ISOC, 2015 Jonathan B. Postel Service Award Goes To Rob Blokzijl
The Internet Society has awarded the Jonathan B. Postel Service Award to Rob Blokzijl, Ph.D. for his tireless labor and over 25 years as the Founding Member, and Retired Chair (retired in May 2014) at (Réseaux IP Européens] aka RIPE. That work coupled with the critically important labor of assisting other European policy makers, engineers and scientists to spread the Internet across Europe informed the selection of Dr. Blokzijl!.
'During the 1980s, Dr. Blokzijl was active in building networks for the particle physics community in Europe. Through his experience at the National Institute for Nuclear and High Energy Physics (NIKHEF) and CERN, he recognized the power of collaborating with others building networks for research and travelled worldwide to promote cooperation across networkers. In the 1990s, Dr. Blokzijl was influential in the creation of the Amsterdam Internet Exchange, one of the first in Europe. His most widely recognized contribution is as founding member and 25-year chairman of RIPE, the European open forum for IP networking. Dr. Blokzijl was also instrumental in the creation of RIPE NCC in 1992, the first Regional Internet Registry in the world.' - via the Internet Society
US to Train Iran in Nuclear Security Best Practice - Including Cybersecurity
Likely one of the more blatantly misguided stipulations in the corporeal abomination known as the 'Joint Comprehensive Plan of Action', lies a component of the agreement, in Annex III. Within the Civil Nuclear Cooperation area, and in Section D that apparently commits the United States of America to enter unilateral defense training (think cybersecurity folks) of the Islamic Republic of Iran against all others (in this case the all others would be defined as to the State of Israel):
'10. Co-operation in the form of training courses and workshops to strengthen Iran's ability to prevent, protect and respond to nuclear security threats to nuclear facilities and systems as well as to enable effective and sustainable nuclear security and physical protection systems;' - Joint Comprehensive Plan, Annex III, Civil Nuclear Cooperation, Section D, within Nuclear Safety, Safeguards and Security
Redmond's Chatty Cathy
In Microsoft Corporation (NasdaqGS: MSFT) Windows 10*all-your-pc-are-belong-to-us* news, ArsTechnica writer Peter Bright regales us with a revelation of the largish trove of data the Redmond software leviathan is collecting from it's users, notwithstanding those users' expressed desire not to be tracked, by modifying the settings in the new OS'es Privacy settings.
Just one more nail in the coffin for X Fenestras, you ask? Probably not, as the vast majority of users simply don't possess the capability to determine what, if anything, they are sharing through the new Windows OS (actually as cruft-laden as anything Bill, Ballmer or Satya have produced) shipped on July 29th, 2015.
"...Windows 10 will periodically send data to a Microsoft server named ssw.live.com. This server seems to be used for OneDrive and some other Microsoft services. Windows 10 seems to transmit information to the server even when OneDrive is disabled and logins are using a local account that isn't connected to a Microsoft Account. The exact nature of the information being sent isn't clear—it appears to be referencing telemetry settings—and again, it's not clear why any data is being sent at all. We disabled telemetry on our test machine using group policies. Enlarge / We have no idea what's going on here. And finally, some traffic seems quite impenetrable. We configured our test virtual machine to use an HTTP and HTTPS proxy (both as a user-level proxy and a system-wide proxy) so that we could more easily monitor its traffic, but Windows 10 seems to make requests to a content delivery network that bypass the proxy...." via > ArsTechnica's*> Peter Bright*
Mobile Telephony, First Cut Is The Deepest
Apparently, the United States Supreme Court has been asked (via Petition) to weigh-in on the Department of Homeland Security's Standard Operating Procedure 303, originally developed by the National Security Telecommunications Advisory Committee. My take on it - Not Going To Happen.
Microsoft WiFi Sense BS Meter Approaching Warning Levels
Simply speechless at the shenanigans in Redmond, what with the monkeying with WiFi key sharing, and all. Let's see what other sources have to say about [WiFi Sense][1].
Brian Krebs, from Krebs on Security, speaks the truth with obious clarity:
"This brilliant new feature, which Microsoft has dubbed Wi-Fi Sense, doesn’t share your WiFi network password per se — it shares an encrypted version of that password. But it does allow anyone in your Skype or Outlook or Hotmail contacts lists to waltz onto your Wi-Fi network — should they ever wander within range of it or visit your home (or hop onto it secretly from hundreds of yards away with a good ‘ole cantenna!)." - via Brian Krebs at Krebs on Security
And this from the El Reg's Simon Rockman:
Wi-Fi Sense doesn’t reveal the plaintext password to your family, friends, acquaintances, and the chap at the takeaway who's an Outlook.com contact, but it does allow them, if they are also running Wi-Fi Sense, to log in to your Wi-Fi. The password must be stored centrally by Microsoft, and is copied to a device for it to work; Microsoft just tries to stop you looking at it. How successful that will be isn't yet known. - via Simon Rockman at El Reg
Sunday Security Maxim
A Priest, a Minister, and a Rabbi Maxim: People lacking imagination, skepticism, and a sense of humor should not work in the security field. Compiled by Roger G. Johnston, Ph.D., CPP, Argonne National Laboratory
The Five
and, then there were five....
CHATTANOOGA, Tennesee, United States of America - August 15, 2015) Battle crosses for fallen service members on stage during the memorial at McKenzie Arena at the University of Tennessee Chattanooga. The memorial honored the four United States Marines and one United States Navy Sailor who died in the Navy Operational Support Center Chattanooga shooting July 16, 2015.
Saurday Security Maxim
Scapegoat Maxim: The main purpose of an official inquiry after a serious security incident is to find somebody to blame, not to fix the problems. Compiled by Roger G. Johnston, Ph.D., CPP, Argonne National Laboratory
Class Action Suit Targets FIAT-Chrysler and Harman International Over Jeepgate
Perhaps the preferred method to take vehicle manufacturers to task for their lackadaisical interest in mitigating the security vulnerabilites in their moving conveyances is a legal battle. Fiat Chrysler and Harman International Industries are about to become acquainted with the wrath of Jeep owners via the proverbial Class Action Lawsuit process. Regardless of the company's voluntary recall, they will, evidently, pay-the-piper for the previous 18 months of inaction, when they decided to take no action after being informed. Big. Mistake.
Chuvakin, Tanks versus Tractors →
Via Gartner Research Vice President Anton Chuvakin, Ph.D., comes a superb screed prompted by JeepGate. Today's Must Read.
Seven Lines →
Another nearly perfect example of why signals (radio frequency electromagnetic communications) are a vital component of multilevel security in the environment you either work in, or are exploited by...
In this fascinating project by Columbia University's Intrusion Detection Lab doctoral student Ang Cui, comes a reminder that embedded componentry can be leveraged to leak the blather contained in silicon; and, astoundingly, all it took was seven lines of code. Absolutely Phenomenal.