Information Security with Occasional Forays into Other Realms
Where does all of that data gathered by car manfacturers while we drive? Perhaps Jonathan M. Gitlin, reporting for everyone's beloved Ars Technica can fulfill that data request in a speedy manner! Shouldn't the driver/owner of the vehicle make that decision? Enjoy.
This is a joint work with Clark Barrett (NYU/Stanford University), Morgan Deters (NYU), Tianyi Liang (The University of Iowa), Andrew Reynolds (The University of Iowa/EPFL), Cesare Tinelli (The University of Iowa) and Nestan Tsiskaridze, University of California, Santa Barbara.
News that Macie The Discoverer has arrived in your S3 bucket... Data Security Automation - potentially - at it's finest? You be the judge.
Do you unequivocally trust iRobot with your personal data, including internal mapping of your home? Read this post to learn more.
via Gizmodo investigative reporter Dell Cameron, comes the astounding news of the systemic incompetence in properly handling secret documents and other artifiacts stored within the cloud (in this case, AWS S3 Buckets) by a well established contractor to the National Geospatial-Intelligence Agency (NGA). Certainly, a first-rate example of an Expanding Cloud of Lethal Stupidity (ECOLS).
Where does the organization in question fall within the Noel Burch Hierarchy of Competence model?. Should the culprits in this scenario be prosecuted? You be the judge. Truly astounding, indeed.
"A cache of more than 60,000 files was discovered last week on a publicly accessible Amazon server, including passwords to a US government system containing sensitive information, and the security credentials of a lead senior engineer at Booz Allen Hamilton, one of the nation’s top intelligence and defense contractors. What’s more, the roughly 28GB of data contained at least a half dozen unencrypted passwords belonging to government contractors with Top Secret Facility Clearance." - via Gizmodo reporter Dell Cameron
John Leyden, writing at El Reg, scribes a stupefyingly scary report, detailing misconfigurations in application deployment and implementation of so-called Big Data systems which are leaking vast amounts (reports of a petabyte are floating about) of data.
The National Institute of Standards and Technology's (NIST) National Cybersecurity Center of Excellence (NIST NCCoE) has released a new draft practice document entilted NIST Cybersecurity Practice Guide, Special Publication 1800-1: "Securing Electronic Health Records on Mobile Devices".
Targeting health care records (stored electronically), these artifacts are well-crafted first-rate (but draft, after all) information security documents. Available in both sections and in full (a compressed file also containing a manifest, and a number of template files is noted later in this post).
The Comment Period is open until September 25, 2015 (inclusive). The NCCoE has committed to allowing comments to be submitted anonymously, will be make public those commentaroes after review. Submit comments online or via email to HIT_NCCoE@nist.gov.
Sections Available
(1) SP 1800-1a: Executive Summary (2) SP 1800-1b: Approach, Architecture, and Security Characteristics (3) SP 1800-1c: How-To Guide (4) SP 1800-1d: Standards and Controls Mapping (5) SP 1800-1e: Risk Assessment and Outcomes
Full Zip Document Archive
via El Reg's Darren Pauli, comes good news from David Litchfield, this time, in the form of a newly authored security product targeting the in-built security issues within Oracle Corporation's (NYSE: ORCL) DBMS. Outstanding.
Evidence, says Zack Whittaker for Zero Day, of data disappearing from solid-state storage facilities, when the storage medium is unpowered for several days. Apparently, additional degradation takes place when temperatures rise...
The money quote:
"A recent presentation by hard drive maker Seagate's Alvin Cox warned that the period of time data is retained on some solid-state drives is halved for every 9°F (or 5°C) rise in temperature where its stored. That means if a solid-state drive is stored in a warm room, say 77°F (25°C), its data can last for about two years. But, if that goes up by a mere few degrees to 86°F (30°C), that data's retention period will be cut in half." via Zack Whittaker at Zero Day
