Silent Mail →
New and shiny, the Dark Mail Alliance has released the company's secure mobile platform, with minimal fanfare, but tremendous functionality. Founding members of the alliance are Phil Zimmermann, John Callas, Mike Janke and Ladar Levinson; code is available for examination on GitHub. Outstanding!
Spamhaus Statistics of Cybercrime
Spamhaus has released research targeting cyber-crime within the 2014 calendar year. Evidence of increased pernicious botnet behavior attributed to these master/slave systems is the research report's message. Interestingly, Spamhaus has said "Because these IP addresses host no legitimate services or activities, they can be blocked (blackholed) on an ISP's or company's network without the fear of affecting legitimate traffic."
Fractal Governance →
Or, what comes after the nations-state construct? In this case, if one is to take a gander at the future, through the discerning eye of futurist Thomas Frey, something akin to a fractal geometry, applied to the notion of governance...
Bureau Releases Additional Evidence of DPRK Complicity
Ah, news outlets are reporting evidence release by the United States Department of Justice's Federal Bureau of Investigation; in this case detailing DPRK complicit activity in the now infamous SONY hack...
Hard, Network Security Is...
Today's MustRead: Well crafted thought piece via LightCyber's Uriel Maimon on the multitude of failures in the network protection racket, and why - evidently - security and network professionals are unable to protect their at-risk network infrastructures.
Defectum Securitas →
via VentureBeat's Evan Schuman, comes the sorry tale of enterprise security failures, and importantly, the continued failures of both security implementation and deployment in the recently high profile retail security snafus of last year [eg. Target's gargantuan credit and debit card breach] Astonishing...
Noah's Ark, Москва Style
News' has reached the New World, of a fascinating endeavor - led by researchers at Moscow State University - to locate, gather, categorize and store all Deoxyribonucleic Acid on Earth. A new form of Russian Hegemony, or a commendable and valid scientific effort to preserve the genetic code of nearly all living things in a veritable snap-shot of life? You be the judge...
"I call the project ‘Noah’s Ark.’ It will involve the creation of a depository – a databank for the storing of every living thing on Earth, including not only living, but disappearing and extinct organisms. This is the challenge we have set for ourselves,” MSU rector Viktor Sadivnichy told journalists. " - via RT News
Physical Access Not Required →
Physikalisch Zugriff Nicht Erforderlich
More interesting security slap and tickle at the Chaos Computer Club confab in Germany... This time, apparently the lack of physical access was not an impediment in the second well publicized defeat of Apple Inc.'s [NasdaqGS: AAPL] TouchID. Jan Krissler, holding forth at the conference has detailed the steps taken to overcome the vaunted security of TouchID via a presentation entitled 'Gefahren von Kameras für (biometrische) Authentifizierungsverfahren [31c3] '.
'Krissler said he used commercially available software called VeriFinger to pull off the feat. The main source was a close-up picture of von der Leyen’s thumb, obtained during a news conference in October, along with photographs taken from different angles to get an image of the complete fingerprint.' - via Emil Protalinski writing at VentureBeat
IPSec, Keep On Keeping On...
Paul Wouters' [Mr. Wouters is currently employed at Red Hat] view on the use of IPSec... His post details the work of film-maker Laura Poitras [awarded the George Polk Award for National Security Reporting with Glenn Greenwald and Ewen MacAskil] and security researcher Jacob Appelbaum [along with the collaboration of Der Speigel] in a presentation at the 31st Chaos Computer Club Congress. Today's' MustRead.
NCCoE Speaker Series in Maryland →
The National Cybersecurity Center of Excellence has issued an invitation for the first talk in the new years' NCCoE Speaker Series, slated for January 14th, 2015. The Center has scheduled Chris Inglis, currently a venture partner with the Paladin Capital Group [Mr. Inglis' previous line of work was as the Deputy Director of the National Security Agency from 2006 to 2014]. If you are in the Rockville vicinity, the Speaker Series is a highly regarded event.
Trust, Lack Thereof... →
Information is Beautiful has created a diagrammatical tour de force, carving the litany of questionable security competence within the compromised companies, onto like-minded information security architects, engineers and researchers.
Read it and weep my friends...
Lewis' Take, SONY Debacle →
via FORBES, the erudite Dave Lewis presents his well reasoned screed, detailing the his take on the SONY [NYSE: SNE] debacle. Outstanding.
"The movie “The Interview” has been scrapped based on a threat from an anonymous posting and with conjecture from unnamed sources. When did common sense go pear shaped?..." - via Forbes, and by Dave Lewis
Tiny Subversions, Kazemi's Projects
So important, Mr. Kazemi's video is meets today's Must Watch criteria.
Milspec Town
Illustrating exactly why, Cyber Ranges are vitally important for training. After all, you will fight like you train.
Rogers' Take, SONY Debacle →
Marc Rogers' take on the SONY [NYSE: SNE] incursions, with a step-by-step rebuttal of the ostensible involvement of the Government of North Korea. Mr. Roger's argument - bolstered by the opinions of other, highly respected security professionals - is hardly surprising, yet satisfying in it's diametric view of the Federal Bureau of Investigation's examination of the matter...
ICS-CERT: Remote Code Execution Flaw, Network Time Protocol
Reports of newly discovered targeted attack code harshed our collective holiday mellow late last week, with the notification via the ICS CERT of flaws in the Network Time Protocol (in this case, prior to NTP version 4.2.8). The NTP 4.28 tarball is here, for folks that need to update their NTP deployments.
"NTP users are strongly urged to take immediate action to ensure that their NTP daemon is not susceptible to use in a reflected denial-of-service (DRDoS) attack. Please see the NTP Security Notice for vulnerability and mitigation details, and the Network Time Foundation Blog for more information. (January 2014) " - via NTP.org