tagged w/ cyber security
-
The US Defense Information Systems Agency announced that it is going to released a Request For Information this month. Anyone responding to DISA’s RFI would do well to study the methodology that Barrett Lyon describes using the open source SQUID proxy and caching server. The technique spelled out by Barrett involves putting a bank of high end servers running SQUID in front of the potential targets.The US Defense Information Systems Agency announced that it is going to released a... more
-
-
By Mike Spinney, CIPP, Privacy Analyst, Ponemon Institute - Here’s a brazen bit of breachery from the Miami Herald: It’s a neat little proposition: for a flat monthly fee, a data broker (of sorts) acquires medical records from a hospital employee and passes them through to a personal injury lawyer for a fee plus a percentage of his lawsuit earnings...By Mike Spinney, CIPP, Privacy Analyst, Ponemon Institute - Here’s a brazen bit... more
-
-
Review the state of play of cyber security for the government and the private sector, including recommendations on how to create a more productive public-private partnership. Cyber security policies are rapidly expanding, indicating the critical threat faced by any organization using Internet-based technologies. In 2008, the Bush Administration launched the most comprehensive cyber security policy review in the federal government’s history. Soon after taking office, President Obama tasked the National Security Council to review our nation’s cyber security policy. In April, the first major bill calling for broad federal regulations and unprecedented power over private sector cyber systems was introduced in the Senate.Review the state of play of cyber security for the government and the private sector,... more
-
-
Thieves prey on our deepest and strongest emotions, and two people madly in love and about to take the plunge are certainly full of emotions and stress. Stress makes us more apt to decide quickly, without thinking the situation through. The sense of relief we feel may encourage us to accept an offer that seems “too good to be true” when we might otherwise hesitate.Thieves prey on our deepest and strongest emotions, and two people madly in love and... more
-
-
Sun Tzu’s theories are for the tactically minded professional wanting to secure every possible advantage - for the professional who wants to understand the mental, moral, and physical realms of conflict. WHY? Because that’s how we win on the street.Sun Tzu’s theories are for the tactically minded professional wanting to secure... more
-
-
The majority of Twitter users don’t mind sharing their tweets (i.e. their Twitter updates) with the rest of the world. After all, sharing ones thoughts/actions is at the core of social networks like Twitter, Facebook, MySpace. However, what users often don’t realize is that in aggregate, their tweets paint a picture about who they really are.The majority of Twitter users don’t mind sharing their tweets (i.e. their... more
-
-
Why cyber defense? How is this different than “security”? The difference is in motivation, purpose, and risks. Announcing the birth of Cyber Defense Weekly, a newsletter created to give participants in this new category a comprehensive summary of the week’s news, product announcements, and escalations in cyber threats.Why cyber defense? How is this different than “security”? The difference... more
-
-
Simple social engineering tactics can often be used to get to sensitive information simply by supplying a valid SSN. I know many of the business companies I’ve called, when just doing unscientific tests, started out the call with, “May I have your account number please?” To which I say, “Oh, darn; I don’t have that with me! Could I give you my SSN instead?” And usually they say, “Sure; give me the SSN.” Bingo. Social engineering is powerful and used by many crooks.Simple social engineering tactics can often be used to get to sensitive information... more
-
-
Computerworld reports that one in five companies search social networking sites during the hiring process, although many experts believe that number is much higher. You may think that you’re immune to ID theft or misinformation because you don’t have any MySpace, Twitter or Facebook accounts- but read on and you will find that is far from the truth.Computerworld reports that one in five companies search social networking sites during... more
-
-
The idea of having confidential records shopped to competitors and then offered up for sale to the highest bidder would be enough to keep any CIO up at night. Yet, as scary as this scenario is, cyber extortion remains rare. The bigger threat - one that should legitimately keep IT professionals up at night - is on the inside.The idea of having confidential records shopped to competitors and then offered up for... more
-
-
In the age where a huge percentage of all attacks are done through e-mail, very few of us know how to analyze where this e-mail was sent from. This analysis must go beyond the sender e-mail displayed in your e-mail client (which are easily spoofed). Here is a simple tutorial on analyzing Internet headers.In the age where a huge percentage of all attacks are done through e-mail, very few of... more
-
-
Twitter suspends accounts of users with infected computers; South Korea blocks sites to help end cyber attacks; Kansas audit raises computer security questions; Apple still mute to iPhone complaints; U.S. State Dept. workers beg Clinton for Firefox; Snooping through the power socket; New York official: Tagged site stole identities; Firefox 3.5 vulnerability rated ‘highly critical; Probe into cyberattacks stretches around the globe; BlackBerry update bursting with spyware; French workers threaten to blow up Nortel factory; FBI charges satellite descramblers…Twitter suspends accounts of users with infected computers; South Korea blocks sites... more
-
-
Analyzing an incident when the manufacturer claims that it’s an operator error and the operator claims that it is an application error is one of the most daunting tasks of a security officer. And this is a type of incident that the security officer will be called upon to investigate simply because the management needs an independent observer and has doubts both in the operator as well as the manufacturer. Here is what to do when thrown into the fire…Analyzing an incident when the manufacturer claims that it’s an operator error... more
-
-
Who knew?
In a speech to the Council on Foreign Relations, police Commissioner Raymond Kelly reported this astounding number. Fortunately, none of these attacks have succeeded, but the New York Police have been forced to rigorously protect itself from high tech crime. The majority of the attempted attack on the NYPD's system originate in China or the Netherlands (WTF, Nederlanders?! Your standard of living is high enough!). Some more complex cyber crime networks implicate that they are a part of the Chinese government's espionage program. China denies it.
In light of recent cyber plots uncovered at the Pentagon and Defense Secretary Gates statement that "The US is under cyber-attack virtually all the time, every day" this little American suspects that one part of the public sector spending in the US that's going to grow hugely in the next few years is cyber security. Get ready for some government contracts, all you white hats!Who knew?
In a speech to the Council on Foreign Relations, police Commissioner... more
-
-
Two bills introduced giving the President the power to deem a private network part of the nation’s critical infrastructure and shut it down for cybersecurity reasons also gives the Commerce Secretary the power to access network data outside of oversight.Two bills introduced giving the President the power to deem a private network part of... more
-
-
The Airforce suspended their cyber command before it was launched. I remember seeing the ads on TV:
(Queue serious music over aerial shots of the Pentagon)
Serious Deep Voice Narrator: This building will be attacked 3 million times today, and we got just the guy to defend it...
Airman Nimrod (smiling like a goofball in a dark room standing next to a Dell with dual monitors running Windows XP): Hi, I'm Airman Bobby Nimrod of the air force cyber command!
Serious Deep Voice Narrator: Trained for 6 weeks at air force technical school because he scored above a 75 on his ASVAB and said he liked "messing with computers and stuff." He'll be part of an elite group that responds to online attacks using air force technology.
(queue more stock footage of command centers with big screens and unclassified simulated events)
Serious Deep Voice Narrator: US air force, above all. Learn more about our changing world at "airforce is friggin sweet.com"
The home page for this program is at http://www.afcyber.af.mil
First off, why would they locate the command in shreveport, louisiana? Secondly, with our current resources we can't or won't even shut down a simple 419 scam ring so it doesn't lend confidence that they could stop sophisticated chinese hackers.
This kind of work will probably just be handed over to one of the spook agencies so there will be less accountability (a la the warrant less wiretaps.) This avoids any constitutional barriers that the program would have if it were done through the military. The third amendment expressly prohibits the military from peacetime quartering of troops without consent of the owner of the house. If you're on my computer whether locally or remotely, you're in my home and you're violating my rights if you're a soldier. But if you're a CIA spy, well that's just business as usual and even if you were able to blow the whistle on their activity they'd just manufacture media outrage because you're letting the enemy know how we operate and you're hurting America, and what are you trying to hide that you're so ashamed of; privacy is only important to people that are doing devious things. The new enemies of the state in America are whistle blowers which is why funding for whistle blower protection programs got taken out of HR 1.The Airforce suspended their cyber command before it was launched. I remember seeing... more
-
-
gldeer
-
added this
-
3 years ago
- |
-
Center for Strategic and International Studies, the Washington think tank noted for its defense policy research, wants Obama to take charge of cyber-security and make the White House its political nerve center. It recommended that he create a new office for cyberspace in the Executive Office of the President that would work closely with the National Security Council, "managing the many aspects of securing our national networks while protecting privacy and civil liberties." Any attempt to broadly secure cyberspace will, by necessity, involve close scrutiny of the information traveling through it, including e-mails, instant messages, and, increasingly, telephone calls.
Why does that last part sound scary?????Center for Strategic and International Studies, the Washington think tank noted for... more
-
