Hutchins Pleads Not Guilty to Creating Malware

Today’s topics include security researcher Marcus Hutchins' not guilty plea to charges he created the Kronos banking trojan, a court ruling that favors Western Digital in its memory-chip dispute Toshiba; the security study findings that organizations are willing to try longer passwords and the addition of Android O support to Google's Internet of Things platform.

Security researcher Marcus Hutchins, also known by his online alias 'MalwareTech' has entered a plea of not guilty to charges he created the Kronos banking trojan.

Hutchins entered the plea in a Milwaukee, Wis. federal courthouse on Aug 14. Hutchins was first arrested on Aug. 2 as he attempted to return to his home in the U.K. after spending a week in Las Vegas attending the Black Hat and DefCon security conferences.

U.S. law enforcement officials arrested Hutchins in connection with a six-count U.S. Department of Justice indictment alleging that Hutchins and an unnamed co-conspirator created and sold the Kronos banking trojan.
Western Digital and its flash memory subsidiary SanDisk won a round in its legal dispute with joint venture partner Toshiba when a California court said this week that Toshiba could not bar Western Digital employees from gaining access to shared databases that are part of the joint venture.

In a statement, Western Digital officials applauded the ruling, saying it clarified an earlier temporary restraining order and “allows our talented team to continue working productively alongside our [joint venture] colleagues to innovate and deliver cutting edge technology to our customers.”

Toshiba executives issued their own statement saying the current litigation with Western Digital and SanDisk will not limit the company’s business plans.

The National Institute for Standards and Technology is updating its guidance for password complexity by advising end users to choose longer pass phrases, rather than simply a mix of upper and lower case characters.

According to a survey from security awareness vendor KnowBe4, many users are open to the idea of using a pass phrase approach advocated by NIST. NIST Special Publication 800-63B titled, "Digital Identity Guidelines" states that password length has been found to be a primary factor in characterizing password strength.

"Passwords that are too short yield to brute force attacks as well as to dictionary attacks using words and commonly chosen passwords," NIST states. The survey found that 44 percent of respondents indicated that a password of 25 characters would be a viable option for their organizations.

"Users should be encouraged to make their passwords as lengthy as they want, within reason. Since the size of a hashed password is independent of its length, there is no reason not to permit the use of lengthy passwords or pass phrases if the user wishes.”

Google has released the latest developer preview of its Android Things platform for the Internet of Things.

Developer Preview 5 of Android Things is the first version of the platform to use Google's upcoming Android O operating system's code base. It includes new Application Programming Interface features from Android O as well as specific new features for Android Things.

The latest preview version of Android Things also gives developers a look at the new support for technologies such as OpenGL and WebView for the Raspberry Pi 3 that has been integrated into Android Things.