If you are having trouble viewing this email, click here to view this online

 

VOLUME 39

   ISSUE 39

30 October  2014

Article of the Month Around the World

USB Condoms to protect your Data

Whenever you want to plug your phone to an unknown device to charge it, Have you ever thought of the possibility of your data being transferred to a third party? You might come across different situations where you will have to use charging pots such as in air ports and public charging stations. So every time you use a public charging pot, you are at a risk.
Have you ever heard the word “USB Condom”? Security experts have created this device “USB Condoms” which allows you to charge your smart phone or tablet without risking accidental syncing of private data or contracting a computer virus.
Fake charging pots have been set up to steal your sensitive private data. When you plug your mobile phone to an unknown computer to get it charged, there will be a program running behind to get a backup of all your sensitive and personal data.
USB cables are actually composed of several entwined cables, wrapped in a single protective covering. Some of the cables allow data transfer, while two provide five volts of electricity. To charge a device you only need the power cables, not the data cables – which can actually put you at risk of unnecessary data transfer or infection by malware.
 

 

 

USB Condom is a small chip with a male and a female port. You can plug your USB to the female port of the USB Condom and then male port of your USB condom to the PC or to the unknown device. USB Condom simply connects only the cables that transfer power but severing any kind of a data connection.
In the wrong hands, the data from your phone is more valuable than the phone itself, so there is plenty of motivation for the bad guys to pursue juice-jacking. May the gods of USB have mercy on your data if you plug into a public USB port within 50 miles of the annual DefCon security conference in Las Vegas. This is a place where using public WiFi or ATMs is extremely risky. If there is anywhere juice-jacking is likely to occur, it’s there.
 

If the makers of the USB condom have any sense, they’ll set up shop at next year’s DefCon and make a boatload of cash selling their smartphone prophylactics. It will come in both mini and micro USB flavors. There is no price listed on the USB condom’s page yet, but can you really put a price on that kind of peace of mind?

 

 Saranga Anjana Wijeratna

 Saranga is an undergraduate of Informatics Institute of Technology who is currently following BEng (Hons) Software Engineering. Currently he is working as Intern - Information Security Engineer at Sri Lanka CERT|CC
 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

-

 

 

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
  
  SELFIES COULD REPLACE THE PASSWORD
  

''....The Obama administration's top cybersecurity official wants to get rid of passwords.

"Frankly, I would love to kill the password dead as a primary security method, because it's terrible," said Michael Daniel, the White House cybersecurity coordinator, during a discussion Thursday hosted by the Center for National Policy and The Christian Science Monitor......'

  iOS vs. Android: Which is more secure?
  

'..With millions of new iOS and Android devices pouring into the enterprise every quarter, it's important to know just how much risk these devices bring — and if one mobile operating system has an edge over another when it comes to securing enterprise applications and data....'

DHS Anti-Terrorism Program Could Provide Cyberattack Liability Protection

   
   

'....A little-known Department of Homeland Security program for providing liability protection to US firms in the wake of terrorist or other attacks could also provide shelter for firms facing legal action in the wake of a cyberattack.

Brian Finch, a partner with the law firm Pillsbury Winthrop Shaw Pittman LLP and a cybersecurity legal expert, says the DHS's so-called SAFETY Act, which protects certified providers of anti-terrorism products and services, also can apply to providers of cyber security products and services -- and even to the cybersecurity policies of major corporations in the event of an attack.....'

With mobile devices, many firms are playing Russian roulette with cybersecurity

  

'...As head of a Michigan-based cybersecurity firm, Larry Ponemon has studied data breaches including the hacking of Target credit cards, and Chinese and other international cyber espionage. But his favorite incident, he says, was small, avoidable and probably victimless.

It involved a doctor and a tablet (tablet as in iPad, not medication). The physician’s health-care network had just upgraded its data storage system, and he was given an iPad that he could carry from the hospital to his home in which he collected patient information that would go directly to a cloud-based bank of medical records....'

EU to vote On Stiffer Penalties For Hackers

Member states of the European Union might soon be creating new laws that will raise minimum prison sentences for convicted cyber attackers and botnet herders. Last week, the European Parliament committee on Civil Liberties, Justice and Home Affairs has approved a draft for a directive whose objective is to "approximate rules on criminal law in the Member States in the area of attacks against information systems, and improve cooperation between judicial and other competent authorities. The proposal is scheduled to be voted on by the European Parliament in July, and if the draft gets approved, the directive will become a concrete proposal on the basis of which member states will be urged to model their laws regarding attacks against information systems.

Cisco tells users to lock down WebEx to prevent snooping

'...Cisco has warned customers to lock down WebEx after a security researcher and journalist found many big-name companies left some online meetings open for anyone to join....'

Month in Brief
Facebook Incidents Reported to Sri Lanka CERT|CC in September 2014
 
  
  Fake
 Hacked
  Abuse
   
 Statistics - Sri Lanka CERT|CC

What to consider when choosing a password manager

...Many security experts feel that passwords are no longer sufficient to keep online accounts safe from hackers, but we're still a long way from widespread adoption of biometrics and alternative methods of authentication...
 

IS THIS THE YEAR CYBERSECURITY AWARENESS SINKS IN


'....We live in a dangerous world. Amid unrest in growing parts of the physical world, the threat landscape has long since expanded into the virtual sphere -- where boundaries don't exist and laws that govern warfare play catch-up.

The White House has declared cyber threats “one of the gravest national security dangers” the nation faces because of their potential damaging effect on critical infrastructure and the overall economy...'

 
‘BEYOND THE LAW?’ FBI DIRECTOR CRITICIZES APPLE, GOOGLE PRIVACY FEATURES

'...The FBI director criticized Apple and Google Thursday for adopting new policies that will block police from accessing private data on phones and tablet computers.

An FBI spokesman confirmed that Director James Comey told reporters he is "very concerned" that the new features could thwart critical police investigations. The bureau has contacted both companies to learn more, the spokesman said....'

 
Notice Board
 Training and Awareness Programmes - October 2014
 
DateEventVenue
October 1st A/L Training programme Education Leadership Development Center, Meepe
October 01-03 NCOE Teachers Training ICT lab, Ministry of Education
October 09-15 A/L Training programme Education Leadership Development Center, Meepe
October 20-24 NCOE Teachers Training ICT lab, Ministry of Education
  October 20 ICT Forum 2014 Cinnamon Grand Hotel 
  October 21 Handing over ceremony of SMART Classroom equipment  Mahinda Rajapaksha V., Pitipana, Homagama
  October 23-27 SMART Classroom training  Mahinda Rajapaksha V., Pitipana, Homagama
  October 24 Awareness programme on Mahindodaya Secondary School principals and IT teachers in North Western Province  Kandyan Reach Hotel, Kurunegala
  October 28-31 A/L Training programme  Education Leadership Development Center, Meepe
  October 28 Setting up of National e-learning platform with the view of introducing systematic e-learning system with road map for the entire general education system in Sri Lanka  CETRAC, Pelawatta
  October 27-31 NCOE Teachers Training ICT lab, Ministry of Education
  

Brought to you by: