Mission Creep Maxim: Any given device, system, or program that is designed for inventory will very quickly come to be viewed—quite incorrectly—as a security device, system, or program. Comment: This is a sure recipe for lousy security. Examples include RFIDs and GPS. Compiled by Roger G. Johnston, Ph.D., CPP, Argonne National Laboratory
NIST 2015 Cybersecurity Innovation Forum has been scheduled for September 9, 2015 through September 11, 2015, at the Walter E. Washington Convention Center in Washington, D.C. The three day forum is sectioned into four tracks icluding Security Automation, Trusted Computing, Information Sharing and Cybersecurity Research. Register for the 2015 Cybersecurity Innovation Forum here.
Well crafted and insightful piece, written by Jai Vijayan, detailing developer security foibles - and in this case - discovered by researchers at the LOEWE Center for Advanced Security Research Darmstadt (CASED). Of which, an astounding number has emerged (56,000,000), of unsecured data resident in cloud systems (in this case PARSE and AWS). Phenomenal.
via gHacks, comes this superlative compendium of Mozilla's Firefox Security and Privacy related settings. All conveniently packaged for ease of deployment. And, as with any modification of the platform you have chosen, examine the settings thoroughly, test exhaustively, and deploy with mindful caution. Enjoy.
Double Edge Sword Maxim: Within a few months of its availability, new technology helps the bad guys at least as much as it helps the good guys. Compiled by Roger G. Johnston, Ph.D., CPP, Argonne National Laboratory
The Internet Society has awarded the Jonathan B. Postel Service Award to Rob Blokzijl, Ph.D. for his tireless labor and over 25 years as the Founding Member, and Retired Chair (retired in May 2014) at (Réseaux IP Européens] aka RIPE. That work coupled with the critically important labor of assisting other European policy makers, engineers and scientists to spread the Internet across Europe informed the selection of Dr. Blokzijl!.
'During the 1980s, Dr. Blokzijl was active in building networks for the particle physics community in Europe. Through his experience at the National Institute for Nuclear and High Energy Physics (NIKHEF) and CERN, he recognized the power of collaborating with others building networks for research and travelled worldwide to promote cooperation across networkers. In the 1990s, Dr. Blokzijl was influential in the creation of the Amsterdam Internet Exchange, one of the first in Europe. His most widely recognized contribution is as founding member and 25-year chairman of RIPE, the European open forum for IP networking. Dr. Blokzijl was also instrumental in the creation of RIPE NCC in 1992, the first Regional Internet Registry in the world.' - via the Internet Society
Likely one of the more blatantly misguided stipulations in the corporeal abomination known as the 'Joint Comprehensive Plan of Action', lies a component of the agreement, in Annex III. Within the Civil Nuclear Cooperation area, and in Section D that apparently commits the United States of America to enter unilateral defense training (think cybersecurity folks) of the Islamic Republic of Iran against all others (in this case the all others would be defined as to the State of Israel):
'10. Co-operation in the form of training courses and workshops to strengthen Iran's ability to prevent, protect and respond to nuclear security threats to nuclear facilities and systems as well as to enable effective and sustainable nuclear security and physical protection systems;' - Joint Comprehensive Plan, Annex III, Civil Nuclear Cooperation, Section D, within Nuclear Safety, Safeguards and Security
In Microsoft Corporation (NasdaqGS: MSFT) Windows 10*all-your-pc-are-belong-to-us* news, ArsTechnica writer Peter Bright regales us with a revelation of the largish trove of data the Redmond software leviathan is collecting from it's users, notwithstanding those users' expressed desire not to be tracked, by modifying the settings in the new OS'es Privacy settings.
Just one more nail in the coffin for X Fenestras, you ask? Probably not, as the vast majority of users simply don't possess the capability to determine what, if anything, they are sharing through the new Windows OS (actually as cruft-laden as anything Bill, Ballmer or Satya have produced) shipped on July 29th, 2015.
"...Windows 10 will periodically send data to a Microsoft server named ssw.live.com. This server seems to be used for OneDrive and some other Microsoft services. Windows 10 seems to transmit information to the server even when OneDrive is disabled and logins are using a local account that isn't connected to a Microsoft Account. The exact nature of the information being sent isn't clear—it appears to be referencing telemetry settings—and again, it's not clear why any data is being sent at all. We disabled telemetry on our test machine using group policies. Enlarge / We have no idea what's going on here. And finally, some traffic seems quite impenetrable. We configured our test virtual machine to use an HTTP and HTTPS proxy (both as a user-level proxy and a system-wide proxy) so that we could more easily monitor its traffic, but Windows 10 seems to make requests to a content delivery network that bypass the proxy...." via > ArsTechnica's*> Peter Bright*