Here are the top cyber news and stories of the day.
- College Student Expelled After Bringing Web Vulnerability to School’s Attention – After two computer science students found an exploit in the Omnivox Web Portal, they brought it to the attention of the authorities. However, a few days later, one of the students ran the Acutenix Web exploit testing kit to test the portal, an act the developer considered a cyber attack. The school determined he violated codes of professionalism, and summarily expelled him. Via ThreatPost, more here.
- Attacking networks using electromagnetic interference - According to a report in Defense News, one group in the US Army is looking into infiltrating closed networks via electromagnetic waves. The end state is to use these waves to extract[ing] data from and inject[ing] data into sealed cable networks. This would create a huge delta in our abilities to access other nations’ secured networks. Via H-Online, more here.
- Commerce considering managed service to fix cyber weakness - The Commerce Department wants to fix a glaring cyber weakness. It lacks full centralized enterprisewide cybersecurity reporting capabilities across its 90,000 computers. They issued an RFI to this end on Jan 15, looking for capabilities [that] would “provide department-level situational awareness, a single, common operating picture of security for the department’s systems, remediation and response, and other centralized functions necessary to monitor and manage the department’s cybersecurity posture.” Via Federal News Radio, more here.
- In Google’s Future, You May Log in with Your Ring – We’ve been looking at using smartphones and other devices to truly identify ourselves, but Google researchers have written about using a “smartcard-embedded finger ring,” to be the “primary authenticator” in the future. This could cut down on what people carry (and require secondary PIN or other access information). Via CIO Today, more here.
- Malware Spreads through Skype – The Shylock malware has been updated, and is spreading through Skype. Because Microsoft is taking down Windows Live Messenger, hackers are turning their attentions to Skype, and its code. The intent of the malware is to take financial data from infected systems. It looks to steal credentials for online banking sites, and also has the ability to perform code-injection attacks. Via ISS Source, more here.
- DoD standardizing, synchronizing cyber training - The Defense Department is piloting its first-ever set of standardized curriculum for cyber warriors amid an effort to make sure the military treats cyber skills as seriously as it does its other critical disciplines. DISA is leading this charge now, but coordination is military-wide. The intent is to train military members in the cyber field on standard sets of foundational cybersecurity skills that cross the boundaries of the individual military services. Via Federal News Radio, more here.
- Researchers Warn: Mega’s New Encrypted Cloud Doesn’t Keep Its Megasecurity Promises - Kim Dotcom, the founder of Megaupload, was hit with many charges of aiding in distributing pirated content. He has re-launched his cloud service as “Mega” with a focus on privacy instead. However, researchers are saying that the privacy and cryptography he’s touting, is not so private at all. Via Forbes, more here.