The InterPlanetary Networking Special Interest Group (IPNSIG) of the Internet Society (ISOC) has announced the organizations' Second Annual IPN Conference in Washington, DC; slated for Monday, May 18, 2015. This time focusing on Delay & Disruption Tolerant Networking (DTN): the Emerging Standard for Space Data Communications.
- Vint Cerf (Google VP, co-author of TCP-IP, one of the “fathers of the Internet—and IPN-ISOC board member) will provide an overview of InterPlanetary Networking.
- The NASA/Boeing team (Brett Willman & Suzanne Davidson) working on DTN aboard the International Space Station
- The NASA team (David Israel & Donald Cornwell) who concluded the very successful Lunar Laser Communication Demonstration in late 2013 and who are planning the 2017 Laser Relay Communication Demonstration.
- Scott Burleigh (JPL’s chief DTN architect) will be explaining recent significant enhancements to the ION DTN distribution (the distribution currently in use on ISS).
- Keith Scott leads the Consultative Consortium for Space Data Systems (CCSDS) DTN working group that is standardizing DTN protocols for use in civilian space missions. He will talk about the Bundle Protocol becoming one of the networking protocols being standardized for space communication as part of the Solar System Internet (the other is IP).
- Scott Pace is the Director of the Space Policy Institute at George Washington University. He will be speaking about the increasing importance of space policies as more nation states engage and collaborate in space exploration.
While admission is free for all to attend, and breakfast, lunch and an afternoon snack will be provided it is crucial that you register to attend. Physical attendance is limited to 150 people. The event will reportedly be webcast on the Internet Society’s LiveStream Channel and presentations will also be published on YouTube for VOD streaming poste-event. You can register for the event at the IPN's Eventbrite site.
Often, the distance bits traverse may enlighten us as to the occurence of the proverbial bulwarks breached, don't you know... Interesting, yet perhaps singularly helpful to determine the resultant effect, rather than the exact path taken.
Big Heads Maxim: The farther up the chain of command a (non-security) manager can be found, the more likely he or she thinks that (1) they understand security and (2) security is easy. Compiled by Roger G. Johnston, Ph.D., CPP, Argonne National Laboratory
Father Knows Best Maxim: The amount that (non-security) senior managers in any organization know about security is inversely proportional to (1) how easy they think security is, and (2) how much they will micro-manage security and invent arbitrary rules. Compiled by Roger G. Johnston, Ph.D., CPP, Argonne National Laboratory
Earlier this month (in April 2015 if you are reading this post in the far distant future...) the National Institute of Standards and Technology (NIST) released NIST Draft NISTIR 8050; in which, an interesting summary appears of a technical workshop held at Stanford University in conjuction with the Presidents' Cybersecurity Summit.
Pursuant to completeing the draft cycle of the document, the National Cybersecurity Center of Excellence NNCoE (a Center of Excellence and a component of NIST) has issued a Call for Comments, focusing on the content of that document. In this instance, related to your agency, company, buereau, department, country or other organizations' information and/or cybersecurity issues. I've included a link to NISTIR 8050 to assist in fulfilling the Call for Comments. Enjoy.
News, brought to my attention by Steve Hailey, CEO of the Cybersecurity Institute, is todays MustRead, focusing on Anti-Forensics. Examine, if you will, the affect anti-forensics has on investigatory professionals when performing examinations targeting computational systems. If you read anything today regarding forensics, read Steve's posting on LinkedIn, and the paper published by the three University of Washington researchers responsible for this superlative effort. Namely, Justin Brecese MSIM , Aaron Alva MISM and Casey Rodgers MISM. You may also download the documents from the CyberSecurity Insitute here in a compressed file, or from UW's Capstone Archives.
Behold, the so-called Lonely Cyberwarrior. A remarkable story conveyed to us via The Daily Beast's prolific Vijai Maheshwari. The story of intestinal fortitude whilst in the presence of Force Majeure certainly is astonishing...
“I compared myself to Joan of Arc, but I hope that I don’t have a violent end as she did.” He laughs nervously. “There’s still so much to be done. This war is only just beginning.” - via The Daily Beasts' inimitable Vijai Maheshwari
via Steve Ragan, writing at CSO, comes a story of renewed interest in one of the older attackable network interefaces known - namely, the venerable Server Message Block (SMB) protocol, utilizing the equally old (two decades plus) UNC Share Block abuse . Interestingly, the number of vulnerable software platforms have increased exponentially, due to the know blossoming vector that can include both HTTP and HTTPS. Oops.
SPEAR, the research team at Cylance, has discovered new attack vectors for an 18-year-old vulnerability in Windows Server Message Block (SMB). The updated attack vector, called Redirect to SMB, impacts products from Microsoft, Apple, Adobe, Symantec, Box, Oracle, and more. - via CSO's Steve Ragan
In astonishing (yet unsurprising) news - a discovery by FireEye Labs (and published under the company's Threat Research blog) - of a decade-long espionage campaign by miscreants thereto (in thi case, allegation point to entities in the Peoples Republic of China). FireEye has announced the availability of an indicators download on GitHub here; the full report is available here. Clear proof of why security professionals should be quite concerned, specifically those folks who rely on *deeply flawed and nearly useless enterprise anti-virus and anti-malware products employed throughout most, if not all, enterprise IT environments... Ladies and Gentlemen, Girls and Boys, behold the money quote:
"All of the key findings we examined in the report lead us to conclude that APT 30 is a professional, cohesive threat group with a long-term mission to steal data that would benefit a government, and has been successful at doing so for quite some time. Such a sustained, planned development effort coupled with the group’s regional targets and mission, suggest that this activity is state sponsored." - via FireEye Labs and the FireEye Threat Research blog
Schneier’s Maxim #2 (Control Freaks Maxim): Control will usually get confused with Security. Comment: From security guru Bruce Schneier. Even when Control doesn’t get confused with Security, lots of people and organizations will use Security as an excuse to grab Control, e.g., the Patriot Act. - as compiled by [Roger G. Johnston, Ph.D., CPP], Argonne National Laboratory