Quite likely the defining opinion piece, well-crafted by the inimitable Kara Swisher, writing at The New York Times, targeting the the entity known as Facebook, Inc. (NASDAQ: FB) (of which, in our opinion, is a classically structured and well organized criminal enterprise). Today's Must Read.
"With $23 billion in cash on hand, Facebook will see a $5 billion fine as simply the cost of doing business. Needless to say, this is not how fines are supposed to work." - via Kara Swisher's superb opinion piece at The New York Times
via Phys.org, comes a brief news item targeting the trojan exploit dubbed 'Adylkuzz', and it's mining feature. Additionally, read the highly detailed Proofpoint post, of which, contains the true gist of this trojan, as it were..
'Instead of completely disabling an infected computer by encrypting data and seeking a ransom payment, Adylkuzz uses the machines it infects to "mine" in a background task a virtual currency, Monero, and transfer the money created to the authors of the virus.' - via Phys.org
PREDATOR – Proactive Recognition and Elimination of Domain Abuse at Time-Of-Registration, described in the released paper, details the newly developed capability to predict bad-behavior (in this case criminally bad behavior), with the use of analytics at the time of domain registration. Created by Nick Feamster, Shuang Ho, Alex Kantchelian, Brad Miller and Vern Paxson. Outstanding.
"Princeton professor Nick Feamster and University of California Santa Barbara PhD student Shuang Ho worked with Alex Kantchelian (UC Berkley), Google's Brad Miller and Vern Paxson of the International Computer Science Institute to create PREDATOR – Proactive Recognition and Elimination of Domain Abuse at Time-Of-Registration...." "The important numbers are: the researchers say PREDATOR identified 70 per cent of domain registrations that were later abused; and they claim a false positive rate of just 0.35 per cent." - via El Reg's Richard Chirgwin
Earlier this month (in April 2015 if you are reading this post in the far distant future...) the National Institute of Standards and Technology (NIST) released NIST Draft NISTIR 8050; in which, an interesting summary appears of a technical workshop held at Stanford University in conjuction with the Presidents' Cybersecurity Summit.
Pursuant to completeing the draft cycle of the document, the National Cybersecurity Center of Excellence NNCoE (a Center of Excellence and a component of NIST) has issued a Call for Comments, focusing on the content of that document. In this instance, related to your agency, company, buereau, department, country or other organizations' information and/or cybersecurity issues. I've included a link to NISTIR 8050 to assist in fulfilling the Call for Comments. Enjoy.
If you read anything today about cryptography today, read the work of Stanford University's Center for Internet and Society's Jeffrey Vagle, JD [Mr. Vagle is also a Lecturer in Law and the Executive Director of the Center for Technology, Innovation and Competition [CTIC] at the University of Pennsylvania Law School]; in which, Mr. Vagle examines the criminalization of cryptography [snippet of his work appears below].
'We've heard this story from governments before, of course, from the "crypto wars" of the early 1990s to recent claims by the FBI that encryption allows networks to "go dark," and prevent legitimate law enforcement efforts. But as the leaked security memo asserts, without strong crypto and secure networks, we're all put at greater risk. It is crucial that we keep this in perspective as the world's legislative bodies rush to do something--anything--in the face of these crises.' - via Jeffrey Vagle writing at the Center for Internet and Society, at Stanford University
Spamhaus has released research targeting cyber-crime within the 2014 calendar year. Evidence of increased pernicious botnet behavior attributed to these master/slave systems is the research report's message. Interestingly, Spamhaus has said "Because these IP addresses host no legitimate services or activities, they can be blocked (blackholed) on an ISP's or company's network without the fear of affecting legitimate traffic."
Today's MustRead - via the inimitable Brian Krebs at Krebs on Security - targets the nefarious Dread Pirate Roberts. Allegedly the Master of the Silk Road, and the ramifications to the configuration of the sites' conceptually flawed CAPTCHA configuration (utilizing data from the open interweb, rather than the apparently less-than-dark web). Enjoy!