Revealed: The Internet's Biggest Security Hole

Two security researchers have demonstrated a new technique to stealthily intercept internet traffic on a scale previously presumed to be unavailable to anyone outside of intelligence agencies like the National Security Agency.

The tactic exploits the internet routing protocol BGP (Border Gateway Protocol) to let an attacker surreptitiously monitor unencrypted internet traffic anywhere in the world, and even modify it before it reaches its destination.

The demonstration is only the latest attack to highlight fundamental security weaknesses in some of the internet's core protocols. Those protocols were largely developed in the 1970s with the assumption that every node on the then-nascent network would be trustworthy. The world was reminded of the quaintness of that assumption in July, when researcher Dan Kaminsky disclosed a serious vulnerability in the DNS system. Experts say the new demonstration targets a potentially larger weakness. .. More ..

European companies forced to own up to data losses

European companies will be forced to tell customers if their personal data has been lost or stolen, as part of a new EC directive.

The data breach notification provision is part of the ePrivacy Directive that is currently being debated by the EU. ... More ..

Hacked Texas National Guard site serves up malware

Attackers have hacked the Web site of the Texas National Guard and are using it to serve up offers of fake security software and plant rootkits on unpatched PCs. .. More..

GAO Report Slams US Cybersecurity, US-CERT, and DHS

The U.S. Government Accountability Office (GAO) is finalizing its report on the country's capability to protect and defend itself from cyber-attack, and its words are not kind. The primary responsibility for monitoring and securing the country's networks and digital assets falls to the United States Computer Emergency Readiness Team, or US-CERT, a partnership organization between the Department of Homeland Security (DHS) and both the public and private sectors. Founded in September 2003, US-CERT was responsible for the 2004 Einstein initiative, meant to detect and collect information on attacks at government agencies, and is currently backing the expanded (and hopefully more widely deployed) Einstein 2 program. .. More..