Wednesday, April 30, 2014

EC3: Darknet & cloud the barriers to prosecuting cyber-criminals | SC Magazine UK

Troels Oerting, head of European Cybercrime Centre (EC3), spoke about the difficulties of catching cyber-criminals during his keynote speech at the Infosecurity Europe exhibition in London earlier today.
EC3: Darknet & cloud the barriers to prosecuting cyber-criminalsIn his talk entitled ‘Combating crime in a digital age', Oerting said that cyber-crime is changing the ‘world as we know it' and said that this is down in part to the growing number of internet user base - which is predicted to grow from 2.7 billion online users to 4 billion in the next few years.

He also said that cyber-crime investigations have been harder by the leaks from former CIA contractor Edward Snowden, perhaps on the basis that cyber-criminals have look to increase their anonymity.

“The Snowden revelations seemed to, one way or another, have made it more difficult law enforcement to clamp down on [internet] rules,” said Oerting.

Where’s the Next Heartbleed Bug Lurking? | MIT Technology Review

OpenSSL, which the Internet depends upon, has a single full-time employee dedicated to keeping the software secure. Other projects are similarly understaffed.

By Robert Lemos on April 29, 2014
After causing widespread panic and changing of passwords, the Heartbleed bug has largely disappeared from the news. Yet the implications of the discovery are still being debated across the computer industry. The biggest concern for security experts is how to preëmpt other flaws lurking in the Internet’s foundations.

The Heartbleed bug was discovered earlier this month in a piece of software called OpenSSL that is widely used to establish a secure connection between Web browsers and servers by managing the cryptographic keys involved. OpenSSL is an “open source” project, meaning that the underlying code is published along with the software. Also, like many other open-source efforts, it is maintained by a small group of volunteer programmers (see “The Underfunded Project Keeping the Web Secure”).

How to confirm your systems aren’t suffering a major Heartbleed |

The Internet was rocked last week when a two-year-old bug in OpenSSL was revealed. Heartbleed, as the vulnerability is known, can result in massive information disclosure through simple requests that require no privileges, and leave no logs. Anything from command history to other users’ credentials to private keys can be exposed, and the aftershocks of this revelation will go on for months as SysAdmins try to patch their systems and data losses are reported. CVE 2014-0160 details the vulnerability.

RedHack Hackers Target Aktif Bank over Controversial e-Ticketing System | Softpedia

Members of the hacktivist collective RedHack claim to have breached into the systems of Aktif Bank (, Turkey’s largest privately owned investment bank. The attack comes just as the bank introduced a controversial e-ticketing system for soccer (football) fans.

The recently introduced system relies on special cards that are mandatory for all those who want to attend soccer games.