The FBI’s Next Generation Identification program could spot faces in a crowded street

The FBI is getting ready to roll out a new nationwide program to better identify criminals called the Next Generation Identification (NGI) project. The new program is expected to add biometric data to Bureau’s toolkit with iris scans, DNA analysis, voice identification, and even the ability to pick out a person’s face in a crowded street using surveillance cameras.

[Credit: Wikimedia Commons]
The FBI and Lockheed Martin Transportation and Security Solutions, who won the NGI contract, have received $1 billon to make its NGI project a reality. According to New Scientist, a handful of states have already created a criminal photo database as part of a NGI pilot program that will go nationwide by 2014.

Theoretically, the NGI system would be able to use its mugshot database to pick out criminals in a crowd using a face-matching algorithm. The program would scan for faces in footage taken by security cameras or public images uploaded to the Internet. The algorithm would then return a number of hits for investigators to look into.

Read more »

1

Get ready: Microsoft is raising the bar for encryption keys

Great news! Next Tuesday is already Patch Tuesday for September, but Microsoft only has a couple of relatively minor updates lined up. Don’t get too comfortable, though—you need to prepare for the changes Microsoft is making next month for cryptographic keys.

Let’s start with Patch Tuesday. September is a dramatic departure from previous months. Unlike the many months that have been loaded down with multiple Critical updates, or the fact that Internet Explorer has been updated monthly for the past few months, Microsoft only has two security bulletins scheduled for this month.

Microsoft will soon consider any cryptographic key less than 1024 bits invalid.
The last couple of months have each had nine new security bulletins, and the average per month through August is 7.5. Two is a manageable number that will make many IT admins very happy. Throw in the fact that both of the security bulletins are rated as Important, and that they impact software or platforms that many businesses don’t even use, and some IT admins may essentially get this Patch Tuesday off free and clear.

Read more »

1

Apple device IDs hacked: What you need to know

A hacker collective known as AntiSec has published over a million Apple device IDs that it claims were captured from the laptop of an FBI agent. If you own an iPhone or iPad, you might be wondering what this hack means to you, and you might also be curious about why the FBI had your Apple UDID in the first place.

The information was acquired and released by the hackers as a political statement. The lengthy diatribe posted on Pastebin along with the hacked Apple ID info rants about government oppression and hypocrisy.

Why does the FBI have 12 million Apple device UDIDs on a laptop?
While the group has published one million and one hacked Apple device IDs, it should be given at least a little credit for restraint. The details stolen from the FBI laptop included more personal information as well—such as full names, cell phone numbers, addresses and zip codes.

Read more »

7

Plan X: DARPA’s Cyberwar

DARPA, if you didn’t know, stands for Defense Advanced Research Projects Agency. It's the government body that develops ridiculous things like flying tanks and other science fiction. Next month, however, DARPA is hitting closer to home with “Plan X”, a one-day workshop designed to flesh out the U.S. government’s strategy for war in cyberspace.

Plan X is a two-pronged affair that consists of a general-access session for your standard contractors and government employees, and a secret session to map out where the US is going in the future of cyber warfare.

Read more »

4

Does Oracle Patch for Java 7 Fix the Zero-Day Flaw?

Oracle issued a patch today for Java 7. Coincidentally, Java 7 has also been the target of recent attacks thanks to a zero-day exploit. For now, though, its anyone’s guess whether or not the new Java 7 patch actually addresses the zero-day exploits, or to what extent.

First, a brief recap. A previously unknown flaw in Java was discovered, and a proof-of-concept (PoC) exploit was developed in the popular Metasploit Framework tool. Metasploit is a tool used by the good guys, but an exploit is an exploit, and the fact that the exploit PoC code was developed for Metasploit means that the exploit is now in the hands of many more would-be attackers.

Oracle already knew about the 'zero-day' flaws, so hopefully this patch fixes them.
According to the normal Oracle patch release schedule, the next routine update isn’t supposed to occur until October. However, Java is a popular and widely used platform, and it would probably be catastrophic for Oracle to wait a month or more to produce a patch.

Read more »

2

Warning: Java Zero Day Flaw Under Attack

Java is under attack again. A zero-day vulnerability in Java is being actively exploited in the wild. The current attacks seem to be targeted, but security experts warn that more widespread attacks could be imminent.

Next to Adobe Reader and Adobe Flash, Java is probably one of the most ubiquitous and widely used applications. Unfortunately, it also provides attackers with plenty of holes and vulnerabilities to exploit, which makes it a popular target.

Security experts warn users to expect more exploits of the Java zero-day.
Proof-of-concept (PoC) code has been developed for the Metasploit Framework tool. Wolfgang Kandek, CTO of Qualys, explains that this is concerning because it makes the exploit available to a much wider audience, and probably means more attacks targeting the Java vulnerability are on the horizon.

Read more »

4

Has Android Malware Tripled in Recent Months? Not So Fast

There never seems to be any shortage of Android malware reports circulating in the news, and today one came out that sounds alarming indeed.

android malware
“Android Under Attack: Malware Levels for Google’s OS Rise Threefold in Q2 2012” was the title of the press release from antivirus vendor Kaspersky announcing it, in fact, and right on cue headlines are popping up across the tech media echoing that dire warning.

But is it really as bad as all that? Probably not. In fact, as pointed out by security-focused publication The H on Thursday, data from competing firm F-Secure paint a very different picture for the very same time period. In fact, rather than a tripling of Android malware in the second quarter, F-Secure found only a modest rise.

Read more »

2