Backwards Maxim: Most people will assume everything is secure until provided strong evidence to the contrary—exactly backwards from a reasonable approach. Compiled by Roger G. Johnston, Ph.D., CPP, Argonne National Laboratory
Irresponsibility Maxim: It’ll often be considered “irresponsible” to point out security vulnerabilities (including the theoretical possibility that they might exist), but you’ll rarely be called irresponsible for ignoring or covering them up. Compiled by Roger G. Johnston, Ph.D., CPP, Argonne National Laboratory
Apparently, US Automobile makers (including farm machinery manufacturers) do not want independent research delving into the entrails of the downside risk represented by the systems built-into their automobiles, trucks, et cetera. Read all about it on AutoBlog, via author Peter Bigelow. Evidently, enforced ignorance is bliss in the Motor City.
Apparently, Google Inc.'s (NasdaqGS: GOOG) and Amazon.com Inc.'s (NasdaqGS: AMZN) App stores anti-fraud mitigation activities let a bad actor's apps through the guantlet... In this case, a hijack app, that apparently stole cycles from the devices it was installed on, to mine for BitCoin. Luckily the United States Federal Trade Commission and the Office of the New Jersey Attorney General stepped-up-to-the-plate, eh Sergey?
The FTC and the Office of the New Jersey Attorney General took action against two software app developers, Equiliv Investments and Ryan Ramminger, alleging their mobile app, called “Prized,” hijacked people’s phones to mine for virtual currencies. Users thought they could earn prizes by playing games and taking surveys through the app. But the FTC alleges the app had malware that sapped the phone’s computing power, made phones run slower, drained battery life, and used up data plans – all so the developers could secretly make money mining virtual currencies. - via the FTC
The remarkable truth about Information Security within DevOps driven organizations, and why, per se, those organizations are not secure with the utilization of DevOps integration of Development and Operations teams leading to continuous deployments. If you read anything about DevOps today, read George V. Hulme's interview of Adam Muntner an Application Security Engineer at Mozilla and the creator of FuzzDB (the interview is also posted at Adam's Blog). Absolutely Outstanding.
Presented for your consideration - a 1997 paper entitled The Use of Encrypted, Coded and Secret Communications is an "Ancient Liberty" Protected by the United States Constitution, published by the University of Virginia Journal of Law and Technology]*.
John Fraser III the author of this superlative screed (now an attorney in Washington, DC) presents his fascinating argument on encryption, and the 'ancient right' to utilize cryptographic artifacts in the course of communications, protected, of course, by our nations' Constitution. Today's Must Read.
Feynman’s Maxim: An organization will fear and despise loyal vulnerability assessors and others who point out vulnerabilities or suggest security changes more than malicious adversaries. Comment: An entertaining example of this common phenomenon can be found in “Surely You are Joking, Mr. Feynman!”, published by W.W. Norton, 1997. During the Manhattan Project, when physicist Richard Feynman pointed out physical security vulnerabilities, he was banned from the facility, rather than having the vulnerability dealt with (which would have been easy). Compiled by Roger G. Johnston, Ph.D., CPP, Argonne National Laboratory
Troublemaker Maxim: The probability that a security professional has been marginalized by his or her organization is proportional to his/her skill, creativity, knowledge, competence, and eagerness to provide effective security. Compiled by Roger G. Johnston, Ph.D., CPP, Argonne National Laboratory
Story Number: NNS150718-01 Release Date: 7/18/2015 02:09:00 AM From the Navy Office of Information
WASHINGTON (NNS) -- A statement by Rear Adm. Mary M. Jackson, Commander, Navy Region South East, was given at the City of Chattanooga's vigil for the fallen Marines, July 17.
Good evening. It is with my deepest sympathies and personal sadness that I am here tonight.
I would like to thank the Chattanooga community for their overwhelming support of our Navy and Marine Corps family. We greatly appreciate the arrangements made here this evening with this vigil invitation and those who have gone out of their way to make us feel at home. We are honored to be part of this community. We continue to keep our thoughts and prayers with our fallen Marines and their families, and for our wounded Sailor and his family.
Today, a small team of counselors and chaplains arrived from around the Southeast Region to provide support for families and service members and we will continue to support our Navy and Marine Corps team alongside the community.
These incidents have had a profound impact on every one of us, regardless of whether we wear the uniform or not. But we stand together and find resilience in each other as we move ahead of these difficult times. We are Chattanooga strong!