The Mercatus Assessment Report illustrates the true nature of profound information security issues in both federal information and cybersecurity realms. Via George Mason University's Mercatus Center Eli Dourado (Research Fellow at the Mercatus Center at George Mason University and director of its Technology Policy Program) and Andrea Castillo (Program Manager of the Technology Policy Program for the Mercatus Center at George Mason University) comes this tour de force assesment paper exposing the information security challenges in federal systems architecture. Today's Must Read It And Weep.
We Have Met the Enemy and He is Us Maxim: The insider threat from careless or complacent employees & contractors exceeds the threat from malicious insiders (though the latter is not negligible.)
Comment: This is partially, though not totally, due to the fact that careless or complacent insiders often unintentionally help nefarious outsiders. Compiled by Roger G. Johnston, Ph.D., CPP, Argonne National Laboratory
Insider Risk Maxim: Most organizations will ignore or seriously underestimate the threat from insiders.
Comment: Maybe from a combination of denial that we’ve hired bad people, and a (justifiable) fear of how hard it is to deal with the insider threat? Compiled by Roger G. Johnston, Ph.D., CPP, Argonne National Laboratory
"Being involved in information security is intimidating. Not just because you are dealing with complex technology with serious implications if you fail, but everyone around you is going to be smarter than you. Even your adversaries. Especially your adversaries. Get used to it." - via Tripwire's Ken Westin
Yes, Bunky, hindsight truly is 20/140...
"The seven young men sitting before some of Capitol Hill’s most powerful lawmakers weren’t graduate students or junior analysts from some think tank. No, Space Rogue, Kingpin, Mudge and the others were hackers who had come from the mysterious environs of cyberspace to deliver a terrifying warning to the world." - via The Washington Post's Craig Timberg
La Fin de Twitter est Proche, otherwise known as The End of Twitter, Inc. (NasdaqGS: TWTR) is Near... via The Harvard Business Review, and written by Alexandera Samuel, comes this tell-all on the rise of 'bots infecting Twitter, and not necessarily the 'bots you may think. Entitled "How Bots Took Over Twitter". Congratulations, you have discovered Today's Must Read.
Presentation by Anja Drephal detailing a Сою́з Сове́тских Социалисти́ческих Респу́блик (also known as the CCCP) or the Union of Soviet Socialist Republics (USSR) espionage cell, operating within the national boundaries of Nippon in the 1930s and 1940s along with it's success in crypto. Whilst nearly two years old and delivered to the assembled at the Chaos Communication Congress 2013 (30C3), Drephal's presentation is assuredly worth directing your attention to (the math in the second half of the presentation is chock full of Import & Intrigue); Tuesday's Must View documentary...
"The problem is that automating security creates a paradox. You see, in security, automation works best as a tool and not a wielder of tools. You see, your security automation is in charge of making periodic and systematic changes to controls and then verifying those changes." via Darkmatters, a Norse Security blog, by Pete Herzog
"The consequences of such attacks are devastating, leading to complete disclosure of the most sensitive user information (e.g., passwords) to a malicious app even when it is sandboxed," the researchers warned. "Such findings, which we believe are just a tip of the iceberg, will certainly inspire the follow-up research on other XARA hazards across platforms." - via Dan Goodin, writing at Ars Technica