Technology

A conference of Internet security experts is not for the faint of heart.

Hallway chatter and keynote speeches are peppered with scary stories of increasingly sophisticated hackers siphoning off valuable personal and corporate data.
In the words of one expert, the bad guys are outmaneuvering those charged with keeping the wired world safe. This despite repeated vows from CEOs and government officials to tighten security after high-profile breaches at Sony Pictures, health insurer Anthem and retailers Target and Home Depot.
The recent wave of corporate data breaches and cyber-attacks provided plenty of fodder for a weeklong cyber-security conference in San Francisco. Some 28,000 threat analysts, security vendors and corporate IT administrators gathered to talk about malicious software, spear-phishing and other attacks that can steal money or secrets from companies and consumers.
Growing concern over cyber-threats has been good for business, driving up revenue and stock prices for many security firms. But researchers say the dangers are real: Last year saw a record number of commercial data breaches and “denial-of-service” attacks, aimed at shutting down websites by flooding them with bogus traffic.
Here are some highlights from this year’s RSA conference, named for its chief sponsor, the RSA security division of tech company EMC Inc.

Many data breaches are the result of human error, especially people falling for bogus phishing emails, text messages or websites that appear to come from acquaintances or trusted companies.
Phishing attacks are a favored tactic of hackers working for foreign governments and criminal groups because they trick their targets into handing over passwords or clicking on links that install malicious programs. Verizon researchers estimate one in five phishing emails were read by their targets and one in 10 persuaded someone to open an attached file. Security firm Proofpoint says middle managers are increasingly being targeted with emails containing seemingly “official” attachments such as fax or voicemail alerts.
“It only takes one person to click” on a link or attachment and put their employer’s entire network at risk, said Verizon senior analyst Marc Spitler. As for hackers, “they don’t need a high rate of clicking because they can just churn out the emails.”
CONNECTED DEVICES, EASY TARGETS
As more home appliances are connected to the Internet, experts warn they are vulnerable to hackers intending mischief or worse. While actual hacking incidents have been rare, researchers warn that manufacturers aren’t considering security in connected devices.
In separate reports, experts at security firms Veracode and Laconicly said they found vulnerabilities in home systems that control lights, thermostats and garage door openers from a smartphone or other device. While some systems use encryption and other safeguards, the tests found others were vulnerable to hackers eavesdropping on data signals and learning residents’ habits, such as what time they leave the house and when they come home.

HACKERS GETTING MORE SOPHISTICATED
Hackers are sharing information about software vulnerabilities in a variety of industries, faster than many companies install “patches” to repair them, several researchers said. Cyber-attackers are also increasingly using programs that can scout a computer network and change behavior depending on what defenses they encounter.

Even novice hackers can get their hands on tools to carry out sophisticated attacks. “Writing malware is not the hard part anymore. You can buy it” from other hackers online, said Ryan Olson, intelligence director at Palo Alto Networks.
One common refrain at the conference is that companies must get better at detecting and containing computer breaches once they occur, since old methods of prevention aren’t working. The breaches of 2014 showed “that we’re losing this contest,” RSA president Amit Yoran said in a keynote speech. “The adversaries are outmaneuvering this industry.”
The conference also drew federal officials who urged more sharing of information about hacking attacks. U.S. Homeland Security Secretary Jeh Johnson said his department will open a Silicon Valley office to build partnerships and recruit government workers with cyber-skills.

References:http://phys.org/

Business owners don’t need IT skills to understand that data breaches are serious. Certainly big names in retail and health care know by experience that such breaches have serious after-effects. Breaches have an impact on customer trust and in turn threaten profits.

Sponsored by IBM, the Ponemon Institute’s “2015 Cost of Data Breach Study: Global Analysis,” reported that the average total cost of a data breach for the 350 companies participating in the research increased from 3.52 to $3.79 million.
“In the past, senior executives and boards of directors may have been complacent about the risks posed by data breaches and cyber attacks. However, there is a growing concern about the potential damage to reputation, class action lawsuits and costly downtime that is motivating executives to pay greater attention to the security practices of their organizations.”
One company with a solution has a distinct point of view. Terbium Labs said, “We are a different sort of information security company.” Consider this: Critical data and intellectual property are always at risk, they said. Data security does not exist. Maryland-based Terbium Labs said at least it can give you the power to immediately counter data theft. They cannot promise you will never lose data, but they can tell you that they will help to find data that is lost, and quickly.
“We started Terbium with the thesis that defense, while still necessary, is no longer sufficient. In today’s insecure digital world, your organization’s critical data will always be at risk, whether from a sophisticated outside actor or inside threat. That’s why modern organizations are shifting their information security focus from prevention to risk management,” said the team.
Terbium Labs’ Matchlight system enables breach discovery to be immediate and automatic. The company’s “immediate” is a key point, indicating breach discovery within seconds or minutes instead of months. (The average data breach traditionally has taken over 200 days to discover, and 85 percent of those breaches are discovered by external third parties.) The speed-up may enable an organization to start remediation plans before real damage occurs.
“Overall, the system allows companies, such as retailers and financial institutions, to detect whether a criminal has published some of their data on the Dark Web without revealing to anyone the exact nature of the sensitive data,” said MIT Technology Review.
A patent-pending, one-way digital fingerprinting technique is put to work. Matchlight collects fingerprints from across all places on the Internet where stolen information is traded, including Dark Web markets and forums. They monitor for matches. If a match is found you get an alert.
Matchlight could be used by health care providers, banks, payment card providers, payment processors and other financial services and by engineering and manufacturing companies, among other sectors. “Organized crime and foreign nation-states make up a majority of industrial-espionage attacks, and their frequency continues to rise,” said the company.
(The data fingerprinting technique uses “cryptographic hashing.” It makes sure no one including Terbium Labs can decipher the originating data. A cryptographic hash function is described as a hash function which takes an input or message and returns a fixed-size alphanumeric string.)
So what actually happens after a breach is found? With Matchlight, organizations are alerted when elements of their data as short as fourteen bytes appear on the Internet. The alerts are sent immediately. Organizations can begin their remediation plans before any further damage can occur.
A number of companies have been testing Matchlight and now Terbium is inviting further signs of interest. “We have been testing Matchlight with a select number of alpha and beta clients. If your organization would like access to Matchlight, contact us today!” said the company.
What good does it do to help find data that has already been stolen? For companies, it could mean reducing damages. “Already the system has helped companies testing the system find thousands of credit-card numbers that had been put up for sale on the Internet. While the Matchlight system catches attackers only after they post data following a breach and does not prevent the original compromise, it does reduce the time between compromise and discovery,” said MIT Technology Review.
Referring to a major retailer breach incident which cost the company millions, the article said, “Catching the attack as soon as the thieves attempted to sell the data could have given the attackers less time inside the company’s network and the buyers of the data less time to rack up fraudulent charges.”
Jeremy Kirk, IDG News Service, talked about the finding-out process.”Where we’re looking at are places where people are leaking or are trying to monetize data,” CEO Danny Rogers said. Companies using Matchlight can get alerts when a piece of data is found. A fingerprint ID number can be looked up to see what original data it corresponds to. Companies can then potentially start the breach mediation process, Rogers said in the article by Kirk. Signs of success so far? According to Kirk: “Rogers said the first day Terbium turned Matchlight on, it found in a single 24-hour period 20,000 to 30,000 credit card numbers and 600 leaked email addresses and passwords. Both sets of data were detected minutes after being posted, Rogers said.”

References:http://phys.org/

Researchers in UC Santa Barbara professor Yasamin Mostofi’s lab are proving that wireless signals can do more than provide Internet access. They have demonstrated that a WiFi signal can be used to count the number of people in a given space, leading to diverse applications, from energy efficiency to search-and-rescue

‘Our approach can estimate the number of people walking in an area, based on only the received power measurements of a WiFi link,’ said Mostofi, a professor of electrical and computer engineering. This approach does not require people to carry WiFi-enabled telecommunications devices for them to be counted, Mostofi emphasized.
To accomplish this feat of people-counting, the researchers put two WiFi cards at opposite ends of a target area, a roughly 70-square-meter space. Using only the received power measurements of the link between the two cards, their approach can estimate the number of people walking in that area. So far, they have successfully tested with up to and including nine people in both indoor and outdoor settings. The findings of Mostofi’s research group are scheduled for publication in the Institute of Electrical and Electronics Engineers Journal on selected areas in Communications’ special issue on location-awareness for radios and networks.
‘This is about counting walking people, which is very challenging,’ said Mostofi. ‘Counting this many people in such a small area with only WiFi power measurements of one link is a hard problem, and the main motivation for this work.’
This people-counting method relies in large part on the changes of the received wireless signal, according to the researchers. The presence of people attenuates the signal in the direct line of sight between the WiFi cards if a person crosses the line of sight, and human bodies also scatter the signal—resulting in a phenomenon called multi-path fading—when they are not in the direct line of sight path. By developing a probabilistic mathematical framework based on these two key phenomena, the researchers have then proposed a way of estimating the number of people walking in the space.
With the near-ubiquity of WiFi in many settings, the researchers’ findings have the potential for many diverse applications. For instance, the ability to estimate the number of people in a given space could be used in smart homes and buildings, so air conditioning and heating could be adjusted according to the level of occupancy. ‘Stores can benefit from counting the number of shoppers for better business planning,’ noted Mostofi.
Security and search-and-rescue operations could also take advantage of occupancy estimation. Previous work in the research lab involved imaging stationary objects/humans through walls with WiFi signals, and Mostofi plans to eventually bring the two projects together in the future.

References:http://phys.org/

Brain activity can be monitored in real-time with tiny injectable flexible electronics, according to a new study done in mice.

Such devices could one day be used to map brain activity, or even stimulate activity to help treat people with disorders such as Parkinson’s disease, scientists added.

Traditional electronics are rigid, but inventors have recently developed flexible and stretchable electronics. These new devices could potentially lead to video screens one could roll up or fold to fit in a pocket.One key way flexible electronics could be used would be applications within the body, where they could help monitor and manipulate living tissue. However, current flexible electronics are usually flat sheets, designed to lie on surfaces.

As such, a sheet can be placed into the body only by cutting a slit into the tissue that is at least as wide as the sheet, for example, cutting a slit into a person’s skin or skull, said study co-author Charles Lieber, a nanoscientist and nanotechnologist at Harvard University. “It is difficult yet critical to protect the complex and fragile electronics when it is delivered,” he said. “Traditional procedures all involve surgery that would make an opening equal to the size of the structure.”

Now scientists have designed electronics flexible enough to get stuffed into the needle of a syringe — a tube with a diameter as small as about 100 microns, or about the average width of a human hair. [10 Technologies That Will Transform Your Life]

“Our new mesh flexible electronics are 1 million times more flexible than the state-of-the-art flexible electronics,” Lieber told Live Science.

The new devices start off as tiny flat sheets about the size of a postage stamp made of metal electrodes and silicone wires that are each only nanometers, or billionths, of a meter thick. These sheets are meshes like chicken wire, consisting of about 90 percent empty space.

A variety of sensors can incorporated into these meshes. To feed data from these sensors outward, one side of each of the meshes contains metal pads that researchers can hook up to outside wires.

When suspended in liquid that is drawn into a syringe, the meshes naturally roll up into a scroll-like, tubular shape. After they are injected, they return back to their original shapes in less than an hour.

“We can precisely deliver these ultra-flexible electronics through a common syringe injection into virtually any kind of 3D soft material,” Lieber said. “The injection process and ultraflexible electronics introduce no damage to the targeted structures.”

In experiments, the scientists injected these meshes into two distinct brain regions in live mice. “When we injected the electronics into a mouse brain with almost no bleeding and successfully recorded brain activity, we knew we were onto something very exciting,” Lieber said.

The flexible, thin nature of the wires and the porous quality of the meshes helped the devices to integrate into the living tissues they were implanted within. “There is no scar tissue or immune response around the injected ultra-flexible mesh electronics months after implantation, which contrasts to all work to date with larger and more rigid probes,” Lieber said. “This could be transformative for brain science and medicine.”

These devices were able to network with healthy neurons in the mouse brains and monitor their activity. The setup they used is much smaller and lighter than conventional electronic systems implanted in brains. “It allows the mouse to behave quite naturally, without a weight on its head,” Lieber said.

In the future, the researchers would like to see if their injectable devices can remain stable for long spans of time in the body. Such medical implants could help record and stimulate activity in the brain, such as in regions damaged by Parkinson’s disease, Lieber said. Mesh electronics could also go in the eyes, and be combined with stem cell therapies, he added.

In other experiments, the researchers showed they could inject and integrate their meshes into a variety of synthetic structures as well, such as cavities inside silicone rubber blocks. They suggest that injectable electronics could be used to monitor artificial structures with corrosion and pressure sensors.

The scientists noted that more than 90 percent of their devices worked after injection. Still, they would like to achieve total success in the future, which involves factors such as the best speeds for the injections. However, Lieber noted that even at 90 percent, their mesh electronics are better for commercial applications than conventional brain probes, many of which fail to work over time because they damage the brains they are implanted in.

References:http://www.livescience.com/