Security

Without the Domain Name System (DNS), we're all lost on the Internet. DNS provides the service that translates our human readable Web addresses such as google.com to their real, but mysterious Internet Protocol version 4 (IPv4) addresses, such as 8.8.8.8 or IPv6's 2001:4860:4860::8888. The problem with this master yellow pages directory to the Internet is that DNS records themselves can be corrupted or your communications with the DNS servers interrupted by a man-in-the-middle (MiM) attack.

The UK has crowned its Cyber Security champion, Will Shackleton.

Shackleton, who is 19 and has already earned an internship at Facebook, beat 3,000 entrants and 41 fellow finalists to emerge at the top of the competition, according to organisers, and is a very worthy winner.

Naturally, he was happy to receive the gong for having cracked through a challenge set by BT, GCHQ, the National Crime Agency, Juniper Networks and Lockheed Martin.

Spokeswoman for the NATO military alliance, Oana Lungescu, said on Twitter that several of its websites had been hit by "a significant DDoS [denial-of-service] attack" on Saturday.

But it said the attacks had no operational impact.

In DDoS attacks, hackers hijack multiple computers to send a flood of data to the target, crippling its computer system. Lungescu said experts are working to restore normal function, but the websites had remained down for hours and still could not be accessed early on Sunday.

The deadline for installing secure operating systems on federal government computers will pass next month with the job incomplete, leaving hundreds of thousands of machines running outdated software and unusually vulnerable to hackers.

Federal officials have known for more than six years that Microsoft will withdraw its free support for Windows XP on April 8, 2014. Despite a recent rush to complete upgrades, an estimated 10 percent of government computers — out of several million — will still be running the operating system on that date, company officials said.

While developers are getting better about hardening their software, the 35 vulnerabilities revealed at the Pwn2Own tournament this week show that security remains a work in progress.

Why does it seem so easy to pirate today?

It just seems a little hard to believe that with all of our technological advances and the billions of dollars spent on engineering the most unbelievable and mind-blowing software, we still have no other means of protecting against piracy than a "serial number/activation key." I'm sure a ton of money, maybe even billions, went into creating Windows 7 or Office and even Snow Leopard, yet I can get it for free in less than 20 minutes. Same for all of Adobe's products, which are probably the easiest.

 An article that accused the National Security Agency of impersonating Facebook to spy on U.S. citizens has triggered a denial from the NSA and a reprimand for the U.S. president from CEO Mark Zuckerberg.

The article, which also said the NSA plans to infect millions of PCs with malware, appeared on the website First Look and was co-written by Glenn Greenwald, who shot to prominence last year for a series of articles in the Guardian about classified NSA documents leaked by Edward Snowden.

 Law enforcement agencies in California are using devices that mimic cellular base stations to track mobile users, public records have revealed, triggering charges that the practice may be unconstitutional.

Target said Thursday it investigated but ultimately dismissed early signs of a data breach, a decision it likely regrets after suffering one of the largest payment-card and personal-data breaches on record.

The retailer said it logs a vast number of technical events each week, and “a small amount of [the criminals’] activity was logged and surfaced to our team. That activity was evaluated and acted upon,” Molly Snyder, a Target spokeswoman, said in an emailed statement on Thursday.

It’s become a familiar walk for Chaouki Bekrar. Year after year at the Pwn2Own contest, the controversial Vupen founder is scurried from a small room in the basement of the Sheraton hotel to a suite several floors above. It’s a short journey from where a string of zero-day exploits are executed to where formal disclosure is made to the vendor in question. It’s also where payment is arranged, and on this day, exclusivity is promised to HP’s Zero Day Initiative.