In February 2016, the Internet was shaken by an epidemic caused by the new ransomware Trojan Locky (detected by Kaspersky Lab products as Trojan-Ransom.Win32.Locky). The Trojan has been actively propagating up to the present day. Kaspersky Lab products have reported attempts to infect users with the Trojan in 114 countries around the world.
Security is all about balance—keeping users and data safe has to sit alongside usability and efficiency. At CERN, the European Organization for Nuclear Research and home of the Large Hadron Collider (LHC), Stefan Lueders has the daunting task of coordinating the security of systems while maintaining an environment of academic freedom.
A trio of security researchers have devised a new automated attack that can break the CAPTCHA systems employed by Google and Facebook.
The researchers utilized a large number of factors in putting together their attack, leveraging tricks to bypass CAPTCHA security measures (cookies, tokens) and machine learning to "guess" the correct (image) CAPTCHA answer with a higher degree of accuracy than previous studies.
“End to end encryption is a good thing, but it’s really just the beginning of good security,” said Jonathan Zdziarski, a leading independent security researcher and forensics expert. “No question about it, this is good tech. But just like any tech it’s not perfect. The real question: Is WhatsApp’s owner Facebook going to be responsible with this technology? A lot of people view Facebook as the antithesis of privacy,” Zdziarski said.
The firm ran its unencrypted emails through an outdated (2009) version of Microsoft’s Outlook Web Access. Outdated open source software running the frontend of the firm’s websites is also now suspected to have provided a vector for the compromise.