Infosecurity.US

Information Security & Occasional Forays Into Adjacent Realms

  • Web Log

What, Me Worry? Car Data, Where Does It Go... →

February 25, 2018 by Marc Handelman in Data Classification, Data Leakage, Data Driven Security, Data Science, Data That Wants To Be Big, Database Security, Information Security

Where does all of that data gathered by car manfacturers while we drive? Perhaps Jonathan M. Gitlin, reporting for everyone's beloved Ars Technica can fulfill that data request in a speedy manner! Shouldn't the driver/owner of the vehicle make that decision? Enjoy.

February 25, 2018 /Marc Handelman
Data Classification, Data Leakage, Data Driven Security, Data Science, Data That Wants To Be Big, Database Security, Information Security

USENIX Enigma 2017 — Nestan Tsiskaridze's 'Leveraging the Power of Automated Reasoning in Security Analysis of Web Applications and Beyond' →

September 01, 2017 by Marc Handelman in All is Information, Alternate Attack Analysis, AI Security, Conferences, Data That Is Big, Data Driven Security, Education, Information Security, Machine Learning

This is a joint work with Clark Barrett (NYU/Stanford University), Morgan Deters (NYU), Tianyi Liang (The University of Iowa), Andrew Reynolds (The University of Iowa/EPFL), Cesare Tinelli (The University of Iowa) and Nestan Tsiskaridze, University of California, Santa Barbara.

September 01, 2017 /Marc Handelman
All is Information, Alternate Attack Analysis, AI Security, Conferences, Data That Is Big, Data Driven Security, Education, Information Security, Machine Learning

USENIX Enigma 2017 — Tudor Dumitras' 'FeatureSmith: Learning to Detect Malware by Mining the Security Literature' →

August 31, 2017 by Marc Handelman in Alternate Attack Analysis, All is Information, Conferences, Education, Information Security, Malware, Malware Detection, Data Mining, Data Driven Security, Data Discovery
August 31, 2017 /Marc Handelman
Alternate Attack Analysis, All is Information, Conferences, Education, Information Security, Malware, Malware Detection, Data Mining, Data Driven Security, Data Discovery

Macie the Discoverer →

August 21, 2017 by Marc Handelman in All is Information, Automation, DBMS Security, Database Security, Data Security, Data That Is Big, Data Loss Prevention, Data Driven Security, Information Security, Security Inventions, Security Architecture, Security Automation, Data Discovery

News that Macie The Discoverer has arrived in your S3 bucket... Data Security Automation - potentially - at it's finest? You be the judge.

August 21, 2017 /Marc Handelman
All is Information, Automation, DBMS Security, Database Security, Data Security, Data That Is Big, Data Loss Prevention, Data Driven Security, Information Security, Security Inventions, Security Architecture, Security Automation, Data Discovery

The Disingenuous →

August 15, 2017 by Marc Handelman in All is Information, Data That Is Big, Data Security, Data Leakage, Data Driven Security, Information Security

Do you unequivocally trust iRobot with your personal data, including internal mapping of your home? Read this post to learn more.

August 15, 2017 /Marc Handelman
All is Information, Data That Is Big, Data Security, Data Leakage, Data Driven Security, Information Security

Clouding Up →

June 01, 2017 by Marc Handelman in All is Information, Data Classification, Data Driven Security, Data Leakage, Data Security, Espionage, Government, Information Security, Information Technology, USNGA

via Gizmodo investigative reporter Dell Cameron, comes the astounding news of the systemic incompetence in properly handling secret documents and other artifiacts stored within the cloud (in this case, AWS S3 Buckets) by a well established contractor to the National Geospatial-Intelligence Agency (NGA). Certainly, a first-rate example of an Expanding Cloud of Lethal Stupidity (ECOLS).

Where does the organization in question fall within the Noel Burch Hierarchy of Competence model?. Should the culprits in this scenario be prosecuted? You be the judge. Truly astounding, indeed.

"A cache of more than 60,000 files was discovered last week on a publicly accessible Amazon server, including passwords to a US government system containing sensitive information, and the security credentials of a lead senior engineer at Booz Allen Hamilton, one of the nation’s top intelligence and defense contractors. What’s more, the roughly 28GB of data contained at least a half dozen unencrypted passwords belonging to government contractors with Top Secret Facility Clearance." - via Gizmodo reporter Dell Cameron

June 01, 2017 /Marc Handelman
All is Information, Data Classification, Data Driven Security, Data Leakage, Data Security, Espionage, Government, Information Security, Information Technology, USNGA

Les Fuites de Données Rapport de la Journée →

September 10, 2015 by Marc Handelman in All is Information, Data Driven Security, Data Loss Prevention, Leakage, Information Security

aka Data Leakage Report of the Day...

John Leyden, writing at El Reg, scribes a stupefyingly scary report, detailing misconfigurations in application deployment and implementation of so-called Big Data systems which are leaking vast amounts (reports of a petabyte are floating about) of data.

September 10, 2015 /Marc Handelman
All is Information, Data Driven Security, Data Loss Prevention, Leakage, Information Security

BSidesCincy 2015, The Value of a Simple DLP Program →

August 06, 2015 by Marc Handelman in All is Information, Data Loss Prevention, Data Security, Data Classification, Data Driven Security, Database Security, Information Security
August 06, 2015 /Marc Handelman
All is Information, Data Loss Prevention, Data Security, Data Classification, Data Driven Security, Database Security, Information Security

NCCoE Releases NIST Cybersecurity Practice Guide Targeting Health Records →

July 28, 2015 by Marc Handelman in All is Information, Cybersecurity, Cybersecurity Competence, Data Driven Security, Health Care Security, Information Security

The National Institute of Standards and Technology's (NIST) National Cybersecurity Center of Excellence (NIST NCCoE) has released a new draft practice document entilted NIST Cybersecurity Practice Guide, Special Publication 1800-1: "Securing Electronic Health Records on Mobile Devices".

Targeting health care records (stored electronically), these artifacts are well-crafted first-rate (but draft, after all) information security documents. Available in both sections and in full (a compressed file also containing a manifest, and a number of template files is noted later in this post).

The Comment Period is open until September 25, 2015 (inclusive). The NCCoE has committed to allowing comments to be submitted anonymously, will be make public those commentaroes after review. Submit comments online or via email to HIT_NCCoE@nist.gov.

Sections Available

(1) SP 1800-1a: Executive Summary (2) SP 1800-1b: Approach, Architecture, and Security Characteristics (3) SP 1800-1c: How-To Guide (4) SP 1800-1d: Standards and Controls Mapping (5) SP 1800-1e: Risk Assessment and Outcomes

Full Zip Document Archive

SP 1800-1c

July 28, 2015 /Marc Handelman
All is Information, Cybersecurity, Cybersecurity Competence, Data Driven Security, Health Care Security, Information Security

Litchfield Unleashes Database Security Scorecard →

June 08, 2015 by Marc Handelman in Application Security, All is Information, Data Driven Security, Database Security, Information Security

via El Reg's Darren Pauli, comes good news from David Litchfield, this time, in the form of a newly authored security product targeting the in-built security issues within Oracle Corporation's (NYSE: ORCL) DBMS. Outstanding.

June 08, 2015 /Marc Handelman
Application Security, All is Information, Data Driven Security, Database Security, Information Security

Data Melt →

May 15, 2015 by Marc Handelman in All is Information, Data Driven Security, Data Security, Physical Security

Evidence, says Zack Whittaker for Zero Day, of data disappearing from solid-state storage facilities, when the storage medium is unpowered for several days. Apparently, additional degradation takes place when temperatures rise...

The money quote:

"A recent presentation by hard drive maker Seagate's Alvin Cox warned that the period of time data is retained on some solid-state drives is halved for every 9°F (or 5°C) rise in temperature where its stored. That means if a solid-state drive is stored in a warm room, say 77°F (25°C), its data can last for about two years. But, if that goes up by a mere few degrees to 86°F (30°C), that data's retention period will be cut in half." via Zack Whittaker at Zero Day

May 15, 2015 /Marc Handelman
All is Information, Data Driven Security, Data Security, Physical Security

Instagram Surveillance →

May 14, 2015 by Marc Handelman in All is Information, Information Security, Data Driven Security, Demise of Privacy, Identity Theft
May 14, 2015 /Marc Handelman
All is Information, Information Security, Data Driven Security, Demise of Privacy, Identity Theft

Crumbs, Data Breadcrumbs →

April 23, 2015 by Marc Handelman in All is Information, Data Classification, Database Security, Data Security, Information Security, Data Driven Security
April 23, 2015 /Marc Handelman
All is Information, Data Classification, Database Security, Data Security, Information Security, Data Driven Security