ꕤ
Article
SOURCE
as indicated
Universal Music
abusing the DMCA
ie #Copyright Act
rightsholders MUST consider FAIR USE
prior take-down issues
http://boingboing.net/2015/09/14/eff-scores-a-giant-victory-for.html
#India IT security
= 1.2 billion in 2016
http://www.consultancy.uk/news/2591/indian-IT-security-market-reaches-12-billion-next-year
#Microsoft
signs landmark agreement with #NATO
re govt #cybersecurity
/ solidification relationship
http://www.neowin.net/news/microsoft-signs-agreement-with-nato-to-bolster-government-cybersecurity
Intel in #cybersecurity - auto-mobiles
auto security board set up:
Automotive Security Review Board (ASRB)
Intel Security (formerly McAfee)
published a whitepaper
re automotive security best practices
http://forexreportdaily.com/2015/09/14/6873-intel-in-cyber-security-driving-seat-sets-up-connected-auto-security-board/
NSA Recruiting / Scholarships
USA Colleges
vie to entice w. NSA cyber program
scholarship stipulation
= NSA job on degree
http://fedscoop.com/colleges-vie-to-entice-students-with-nsa-cyber-program
USA + China
meet re #cybersecurity - White House
Kerry, Rice + Homeland Sec. Jeh Johnson
> comm. competition blocks
USA whining that the following
stop US competing on level playing field in China:
- fines
- opaque regulatory system
http://www.lidtime.com/u-s-chinese-officials-meet-on-cyber-security-issues-white-house-5652/
University of Texas at San Antonio
grant puts city on centre #cybersecurity stage
emerging cybersecurity + tech hub
/ expressnews (subscipt)
#cybersecurity #hacker
Millennial Gen / Gen Y
born post 1980
social media over-sharing / lax security
http://www.afr.com/technology/a-third-of-millennials-warned-by-employers-over-social-media-posts-norton-20150914-gjlw1h
Cybersecurity Bill | CISA | USA
Cybersecurity Information Sharing Act (CISA)
Light on Security
legal immunity for sharing cyber-intel with govt
PRIVACY implications
/ poised to pass
http://foreignpolicy.com/2015/09/14/a-cybersecurity-bill-light-on-security-heavy-on-corporate-
Jeb Bush
wants USA Internet gov.
against transfer of ICANN oversight to multistakeholders
Following Presidential candidates also get a mention re cybersec:
- Rubio - Marco Rubio
- Fiorina - Carly Fiorina
http://fedscoop.com/jeb-bush-unveils-cybersecurity-plan
Clinton appears to be
the CYBERSEC & MILLENNIAL candidate
#Clinton2016
'Best Choice' Cybercrime
Wakefield Research poll - 42%
over half millennials Dems better
http://www.inc.com/will-yakowicz/poll-hillary-clinton-most-qualified-presidential-candidate-for-cyberattack.html
Hackers hit the Kremlin #Russia
target: election commission website
sounds like DDoS
http://thehill.com/policy/cybersecurity/253609-hackers-hit-the-kremlin
#cybersecurity #banking #cloud
x4 US banks
agreement w/ regulators
re 'guaranteed data deletion' issues
Symphony
= service created thru consortium
of 14 financial instutions
- Goldman Sachs
- Deutsche Bank
- Credit Suisse
- Bank of New York Mellon
= guaranteed data deletion
/ hinder regulators + prosecutors to investigate misconduct?
Does use of Symphony re communications
= regulators avoidance?
[ I'm not clear on that]
http://www.stockhouse.com/news/newswire/2015/09/14/four-us-banks-reach-agreement-with-regulators-on-guaranteed-data-deletion-issues
#Russia
Yuri Ushakov
fmr career diplomat
fmr deputy Foreign Minister
PhD: history
2008 appointment Putin deputy chief staff
foreign-policy + international economics
[various sources - incl. Foreign Policy]
#cybersecurity
DECEPTION SOFTWARE
/ HONEYPOT SOFTWARE
Deception to Catch #hacker
fake network component, server or database
to study their behaviour
DECEPTION cybersecurity aims:
1. ID intruders / share info
2. drains hacker resources until aware duped
3. study hackers
Deception
has long been part of the art of war
WWII, USA & British armies
set up fake camps
to dupe Germans
/ Penny Crosman {cybersec}
Honeypot software
= fake system
= sits on network
= exposes fake or real services to the attacker
new gen. honeypot software
= called 'deception software'
centrally managed, integrated w/ other security software
deception software
popular with: financial services
x4 layers (ie "deception stack"):
- network
- endpoint
- application
- data
each layer of x4 deception software
= has deception capabilities
deception layers:
eg. fake credentials in browser caches
of decoy workstations, phony files & data sets.
deception layers:
eg. endpoint set up to look like it runs eg Windows,
when is a Linux machine.
deception layers:
eg. fake OS = deceive malware into attacking
vulnerabilities OS does not have.
deception strategy:
once intruder detected
/ continue to 'entertain'
*find out what intruder knows re system
decoy documents
eg fake 'new product designs'
= embedded w/ tracking element
= knowing when & where opened
deception software
hidden tech in documents
= beacon calling 'home'
= info re intruder
DECEPTION software providers:
- Attivo Networks
- TrapX Security
- Allure Security Technology
- CyberTrap
- Cymmetria
- ForeScout
- GuardiCore
- Hexis Cyber Solutions
- LogRhythm
- Percipient Networks
- Rapid7
- Shape Security
- Specter
- TopSpin Security
DECEPTION software LIMITATIONS
If the hacker:
1) obtained correct credentials re system
2) knows where to look
ie ... if not rummaging, knows where to go & where to get it, deception software ineffective
Deception software
= not foolproof
= but significantly raises odds of detection & lowers false positives
http://www.americanbanker.com/news/bank-technology/deception-may-be-the-best-way-to-catch-cybercriminals-1076667-1.html
#cybersecurity
US Dept Commerce
rethinking proposed rule controlling
EXPORT of hacking TOOLS / intrusion software
b/c stifles research
source (subscription)
http://www.law360.com/articles/702478/commerce-to-revise-cyber-rule-said-to-hamper-research
#cybersecurity #hacker
Cisco routers vulnerable to new attack
attacks replace OS used in network Cisco equip.
Cisco router attacks
= x14 instances of router implants found in:
- India
- Mexico
- Philippines
- Ukraine
http://www.reuters.com/article/2015/09/15/us-cybersecurity-routers-cisco-systems-idUSKCN0RF0N420150915
Malvertising
#cybersecurity #hacker
Malvertising Campaign Rages Undetected For 3 Weeks
/ manipulate ad networks' chain of trust
Malvertising
= number of new tactics to make attackers harder to track down
eg use domain names registered years ago w/ BBB
#Hacker
= look like legit bus. using real-time bidding
= ads clean
= ads redirected to point for download malicious code
ads thru
encrypted HTTPS channel
= lets third party directly serve up content
+ encrypt comm.
/ no inspect.
Malvertising
attackers used Google URL shortener in redirects
Malwarebytes + Google working to solve
Malvertising hits, incl: http://ebay.co.uk http://drudgereport.com http://answers.com
Malvertising
compromised various small ad networks
+ major ad networks, incl DoubleClick, AppNexus + ExoClick
Malvertising hits, adult, incl:
nuvid.com
upornia.com
eroprofile.com
very low-cost intro packages
= attacker opportunity for short campaigns w/ small investments
http://www.darkreading.com/attacks-breaches/malvertising-campaign-rages-undetected-for-3-weeks/d/d-id/1322169
#cybersecurity
National Cyber Security Hall of Fame
2015 INDUCTEES
Thu 29th Sept
x5 - listed
http://news.sys-con.com/node/3456101
#cybersecurity - REPORT - Insurance
PWC
Insurance 2020 & beyond: Reaping the dividends of cyber resilience
http://www.pwc.com/gx/en/industries/financial-services/insurance/publications/insurance-2020-cyber.html
#cybersecurity #insurance
market to reach $7.5 billion annual premiums by end 2020
& min. $5 billion by 2018
insurance co's may MITIGATE risks by
partnering w/ technology co's
+ data sharing b/w insurance co's
Insurer mitigation also by:
conditional regular risk assessments
of client ops & required remedies re reviews
http://www.pymnts.com/in-depth/2015/cyber-insurance-market-to-thrive-triple-by-2020/
#military
DOD - Overhaul of Military Ground Systems
in favour of single UNIFIED system for satellite networks
Satellite networks
multiple siloed ground systems
aka “stove-piped”
= inhibits security, resiliency, agility & affordability
stovepiped / single ununified systems
= op systems each functioning w/ unique proprietary software from contractors
#military ground systems
- USG wants to move away from reliance original contractor
/ own tech baseline
/ free up competition
DOD overhaul aim:
- *control interfaces + standards
- *no limits interface / proprietary s/w
- *no contractor control architecture
DOD overhaul of military ground systems goals
*agility
*automation
*security
*resilience
Cost savings = inherent result
cybersecurity
= too many interfaces + incongruous software:
*multiple cyber attack surfaces
*must be defended individually
Enterprise Ground System (EGS)
/ DOD interested in using #cloud tech for EGS
/ type undecided
/ Airforce favours private (b/c physically reside w/in operation centres)
http://www.satellitetoday.com/regional/2015/09/14/dod-prepares-for-overhaul-of-military-ground-systems/
NYSE
STUDY by Veracode
2015 Survey
#cybersecurity in the Boardroom - 8pg PDF
https://www.veracode.com/sites/default/files/Resources/Whitepapers/cybersecurity-in-the-boardroom-whitepaper.pdf
Associated article:
Boardrooms and cyber security http://thetandd.com/news/boardrooms-and-cyber-security/article_5edccb5b-aed1-5e88-b2e4-0dd396d5540d.html
Twitter
hired a trio of firms
/ first outside lobbyists to work DC
spent $160K / first-half
http://www.odwyerpr.com/story/public/5332/2015-09-14/twitter-enters-dc-lobbying-fray.html
quantum encryption
quantum random number
generator | Entropy Engine
/ 200 million random Nos.
http://www.santafenewmexican.com/news/health_and_science/science-on-the-hill-for-cybersecurity-in-quantum-encryption-we/article_2ce4c8bb-78fa-5dbc-826f-ffdd33501ae3.html
WEBINAR - cybersecurity
Former NSA Tech. Dir.
Jim Penrose
cyber ops expert
subtle traces compromise detection
http://www.bankinfosecurity.com/webinars/view-from-inside-intelligence-driven-approaches-to-cyber-detection-w-764
#Germany #cybersecurity
new IT Security Law
July 24, 2015
foresees admin fines
4-yr evaluation
*overview & links
http://www.natlawreview.com/article/what-you-need-to-know-about-germany-s-cybersecurity-law
#cybersecurity #hacker
9 FBI Warnings
/ risks posed by Internet of Things ('IoT')
x10 device examples
http://www.defenseone.com/threats/2015/09/fbi-department-homeland-security-warnings-internet-connected-everyday-objects/120905/
IronNet
fmr NSA Director Keith Alexander
raised $7.5 million in equity
re IronNet #Cybersecurity
pt $25-m Trident Capital financing
IronNet Cybersecurity
funds to go to:
*cybersecurity products
*building the company’s workforce
http://www.bizjournals.com/baltimore/blog/cyberbizblog/2015/09/keith-alexander-led-ironnet-cybersecurity-raises-7.html
#cybersecurity
digital tax fraud
skyrocketed over last year
/ data breaches
PROPOSED bill re notices ID theft
almost half USA states
= reported spikes in electronic filing fraud
= Minnesota stopped accepting some electronic returns
http://thehill.com/policy/cybersecurity/253542-senate-committee-will-mark-up-digital-tax-fraud-bill
#cybersecurity
new chip developed by Xerox
= self-destruct on command
Gorilla Glass / shattering chip
Potential use: storage device for encryption keys
https://www.siliconrepublic.com/enterprise/2015/09/14/self-destructing-chip-xerox
Korean-based SK Telecom
+ Greenville USA co.
to develop vehicle cybersecurity
/ Quantum Cryptography
... securely distributes a secret key to legitimate parties. Here, a key is a table of random numbers shared by legitimate users in such a way that the information is known only to them, and secure means secure against any possible eavesdropping, which is the highest level of security. The system is expected to enhance security of critical network infrastructure.
Currently, most systems, including the connected vehicle ecosystems, use software-based pseudo-random number generators for encryption, meaning that they can fall vulnerable to hackers who decrypt the sequence of digits. Once developed for commercial use, SK Telecom’s technology will eliminate such concerns for security as it generates true random numbers based on hardware.
http://gsabusiness.com/news/55654-greenville-center-korean-firm-to-develop-vehicle-cybersecurity
#cybersecurity
E-ZPass
vulnerable to hackers, ID thieves + govt spying
/ not using encryption
E‑ZPass
= electronic toll-collection system
= tolled roads, bridges, & tunnels USA
http://www.whdh.com/story/30022568/report-e-zpass-vulnerable-to-hackers-identify-thieves
#SouthAfrica #law
proposed bill too broad
consequences beyond remit
/ state cyberwarfare
/ warrantless seizure
#SouthAfrica
/ penalties - to 25 years in prison
/ has until Nov 30 to submit comment on proposed bill.
http://www.zdnet.com/article/south-africa-gets-first-look-at-cybercrime-bill-that-comes-with-25-year-jail-terms/
#Tor
.onion domain
= formal recognition granted
security certificates available to site admins
http://www.cbronline.com/news/cybersecurity/business/regulators-give-tors-onion-domain-name-special-use-status-4669709
USA Dept Energy
DOE REPORT linked
US #Energy Tech
Exports
= cybersecurity risks - b/c rely on digital tech
http://www.theepochtimes.com/n3/1751096-global-energy-growth-could-disrupt-americas-grid-security-doe-report-says/
---------------------- ꕤ ----------------------
COMMENT
Bunch of random stuff I looked at.
It all seemed very exciting ... at the time. Now, I'm not so sure. lol
The onion domain news and the self-destructing chip is exciting, I guess.
I'm no techie, so the 'internet of things' doesn't bother me. I like everything manual, if I can help it. lol
Twitter hiring Washington lobbyists is kind of exciting. Wonder why?
The US military proposed overhaul of ground satellite communications (if I understand correctly), is pretty cool.
Surprise that it has taken them until 2015 to come up with those ideas, when they're in the business and should know what they're doing when it comes to multiple contracts and software applications etc.
It doesn't sound too efficient at the DOD.
Digital tax fraud sounds boring. I don't even know what the point of it is. lol People pretend to be someone else ... but then what?
Oh, the best news it the Ninth Circuit Court ruling regarding copyright!
Take that, Universal Music a#@!@#s!
ꕤ
|
No comments:
Post a Comment