17 matches found
Chinese engineer stole US military and NASA software for years
International espionage isn't always about sophisticated malware and zero-day bugs. Sometimes it's as simple as pretending to be someone else asking for a favor. For four years, a Chinese aerospace engineer did just that. Dozens of researchers at NASA, the US military, and major universities hand...
The Semiconductor Industry and Regulatory Compliance
Earlier this week, the Trump administration narrowed export controls on advanced semiconductors ahead of US-China trade negotiations. The administration is increasingly relying on export licenses to allow American semiconductor firms to sell their products to Chinese customers, while keeping the...
On the Zero-Day Market
New paper: "Zero Progress on Zero Days: How the Last Ten Years Created the Modern Spyware Market": Abstract: Spyware makes surveillance simple. The last ten years have seen a global market emerge for ready-made software that lets governments surveil their citizens and foreign adversaries alike an...
Estonian National Charged in U.S. for Acquiring Electronics and Metasploit Pro for Russian Military
An Estonian national has been charged in the U.S. for purchasing U.S.-made electronics on behalf of the Russian government and military. The 45-year-old individual, Andrey Shevlyakov, was arrested on March 28, 2023, in Tallinn. He has been indicted with 18 counts of conspiracy and other charges. ...
US Sanctions Pegasus-maker NSO Group and 3 Others For Selling Spyware
The U.S. Commerce Department on Wednesday added four companies, including Israel-based spyware companies NSO Group and Candiru, to a list of entities engaging in "malicious cyber activities." The agency said the two companies were added to the list based on evidence that "these entities developed...
U.S. Government Bans Sale of Hacking Tools to Authoritarian Regimes
The U.S. Commerce Department on Wednesday announced new rules barring the sales of hacking software and equipment to authoritarian regimes and potentially facilitate human rights abuse for national security NS and anti-terrorism AT reasons. The mandate, which is set to go into effect in 90 days,...
The Legal Risks of Security Research
Sunoo Park and Kendra Albert have published "A Researcher’s Guide to Some Legal Risks of Security Research." From a summary: Such risk extends beyond anti-hacking laws, implicating copyright law and anti-circumvention provisions DMCA §1201, electronic privacy law ECPA, and cryptography export...
NERC CIP Compliance in Azure vs. Azure Government cloud
As discussed in my last blog post on North American Electric Reliability Corporation—Critical Infrastructure Protection NERC CIP Compliance in Azure, U.S. and Canadian utilities are now free to benefit from cloud computing in Azure for many NERC CIP workloads. Machine learning, multiple data...
Story of Gus Weiss
This is a long and fascinating article about Gus Weiss, who masterminded a long campaign to feed technical disinformation to the Soviet Union, which may or may not have caused a massive pipeline explosion somewhere in Siberia in the 1980s, if in fact there even was a massive pipeline explosion...
Wassenaar Renegotiation Will Be in Trump Administration's Hands
A nearly two-year effort to renegotiate language related to export controls around intrusion software in the Wassenaar Arrangement was rejected earlier this month during the member states’ plenary meeting. This means that the overly broad language in the first draft of the rules, introduced in Ma...
Government Takes Second Look at US Wassenaar Rules
In spite of self-congratulatory pats on the back from several corners of the security world, this week’s decision from the Commerce Department’s Bureau of Industry and Security BIS to rewrite the proposed U.S. implementation of the Wassenaar Arrangement rules was an expected outcome—albeit an...
Google Calls Proposed U.S. Wassenaar Rules 'Not Feasible'
As the clock winds down on the comment period for the United States government’s proposed implementation of the Wassenaar Arrangement export controls for intrusion software, Google officials say that the rules would have a “significant negative impact” on security research. The Department of...
Security Researchers Publish Comments on Wassenaar Rules
With the two-month comment period for the proposed U.S. Wassenaar Arrangement rules barely under way, a cast of influential security researchers has wasted no time preparing and submitting their thoughts on the controversial proposal. Researchers who seek out vulnerabilities in software—developin...
Proposed U.S. Wassenaar Rules on Intrusion Software
Two things worth noting from yesterday’s unveiling of the Bureau of Industry and Security’s proposed Wassenaar rules for the U.S. that weren’t so overt: a The U.S. generally leads the way in implementing Wassenaar changes, and this time it’s been beaten by the EU by almost 18 months; and b reques...
Researchers Wary of Wassenaar Arrangement Proposed Rules
Professional security researchers concerned about proposed changes to the Computer Fraud and Abuse Act CFAA that include stiff penalties for what today is considered legitimate offensive research, are worried about another impending punch to the gut. The Commerce Department’s Bureau of Industry a...
Advocates Seek 'Smart Regulation' of Surveillance Technology
The long shadow cast by the use of surveillance technology and so-called lawful intercept tools has spread across much of the globe and has sparked a renewed push in some quarters for restrictions on the export of these systems. Politicians and policy analysts, discussing the issue in a panel...
L0phtCrack password cracker set to return
More than two years after Symantec pulled the plug on L0phtCrack, the venerable password cracking tool is being prepped for a return to the spotlight. The original creators of L0phtCrack has reacquired the tool with plans to release a new version at next week’s SOURCE Boston conference. A teaser...