Preventing data at rest from rotting, Microsoft puts out the warning signal on RC4, and the International Space Station gets infected by malware.

Plus a fantastic batch of your questions, our answers, and much much more!

Thanks to:

Show Notes:

6 in 10 malware analysts in US have investigated or addressed a data breach that was never disclosed by their company

• “The independent blind survey of 200 security professionals dealing with malware analysis within U.S. enterprises was conducted by Opinion Matters on behalf of ThreatTrack Security in October 2013”
• “These results indicate that known data breaches may be significantly underreported and are putting customers and partners at risk”
• “according the survey, companies with more than 500 employees are even more likely to have had an unreported breach”
• A device used by a member of senior management is most likely to be infected by:
• Clicking on a malicious link in a phishing email (56%)
• Allowing a family member to use a company-owned device (45%)
• Visiting a pornographic website (40%)
• Installing a malicious mobile app (33%)
• “When asked to identify the most difficult aspects of defending their companies\’ networks from advanced malware, 67% said the complexity of malware is a chief factor; 67% said the volume of malware attacks; and 58% cited the ineffectiveness of anti-malware solutions.”

Microsoft tells developers to drop RC4 from their applications

• They also recommend against using SHA-1, and will stop recognizing the validity of SHA-1 based certificates after 2016
• “Since 2005 there have been known collision attacks (where multiple inputs can produce the same output), meaning that SHA-1 no longer meets the security standards for a producing a cryptographically secure message digest”
• Additional Coverage
• Jacob Appelbaum: RC4 is broken in real time by the #NSA – stop using it.

International Space Station infected by malware

• The Malware came aboard on a USB stick carried by a Russian Astronaut
• “Kaspersky revealed that Russian astronauts carried a removable device into space which infected systems on the space station. He did not elaborate on the impact of the infection on operations of the International Space Station (ISS).”
• “Kaspersky said he had been told that from time to time there were \”virus epidemics\” on the station.”
• Until recently, the dozens of laptops on the ISS all ran Windows XP
• Kaspersky also revealed that an unnamed Russian nuclear facility, which is also cut off from the public internet, was infected with the infamous Stuxnet malware.
• “Russian security expert Eugene Kaspersky has also told journalists that the infamous Stuxnet had infected an unnamed Russian nuclear plant and that in terms of cyber-espionage \”all the data is stolen globally… at least twice.\””
• Additional Coverage

Feedback:

• Did you guys do a segment on Cryptlocker? I would really like to watch that

• FreeBSD as transparent DNS?

• Data Integrity

• New Job Blues

Round Up:

• While the FAA will allow passengers to use Kindles during flight, European regulators will allow 3g and 4g broadband
• Backblaze Blog » How long do disk drives last?
• Skype investigating adding ‘typing suprression’
• Cisco threatening the open switch design coming from Facebook, Intel and Broadcom
• GCHQ created fake LinkedIn to comprimise specific users’ information
• Amazon offering virtualized workspaces started at $35 per month
• Netflix and Youtube now make up 50.2% of US traffic during peak time
• XSplit does password reset after apparent compromise