The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

The San Bernardino terrorist's iPhone that the Department of Justice (DoJ) and the Federal Bureau of Investigation (FBI) said was critical in their investigation has absolutely nothing useful on it , at least so far. Yes, the same iPhone that was subject of so much attention from the past few months. Here's a brief look at what happened in recent months over the iPhone: The DoJ and Apple were engaged in a legal battle over a court order that was forcing Apple to help the FBI access data on a locked iPhone tied to Syed Farook. Farook was one of two terrorists involved in the San Bernardino shooting incident last year that left 14 people dead. The FBI desperately wanted access to that locked iPhone , not because it was expecting any case-breaking evidence on Farook's work-issued iPhone, but it was just trying to gather all available information, leaving no stone unturned. When Apple refused to comply with the court order, the FBI found an altern

Microsoft is suing the Department of Justice (DoJ) to protest the gag order that prevents technology companies from telling their customers when their cloud data is handed over to authorities. In layman's terms, the Electronic Communications Privacy Act (ECPA) allows the government to issue gag orders saying that the people or companies involved in a legal case cannot talk about the case or anything related to it in public. So, the government is continuously forcing tech companies to hand over their customers' emails or personal records stored in the cloud servers without their clients' knowledge. Microsoft has filed a lawsuit [ PDF ] against the DoJ, arguing that it is " unconstitutional " and violates constitutional protection of free speech to force the tech companies for not informing their customers when their stored data has been shared with authorities. "We believe these actions violate two of the fundamental rights that have been part of this countr

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

The United States anti-encryption bill will kill your Privacy. In the wake of the Apple vs. FBI case, two leading Intelligence Committee Senators have introduced an anti-encryption bill that would effectively ban strong encryption. Senators Richard Burr (R-NC) and Dianne Feinstein (D-CA) released the official version of their bill today in response to concerns that criminals and terrorists are increasingly using encrypted devices to hide their plans and plots from authorities. As its name suggests, the Compliance with Court Orders Act of 2016 [ PDF ] would require people and technology firms like Apple and Google to comply with court orders to decrypt phones and its data. The draft copy of the Burr-Feinstein proposal was leaked last week, which has already faced heavy criticism from both the technology and legislative communities. Even the White House has declined to support the bill. The official version of the anti-encryption bill seems to be even wors

Former Reuters journalist Matthew Keys , who was convicted last year of helping the Anonymous group of hackers, has been sentenced to 24 months in prison for computer hacking charges. Keys was found guilty last year in October of giving Anonymous login credentials that allowed the group to deface the Los Angeles Times, a Tribune Media-owned newspaper, back in 2013. After leaving the job at Tribune Company-owned Sacramento KTXL Fox 40 in 2010, Keys posted login credentials for the company's content management system (CMS) on a chatroom where hacking collective Anonymous planned out their operations. The hacking collective then logged into the CMS and defaced an LA Times article that remained defaced for about 40 minutes before a journalist noticed and changed it back – though Keys still denies all allegations. Keys faced a possible sentence of up to 25 years for three counts of hacking charges under the Computer Fraud and Abuse Act. Although the US Attorne

The National Crime Agency (NCA) of United Kingdom is forcing the British citizen, and political hacktivist Lauri Love accused of hacking to hand over encryption keys to equipment seized from his home. Love, 31, is currently fighting extradition to the United States where he faces up to 99 years in prison for allegedly hacking into the Federal Bureau Investigation (FBI), the US Missile Defence Agency, NASA and Federal Reserve Bank of New York during 2012 and 2013. US Prosecutors claim that Love was allegedly involved in #OpLastResort , an online protest linked with the Anonymous group, following the persecution and untimely death of activist Aaron Swartz , who committed suicide in 2013 while under federal charges for data theft. Love was initially arrested from his home in Stradishall, England in October 2013 by the NCA and had criminal charges filed against him in New York, East Virginia, and New Jersey. During a court hearing at Westminster Magistrates on Tues