Risk Radar Free Cyber Security Newsletter – Jan. 26, 2016

The Repeat Political Madness Of Never-Ending Crypto Wars
A good overview of many of the latest political solutions to encryption. The article covers the bills in New York and California. The author discusses the U.K’s current draft resolution to enable the government to decrypt private messages. Should a government be able to view communications when they are investigating a person of interest?  Would your answer change if you found out it was a terrorist targeting your home town?  Would it change if you found out they monitored whomever they wanted, all the time, violating your privacy without good reason? Where do you draw the line in terms of privacy and moves taken by Apple and others to make it impossible to view such data?
California wants to ban encrypted phones
Now California is getting in on potentially banning smart phones with unbreakable encryption. It is very similar to the bill New York is considering. Apple says it is not feasible to bypass a user’s passcode on iPhones and iPads. The latest Android phones with 5.0 and above are in the same situations as Apples products. Maybe iPhones will be like switchblades growing up, you have to order them in from another country because they become illegal where you live? 😉
Ransomware: How to tackle extortion attacks in 2016
Ransomware is getting more aggressive. In some cases it is moving to threats of extortion with the affected users data. We even have ransomware for Linux which is a troubling problem for many web servers.  4D5A Security is currently authoring a whitepaper on the ransomware epidemic with a planned release in February 2016, to be posted to our website free of charge.
Even the best antivirus likely can’t save your files from a ransomware infection
Here is another interesting article on what antivirus can and can’t do to protect you from ransomware. Come to think of it, does anti-virus protect you from anything?  Yes, known historical threats and a small number of heuristically detected new threats.   Prevent really is the key to optimizing a security posture, especially in this area where so much data (even over the network) can be destroyed.  We specialize in moving from reactive to proactive – ask 4D5A Security for help if you are concerned about fighting this very prevalent and high risk threat in your environment.
Intel’s 6th-gen Core chips for businesses offer ‘dramatically improved’ security
Intel’s latest chips are including improved built in security features that may appeal to business enterprises. The main improvements are in identity security and wireless capabilities. With the performance improvements of this new chip and its improved security enhancements it should be a nice advancement.
Security company RSA wants your plain text Twitter log-in
Apparently RSA is asking people that register for its upcoming security conference to give their Twitter log-in info in plain text. The article states the user’s password is asked for with no security provisions. Some of the interesting responses to this from Twitter users are included in the article.