Microsoft To Open Source Radio Code

Microsoft has begun to open source some more of its code, this time for the Microsoft Research Software Radio (Sora).

“We believe that a fully open source Sora will better support the research community for more scientific innovation,” said Kun Tan, a senior researcher on the Sora project team.

Sora was created to combat the problem of creating software radio that could keep up with the hardware developments going on around it.

The idea behind it is to run the radio off software on a multi-core PC running a basic operating system. In the example, it uses Windows. But then it would.

A PCIe radio control board is added to the machine with signals processed by the software for transmission and reception, while the RF front-end, with its own memory, interfaces with other devices.

The architecture also supports parallel processing by distributing processing pipelines to multiple cores exclusively for real-time SDR tasks.

Sora has already won a number of awards, and the Sora SDK and API were released in 2011 for academic users. More than 50 institutions now use it for research or courses.

As such, and in line with the groovy open Microsoft ethos, the software has now been completely open sourced, with customizable RF front-ends, customizable RCB with timing control and synchronization, processing accelerators and support for new communication models such as duplex radios.

The Sora source code is now up on GitHub. Use cases already in place include TV whitespace, large scale MIMO and distributed MIMO systems.

Microsoft has made a number of moves towards open sourcing itself over the past year. Most notably, The .NET Framework at the heart of most Windows programs was offered up to the newly created .NET Foundation.

It was announced yesterday that Google is releasing its Kubernetes code to the Linux Foundation to set up a standardized format for containerization.

Source

Should Encryption Be The Norm?

Encryption should be a matter of priority and used by default. That’s the message from the Internet Architecture Board (IAB), the worldwide body in charge of the internet’s technology infrastructure.

The IAB warned in a statement that “the capabilities and activities of attackers are greater and more pervasive than previously known”.

It goes on to say: “The IAB urges protocol designers to design for confidential operation by default. We strongly encourage developers to include encryption in their implementations, and to make them encrypted by default.

“We similarly encourage network and service operators to deploy encryption where it is not yet deployed, and we urge firewall policy administrators to permit encrypted traffic.”

The purpose, the IAB claims, is to instill public trust in the internet after the myriad high-profile cases in which computer traffic has been intercepted, ranging from bank details to email addresses and all points in between.

The news will be unwelcome to the security services, which have repeatedly objected to initiatives such as the default encryption in iOS8 and Android L, claiming that it is in the interest of the population to retain the right to intercept data for the prevention of terrorism.

However, leaked information, mostly from files appropriated by rogue NSA contractor Edward Snowden, suggests that the right of information interception is abused by security services including the UK’s GCHQ.

These allegations include the collection of irrelevant data, the investigation of cold cases not in the public interest, and the passing of pictures of nude ladies to colleagues.

Source

PoS Cyber Attacks Up In 2013

A third of data intrusion investigated by security firm Trustwave last year involved compromises of point-of-sale (POS) systems and over half of all intrusions targeted payment card data.

Even though POS systems remained a significant target for attackers, as suggested by several high-profile data breaches disclosed by large retailers over the past six months, the largest number of data theft incidents last year actually involved e-commerce sites, Trustwave said Wednesday in a report that compiled data from 691 data breach investigations conducted by the company around the world.

E-commerce intrusions accounted for 54 percent of investigated data breaches and POS system intrusions accounted for 33 percent, Trustwave said. A separate report published by Verizon in April also pointed to Web application and PoS attacks as leading causes of security incidents with confirmed data disclosure last year.

According to Trustwave, over half of intrusions targeted payment-card data, with such data being stolen from e-commerce transactions in 36 percent of incidents and from POS transactions in 19 percent of attacks.

In Western Europe in particular, where countries have rolled out EMV — chip-and-PIN payment card transactions — cybercriminals shifted their focus from POS devices to e-commerce platforms, said John Yeo, EMEA Director at Trustwave. “EMV has changed the pattern of compromises when it comes to payment-card-specific data.”

However, a significant increase in the theft of sensitive, non-payment-card data, was also observed last year. This data includes financial credentials, personally identifiable information, merchant ID numbers and internal company communications, and was stolen in 45 percent of incidents, Trustwave said in the report.

Customer records containing personally identifiable information can possibly be used to perpetrate identity fraud and are sought after on the black market, so that’s why there’s been an uptick in attacks focusing on such data, Yeo said.

Only about a third of victim companies were able to self-detect data breaches, Trustwave found. In 58 percent of cases, breaches were identified by regulatory bodies, the credit card companies or merchant banks.

Source

Target Makes Information Security Changes

Target Corp announced an overhaul of its information security processes and the departure of its chief information officer as the retailer tries to re-gain customers and investors after a massive data breach late last year.

CIO Beth Jacob is the first high-level executive to leave the company following the breach, which led to the theft of about 40 million credit and debit card records and 70 million other records of customer details.

Jacob, who comes from a sales background and has been CIO since 2008, will be replaced by an external hire, according to sources at Target.

“It’s a decision that should have been made by the CEO on January 1, not through the resignation of an employee that overlooked critical weakness in the operating model,” Belus Capital Advisors CEO Brian Sozzi said.

The breach at Target was the second largest at a U.S. retailer, after the theft of more than 90 million credit cards over about 18 months was uncovered in 2007 at TJX Cos Inc, operator of the T.J. Maxx and Marshalls chains.

Hacking has become a major concern for retailers in the United States. In the latest reported breach, beauty products retailer and distributor Sally Beauty Holdings Inc said on Wednesday its network had been hacked but no card or customer data appeared to have been stolen.

Target Chief Executive Gregg Steinhafel said the company would elevate the role of chief information security officer as part of its plan to tighten its security.

The company will also look externally to fill that position as well as the new position of chief compliance officer.

Steinhafel said Target would be advised by security consultant Promontory Financial Group as it evaluates its technology, structure, processes and talent.

“I believe this is definitely a measure in restoring faith and really showing that they are taking the breach seriously,” Heather Bearfield, who runs the cybersecurity practice for accounting firm Marcum LLP, told Reuters.

Target, the third-largest U.S. retailer, said last week customer traffic had started to improve this year after falling significantly toward the end of the holiday shopping season when news of the cyber attack spooked shoppers.

Source

USA In Danger Of Cyber Experts Shortage

Leading cyber experts warned of a shortage of talented computer security experts in the United States, making it extremely difficult to keep corporate and government networks safe at a time when attacks are on the rise.

Symantec Corp Chief Executive Enrique Salem told the Reuters Media and Technology Summit in New York that his company was working with the U.S. military, other government agencies and universities to help develop new programs to train security professionals.

“We don’t have enough security professionals and that’s a big issue. What I would tell you is it’s going to be a bigger issue from a national security perspective than people realize,” he said on Tuesday.

Jeff Moss, a prominent hacking expert who sits on the U.S. Department of Homeland Security Advisory Council, said that it was difficult to persuade talented people with technical skills to enter the field because it can be a thankless task.

“If you really look at security, it’s like trying to prove a negative. If you do security well, nobody comes and says ‘good job.’ You only get called when things go wrong.”

The warnings come at a time when the security industry is under fire for failing to detect increasingly sophisticated pieces of malicious software designed for financial fraud and espionage and failing to prevent the theft of valuable data.

Moss, who goes by the hacker name “Dark Tangent,” said that he sees no end to the labor shortage.

Source…

SEC Asks Companies To Disclose Attacks

U.S. securities regulators formally asked public companies for the first time to disclose cyber attacks against them, following a trend of high-profile cyber crimes.

The Securities and Exchange Commission issued guidelines on Thursday that laid out the kind of information companies should disclose, such as cyber events that could lead to financial losses.

Senator John Rockefeller had asked the SEC to issue guidelines amid concern that it was becoming hard for investors to assess security risks if companies failed to mention data breaches in their public filings.

“Intellectual property worth billions of dollars has been stolen by cyber criminals, and investors have been kept completely in the dark. This guidance changes everything,” Rockefeller said in a statement.

“It will allow the market to evaluate companies in part based on their ability to keep their networks secure. We want an informed market and informed consumers, and this is how we do it,” Rockefeller said in a statement.

There is a growing sense of urgency about cyber security following breaches at Google Inc, Lockheed Martin Corp, the Pentagon’s No. 1 supplier, Citigroup, the International Monetary Fund and others.

Source….