Tag Archives: Security

Indian agency denies security lapse in ID card project; ZDNet defends report
March 25, 2018 6:02 pm|Comments (0)

NEW DELHI (Reuters) – Tech news site ZDNet said on Sunday it stood by its report that identified a security vulnerability in data-linked to Aadhaar – India’s national identity card project, after a semi-government agency that manages the database sought to discredit the report.

A woman goes through the process of finger scanning for the Unique Identification (UID) database system, also known as Aadhaar, at a registration centre in New Delhi, India, January 17, 2018. Picture taken January 17, 2018. REUTERS/Saumya Khandelwal

ZDNet reported here that a data leak on a system run by a state-owned utility company could allow access to private information of holders of the biometric “Aadhaar” ID cards, exposing their names, their unique 12-digit identity numbers, and their bank details.

The Unique Identification Authority of India (UIDAI), which manages the Aadhaar program, said “there is no truth in this story,” in a statement late on Saturday.

ZDNet’s global editor-in-chief Larry Dignan said in an email to Reuters on Sunday the publication stood by its report. Dignan said they spent weeks compiling evidence and verifying facts.

“We spent weeks reaching out to the Indian authorities, specifically UIDAI, to responsibly disclose the security issue, and we heard nothing back — and no action was taken until after we published our story,” said Dignan.

UIDAI sought to downplay the report stating that even if the claims in the story were true, it would raise security concerns with the database of the utility company and not with the security of UIDAI’s Aadhaar database. UIDAI said it is “contemplating legal action against ZDNet”.

Multiple researchers and journalists, who have identified loopholes in India’s massive national identity card project, say they have been harassed here by some government agencies and slapped with criminal cases because of their work.

Aadhaar is a biometric identification card that is becoming integral to the digitisation of India’s economy, with over 1.1 billion users it is the world’s largest such database.

Indians have been asked to furnish their Aadhaar numbers for a host of transactions including accessing bank accounts, paying taxes, receiving subsidies, acquiring a mobile number, settling a property deal and registering a marriage.

The government’s demands for Aadhaar linkage for multiple services is currently being challenged here in India’s Supreme Court.

At the same time, security researchers and journalists have highlighted multiple vulnerabilities and data leaks tied to the program. UIDAI has sought to downplay the reports and last week it said the biometric data was safe from hacking as the storage facility was not connected to the internet.

Reporting by Malini Menon; Writing by Malini Menon and Krishna N. Das; Editing by Andrew Bolton, Euan Rocha and David Evans

Tech

Posted in: Cloud Computing|Tags: , , , , , , , , ,
Indian agency denies reported security lapse in ID card project
March 24, 2018 6:01 pm|Comments (0)

NEW DELHI (Reuters) – The semi-government agency behind India’s national identity card project on Saturday denied a report by news website ZDNet that the program has been hit by another security lapse that allows access to private information.

A woman goes through the process of finger scanning for the Unique Identification (UID) database system, also known as Aadhaar, at a registration centre in New Delhi, India, January 17, 2018. Picture taken January 17, 2018. REUTERS/Saumya Khandelwal

ZDNet reported that a data leak on a system run by a state-owned utility company, which it did not name, could allow access to private information of holders of the biometric “Aadhaar” ID cards, exposing their names, their unique 12-digit identity numbers, and their bank details.

But the Unique Identification Authority of India (UIDAI), which runs the Aadhaar program, said “there is no truth in this story” and that they were “contemplating legal action against ZDNet”.

ZDNet could not immediately be contacted for comment on the UIDAI’s response.

“There has been absolutely no breach of UIDAI’s Aadhaar database. Aadhaar remains safe and secure,” the agency said in a statement late on Saturday.

“Even if the claim purported in the story were taken as true, it would raise security concerns on database of that utility company and has nothing to do with the security of UIDAI’s Aadhaar database,” it said.

MORE THAN BILLION USERS

ZDNet had reported that even though the security lapse had been flagged to some government agencies over a period of time, it has yet to be fixed. It said it was withholding the name of the utility and other details.

Karan Saini, a New Delhi-based security researcher, said that anyone with an Aadhaar number was affected.

“This is a security lapse. You don’t have to be a consumer to access these details. You just need the Uniform Resource Locator where the Application Programming Interface is located. These can be found in less than 20 minutes,” Saini told Reuters.

In recent months researchers and journalists who have identified loopholes in the identity project have said they have been slapped with criminal cases or harassed by government agencies because of their work.

Aadhaar, a biometric identification card with over 1.1 billion users, is the world’s biggest database.

But it has been facing increased scrutiny over privacy concerns following several instances of breaches and misuse.

Last Thursday, the CEO of the UIDAI said the biometric data attached to each Aadhaar was safe from hacking as the storage facility was not connected to the internet.

“Each Aadhaar biometric is encrypted by a 2048-key combination and to decode it, the best and fastest computer of our era will take the age of the universe just to hack into one card’s biometric details,” Ajay Bhushan Pandey said.

Reporting by Malini Menon; Writing by Malini Menon and Krishna N. Das; Editing by Andrew Bolton

Tech

Posted in: Cloud Computing|Tags: , , , , , , ,
Tanium CEO’s Refreshingly Honest Take on the State of Internet Security
October 22, 2017 12:00 am|Comments (0)

This is your Cyber Saturday edition of Fortune’s tech newsletter for October 7, 2017.

On Tuesday, the wood-smoke air of California’s wildfires descended on the Bay Area as cybersecurity professionals gathered at the Palace Hotel for an industry event.

I spent the morning interviewing Orion Hindawi, CEO of Tanium, the world’s highest privately valued cyber startup (worth $ 3.75 billion at last appraisal in May), for a fireside chat at his company’s second annual conference, Converge 2017. Hindawi has a no-nonsense approach to business—a suffer-no-fools attitude that landed him in the sights of a couple of unflattering stories about his management style earlier this year. (He later apologized for being “hard-edged.”)

On stage the chief exec delivered his peculiarly unvarnished view of the state of Internet security. “The idea that we’re going to give you a black box and it auto-magically fixes everything, that’s a lie,” Hindawi told the audience. (One could almost hear a wince from part of the room seating his PR team.) “All I can tell you is we can give you better and better tooling every day. We can make it harder for the attackers to succeed. That’s the best I can offer.”

Hindawi is a realist through-and-through. His outlook is perhaps best summed up by his response to a question about whether he subscribes to a glass-half-full or glass-half-empty view of the cyber threatscape. His reply would become a running joke for the rest of the conference. He said simply, “It’s just a glass, dude.”

Other tidbits of wisdom from Hindawi: not all hackers are Russian spies (the majority are lowly criminals). Unsecured Internet of Things devices pose a risk to everyone. And sometimes cyber insurance is the way to go when old systems are all but impossible to patch; the decision boils down to managing “operational risk, like earthquakes,” he said.

Hacking is not a dark miasma that penetrates all things, although it can sometimes feel that way. Companies, like Tanium, that are building the tools to swing the balance back in defenders’ favor without over-promising provide hope. Enjoy the weekend; I will be heading north of San Francisco, visiting friends who, luckily, were unharmed by the area’s recent conflagrations.

Robert Hackett

@rhhackett

robert.hackett@fortune.com

Welcome to the Cyber Saturday edition of Data Sheet, Fortune’s daily tech newsletter. Fortune reporter Robert Hackett here. You may reach me via Twitter, Cryptocat, Jabber (see OTR fingerprint on my about.me), PGP encrypted email (see public key on my Keybase.io), Wickr, Signal, or however you (securely) prefer. Feedback welcome.

THREATS

Always use (advanced) protection. Google debuted an opt-in mode for high-risk users who wish to lock down their accounts on services such as Gmail, Google Drive, and YouTube with extra security. (Paging John Podesta.) The feature requires people to log-in using a special USB key (or Bluetooth dongle for mobile devices), it prevents third-party applications from accessing your Google data, and it adds beefed up malware-scanning of incoming documents. This author plans to sign up.

Gather ’round the good stuff. Pizza Hut warned customers that their personal information and payment card data may be at risk after hackers gained access to the company’s website and app for a 28-hour period starting on Oct. 1. An estimated 60,000 customers are thought to have been impacted. The company is offering victims free credit monitoring for a year.

Unicorn? More like Duo-corn. Duo Security, a Mich.-based cybersecurity startup whose tools help companies manage people’s digital identities, said it raised $ 70 million at a $ 1.17 billion valuation (including the capital raised) this week. Th round catapults the firm into “unicorn” territory, the swelling ranks of private firms occupied by young guns valued at $ 1 billion or more. Alex Stamos, Facebook’s security chief, recently praised Duo as the maker of his favorite cybersecurity product.

KRACKing Wi-Fi. A couple of Belgian researchers published a paper containing proof of concept code that exploits vulnerabilities in the way cryptographic keys are exchanged over Wi-Fi, allowing hackers to steal people’s data. Big tech companies like Microsoft issued a patch for the so-called KRACK bug on Oct. 10, Apple is in the middle of testing patches for iOS and macOS, and Google, whose Android 6.0 devices are the most vulnerable, said it would release a patch in early Nov.

Cyber insurers are going to get Mercked. Cyber insurers might be on the hook to cough up $ 275 million to cover damage to drugmaker Merck as a result of a June cyber attack, dubbed “NotPetya,” according to one firm’s forecast. The companies at issue have not yet disclosed figures themselves.

Surprise! It is depressingly easy for penetration testers to break into places where they are not supposed to be.

Share today’s Data Sheet with a friend:

http://fortune.com/newsletter/datasheet/

Looking for previous Data Sheets? Click here.

ACCESS GRANTED

Boycotts are hardly an option: To opt out of a credit score is to opt out of modern financial life itself. As Equifax’s now former CEO Richard Smith testified in October, if consumers were allowed to abandon the credit system, it would be “devastating to the economy.” The better answer is systemic reform to the credit oligopoly.

—Fortune’s Jeff John Roberts and Jen Wieczner explain what practical recourse consumers and regulators have when it comes to dealing with the major credit bureaus in the wake of a massive data breach at Equifax. 

ONE MORE THING

The adventures of John Titor.  Namesake of a bygone Internet hoax, “John Titor” claimed to be a man sent from the future to retrieve a portable computer. Titor sent faxes to an eccentric radio program, Coast to Coast AM, that specialized in the paranormal. Here’s an oral history of that running joke; the pseudo-scientific explanations of time travel are delightful.

Tech

Posted in: Cloud Computing|Tags: , , , , , , ,
Security News This Week: Hoo-Boy, Mar-a-Lago’s Internet Is Insecure
August 10, 2017 9:45 am|Comments (0)

Security News This Week: Hoo-Boy, Mar-a-Lago’s Internet Is Insecure

Each weekend we round up the news stories that we didn’t break or cover in depth but that still deserve your attention. The post Security News This Week: Hoo-Boy, Mar-a-Lago’s Internet Is Insecure appeared first on WIRED.
RSS-3

Posted in: Web Hosting News|Tags: , , , , , , ,
Security News This Week: Hoo-Boy, Mar-a-Lago’s Internet Is Insecure
August 9, 2017 7:20 am|Comments (0)

Security News This Week: Hoo-Boy, Mar-a-Lago’s Internet Is Insecure

Each weekend we round up the news stories that we didn’t break or cover in depth but that still deserve your attention. The post Security News This Week: Hoo-Boy, Mar-a-Lago’s Internet Is Insecure appeared first on WIRED.
All articles


RSS-3

Posted in: Web Hosting News|Tags: , , , , , , ,
55% off Panda Security Ransomware and Virus Protection Products for Home Users – Deal Alert
May 18, 2017 1:55 pm|Comments (0)

Panda security solutions will fully protect you against the newly released malware and ransomware attacks, and Panda is offering 55% off all security products for home users using the coupon code ANTIRANSOMWARE at checkout. See Panda’s Internet Security product here, or their Antivirus Pro product here, and enter the code at checkout to activate the 55% savings. This code will work for all Panda Security products for home users. 

To read this article in full or to leave a comment, please click here


All articles

Posted in: Web Hosting News|Tags: , , , , , , , , ,
OpenStack Cloud Security Moves Forward
May 14, 2017 4:05 am|Comments (0)

At the OpenStack Summit Boston, security experts talked about cloud security misconceptions and what’s working well in cloud security today.


All articles

Posted in: Web Hosting News|Tags: , , , ,
How to Master Enterprise Cloud Security
May 4, 2017 7:05 pm|Comments (0)

In cloud computing, data can come from a variety of sources. These data sources have their own security specifications, making it difficult to have a …


RSS-3

Posted in: Web Hosting News|Tags: , , ,
New Intel Security Cloud Report Reveals IT Departments Find It Hard to Keep the Cloud Safe
February 13, 2017 6:35 am|Comments (0)

“The desire to move quickly toward cloud computing appears to be on the agenda for most organizations. This year, the average time before …


RSS-4

Posted in: Web Hosting News|Tags: , , , , , , , , ,
AlienVault Floats USM Anywhere Security Management for SMBs
February 8, 2017 7:30 am|Comments (0)

Cloud computing has allowed countless startups and SMBs to flourish and serve customer bases that would have overwhelmed the server rooms of …
RSS-4

Posted in: Web Hosting News|Tags: , , , , ,