Tag: Security

Categories
GeekWire

NASA reviews security after data breach

Pleiades supercomputer network
NASA’s computer servers include the Pleiades supercomputer network. (NASA Photo)

NASA says it is reviewing its network security processes and procedures after a computer break-in exposed Social Security numbers and other personal information about the space agency’s current and past employees.

The breach was discovered in October, and its full extent and impact has yet to be determined. NASA says it will provide identity protection services to all those who have potentially been affected.

NASA Watch, an independent website founded by former NASA employee Keith Cowing, first brought the incident to light in a posting on Dec. 18 that quoted an internal NASA memo. The memo suggests that agency employees who were hired, transferred or left NASA between July 2006 and October 2018 may be affected.

Get the full story on GeekWire.

Categories
GeekWire

New crypto needed for quantum computing age

Quantum computing report
A new report from the National Academies says it’ll be at least a decade before quantum computing becomes powerful enough to crack today’s public-key cryptography, but it could also take that long to develop a new data-encoding system to protect against hacking. (National Academies Illustration)

new report from computer scientists estimates that it’s likely to be at least a decade before quantum computing tools become powerful enough to compromise the current system of public-key cryptography that serves as the foundation for data security and financial transactions.

But it could also take a decade or more to replace current crypto tools with new protocols that would be resistant to quantum hacking, according to the report, published today by the National Academies of Science, Engineering and Medicine.

Therefore, the report’s authors say, it’s urgent to begin the transition toward such “post-quantum” protocols — which can range from increasing the size of encryption keys to developing new lattice-based systems such as NewHope and Frodo.

The study was sponsored by the federal Office of the Director of National Intelligence, and meshes with policy strategies laid out in September during a White House quantum information science summit. Like the White House strategy document, the National Academies study points out that the rise of quantum computing will have deep implications for national security.

Get the full story on GeekWire.

Categories
GeekWire

Battleground shifts in fight over fake news

National Guard at work
Staff Sgt. Wiggin Bernadotte, a cyber warfare operator in the Washington Air National Guard’s 262nd Cyberspace Operations Squadron, works with Capt. Benjamin Kolar, a cyberspace operations officer in the 262nd, on an electrical substation simulator. The exercise is part of the Air National Guard’s effort to help secure and protect voting systems on Election Day. (JBLM / DVIDS / DOD Photo / Paul Rider)

Facebook and Twitter have been cracking down on political disinformation during the current election cycle, but there are signs that the fight against fake news has spread to new battlefields, ranging from LinkedIn to text messages.

In Washington state, the Air National Guard has called out its cyberspace operations unit to protect the voting system. And the battle won’t end when the votes are tallied.

“Be aware of the ‘voter fraud’ debate that will inevitably follow the election — no matter the results,” University of Washington information scientist Jevin West, one of the instructors for a “Calling B.S.” class that went viral, told GeekWire in an Election Day email.

Get the full story on GeekWire.

Categories
GeekWire

Online-only voting? Don’t do it, experts say

Electronic voting
Experts say electronic voting systems need to generate a voter-verifiable paper audit trail. (U.S. State Dept. Photo)

Chastened by Russian interference and hacking attempts in the 2016 election, academic experts on voting technology say electronic voting machines that don’t leave a paper trail should be phased out as soon as possible.

“Every effort should be made to use human-readable paper ballots in the 2018 federal election,” the experts write in a report issued today by the National Academies of Science, Engineering and Medicine. “All local, state and federal elections should be conducted using human-readable paper ballots by the 2020 presidential election.”

That’s already the case for Washington, Oregon and Colorado, where mail-only voting has become the norm. (The report notes that “vote-by-mail” is something of a misnomer, since most ballots are still returned by hand. “Ballot delivery by mail” comes closer to the mark.)

Washington’s election officials have implemented the report’s top recommendation for mail-voting systems: giving voters an easy way to check whether their ballot has been sent, and where their returned ballot is in the system. The “MyVote” websitelinks to online ballot trackers as well as voter registration information.

Get the full story on GeekWire.

Categories
GeekWire

Security strengthened at Sea-Tac after plane theft

Port of Seattle news briefing
Port of Seattle Commissioner Courtney Gregoire takes questions during a briefing at Seattle-Tacoma International Airport. (Port of Seattle via YouTube)

Security measures have been stepped up at Seattle-Tacoma International Airport, including the maintenance area where a ground support worker commandeered an empty plane for an unauthorized, and ultimately fatal, flight on Friday.

“You’ll see that increased presence,” Courtney Gregoire, president of the Port of Seattle Commission, said today at an informal Sea-Tac news briefing, “and we’ll keep monitoring what we need there.”

Gregoire didn’t go into detail about the nature of the security measures taken in air cargo areas. The Horizon Air plane, a Bombardier Q400 turboprop, had been parked for maintenance in one of those areas, known as Cargo 1, when airline employee Richard Russell took it out for an unauthorized flight.

Get the full story on GeekWire.

Categories
GeekWire

Fatal joyride points to gaps in airport security

Plane in the air
A stolen Horizon Air turboprop plane does maneuvers. (John Waldron via KING5)

The day after a Horizon Air employee stole an airplane, flew aerial stunts and crashed into a sparsely inhabited island in Puget Sound, airline executives acknowledged that more will have to be done about insider air security.

“Yesterday’s events will push us to learn what we can from this tragedy so that we can help prevent it from ever happening again, at our airline or any other,” Brad Tilden, CEO of Alaska Air Group, said today during a news briefing at Seattle-Tacoma International Airport.

Authorities said the pilot who made an unauthorized takeoff at 7:32 p.m. PT Friday was a 29-year-old ground service agent for Horizon Air, an Alaska Air subsidiary. “His job was to be around airplanes,” Tilden said.

Ground service agents typically load and unload baggage, tidy up the airplane after arrivals and take on other ground duties. The rogue pilot was authorized to operate the equipment that tows airplanes to and from runways.

Get the full story on GeekWire.

Categories
GeekWire

Scientists can weave data into your clothing

Magnetized-thread fabric
Using magnetic properties of conductive thread, University of Washington researchers can store data in fabric. In this example, the code to unlock a door is stored in a patch and read by magnetometers. Commercial products would almost certainly look more stylish. (UW Photo / Dennis Wise)

Want to wear your password on your sleeve? Computer scientists from the University of Washington can make it so.

A research team led by UW’s Shyam Gollakota has demonstrated a method for encoding digital data, including ID tags and security keys, into electrically conductive threads that can be woven invisibly into items of clothing.

The digital code is activated by magnetizing the threads, and then can be read out using magnetometers. A report on the data-weaving experiment was presented last week in Quebec City at the Association for Computing Machinery’s User Interface Software and Technology Symposium.

“This is a completely electronic-free design, which means you can iron the smart fabric or put it in the washer and dryer,” Gollakota, an associate professor at UW’s Paul G. Allen School of Computer Science and Engineering, said today in a news release. “You can think of the fabric as a hard disk — you’re actually doing this data storage on the clothes you’re wearing.”

Get the full story on GeekWire.

Categories
GeekWire

ID authentication scheme uses music as the key

Close Encounters
In “Close Encounters of Third Kind,” Francois Truffaut plays a UFO researcher who uses music as an authentication tool for the aliens. (Columbia / EMI via YouTube)

Amazon’s inventors have come up with a computer-based system that makes use musical transformations to authenticate a whole group of users — and block access if anyone strikes a false note.

The concept, which is called chained authentication using musical transforms, is the subject of a patent that was sought back in 2014 and published today.

Here’s how it could work: When a pre-specified group requests access to protected data, the computer service holding that data sends out a “musical seed” to the first user on the group’s list. This seed can be an actual melody, or it can be a series of seemingly garbled tones.

The first user runs the tones through a transformation — for example, changing notes from sharps to flats, or bringing the melody down a fifth. Different users apply their own assigned algorithms to twist and turn the melody, and the last user on the list sends the audio file back to the service for authentication.

Get the full story on GeekWire.

Categories
GeekWire

U.S. accuses Russia of email meddling in politics

Email flurry
The U.S. government links the Russian government to campaign email intrusions. (© Gajus via Fotolia)

The U.S. intelligence community is formally accusing the Russian government of playing a role in email hacks aimed at casting the Democratic Party in an embarrassing light and influencing the presidential election.

In a statement issued today, the Department of Homeland Security and the Office of the Director of National Intelligence said this year’s email disclosures by DCLeaks.com and WikiLeaks were consistent with the methods and motivations of Russian-directed efforts.

“We believe, based on the scope and sensitivity of these efforts, that only Russia’s senior-most officials could have authorized these activities,” the agencies said.

The statement also noted that most of the recent attempts to probe state-level election systems have been traced to computer servers operated by a Russian company. “However, we are not now in a position to attribute this activity to the Russian government,” the federal agencies said.

Get the full story on GeekWire.

Categories
GeekWire

FAA funding measure boosts airport security

Image: Canine team
A bomb-sniffing dog and its security team from the Transportation Safety Administration keep watch at Washington Dulles International Airport. (Credit: TSA)

The U.S. Senate today gave final congressional approval to a measure that authorizes funding for the Federal Aviation Administration through September 2017 – and also changes procedures for airport security and emergency drone operations.

“It’s a little more than a 14-month extension, but don’t let that fool you, because it is going to put into permanent law bolstering security at our airports in order to help better protect us,” Sen. Bill Nelson, D-Fla., said on the Senate floor.

Bolstering airport security was a high priority for Sen. Maria Cantwell, D-Wash., one of the bill’s sponsors. She said the measure would help head off soft-target airport attacks like the ones that hit Brussels and Istanbul earlier this year.

“By passing this bill, we’re doubling the number of terrorist deterrent teams at U.S. airports and ground transportation hubs,” Cantwell said.

Get the full story on GeekWire.