Information Technology

What is a DDoS attack?
A distributed denial-of-service attack (DDoS attack) sees an attacker flooding the network or servers of the victim with a wave of internet traffic so big that their infrastructure is overwhelmed by the number of requests for access, slowing down services or taking them fully offline and preventing legitimate users from accessing the service at all.
While a DDoS attack is one of the least sophisticated categories of cyberattack, it also has the potential to be one of the most disruptive and most powerful by taking websites and digital services offline for significant periods of time that can range from seconds to even weeks at a time.

More on privacy

How does a DDoS attack work?
DDoS attacks are carried out using a network of internet-connected machines – PCs, laptops, servers, Internet of Things devices – all controlled by the attacker. These could be anywhere (hence the term ‘distributed’) and it’s unlikely the owners of the devices realise what they are being used for as they are likely to have been hijacked by hackers.
Common ways in which cyber criminals take control of machines include malware attacks and gaining access by using the default user name and password the product is issued with – if the device has a password at all. 
Once the attackers have breached the device, it becomes part of a botnet – a group of machines under their control. Botnets can be used for all manner of malicious activities, including distributing phishing emails, malware or ransomware, or in the case of a DDoS attack, as the source of a flood of internet traffic.
SEE: Security Awareness and Training policy (TechRepublic Premium)
The size of a botnet can range from a relatively small number of zombie devices, to millions of them. Either way the botnet’s controllers can turn the web traffic generated towards a target and conduct a DDoS attack.
Servers, networks and online services are designed to cope with a certain amount of internet traffic but, if they’re flooded with additional traffic in a DDoS attack, they become overwhelmed. The high amounts of traffic being sent by the DDoS attack clogs up or takes down the systems’ capabilities, while also preventing legitimate users from accessing services (which is the ‘denial of service’ element).
A DDoS attack is launched with the intention of taking services offline in this way, although it’s also possible for online services to be overwhelmed by regular traffic by non-malicious users – for example, if hundreds of thousands of people are trying to access a website to buy concert tickets as soon as they go on sale. However, this is usually only short, temporary and accidental, while DDoS attacks can be sustained for long periods of time.

DDoS attacks can be extremely powerful online weapons.
What is an IP stresser and how does it relate to DDoS attacks?
An IP stresser is a service that can be used by organisations to test the robustness of their networks and servers. The goal of this test is to find out if the existing bandwidth and network capacity are enough to handle additional traffic. An IT department using a stresser to test their own network is a perfectly legitimate application of an IP stresser.
However, using an IP stresser against a network that you don’t operate is illegal in many parts of the world – because the end result could be a DDoS attack. However, there are cyber-criminal groups and individuals that will actively use IP stressers as part of a DDoS attack.
What was the first DDoS attack?
What’s widely regarded as the first malicious DDoS attack occurred in July 1999 when the computer network at the University of Minnesota was taken down for two days.
A network of 114 computers infected with Trin00 malware all directed their traffic at a computer at the university, overwhelming the network with traffic and blocking legitimate use. No effort was made to hide the IP address of the computers launching the traffic – and the owners of the attacking systems had no idea their computers were infected with malware and were causing an outage elsewhere.
Trin00 might not have been a large botnet, but it’s the first recorded incident of cyber attackers taking over machines that didn’t belong to them and using the web traffic to disrupt the network of an particular target. And in the two decades since, DDoS attacks have only become bigger and more disruptive.
Famous DDoS attacks: MafiaBoy – February 2000
The world didn’t have to wait long after the University of Minnesota incident to see how disruptive DDoS attacks could be. By February 2000, 15-year-old Canadian Michael Calce – online alias MafiaBoy – had managed to take over a number of university networks, roping a large number of computers into a botnet.
He used this for a DDoS attack that took down some of the biggest websites at the start of the new millennium, including Yahoo! – which at the time was the biggest search engine in the world – eBay, Amazon, CNN, and more. 
Calce was arrested and served eight months in a youth detection centre after pleading guilty to charges against him. He was also fined C$1,000 ($660) for conducting the attacks – which it’s estimated caused over $1.7 billion in damages – and went on to become a computer security analyst.
Famous DDoS attacks: Estonia – April 2007
By the mid 2000s, it was apparent that DDoS attacks could be a potent tool in the cyber-criminal arsenal, but the world was about to see a new example of how disruptive DDoS attacks could be; by taking down the internet services of an entire country.
In April 2007, Estonia was – and still is – one of the most digitally advanced countries in the world, with almost every government service accessible online to the country’s 1.3 million citizens through an online ID system.
But from 27 April, Estonia was hit with a series of DDoS attacks disrupting all online services in the country, as well as parliament, banks, ministries, newspapers and broadcasters. People weren’t able to access the services they needed on a daily basis.
SEE: Network security policy (TechRepublic Premium)
Attacks were launched on multiple occasions, including during a particularly intense period of 24 hours on 9 May – the day Russia celebrates Victory in Europe day for World War II, before eventually falling away later in the month.
The DDoS campaigns came at a time when Estonia was involved in a political dispute with Russia over the relocation of a Soviet statue in Tallinn. 
Some members of Estonian leadership have accused Russia of orchestrating the attacks, something that the Kremlin has always denied.

Estonia was the victim of a massive DDoS attack.
Image: Getty Images/iStockphoto
Famous DDoS attacks: Spamhaus – March 2013
The Spamhaus Project’s goal is to track the activity of spammers on the web in order to help internet providers and email services with a real-time list of common spam emails, posts and messages in order to prevent users from seeing them and potentially being scammed.
But in March 2013, Spamhaus itself fell victim to cyber criminals when 300 billion bits of data a second was launched at it in what was at the time the biggest DDoS attack ever, and one that lasted for almost two weeks.
Cloudflare dubbed it ‘The DDoS’ attack that almost broke the internet’ after the web infrastructure and web-security company stepped in to mitigate the attack against Spamhaus – and then found cyber attackers attempting to take Cloudflare itself offline. But the impact of the attack was much greater because the sheer scale of the attack caused congestion across the internet.
Famous DDoS attacks: Mirai – October 2016
In probably the most famous DDoS attack to date, the Mirai botnet took down vast swathes of online services across much of Europe and North America. News websites, Spotify, Reddit, Twitter, the PlayStation Network and many other digital services were either slowed down to a crawl or completely inaccessible to millions of people. Fortunately, the outages lasted for less than one day.
Described as the biggest online blackout in history, the downtime was caused by a DDoS attack against Dyn, the domain name system provider for hundreds of major websites. The attacks was explicitly designed to overload its capability.
What helped make the attack so powerful was the Mirai botnet had taken control of millions of IoT devices, including cameras, routers, smart TVs and printers, often just by brute-forcing default credentials, if the devices had a password at all. And while the traffic generated by individual IoT devices is small, the sheer number of devices in the botnet was overwhelming to Dyn. And Mirai still lives on.

The Mirai botnet attack took down a large number of online services. 
Image: Level 3
How do I know if I’m under DDoS attack?
Any business or organisation that has a web-facing element needs to think about the regular web traffic it receives and provision for it accordingly; large amounts of legitimate traffic can overwhelm servers, leading to slow or no service, something that could potentially drive customers and consumers away.
But organisations also need to be able to differentiate between legitimate web traffic and DDoS attack traffic.
Capacity planning is, therefore, a key element of running a website, with thought put into determining what’s an expected, regular amount of traffic and what unusually high or unanticipated volumes of legitimate traffic could look like, so as to avoid causing disruption to users – either by taking out the site due to high demands, or mistakenly blocking access due to a DDoS false alarm.
SEE: VPN: Picking a provider and troubleshooting tips (free PDF) (TechRepublic)
So how can organisations differentiate between a legitimate increase in demand and a DDoS attack?
In general, an outage caused my legitimate traffic will only last for a very short period of time and often there might be an obvious reason for the outage, such as an online retailer experiencing high demand for a new item, or a new video game’s online servers getting very high traffic from gamers eager to play.
But in the case of a DDoS attack, there are some tell-tale signs that it’s a malicious and targeted campaign. Often DDoS attacks are designed to cause disruption over a sustained period of time, which could mean sudden spikes in malicious traffic at intervals causing regular outages.
The other key sign that your organisation has likely been hit with a DDoS attack is that services suddenly slow down or go offline for days at a time, which would indicate the services are being targeted by attackers who just want to cause as much disruption as possible. Some of these attackers might be doing it just to cause chaos; some may be paid to attack a particular site or service. Others might be trying to run some kind of extortion racket, promising to drop the attack in exchange for a pay-off.
What do I do if I’m under DDoS attack?
Once it’s become clear that you’re being targeted by DDoS attack, you should piece together a timeline of when the problems started and how long they’ve been going on for, as well as identifying which assets like applications, services and servers are impacted – and how that’s negatively impacting users, customers and the business as a whole.
It’s also important that organisations notify their web-hosting provider – it’s likely that they will have also seen the DDoS attack, but contacting them directly may help curtail the impacts of a DDoS campaign – especially if it’s possible for the provider to switch your IP address. Switching the IP to a new address will mean that the DDoS attack won’t have the impact it did because the attack will be pointing in the wrong direction.
If your security provider provides a DDoS mitigation service, it should help reduce the impact of the attack, but as seen with attacks like Mirai, especially large attacks that can still cause disruption despite the presence of preventative measures. The unfortunate thing about DDoS attacks is that while they’re very simple to conduct, they’re also very effective, so it’s still possible that even with measures in place that services could be taken offline for some time.
It’s also important to notify users of the service about what is happening, because otherwise they could be left confused and frustrated by a lack of information. Businesses should consider putting up a temporary site explaining that there are problems and provide users with information they should follow if they need the service. Social-media platforms like Twitter and Facebook can also be used to promote this message.
How do I protect against DDoS attacks?
What makes DDoS attacks effective is the ability to direct a large amount of traffic at a particular target. If all of an organisations’ online resources are in one location, the attackers only need to go after one particular target to cause disruption with large amounts of traffic. If possible, it’s therefore useful to spread systems out, so it’s more difficult – although not impossible – for attackers to direct resources towards everything at once.

Monitoring web traffic and having an accurate idea about what regular traffic looks like, and what is abnormal traffic, can also play a vital role in helping to protect against or spotting DDoS attacks. Some security personnel recommend setting up alerts that notify you if the number of requests is above a certain threshold. While this might not necessarily indicate malicious activity, it does at least provide a potential early warning that something might be on the way.
It’s also useful to plan for scale and spikes in web traffic, which is something that using a cloud-based hosting provider can aid with.
Firewalls and routers can play an important role in mitigating the potential damage of a DDoS attack. If configured correctly, they can deflect bogus traffic by analysing it as potentially dangerous and blocking it before it arrives. However, it’s also import to note that in order for this to be effective, firewall and security software needs to be patched with the latest updates to remain as effective as possible.
Using an IP stresser service can be an effective way of testing your own bandwidth capability. There are also specialist DDoS mitigation service providers that can help organisations deal with a sudden large upsurge in web traffic, helping to prevent damage by attacks.
What is a DDoS mitigation service?
DDoS attack mitigation services protect the network from DDoS attacks by re-routing malicious traffic away from the network of the victim. High profile DDoS mitigation service providers include Cloudflare, Akamai, Radware and many others.
The first job of a mitigation service is to be able to detect a DDoS attack and distinguish what’s actually a malicious event from what’s just a regular – if unusually high – volume of traffic.
Common means of DDoS mitigation services doing this include judging the reputation of the IP the majority of traffic is coming from. If it’s from somewhere unusual or known to be malicious, it could indicate an attack – while another way is looking out for common patterns associated with malicious traffic, often based on what’s been learned from previous incidents.
Once an attack has been identified as legitimate, a DDoS protection service will move to respond by absorbing and deflecting the malicious traffic as much as possible. This is helped along by routing the traffic into manageable chunks that will ease the mitigation process and help prevent denial-of-service.
How do I choose a DDoS mitigation service?
Like any IT procurement, choosing a DDoS mitigation service isn’t as simple as just selecting the first solution that appears. Organisations will need to choose a service based on their needs and circumstances. For example, a small business probably isn’t going to have any reason to fork out for the DDoS mitigation capabilities required by a global conglomerate.
However, if the organisation looking for a DDoS mitigation service is a large business, then they’re probably correct to look at large overflow capacities to help mitigate attacks. Looking at a network that has two or three times more capacity than the largest attacks known to date should be more than enough to keep operations online, even during a large DDoS attack.
While DDoS attacks can cause disruption from anywhere in the world, the geography and location of a DDoS mitigation service provider can be a factor. A European-based company could have an effective US DDoS protection provider, but if that provider doesn’t have servers or scrubbing centres based in Europe, the latency of the response time could prove to be a problem, especially if it causes a problem for re-routing traffic.
When deciding on a service provider, organisations should, therefore, consider if the DDoS protection network will be effective in their region of the world. For example, a European company should probably consider a DDoS mitigation provider with a European scrubbing centre to help remove or redirect malicious traffic as quickly as possible.  
However, despite all the ways to potentially prevent a DDoS attack, sometimes attackers will still be successful anyway – because if attackers really want to take down a service and have enough resources, they’ll do their best to be successful at it. But if an organisation is aware of the warning signs of a DDoS attack, it’s possible to be prepared for when it happens.   More

Barnes & Noble has confirmed a cyberattack impacting Nook services and potentially exposing customer data. 

The US bookseller stocks over one million titles at any one time for distribution worldwide. As ebooks emerged as an alternative to traditional literature, in 2009, the company launched the Nook service, an ebook reader and storage platform. 
Over the weekend, as reported by Bleeping Computer, Barnes & Noble customers complained across social media of outages. Some customers were unable to access their Nook libraries, their previous purchases had vanished into thin air, others were not able to log in to the firm’s online platform, and connectivity issues between sending or loading new books ran rampant. 
See also: Today’s ‘mega’ data breaches now cost companies $392 million to recover from
As noted by The Register, the outage also spread to physical outlets, where it appeared that some cash registers were also “briefly” unable to function. 
This prompted speculation that the disruption could be due to a malware infection, as when Point-of-Sale (PoS) systems become involved, the issue may not merely be due to a backend or server glitch. 
The bookseller partially restored its systems by Tuesday, but it was not until Wednesday that Nook publicly acknowledged customer access and Nook service issues.  
Nook said at the time that a “system failure” was at fault and engineers were working hard to “get all Nook services back to full operation.”
“Unfortunately, it has taken longer than anticipated,” Nook continued. “We sincerely apologize for this inconvenience and frustration.”
Now, Barnes & Noble has confirmed to customers that cyberattackers caused the service disruption. 
In an email, the bookseller said that on October 10, Barnes & Noble was the victim of intrusion, leading to “unauthorized and unlawful access to certain Barnes & Noble corporate systems.”
Customer email addresses, billing and shipping addresses, telephone numbers, and transaction histories may have been exposed during the breach.
CNET: Microsoft takes down hacking network with potential to disrupt election
“We currently have no evidence of the exposure of any of this data, but we cannot at this stage rule out the possibility,” the company added. 
However, the bookseller emphasizes that no financial data, “encrypted and tokenized” as a security measure, was taken or available to the threat actors.
The firm has not disclosed how many customers may be impacted by the suspected data breach. Barnes & Noble warns that as email addresses have been leaked, they may be used in phishing campaigns.
TechRepublic: IoT security: University creates new labels for devices to increase awareness for consumers
While the details of the cyberattack are yet to be made public, it is possible that ransomware could be at the heart of the incident. Bad Packets told BleepingComputer that the bookseller’s VPN servers were previously vulnerable to CVE-2019-11510, an arbitrary read vulnerability.
Security flaws like this can be used to compromise corporate networks and deploy payloads, including ransomware. In recent months, AG and the Duesseldorf University Hospital have experienced severe ransomware attacks. 
Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

Millions of people have been ditching Facebook and switching to Mountain View, CA-based social media network MeWe, touted to be the ad-free future of social networking.
Advised by Sir Tim Berners-Lee (the inventor of the World Wide Web), MeWe has surged to 9 million users worldwide since its inception in 2013, and has zero paid marketing ads. 
MeWe CEO Mark Weinstein said in his recent TedX talk that although we check our phones 150 times per day out phones are more dependent on us than we are on them. He says that we are participating in the “greatest socio-economic event in human history” – ‘surveillance capitalism’.
The business model of Facebook and the other current social media giants is to track, analyse, and monetise our data.
Our personal information is shared and sold across data companies used to target and manipulate us through marketing from social media companies, advertisers and politicians. Weinstein says that true privacy is becoming a “relic of the past”.
The more time we spend using social media, the more revenue that these social media companies can earn from ad revenue.
Facebook has been developing a brain to computer interface – to enable hands free communication without us needing to say a word. Imagine how much data Facebook could collect  from users then.
China has a Social Credit System that tracks its individuals for ‘undesirable behaviours’ such as frivolous spending, waste sorting, not visiting elderly relatives often enugh, cheating in exams, traffic violations, or for making a reservation at a restaurant and not showing up.
The system manages the reward, or punishment of citizens based on their economic or personal behaviour. 
Violators could be placed on a list, preventing them from getting better jobs, or preventing their children from attending good schools. We share all of this information on Facebook and other social media tools. It would be easy to extract this information and sell it to the highest bidder.
MeWe says that it is leading the privacy revolution in social media. The social network has a Privacy Bill of Rights giving its users total control of their data and privacy.
There are no ads, no targeting, no facial recognition, no data mining, and no newsfeed manipulation.
Eileen brown
MeWe is available on iOS, Android and desktop in 19 languages.
It has features such as: newsfeeds for contacts and close friends, pages, private 1:1 and group chats, private and open groups, disappearing content, stories, a custom camera with GIF creation, live voice and video, voice messaging, personal cloud storage, custom group profiles, dual-camera and MeWe Journals.
MeWe was named a 2020 Most Innovative Social Media Company by Fast Company, a 2019 Best Entrepreneurial Company in America by Entrepreneur Magazine, and Start-Up of the Year Finalist at SXSW. 
So how does MeWe make money? The company has a “Freemium’ revenue model that gives users the basic social media experience for free, and offers optional enhancements they can purchase.
These enhancements include extra storage ($3.99 per month), live voice and video calling ($1.99 per month), and MeWe journals ($1.99 per month).
These subscriptions mean that MeWe can show each post to each fan, friend or follower, and not create algorithms to throttle posts. MeWe also has a MeWe Pro version which is intended to compete directly with Slack.
MeWe premium costs $4.99 per month, and users who want to create a page for their business pay $1.99 per month.
So will MeWe make any headway? I joined MeWe (Sgrouples) in 2013 and have been lurking there since. It has a nice look and feel, the groups are interesting, and the group chats are really engaging.
As it gains momentum, content quality is improving all the time. With 9 million members its a much better site than Facebook was at four years after its launch.
Our shift to preserve our privacy might mean that MeWe user numbers might continue to grow. More

Microsoft has rolled out today updates to the Edge browser’s extensions system.

Known as “Manifest V3” these are changes that have been announced in October 2018 by Google for the Chromium open-source browser engine, namely to the WebExtensions API.
The changes update how browser extensions interact with Chromium-based browsers, such as Chrome, Brave, Opera, Vivaldi, and, as of this year, Microsoft Edge.
At the time the changes were announced in 2018, Google said the main intent was to improve extension security, make extensions more performant, and give users greater control over what extensions do and with which sites they interact.
However, extension developers were also quick to point out that the “Manifest V3” updates also contained changes that crippled the ability of ad blockers, antivirus, parental control enforcement, and various privacy-enhancing extensions to properly do their job.
The announcement caused a huge backlash from both users, extension developers, and even other browser makers. Users, in particular, viewed the move as a dirty hit from Google —an advertising company— to sabotage the ad-blocking ecosystem.
Browsers like Opera, Brave, and Vivaldi were quick to distance themselves from the debacle and announced plans to ignore the Manifest V3 updates and allow users to keep using ad blockers.
Mozilla, which also implemented the WebExtensions API inside Firefox for compatibility reasons, also denounced Chrome’s plans and said it would not be following Google’s WebExtensions API update to the letter and that it would make some changes of its own to allow ad blockers to continue to work as intended.
In the face of all this criticism, Google backtracked on some of the Manifest V3 updates in March 2019 and backtracked on even more changes in June, following criticism that it was disingenuous in its plans.
Since then, the Manifest V3 changes have started rolling out in Chrome, with some of the grumbling having died down, although some ad blocker extension devs seem to have given up on their products’ ability to reliable block ads once these changes reach stable versions of Chrome.
Currently, Manifest V3 changes are being tested in Chrome.
These changes have now also reached Microsoft’s new Chromium-based Edge, where they are already live in beta and stable releases.
However, Microsoft said today that these changes wouldn’t cripple ad blockers, a fear that many users had.
“We recognize the value of content blocking extensions and appreciate the role they play in honoring user’s choice by blocking advertisements and enhancing privacy by blocking cookies and we want developers to continue to offer these capabilities,” the Microsoft Edge Team said today.
“After an extensive review of the concerns raised by content blockers and the community, we believe that a majority of those concerns have been resolved or will be resolved before Web Request API is deprecated.”
**The Web Request API is a function used by ad blockers that will be removed with Manifest V3. More

A group of Iranian hackers with a history of attacking academic institutions have come back to life to launch a new series of phishing campaigns, security firm Malwarebytes said today.

The new attacks were timed to coincide with the start of the new academic years when both students and university staff were expected to be active on university portals.
The attacks consisted of emails sent to victims. Known as “phishing emails,” they contained links to a website posing as the university portal or an associated app, such as the university library.
The websites were hosted on sites with lookalike domains, but in reality, collected the victim’s login credentials.
Attacks linked to Silent Librarian group
Malwarebytes says the attacks were all orchestrated by the same group, known in cyber-security circles under its codename of Silent Librarian.
The members of this group were indicted in the US in March 2018 for a long string of attacks against universities from all over the globe, dating back as far as 2013.
According to the US indictments, the hackers gained access to university portals from where they stole intellectual property or limited-release academic work, which they later re-sold on their own web portals (Megapaper.ir and Gigapaper.ir).
However, despite the US indictment, the hackers remained at large in Iran and mounted subsequent attacks.
These attacks usually took place each fall, right before the new school year. Their 2018 campaign was documented in a Secureworks report, while Proofpoint spotted last year’s campaign.
Group is now hosting attack servers in Iran
But compared to the past attacks, the 2020 campaign is different.
Malwarebytes said this time around, Silent Librarian hosted some of its phishing sites on Iranian servers.
“It may seem odd for an attacker to use infrastructure in their own country, possibly pointing a finger at them. However, here it simply becomes another bulletproof hosting option based on the lack of cooperation between US or European law enforcement and local police in Iran,” the US security firm said.
Below is a list of universities the group targeted, along with the phishing sites they used, in case students and university staff may want to review any past emails.
Phishing site
Legitimate site
Target
library.adelaide.crev.me
library.adelaide.edu.au
The University of Adelaide Library
signon.adelaide.edu.au.itlib.me
library.adelaide.edu.au
The University of Adelaide Library
blackboard.gcal.crev.me
blackboard.gcal.ac.uk
Glasgow Caledonian University
blackboard.stonybrook.ernn.me
blackboard.stonybrook.edu
Stony Brook University
blackboard.stonybrook.nrni.me
blackboard.stonybrook.edu
Stony Brook University
namidp.services.uu.nl.itlib.me
namidp.services.uu.nl
Universiteit Utrecht
uu.blackboard.rres.me
uu.blackboard.com
Universiteit Utrecht
librarysso.vu.cvrr.me
librarysso.vu.edu.au
Victoria University
ole.bris.crir.me
ole.bris.ac.uk
University of Bristol
idpz.utorauth.utoronto.ca.itlf.cf
idpz.utorauth.utoronto.ca
University of Toronto
raven.cam.ac.uk.iftl.tk
raven.cam.ac.uk
University of Cambridge
login.ki.se.iftl.tk
login.ki.se
Karolinska Medical Institutet
shib.york.ac.uk.iftl.tk
shib.york.ac.uk
University of York
sso.id.kent.ac.uk.iftl.tk
sso.id.kent.ac.uk
University of Kent
idp3.it.gu.se.itlf.cf
idp3.it.gu.se
Göteborg universitet
login.proxy1.lib.uwo.ca.sftt.cf
login.proxy1.lib.uwo.ca
Western University Canada
login.libproxy.kcl.ac.uk.itlt.tk
kcl.ac.uk
King’s College London
idcheck2.qmul.ac.uk.sftt.cf
qmul.ac.uk
Queen Mary University of London
lms.latrobe.aroe.me
lms.latrobe.edu.au
Melbourne Victoria Australia
ntulearn.ntu.ninu.me
ntulearn.ntu.edu.sg
Nanyang Technological University
adfs.lincoln.ac.uk.itlib.me
adfs.lincoln.ac.uk
University of Lincoln
cas.thm.de.itlib.me
cas.thm.de
TH Mittelhessen University of Applied Sciences
libproxy.library.unt.edu.itlib.me
library.unt.edu
University of North Texas
shibboleth.mcgill.ca.iftl.tk
shibboleth.mcgill.ca
McGill University
vle.cam.ac.uk.canm.me
vle.cam.ac.uk
University of Cambridge More

Photo: Tom Foremski
Northern California-based startup Accurics has raised $20m in seed and Series A funding, mostly from Intel Capital, for improving the security of cloud-native applications with a self-healing approach. 
Accurics ensures that the infrastructure code supporting developers creating cloud-native applications has no security risks and is able to actively plug future security threats.

“There is a big shift to cloud-native applications which risks outpacing the security measures needed. We can programmatically mitigate security risks in the Cloud through Infrastructure as Code — before provisioning, allowing developers to concentrate on app functionality,” said co-founder and CEO Sachin Aggarwal.
He said that raising money during the COVID-19 lockdown and pandemic wasn’t a problem but that everything had to be done via video with no face-to-face meetings. 
“Our investors appreciate that COVID-19 has sped up the move to cloud native applications as companies beef up their e-commerce operations and supporting apps,” said Aggarwal.
The rush to the cloud is outpacing the cyber-security needed for safe deployment — this is the gap that Accurics is targeting. 
Accurics’ team of about 25 people has been working from home-based offices and has been able to create the foundation of Accurics’ self-healing cloud technology in just six months.
A webinar “The Future of Cloud Native Security is Self-Healing” is planned for November 5 at 10am PST: https://bit.ly/3npypYV.

Tech Earnings More

Image: Zoom
Video conferencing platform Zoom announced today plans to roll out end-to-end encryption (E2EE) capabilities starting next week.
E2EE will allow Zoom users to generate individual encryption keys that will be used to encrypt voice or video calls between them and other conference participants.
These keys will be stored locally and will not be shared with Zoom servers, meaning the software company won’t be able to access or intercept any ongoing E2EE meetings.
Support for E2EE calls will first be part of Zoom clients to be released next week. To use the new feature, users must update theri clients next week and enable support for E2EE calls at the account level.
This green shield will contain a lock if E2EE is active. If the lock is absent, Zoom will use its default AES 256-bit GCM encryption scheme, which the company uses to secure current communications, but which the company can also intercept.

However, the feature won’t work if it’s not also enabled by conference hosts, which also have options at their disposal to limit calls only for users with E2EE enabled at their account level.
Once enabled, a green shield will be shown in the top-left corner of all Zoom conferences if E2EE is active.

Image: Zoom
Zoom said next week’s E2EE rollout is part of a four-stage rollout process that will complete in 2021.
“In Phase 1, all meeting participants must join from the Zoom desktop client, mobile app, or Zoom Rooms,” Zoom said today.
The company said E2EE calls would support up to 200 participants, and the feature will be made available to all users, for both paid and free accounts.
Zoom promised support for E2EE encrypted calls back in May when the company faced a rash of criticism because of its weak security posture. More

Emergency warning red and blue roof mounted police LED blinker light bar turned on
Getty Images/iStockphoto
German authorities have raided the offices of FinFisher, a German software company that makes surveillance tools, accused in the past of providing software to oppressive regimes.
The raids took place earlier this month, on October 6 and October 8, and were ordered by the Munich Public Prosecutor’s Office.
Raids took place at locations across Germany and Romania. This included 15 properties (business premises and private apartments) around Munich and a company connected to FinFisher located in Romania, according to a spokesperson from the Munich Public Prosecutor’s Office.
The raids are part of an investigation that began last year after a complaint [PDF] filed by Netzpolitik with Munich prosecutors in the summer of 2019. Other signatories on the complaint included advocacy groups such as the Society for Freedom Rights, Reporters Without Borders, and the European Center for Constitutional and Human Rights.
The signatories argued that FinFisher’s malware had been installed on the devices of activists, political dissidents, and regular citizens in countries with oppressive regimes, countries to which FinFisher would have been prohibited from selling its software.
FinFisher denied accusations and successfully sued the German blog, having it take down its original article; however, the criminal complaint had to run its course.
Today’s raids are part of this legal process where German authorities are gathering evidence in relation to the claims made in the complaint, the Munich Public Prosecutor’s Office told ZDNet.
FinFisher did not return an email seeking comment before this article’s publication.
The company’s products are usually detected as malware by most antivirus products, including major products like Windows Defender.
FinFisher surveillance tools are available for Windows, iOS, and Android. In the past, cyber-security firms have spotted FinFisher infections in more than 20 countries.
FinFisher markets its tools as meant for law enforcement investigations and intelligence agencies. Known customers include the German federal police and Berlin police. However, the company’s tools have also been found on the devices of government critics and journalists in countries like Ethiopia, Bahrain, Egypt, and Turkey — countries where surveillance tools exports are prohibited.
German news agency Tagesschau, which first reported the raids today, claims FinFisher had been using satellite companies in other countries to evade Germany’s stricter export restrictions on surveillance software. More