Monday, November 23, 2015

"Top Secret" information from USA is avalaible for hackers

An audit by Department of National Security of the United States has unveiled the existence of at least 17 databases with "secret" and "top secret" information with vulnerabilities which left them vulnerable to any malicious hacker. Who says “I knew it” here is the demonstration. Today, we will speak about new data robberies in a hotel company, Starwood; about an analysis of TrueCrypt program which has revealed that the vulnerabilities unveiled some weeks ago weren´t so horrible and bout a fair in Paris, a few days after the terrible attacks, it united to guns and cyberweapons dealers from all around the world.

According the audit by DHS, 136 of their systems have software that hadn´t been updated correctly, so they are open to cyberattacks. Of these 136 systems, at least 17 would be databases with information classified like Secret or Top Secret. In addition the non updated software, inspectors detected weak passwords, webs vulnerable to Cross-Site or Cross-Frame-Scipting attacks and wrong configurations. It´s necessary to clarify that the rest of countries doesn´t make these audits and if they would do it we would enough to tear at their hair. So, the news is not the failures fond in USA systems, but the USA has had the courage to analyze their systems. So, the news, should not be the failures found in USA systems, of but the USA has had guts to analyze their systems.

A worm in Starwood
Speaking of unsafe systems, we have discover on last months that the best hotels companies aren´t a example of security for keeping the sensible dates of their customers safe. After Trump and Hilton, today we knew that the luxury hotels company Starwood has confirmed that a worm installed on their customers service terminals would have stolen sensitive data on at least 54 of their hotels, including restaurants and presents shops. The robbery has been ongoing without interruption since at least one year.

TrueCrypt is safe
We will look for a positive notice to free us from too much fear and we found it on Germany: the prestigious and governmental Fraunhofer Institute for Secure Information Technology has deeply analyzed the TrueCrypt encryption tool. For finishing,the serious mistakes discovered some weeks ago by Project Zero of Google aren´t so important. The researchers have discovered some more holes, but finally they declared the use of the famous encryption tool safe. The problem is that now: who´s going to use it later that bad publicity!

A cyberweapons makers fair
And we end with a very interesting story on "Forbes" magazine about the Milipol Faire on Paris, celebrated from 17 to 20 this month, few hour after the terrorist attacks on the French capital. What´s curious on that case is that this fair is a meeting point for the biggest world weapons makers and dealers, who had no problems on showing their machine guns 15 minutes far away from where somebody killed dozens of people with similar guns. On Milipol they were showed cyberweapons dealers too, like Hacking Team or Gamma Group. A growing market according to Forbes: "The cybersecurity market will bill 74 million dollars at the end of this year and it could reach 101 millions in 2018".

Interesting news, as usual, coming from the cybersecurity world. We finish that way our Monday´s post, hoping this will be a productive and peaceful week for our readers.


Post a Comment