Security News Digest For Oct. 14, 2016
A look at the security events that made headlines this week:
The Russian Hacking Whodunnit (Newsweek)
If Hillary Clinton were Rachel in "The Girl on the Train," Vladimir Putin would end up with a corkscrew in his neck. Alas, cyber wars don't lend themselves to the neat endings of fictional whodunnits, much less most real crimes. Four months after the security firm Crowdstrike revealed that two groups of hackers believed to be based in Russia had penetrated the Democratic National Committee, convincing evidence has yet to surface that the Kremlin is responsible—and it may never. Likewise, security experts said last summer that whoever hacked Hillary Clinton's private email servers was "far too skilled to leave evidence of their work." Nevertheless, the White House, relying on the conclusion of U.S. intelligence that the latest theft of Clinton’s emails originated in Russia, vowed Wednesday to hit back with a "proportional" response that would not be "announced in advance," in the words of spokesman Josh Earnest.
Verizon Signals Yahoo Data Breach May Affect Acquisition (IDG News Service)
Verizon has signaled that Yahoo's massive data breach may be enough reason to halt its US$4.8 billion deal to buy the internet company. On Thursday, Verizon's general counsel Craig Silliman said the company has a "reasonable basis" to believe that the breach involving 500 million Yahoo accounts has had a material impact on the acquisition. This could give the company room to back out or get a large discount.
The simple goal of the hacks: undermine confidence in one of the most contentious presidential elections in memory.
Survey: Most companies want to phase out passwords (Computerworld)
A new survey has found that most organizations are leaning toward phasing out password authentication. The results come from Wakefield Research, which surveyed 200 IT decision makers in the U.S. last month. Sixty-nine percent of the respondents said they will probably do away with passwords completely in the next five years.
Android Fragmentation Sinks Patching Gains (Threatpost)
It's been 13 months since Google began releasing Android security bulletins and software patches on a scheduled, monthly basis. So far, the benefits of the new strategy to shore up Android's defenses are mixed at best. Compared to Apple's patching track record, Google's is significantly lacking.