ISOC, Why Routing Security Matters →
Yes, Virginia, routing security is fundamental. via Andrei Robachevsky, Technology Program Manager at the Internet Society.
Yes, Virginia, routing security is fundamental. via Andrei Robachevsky, Technology Program Manager at the Internet Society.
via the Google (NasdaqGS: GOOG) Online Security Blog comes this interesting USENIX Research Paper, detailing security related behaviors between and betwixt so-called 'security experts' and laymen... Enjoy.
The National Institute of Standards and Technology's (NIST) National Cybersecurity Center of Excellence (NIST NCCoE) has released a new draft practice document entilted NIST Cybersecurity Practice Guide, Special Publication 1800-1: "Securing Electronic Health Records on Mobile Devices".
Targeting health care records (stored electronically), these artifacts are well-crafted first-rate (but draft, after all) information security documents. Available in both sections and in full (a compressed file also containing a manifest, and a number of template files is noted later in this post).
The Comment Period is open until September 25, 2015 (inclusive). The NCCoE has committed to allowing comments to be submitted anonymously, will be make public those commentaroes after review. Submit comments online or via email to HIT_NCCoE@nist.gov.
Sections Available
(1) SP 1800-1a: Executive Summary (2) SP 1800-1b: Approach, Architecture, and Security Characteristics (3) SP 1800-1c: How-To Guide (4) SP 1800-1d: Standards and Controls Mapping (5) SP 1800-1e: Risk Assessment and Outcomes
Full Zip Document Archive
Backwards Maxim: Most people will assume everything is secure until provided strong evidence to the contrary—exactly backwards from a reasonable approach. Compiled by Roger G. Johnston, Ph.D., CPP, Argonne National Laboratory
Irresponsibility Maxim: It’ll often be considered “irresponsible” to point out security vulnerabilities (including the theoretical possibility that they might exist), but you’ll rarely be called irresponsible for ignoring or covering them up. Compiled by Roger G. Johnston, Ph.D., CPP, Argonne National Laboratory
Apparently, US Automobile makers (including farm machinery manufacturers) do not want independent research delving into the entrails of the downside risk represented by the systems built-into their automobiles, trucks, et cetera. Read all about it on AutoBlog, via author Peter Bigelow. Evidently, enforced ignorance is bliss in the Motor City.
Yes, Bunky, this is the true Real Rise of the Machines... Hopefully, the Engineers of our robotic future will not forget The Three Laws.
Apparently, Google Inc.'s (NasdaqGS: GOOG) and Amazon.com Inc.'s (NasdaqGS: AMZN) App stores anti-fraud mitigation activities let a bad actor's apps through the guantlet... In this case, a hijack app, that apparently stole cycles from the devices it was installed on, to mine for BitCoin. Luckily the United States Federal Trade Commission and the Office of the New Jersey Attorney General stepped-up-to-the-plate, eh Sergey?
The FTC and the Office of the New Jersey Attorney General took action against two software app developers, Equiliv Investments and Ryan Ramminger, alleging their mobile app, called “Prized,” hijacked people’s phones to mine for virtual currencies. Users thought they could earn prizes by playing games and taking surveys through the app. But the FTC alleges the app had malware that sapped the phone’s computing power, made phones run slower, drained battery life, and used up data plans – all so the developers could secretly make money mining virtual currencies. - via the FTC
The remarkable truth about Information Security within DevOps driven organizations, and why, per se, those organizations are not secure with the utilization of DevOps integration of Development and Operations teams leading to continuous deployments. If you read anything about DevOps today, read George V. Hulme's interview of Adam Muntner an Application Security Engineer at Mozilla and the creator of FuzzDB (the interview is also posted at Adam's Blog). Absolutely Outstanding.
Presented for your consideration - a 1997 paper entitled The Use of Encrypted, Coded and Secret Communications is an "Ancient Liberty" Protected by the United States Constitution, published by the University of Virginia Journal of Law and Technology]*.
John Fraser III the author of this superlative screed (now an attorney in Washington, DC) presents his fascinating argument on encryption, and the 'ancient right' to utilize cryptographic artifacts in the course of communications, protected, of course, by our nations' Constitution. Today's Must Read.
*Va. J.L. & Tech. 2 Fall 1997 1522-1687 / © 1997 Virginia Journal of Law and Technology Association
DevOps' writer Chris Riley (Chris - aka @HoardingInfo) is a technologist and DevOps analyst for Fixate IO), regales us with s tale of the Rugged DevOps crypt - at least from the viewpoint of semi-like-minded security operators...
Feynman’s Maxim: An organization will fear and despise loyal vulnerability assessors and others who point out vulnerabilities or suggest security changes more than malicious adversaries. Comment: An entertaining example of this common phenomenon can be found in “Surely You are Joking, Mr. Feynman!”, published by W.W. Norton, 1997. During the Manhattan Project, when physicist Richard Feynman pointed out physical security vulnerabilities, he was banned from the facility, rather than having the vulnerability dealt with (which would have been easy). Compiled by Roger G. Johnston, Ph.D., CPP, Argonne National Laboratory