The single most egreious flawed information security decsion (Equifax comes to mind...) by a large company in 2017? Read Chris Davies superlative piece, on SlashGear, detailing the recent Google decision to segment security provisioning. Read it and Weep My Friends, for, it is by far, The Show that Never Ends.
"Google is readying special security tools for its high-profile users, reports claim, going beyond mere two-factor authentication. The development comes as investigations into the political impact of alleged Russian hacking during the US election in 2016 continue, alongside other high-profile attacks on data. However, according to insiders, Google plans to target its new system at a specific subset of users. Those, people familiar with Alphabet-owned Google’s plans tell Bloomberg Technology, are being described as “corporate executives, politicians and others with heightened security concerns.” It will build on the company’s existing USB Security Key support. Rolled out in 2014, the USB-based system demanded a physical dongle be plugged into a computer in addition to a password or secure code before access to a Google account was granted." via Chris Davies writing at SlashGear
Quanta Magazine contributing writer Ariel Bleicher interviews Professor Rebecca Goldin, Ph.D. on the notion that mathematics could very well be the best tool we have to cogitate successfully upon the subject of the 'world'. Here's a Hint: This cogitation - if you will - includes Information, Cyber, Network, Application and Physical Security. Today's MustRead!
Via the United States Naval Sea Systems Command OCC comes the astonishing story of Associate Director Sarkis Tatigian of the Department of the Navy Small Business Program Office. Associate Director Tatigian just received an award from NAVSEA and a tribute from Senator John McCain and the United States Congress for 75 years of faithful service to the United States Navy (both as a civilian and in uniform).
Associate Director Tatigian is currently 94 years of age. He has no plans for retirement. A Veteran of WWII, a member of the Greatest Generation and a National Treasure, if there ever was one.
TRIBUTE TO SARKIS TATIGIAN
Mr. MCCAIN. - Mr. President, I come to the floor today to ask my colleagues to join me in recognizing Mr. Sarkis Tatigian, who will achieve the extraordinary milestone of 75 years of combined military and civilian service to the United States on September 26, 2017. Eligible for retirement since 1973, Mr. Tatigian has continued to honor America through his faithful service. Currently the associate director of the Small Business Programs Office at Naval Sea Systems Command, NAVSEA, Mr. Tatigian is a champion for our Navy, our small business community, and our country.
Mr. Tatigian began his civilian career with the Navy in July 1942 as a junior radio inspector at the naval aircraft factory in the Philadelphia Navy Yard and the Navy Office of Inspector of Naval Aircraft in Linden, NJ. He left his position as an inspector in March 1943 and entered the uniformed Navy as an Active-Duty sailor in April 1943. In June 1944, as an aviation electronics technician’s mate, he aided in the development of the Navy’s first guided antiship munition, the ASM-N–2 ‘‘BAT’’ glide bomb, which later became an operational weapon in January 1945.
In 1943, Mr. Tatigian began his Federal civil service with NAVSEA, where he still works today. Throughout his long career, he has received numerous awards, including the Navy’s Superior Civilian Service Award in 2007. In rec- ognition of his exceptional accomplishments in service, the Navy has even named an award after him, the Sarkis Tatigian Small Business Award, which recognizes outstanding performance through organizational culture and command climate.
At 95 years young, Mr. Tatigian’s dedication and resolve are inspirational. We can all learn a great deal about service to country and the Amer- ican spirit from his great example. On behalf of a grateful nation, thank you, Mr. Sarkis Tatigian, for all you have done for our people, our government, and our Navy.
New - heretofore unreleased - statistical model can predict numbers of so-called cyber-intrusions in the Enterprise (whether that Enterprise be Military, Government or Business - apparently). By United States Army Research Laboratory research scientists Lawrence P. Knachel, Alexander Kott, Nandi O. Leslie and Richard E. Harang, the paper is slated for publication in a special release within the Journal of Defense Modeling and Simulation during claendar year 2018. A pre-release copy can be garnered via Sagepub Journals. Key quote (and pertinent to information security modelers:
"Several of the predictor variables that were recommended to the researchers by subject matter experts turned out to be lacking in influence or even misleading. For example, SMEs felt that the extent to which an organization is visible on the Internet, as measured for example by the number of records found related to that organization on the popular Google Scholar, would be a significant predictor of intrusion frequency. However, it turned out that such visibility alone is not a useful predictor of successful intrusions," Leslie said." - via ARL
Via Sean Gallagher, writing at our beloved ArsTechica, comes the astonishing (well, not so astonishing give the source company...) news of Adobe Product Security Incident Response Team (PSIRT) blog publishing capers. This time, they managed to blogify their PGP private key for all the world to see. Crypto-Darwin Award canditate you say? Maybe, if there was one.