TAIPEI, Taiwan — Chunghwa Telecom Co. (中華電信), Taiwan’s largest mobile provider, gave an assurance Thursday that its customers’ privacy remains secure, despite the alleged hacking of SIM card encryption keys based on technology of Gemalto, the world’s largest maker of mobile SIM cards. “Based on Gemalto’s response to Chunghwa Telecom, there is no evidence or concern that our customers’ SIM card encryption keys have been exposed in transit,” Lin Kuo-feng (林國豐), president of Chunghwa Telecom’s mobile business group, told a media gathering to announce the company’s 2015 annual targets.
Researchers at the Electronic Frontier Foundation (EFF) yesterday said that they had found evidence that implies attackers have exploited a security vulnerability in the Superfish adware and a slew of other programs. Superfish, a company that markets a visual search product, made the news last week when Lenovo was found to have pre-loaded the program on its consumer-grade PCs during a four-month span late last year.
Lenovo has enlisted the help of McAfee and Windows Defender security to block any further activity by Superfish, the adware service capable of copying private details and storing them on a server for third-parties to purchase. The move comes a few days after Lenovo tried to deny the privacy and security impact Superfish has on computers, claiming the adware could not track users. This has turned out to be false, and perhaps without Lenovo’s knowledge Superfish has documented thousands of browser based user interactions.
Security researchers warned that an adware program called Superfish, which was preloaded on some Lenovo consumer laptops, opened computers to attack. However, it seems that the same poorly designed and flawed traffic interception mechanism used by Superfish is also used in other software programs. Superfish uses a man-in-the-middle proxy component to interfere with encrypted HTTPS connections, undermining the trust between users and websites. It does this by installing its own root certificate in Windows and uses that certificate to re-sign SSL certificates presented by legitimate websites.
There have always been worries that the Chinese government could use its power to force homegrown technology companies like ZTE, Huawei, Qihoo 360 and Lenovo to spy on user communications, but now a bombshell has landed that shows Lenovo is forcing adware onto users’ computers on the company’s own volition.
Computer giant Lenovo has come under fire from users and security pundits after its consumer laptops were found to contain pre-installed adware/malware which could be used to intercept and hijack encrypted Transport Layer Security communications in Microsoft Windows. The ‘Superfish’ adware is a third-party application that was, until last month, installed on all Lenovo consumer laptops.
Microsoft yesterday (Feb 16) launched its new Cybercrime Satellite Centre in Singapore, expanding its network of centres to five globally, including those in Beijing, Berlin, Tokyo and Washington. According to the tech giant, the new centre serves as a satellite extension of the Microsoft Cybercrime Centre in Redmond, USA, Microsoft’s headquarters for fighting cybercrime.
The Malaysian Administrative and Modernisation Planning Unit (MAMPU) has signed up to work with the Ministry of Communications and Multimedia to protect its data against security threats. MAMPU will guide the Ministry in developing policies on how it should identify, assess and deal with cyber attacks on its systems. These policies will be certified under an international security standard (ISO/IEC 27001:2013).
TOKYO: A cyber security competition began on Saturday (Feb 7) in Tokyo, with organisers aiming to show off the skills of young Japanese hackers by testing them against international rivals. The final rounds of the Security Contest 2014, or SECCON, brought together 90 participants in 24 teams from seven nations and regions: China, Japan, Poland, Russia, South Korea, Taiwan, and the United States. The winners of the Tokyo competition will advance to the prestigious Def Con CTF (Capture the Flag) competition, slated for later this year, organisers said.
Malaysia needs to place all agencies responsible for cyber security under one ministry to better coordinate responses to threats, the Communications and Multimedia Minister said. Currently, the agencies protecting the government systems are under different ministries. “We see some of them like the Communications and Multimedia Commission being under my ministry, while the others such as the cyber security agency [is] under the Science, Technology and Innovation Ministry, while there are also those under other ministries. They should be coordinated,” said Datuk Seri Ahmad Shabery Cheek.
China plans to impose a ban on internet accounts that impersonate people or organisations, and force users to register with their real names online, its internet watchdog said on Wednesday. China has repeatedly made attempts to require internet users to register for online accounts using their real names, although with mixed success.
Read more: http://www.itnews.com.au/News/400057,china-moves-to-ban-anonymous-online-identities.aspx#ixzz3QoYtlZAY
Consultancy Deloitte has established a ‘Cyber Intelligence Centre’ in Australia to link to its existing centres in the UK, Europe, Canada and the US. It is intended to counter what Deloitte’s Tommy Viljoen says is an increasing threat to Australia’s cyber security. “The average cost of a data breach per Australian organisation is more than $2.5 million per year and rising,” he says.
The Attorney-General’s Department has been criticised by the parliamentary committee scrutinising the Government’s data retention bill over its unwillingness to share details of the estimated cost of the scheme. The cost of implementing and maintaining the data retention scheme has been a topic of contention to those involved. The Government has committed to contributing a portion of the cost, but is yet to provide a percentage or dollar figure.
Malaysia is reviewing its internet laws and expects to table the review in Parliament by the end of the year, as it closes up on its deadline to build a digital economy by 2020. The review is intended to improve governance in the Malaysian Communications and Multimedia Commission which regulates the cyber sector. In particular, the review will separate the roles of the Chief Executive from the Chairman so that responsibilities are balanced within the organisation.
As Singapore seeks to become a smart nation, its embrace of new technology provides a bigger target for cyber hackers. This week, the government has announced more details on a new cyber security unit to boost the city’s digital defences. Called the Cyber Security Agency (CSA), the organisation will be based in the Prime Minister’s Office to provide centralised oversight of online defences. It will combine staff from the Infocomm Development Authority and the Ministry of Home Affairs.
The number of fingerprint sensor suppliers has risen to above 40 companies, intensifying competition in the market, according to sources at Taiwan-based IC design firms. A price war will likely be triggered in 2015 and bring pressure on less-competitive players, which may be squeezed out of the market as early as the third quarter, the sources indicated.
BEIJING: Huawei, the Chinese communication company accused by the United States Congress of posing a security risk, said on Tuesday (Jan 13) it needed to learn from the “great country” as it tries to grow its US business. Washington has long seen Huawei as a security threat due to perceived close links to the Chinese government, which it denies, while the United States and Australia have barred it from involvement in broadband projects over espionage fears. Huawei denies such allegations vigorously.
Australian and New Zealand businesses and individuals are being targeted by extortionists using a new strain of ransomware, Deakin University researchers working with security vendor TrendMicro have discovered. Called TorrentLocker, the malware is spread by social engineering emails with penalty notices that ask users to visit bogus Australia Post and NSW Office of State Revenue websites for payment.
Palo Alto Networks has advised Australian government agencies to evolve their IT networks in the wake of the Islamic State hijacking The US Central Command Twitter site. The hackers put a black-and-white banner with the image of a hooded fighter and the words “CyberCaliphate” and “I love you ISIS” in place of the usual Central Command Twitter banner. The warning follows the Australian Communications and Media Authority’s (ACMA) online alert advising Australians to be cautious about opening any emails received that refer to an ISIS threat.
NEC Corporation launched a solution this week that offers comprehensive protection of confidential information and could help government agencies and organizations defend against cyber attacks. The new “File Security Solution” protects files by encryption from the time of their creation to the time of their deletion, thereby preventing unauthorized individuals from viewing a file’s content.