Security News Round-Up: Cybersecurity Bill Likely Dead, Dropbox Confirms Breach, and More
The Senate voted to end debate on the revised Cybersecurity Act and move toward a final vote; Dropbox officials have confirmed a rumored security breach; and in an apparent bid to find out how good its computer security is, a French company is trying to trademark the Anonymous logo and slogan.
By Constantine von Hoffman, CIO
: The Senate voted Thursday to end debate on the revised Cybersecurity Act and move toward a final vote, an action which may actually spell the bill’s end. That motion passed on a 52-46 but 60 votes are needed to move forward. The Senate is expected to start its incredibly undeserved August recess on Friday, not returning until Sept. 7. With elections coming in three months it would take a miracle for any more action to be taken on the bill before then because Senators are terrified of being held accountable for their actions. Sponsors introduced a revised version of the bill July 19 but opponents, including many Republicans, say there are still many problems with it.
Huawei ‘looking into’ serious security problem with routers: Huawei Technologies says it is looking into claims of serious security vulnerabilities in some of the company’s routers. The security problems were discovered by researchers Felix “FX” Lindner and Gregor Kopf who discussed them at DEF CON last week. Huawei, a Chinese telecom and hardware provider, defended itself and said it employs “rigorous security strategies and policies.” According to Lindner some of the flaws they found were reminiscent of bugs common in the 1990s. “The flaws are bad but fixable. What is more serious is the overall code quality of the operating system. There are likely to be quite some more issues and we have not found any security advisories published by Huawei,” Lindner said told the blog Threat Post.
Dropbox confirms security breach: Dropbox officials have confirmed a security breach which had been rumored for several weeks. According to the company an attacker used a collection of illicitly obtained usernames and passwords to infiltrate a number of Dropbox accounts, including one belonging to a Dropbox employee. The usernames and passwords were stolen from other, third-party websites. The company’s announcement follows customer complaints earlier this month that email addresses they used only for Dropbox were being targeted by gambling and casino website spam. The company said it will implement two-factor authentication – where users log-in using their password and a code sent to their phone – over the next few weeks.
Don’t tug on Superman’s cape, Part 1 – Anonymous turns in charity site hacker: Anonymous gave authorities the location of a Spanish man believed to be responsible for hacking a charity website. RedSky video production company of New Zealand asked for help after an attacker penetrated its website, erased data and left graffiti. RedSky donates profits from a documentary about the effects of poverty on children in New Zealand to charities providing meals for impoverished youngsters. The attack was reportedly carried out by someone calling himself AnonVoldemort (oooh, scary) in a bid to impress the hackers and become a member. One of the unwritten rules of the hacking group is never to attack charity sites. Within 24 hours of learning of the attack the group sent an email to RedSky’s owner with evidence that the attacker was a man living in Madrid, Spain.
Don’t tug on Superman’s cape, Part 2 – French company tries to trademark Anonymous’ logo: In an apparent bid to find out how good its computer security is, a French company is trying to trademark the Anonymous logo and slogan for commercial purposes. The company Early Flicker, or E-Flicker, has registered the group’s headless man logo and the slogan ‘We are Anonymous, We do not forgive, We do not forget. Expect us’ with the French National Institute of Industrial Property. If the trademark is granted it would allow the company to produce and sell items bearing the logo and take action against others who use it in France. A team claiming to be affiliated with the hacking group has posted a response on YouTube in which they say exactly what you think they’d say.