Security Bloggers Network
ICANN blog
TeamSHATTER
Cryptography News
Ms. Smith
SANS Internet Storm Center, InfoCON: green
June 2013
Search
2013.06.07
2013.05.23
2013.05.01
Maskirovka
Well crafted and researched thought piece via CSO's J eff Bardin, detailing Maskirovka [Маскировка] [also known as deception utilized as a military stratagem]. The post focuses on scenarios with certain, not necessarily quantifiable, linkage to current events in Massachusetts. Read Mr. Bardin's post and you will be intrigued.
2013.04.26
NCCoE's First FFRDC
The National Institute of Standards and Technology's (NIST) National Cybersecurity Center of Excellence (NCCoE) within the mandated scope of the Center's efforts to address industry's needs, has announced its intention to sponsor the first Federally Funded Research and Development Center (FFRDC) dedicated to the Center's work. Outstanding.
2013.04.24
Nipponese National Police Agency Targets Tor
News, of attempts to terminate TOR, by the Nipponese National Police Agency (NPA)... An effort, only more astounding, in it's sheer stupidity.
'Tor was originally designed, implemented, and deployed as a third-generation onion routing project of the U.S. Naval Research Laboratory. It was originally developed with the US Navy in mind, for the primary purpose of protecting government communications. Today, it is used every day for a wide variety of purposes by normal people, the military, journalists, law enforcement officers, activists, and many others...' - via the Tor Project
䷗ ䷂ 𝌋
2013.04.23
Banks Protest: US Has Too Much of Our Datums
Evidently, the Federal Consumer Financial Protection Bureau [The Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 created the CFPB, additionally, President Obama appointed Richard Cordray as the first Director of the CFPB, during the month of January 2012] is requesting records from various (and in this case - sundry) financial organizations, banks, credit bureaus, et cetera) in a bid ot leverage data analytics for contemplated enforcement actions. Further, the financial organizations mentioned, are, how shall we say - pushing back...
2013.04.17
Zatko Exists DARPA
[ .mudge] moves to Google Inc. (NasdaqGS: GOOG), joining former colleague DARPA Director Regina Dugan, also, now at the search leviathan; and so it goes.
2013.04.05
2013.04.03
2013.03.28
National Security Agency's Cryptlog
The National Security Agency has declassified the Agency's internal cryptography oriented magazine formatted publication monikered Cryptlog. Currently specifying for release issues Vol. I, No. 1 - August 1974 through and inclusive of Vol. XXIII, No. 2 - Summer 1997. Highly recommended, and this week's MustRead.
2013.03.26
2013.03.11
2013.02.28
Well, That Explains It
Evidently, formal education of information techonology workers [read information security engineers...], is not a necessity, and deprecated in the Department of Homeland Security; as evidenced by statements utterd to El Reg's Jack Clark, by the DHS Deputy Undersecretary for Cybersecurity Mark Weatherford. Astounding.
2013.02.25
DOE, A 'Legacy of Negligence'
Fascinating take on the current accusations of information security malfeasance targeting the Department of Energy. Via Infoworld's Ted Samson, perhaps most telling of all, in this sorry tale, is the DOE's former Director of Security Ed McCallum's statement:
"It's a continuing story of negligence," Ed McCallum, former director of the department's office of safeguards and security, told the Free Beacon. "[The department] is on the cutting edge of some of the most sophisticated military and intelligence technology the country owns and it is being treated frivolously by the Department of Energy and its political masters." - Ed McCallum, former Director, DOE, Office of Safeguards and Security
2013.02.22
GAO - United States Census Data At Risk
via the United States Government Accountability Office's Information Security: Actions Needed by Census Bureau to Address Weaknesses. Evidently, 'confidential' Census data, is anything but...
"Many of the deficiencies relate to the security controls used to regulate who or what can access the bureau's systems (access controls). For example, the bureau did not adequately: control connectivity to key network devices and servers; identify and authenticate users; limit user access rights and permissions to only those necessary to perform official duties; encrypt data in transmission and at rest; monitor its systems and network; or ensure appropriate physical security controls were in place...". - United States Government Accountability Office, Actions Needed by Census Bureau to Address Weaknesses GAO-13-63
2013.02.15
Suspicion, less
Bad Ideas Designed In D.C.
Yes, that's right, the Department of Homeland Security has affirmed the Department's right to initiate warrantless searches of electronic devices anywhere within the so-called Fourth Amendment Free Zone [100 miles or 160.93 kilometers of an international border adjascent to any United States Possession, Territory, Protectorate or State.] [in, and of, itself, impetus to set B. Franklin, J. Adams, and T. Jefferson et al., spinning in their graves...].
Gobsmacked.
2013.02.14
NIST Begins New Cybersecurity Framework
News, via the National Institute of
Standards and Technology (NIST), in which, the Institute has commenced an effort to create a Cybersecurity Framework [in support of the latest Executive Order - Improving Critical Infrastructure Cybersecurity].
Apparently the Framework will constitute a set of standards and best practices utilized to provision industry guidance in the effort tto minimize risk related to electronic threats in critical infrastructure. The takeaway? It's all voluntary...
Astounding.
2013.02.07
FTC Crowdsource Initative Fail
News, via The Verge's Adrianne Jeffries, of the apparent failure of the Federal Trade Commission's crowdsourcing efforts targeting robocalls. Highly unfortunate.
2013.01.29
Napolitano's Soirée
In a transparent effort to grab her Department's' Rightful Share of the United States Federal Information Security budgetary allotment (if any), DHS Secretary Janet Napolitano's cries of a 'Cyber Nine Eleven' are reverberating in the Capitol's marble edifice...
2012.12.13
United States National Intelligence Council: Global Trends 2030
Available now, the United States National Intelligence Council's Gobal Trends 2030 Report will illuminate the changes forecast by the USNIC in the years ahead. Fascinating reading.
⎍, ⎲, ⍲,
2012.12.05
2012.11.29
Gridded
Latest declassified electrical grid anti-terrorism-study-position-paper entitled 'Terrorism and the Electric Power Delivery System'. Published by the National Research Council of the National Academies, and available on the National Academies Press site free of charge [as a PDF with logon]. Today's MustRead.
Все ваши интернеты принадлежат нам
2012.11.28
Attacked, Hacked & Cracked: United Nations' International Atomic Energy Agency
Startling news making the rounds yesterday afternoon, with the sorry tale of electronic attacks targeting the United Nations International Atomic Energy Agency's systems. The resultant yield (at least publicly) of stored email addresses on an allegedly old, decommissioned server are the least of the Agency's worries [eg., what else was surreptitiously purloined?]
2012.11.23
DHS Follies: Nearly Half Billion Dollars Spent On Unused Radios
via ProPublica's Theodoric Meyer: Brought to you by the Department of Homeland Security's own Inspector General's report, detailing this week's SNAFU, whence the Agency has apparently spent $430 Million Dollars on radios all tuned to the same secure channel... Unfortunately no one at the Agency can use the devices...
2012.11.19
Presidential Policy Directive Two Zero
Reports indicate the President has affixed his signature to a secret policy directive [monikered Directive 20, related distantly, to the Bush era initiatives - National Security Presidential Directive/NSPD 51 and Homeland Security Presidential Directive/HSPD-20 of 2007]. The new Directive provisions legal facilities for our military and other heretofore un-specified civilian agencies to act decisively when the United States comes under electronic attack.
2012.11.15
Filling the Ranks
Reports indicate the National Security Agency is on a new recruitment drive, specifically targeting information security professionals.
2012.11.13
Uniformed
It's Tuesday, so it must be time for more TSA Follies! This week's feature is the gobsmacking yearly uniform allotment for Transportation Security Administration (a DHS agency) screeners, as compared to USMC junior-officer uniform lifetime reimbursement. Incredible.
2012.11.07
2012.11.02
DHS Issues False Report
Ooops...
via the eponymous Kim Zetter at Wired, comes the sorry tale of the latest prevarication (at the highest levels) at Janet Napolitano's DHS. Astounding.
2012.10.24
DARPA, Plan X
Fascinating news [regarding comment solication] of the Defense Advanced Research Projects Agency's [DARPA] Plan X work.
