always, Splashtop suggests avoiding common words and phrases, and says that replacing letters with similar-looking numbers (such as “3” instead of “E) is not an effective strategy. Instead, consider using phrases of random words separated by spaces or underscores, and using different passwords, at least for your most sensitive accounts. Password management programs such as LastPass, KeePass and Splashdata's ow nSplashID can also help, as you only have to remember a single master password.

Here's the full list of worst passwords from 2013, according to Splashdata:

1. 123456
2. password
3. 12345678
4. qwerty
5. abc123
6. 123456789
7. 111111
8. 1234567
9. iloveyou
10. adobe123
11. 123123
12. admin
13. 1234567890
14. letmein
15. photoshop
16. 1234
17. monkey
18. shadow
19. sunshine
20. 12345
21. password1
22. princess
23. azerty
24. trustno1
25. 000000

Anonymous Hacking Group Hacks U.S. Army & Multiple U.S. Government Agencies!

Anonymous, a hacking group which has spread like wildfire, has hacked multiple United States government organizations according to a latest leaked report from Federal bureau of Investigation (FBI). Renownedmedia outlet  – Reuters, managed to get their hands on this leaked report which warns agencies about serious consequences regarding the breach of their data. So how did Anonymous hack so many government agencies? Well details below.

Anonymous Hacking Group

The FBI has warned this week that they have found out about multiple breaches in government agencies. Anonymous hacking group is believed to be the team behind this multiple hacking.

The hacking started last year when Anonymous group discovered a flaw in Adobe’s software. They breached into the software and left “back-doors” in it, which they could later come and access information.

The hacking which started last year December is believed to affect U.S. Army, Department of Energy, Department of Health and  Human Services, and many more. Although the exact number of the organizations hacked still remain unknown.

FBI has sent out a memo to system administrators of many agencies regarding this hacking. They have been informed to check their systems, if they have been compromised or not.

An internal email from Energy Secretary revealed the following numbers regarding the hacking of Department of Energy:

• 104,000 employees, contractors, and family members personal data stolen during the period of the hacking.

• 20,000 bank accounts information stolen.

These numbers only represent the stolen data from the Department of Energy alone! So you can imagine the total number of people affected by this hacking from the Anonymous hacking group.

It is still unknown what kind of information was stolen from the United States army, although it is believed that no sensitive information had been stolen. But it is still unclear.

Anonymous has hacked many organisations in the past, but this is by far one of the largest!

(Via Reuters)