Tuesday, August 11, 2015

US banks manage to evade government backdoors

Government and US cyber intellectuals are spending all summer discussing how strong must be the encryption, where has to be applied and the use of the back doors for the fight against the bad guys. In the middle of the discussion, it has been known that banks are migrating to a new secure communications system, Symphony, to avoid government surveillance. We will discuss it as well as the notice from Oracle against those who access their code, a serious flaw in Intel and AMD processors and the news of the day: Google integrates in Alphabet ... but forget to check if the domain is available.

Joke about the letter from Oracle
HSBC, JP Morgan Chase, Citi, Deutsche Bank, Goldman Sachs and other major banks are migrating to Symphony communications system based on the cloud. This movement has not satisfied US Senator Elizabeth Warren, who sent a letter to the General Prosecutor to request more information about this system which, according to Warren, would serve to "avoid compliance controls and regulatory revision". Banks are beginning to be tired of being spied by the government, as happened with the NSA poking its nose into SWIFT.

Oracle does not want voyeurs

Others who appear to be tired, not because of the government but of the curiosity of hackers, are the directors of the company Oracle. This morning we woke up with a post -now deleted- in which Oracle strongly recommends everybody not to access its code, just because they already have their own team to discover security flaws. Oracle also claimed against mounting their own system of "bug bounties." The announcement caused a great surprise, especially when about 3.5% of all vulnerabilities belong to Oracle products.

Bug in Intel and AMD

We continue with one of the, possibly, latest discoveries given by the BlackHat: a design flaw in Intel and AMD processors, present since 1997 and exploitable, could give an attacker access to the lowest level of the firmware of a PC to install there a rootkit which would not be detected by antivirus. Another study, presented at DefCon, is also set in accessing the firmware, in this case of an internal Huawei modem. Our readers can enter the link of this news on our Twitter account.

@alphabet is not Google

Just a curiosity to finish: the news today on the Internet is, definitely, the creation of the Alphabet company by the directors of Google, being Google a part of Alphabet. The curiosity is that, ignoring all the basic manuals of starting a business on the Internet, people from Google would have forgotten to check if alphabet.com and Twitter account @alphabet were free. And they are not. Maybe they liked the name so much that they decided to pull forward anyway.

We stop here, knowing that the news flow about computer security do not stop even in the summer, being now the focus on the last hours of the DefCon and the implementation of the Chaos Communication Camp 2015 which will bring us, for sure, new topics to talk about. See you tomorrow.


Post a Comment