Category Archives: Sen. Ron Wyden

DHS assessment of foreign VPN apps finds security risk real, data lacking

Posted on by

The risk posed by foreign-made virtual private network (VPN) applications must be accounted for — even if government device users have avoided such apps — because adversaries are interested in exploiting the software, according to a senior Department of Homeland Security official. “Open-source reporting indicates nation-state actors have demonstrated intent and capability to leverage VPN services and vulnerable users for malicious purposes,” Chris Krebs, director of DHS’s Cybersecurity and Infrastructure Security Agency (CISA), wrote in a May 22 letter to Sen. Ron Wyden, D-Ore., obtained by CyberScoop. There is no overarching U.S. policy preventing government mobile device users from downloading foreign VPN apps, according to Krebs. “Even with the implementation of technical solutions, if a U.S. government employee downloaded a foreign VPN application originating from an adversary nation, foreign exploitation of that data would be somewhat or highly likely,” Krebs wrote. “This exploitation could lead to loss of data integrity and confidentiality […]

The post DHS assessment of foreign VPN apps finds security risk real, data lacking appeared first on CyberScoop.

Continue reading DHS assessment of foreign VPN apps finds security risk real, data lacking

Private: 11/5/18: Dtex, Insider Threat, Privacy News: Insider Threat Matures; China Intel Officers Recruit Insiders; Sen. Wyden Disrupts Privacy, Again

Posted on by

The insider threat has come of age. Last week, The National Insider Threat Task Force (NITTF), operating under the joint leadership of the Attorney General and the Director of National Intelligence, announced the release of the “Insider Threat Pr… Continue reading Private: 11/5/18: Dtex, Insider Threat, Privacy News: Insider Threat Matures; China Intel Officers Recruit Insiders; Sen. Wyden Disrupts Privacy, Again

Verizon to Stop Sharing Customer Location Data With Third Parties

Posted on by

In the wake of a scandal involving third-party companies leaking or selling precise, real-time location data on virtually all Americans who own a mobile phone, the four major wireless carriers have responded to requests from a U.S. senator for more details about how the carriers are managing access to this extremely sensitive information. While three out of four providers said they had cancelled data sharing agreements with some of the offending companies, only one — Verizon — pledged to terminate all of them and initiate a wholesale review of their location data-sharing practices. Continue reading Verizon to Stop Sharing Customer Location Data With Third Parties

Why Is Your Location Data No Longer Private?

Posted on by

The past month has seen one blockbuster revelation after another about how our mobile phone and broadband providers have been leaking highly sensitive customer information, including real-time location data and customer account details. In the wake of … Continue reading Why Is Your Location Data No Longer Private?

Tracking Firm LocationSmart Leaked Location Data for Customers of All Major U.S. Mobile Carriers in Real Time Via Its Web Site

Posted on by

LocationSmart, a U.S. based company that acts as an aggregator of real-time data about the precise location of mobile phone devices, has been leaking this information to anyone via a buggy component of its Web site — without the need for any password or other form of authentication or authorization — KrebsOnSecurity has learned. The company took the vulnerable service offline early this afternoon after being contacted by KrebsOnSecurity, which verified that it could be used to reveal the location of any AT&T, Sprint, T-Mobile or Verizon phone in the United States to an accuracy of within a few hundred yards. Continue reading Tracking Firm LocationSmart Leaked Location Data for Customers of All Major U.S. Mobile Carriers in Real Time Via Its Web Site

DHS will scan agencies for DMARC, other hygiene measures

Posted on by

The Department of Homeland Security is now collecting data about federal agencies’ use of an industry-standard cybersecurity measure that blocks forged emails. The collection is seen as a first step to encouraging wider adoption within the U.S. government, according to official correspondence. In a letter to Sen. Ron Wyden, D-Ore., DHS official Christopher Krebs says the department, “is actively assessing the state of email security and authentication technologies … across the federal government,” to include Domain-based Message Authentication, Reporting and Conformance (DMARC). DMARC is the industry standard measure to prevent hackers from spoofing emails — making their messages appear as if they’re sent by someone else. Spoofing is the basis of phishing, a major form of both crime and espionage, in which an email appearing to a come from a trusted third party directs readers to a website where login and password credentials can be stolen. Krebs says DHS’s 24-hour cyber watch center, […]

The post DHS will scan agencies for DMARC, other hygiene measures appeared first on Cyberscoop.

Continue reading DHS will scan agencies for DMARC, other hygiene measures

Senator Calls For Use Of DMARC To Curb Phishing

Posted on by

Senator Ron Wyden is pushing to mandate government-wide use of the email authentication protocol DMARC “to ensure that hackers cannot send emails that impersonate federal agencies.” Continue reading Senator Calls For Use Of DMARC To Curb Phishing

Tor Joins Movement Against Expanding Hacking Powers

Posted on by

The Tor Project on Monday made a public plea for others to speak out against the proposed amendments to Rule 41 of the Federal Rules of Criminal Procedure. Continue reading Tor Joins Movement Against Expanding Hacking Powers