tMoA

Would you like to react to this message? Create an account in a few clicks or log in to continue.
tMoA

~ The only Home on the Web You'll ever need ~

2 posters

    White House Summit on Cybersecurity and Consumer Protection

    Carol
    Carol
    Carol
    Admin
    Admin


    Posts : 31733
    Join date : 2010-04-07
    Location : Hawaii
    • Post n°1

    White House Summit on Cybersecurity and Consumer Protection Empty White House Summit on Cybersecurity and Consumer Protection

    Post  Carol Fri Feb 13, 2015 12:24 pm

    White House Summit on Cybersecurity and Consumer Protection


    Started on Feb 13, 2015
    The President delivers remark at the Summit on Cybersecurity and Consumer Protection at Stanford University to help shape public and private sector efforts to protect American consumers and companies from growing threats to consumers and commercial networks. The Summit brings together major stakeholders on consumer financial protection issues to discuss how all members of our financial system can work together to further protect American consumers and their financial data, now and in the future.


    SUMMIT SCHEDULE:

    11:45 AM: Welcome Remarks

    12:15 PM: Plenary Panel: Public-Private Collaboration on Cybersecurity

    1:00 PM: Plenary Panel: Improving Cybersecurity Practices at Consumer Oriented Businesses and Organizations

    2:15 PM: President Obama Delivers Keynote Remarks

    4:45 PM: Informal Discussion: Cyber Security as a Business Differentiator

    5:15 PM: Plenary Panel: Promoting More Secure Payment Technologies


    _________________
    What is life?
    It is the flash of a firefly in the night, the breath of a buffalo in the wintertime. It is the little shadow which runs across the grass and loses itself in the sunset.
    With deepest respect ~ Aloha & Mahalo, Carol
    • Back to top
    B.B.Baghor
    B.B.Baghor
    B.B.Baghor


    Posts : 1851
    Join date : 2014-01-31
    Age : 73
    Location : Druid county UK
    • Post n°2

    White House Summit on Cybersecurity and Consumer Protection Empty Security online

    Post  B.B.Baghor Sat Feb 21, 2015 8:04 am

    February 19, 2015 | By Joseph Bonneau and Peter Eckersley and Jacob Hoffman-Andrews

    Lenovo Is Breaking HTTPS Security on its Recent Laptops

    News broke last night that Lenovo has been shipping laptops with a horrifically dangerous piece of software called Superfish,
    which tampers with Windows' cryptographic security to perform man-in-the-middle attacks against the user's browsing.
    This is done in order to inject advertising into secure HTTPS pages, a feature most users don't want implemented in the
    most insecure possible way.

    There's been some discussion about whether all copies of Superfish use the same root key to perform the MITM attacks.
    We can report that the Decentralized SSL Observatory has seen 44,000 Superfish MITM certificates, all of which have
    been signed by the same Superfish root cert.2 The fact that there are significant numbers of Firefox victims somewhat
    contradicts the speculation that Firefox is safe because it doesn't use the Windows root store. This either indicates that
    Superfish also injects its certificate into the Firefox root store, or that on a large number of occasions Firefox users have
    been clicking through certificate warnings caused by Superfish MITM attacks.

    Lenovo has not just injected ads in a wildly inappropriate manner, but engineered a massive security catastrophe for its
    users. The use of a single certificate for all of the MITM attacks means that all HTTPS security for at least Internet Explorer,
    Chrome, and Safari for Windows, on all of these Lenovo laptops, is now broken. If you access your webmail from such a
    laptop, any network attacker can read your mail as well or steal your password. If you log into your online banking account,
    any network attacker can pilfer your credentials. All an attacker needs in order to perform these attacks is a copy of the
    Superfish MITM private key. There is (apparently) a copy of that key inside every Superfish install on every affected Lenovo
    laptop, which has now been extracted and posted online.

    Using a MITM certificate to inject ads was an amateurish design choice by Superfish.3 Lenovo's decision to ship this software
    was catastrophically irresponsible and an utter abuse of the trust their customers placed in them. If you purchased a Lenovo
    laptop recently (we have observed reports of the Superfish cert from the Decentralized SSL Observatory as early as October
    2014), you can check if your machine is vulnerable here. We'll have more updates with details and defensive options later today.

    Source: [url=https://www.eff.org/deeplinks/2015/02/further-evidence-lenovo-breaking-https-security-its-laptops]https://www.eff.org/deeplinks/2015/02/further-evidence-lenovo-breaking-https-security-its-laptops[/url
    • Back to top

      Current date/time is Tue May 07, 2024 8:07 am