Thursday, January 31, 2013

Cyber attacks the future of modern warfare (video)

Video: Cyber attacks 'the future of modern warfare', says Tory MP - Telegraph: The Ministry of Defence are ill-prepared for cyber attacks and the future of modern warfare, warns the Commons Defence Select Committee chair James Arbuthnot. "The military is now so dependent on computers and information technology that a sustained cyber attack could render weapons and even entire combat units useless, a report by the Commons defence committee has concluded."

After Aaron: how an antiquated law enables the government's war on hackers, activists, and you | The Verge: "The CFAA may have been written with malicious computer break-ins in mind, but in reality it’s used to target an incredibly broad range of activities completely divorced from “hacking,” and Aaron Swartz is only the most recent example. Framed during a time of widespread computer illiteracy when nefarious depictions of hackers dominated mainstream media, the law attempted to bring order to the new computational “Wild West” by combating unauthorized access to protected systems in government and finance. But today, the CFAA can effectively mark anyone who uses a computer to access another computer (e.g., anyone on the internet) as a felon."

Homeland Security warns Java still poses risks after security fix | ZDNet: " . . . some security experts are warning that the new software -- Java 7 (Update 11) . . . may not actually protect against hackers attempting to remotely execute code on user machines. This code, security experts warn, could be used to acquire personal information and steal identities, or subscribe machines to 'botnets,' which can then be used to hit networks and Web sites with denial-of-service attacks. . . ."

more news below

Tuesday, January 29, 2013

A New security model

Growing attack surfaces require new security model | TechRepublic: "Right now, most of the budget and time allocated by any organization is on prevention. Some figures, according to the RSA chairman, place over 80% of the effort on prevention, with 15% on detection and 5% on response. But incursions are inevitable. Instead the balance needs to be shifted, and this means rethinking that security model from the ground up. So what will 2013 bring us on this front? The first thing is for companies to start accepting that mobility and the cloud are here to stay. According to the latest predictions out of RSA, hackers will become even more sophisticated in the coming year, and those attack surfaces will keep growing. This means that the shift has to be done as soon as possible. In order to implement this new model, businesses need to come to terms with the fact that these security issues exist. There needs to be a much higher degree of cooperation in the industry, between security professionals, management, and IT. In an era of openness and connectivity, more focus needs to be put on quick detection and response, instead of relying on aging technologies."

more news below

Saturday, January 26, 2013

Beware Fake IRS Agents Calling Taxpayers

Beware: Fake IRS Agents Calling Taxpayers: "If you get a call from someone saying they're an IRS Agent, it's most likely a new scam that's making the rounds. The calls come from an 1-800 number and the name on the caller ID reads, IRS. June Burdeshaw with Danny McCallister Accounting Services said every year there's a different scam and the criminals are savvy. Burdeshaw said the IRS contacts tax payers through the United States Postal Service. She said it's very rare for an agent to call you. "If you choose to answer the call make sure you get the badge number because an IRS agent is supposed to give you that information," said Burdeshaw. Burdeshaw said fake emails also circulate during tax season. If one shows up in your inbox, just delete it."

Jay Starkman: E-Filing and the Explosion in Tax-Return Fraud - "If you become a tax-identity theft victim, immediately seek a referral to the IRS Identity Protection Specialized Unit or the Taxpayer Advocate Service using Form 911. Keep in mind that it can take over a year to resolve. The IRS has a backlog of 650,000 cases. The national taxpayer advocate has recommended that taxpayers be allowed to tell the IRS to accept their return only when filed on paper, thus preventing e-file tax-identity theft. So far the IRS has failed to allow this. Less effective methods are to request an "electronic filing PIN," available at, and file Form 14039, "Identity Theft Affidavit," so that the IRS might apply additional return-screening procedures. Sadly, conventional credit-monitoring services are useless against income-tax identity theft. In sum, e-filing helps the IRS with audit selection, costs the Treasury billions through fraud, and transfers many costs of tax administration to you."

more news below

Thursday, January 24, 2013

Cybersecurity predictions for 2013

6 big cybersecurity predictions for 2013 | VentureBeat: " . . . Attacks using bloggers will increase - Many content management systems that bloggers use, and the ad servers they are integrated with, don’t have enough security measures to protect content created by writers and bloggers, or the ad units served by advertisers. In 2013, hackers will exploit these security weaknesses further to spread viruses, conduct phishing attacks, and steal data from the audiences who visit these websites. Virtual attacks end in human death - Nation-state attackers will target critical infrastructure networks such as power grids at unprecedented scale in 2013, resulting in human casualties from a cyber attack. Violent extremist groups have already attacked nuclear reactors, hospitals and assembly lines at automobile companies. These types of attacks are growing more sophisticated, and will soon enough lead to the loss of human life at an unprecedented scale. Rogue regimes use cyberterrorism to attack their governments – In 2012 we already saw numerous government-sponsored cyber attacks, but next year we will see rogue regimes utilize the skills they have developed to attack their own governments. . . . "

more news below

Tuesday, January 22, 2013

Crimeware Author Funds Exploit Buying Spree

Crimeware Author Funds Exploit Buying Spree — Krebs on Security
By BrianKrebs
The author of Blackhole, an exploit kit that booby-traps hacked Web sites to serve malware, has done so well for himself renting his creation to miscreants that the software has emerged as perhaps the most notorious and ubiquitous crimeware ...
Krebs on Security

more news below

Saturday, January 19, 2013

Practical ways to protect online privacy

Practical ways to protect your online privacy - CBS News  " . . . Never reply to emails with personal information. . . . If an email asks for information like that, just delete it -- it's a phishing expedition. Never click a link in an email to go to your banking web site. Even people who would never think to reply to an email with their account number and password might still click a link in a message to "conveniently" go to their account login page. But this might still be a phishing trip, and you could be clicking to a site that's about to capture your login information. Always navigate to a web page yourself via your browser. Use a unique password on every site. Don't use the same password on Facebook and your bank . . . "

Essential PC security tips (send to your parents)
Security breach: How to protect your credit
Social engineering scam: Your password's worthless

more news below

Friday, January 18, 2013

Singapore Government strengthens cyber attack prevention laws

Singapore Government strengthens cyber attack prevention laws
Businesses may be ordered to provide officials with information that could be used to "identify, detect or counter" the threat of cyber attacks, such as details of the design or security of computer systems they operate. Businesses may also be required ...

SBL launch new cyber security magazine (press release)
The magazine features articles and contributions from both the USA and Sweden demonstrating that the issue of cyber security transcends national boundaries. The growth of the internet and development in technology has given society many advantages, ...

The week in security: Cyber criminals go where the money is
CSO Magazine
... experts said the incidence of security incidents in that territory jumped 30% during 2012. Yet even as Iran was accused of cyberwar against the US in a "frightening" turn of events, and the UK government was warned that a major cyber-attack on the ...

DoD Looks to Expand Cyber, Maritime Partnerships in Europe
MADRID — The U.S. Defense Department is looking to broaden its defense cooperation in Western Europe by deepening its military-to-military engagements, especially in maritime and cyber securityinitiatives. U.S. Defense Secretary Leon Panetta, who is ...

UK cyber security under fire « IISS Voices
By Islam Al Tayeb, Research Analyst, IISS-Middle East The British military could be 'fatally compromised' by a major cyber attack because it lacks clear ...

more news below

Thursday, January 17, 2013

Write Software that can be used for Gambling and Go to Prison

Write Gambling Software, Go to Prison | Threat Level | ". . . Stuart, who has been charged along with his wife and brother-in-law with one felony count for promoting gambling in New York through their software firm, says that his company sells the software only to entities outside the U.S. and that he’s not aware of anyone using it in the U.S. or using it to take illegal bets in the U.S. He also says the software doesn’t place bets, it simply provides online gambling sites with the infrastructure to select and display which sporting events they want to offer for betting and also stores the bets. “It’s overreaching where they’re going after a software developer who sells the software with a legal license, and yet we’re still being prosecuted on how it’s being used,” Stuart says. He notes that authorities have not told him yet who exactly he’s accused of aiding and abetting. A hearing in the case is scheduled to be held in New York on Jan. 8."

more news below

Tuesday, January 15, 2013

Disaster Recovery Plans

5 Tips for CIOs: Plan for Hurricanes, Hackers and Aliens? - Forbes: " . . . quite surprisingly, unlike Google, very few companies have a disaster recovery plan. A recent IT survey indicated that only 26 percent of small to medium-sized businesses do. With New Year’s resolutions top of mind, here are five steps that you and your organization should take to dramatically reduce the fallout of your next outage. #1: There will be a next time - Note, I said “next outage,” which implies there will be another outage or disaster that takes out your critical business systems. . . . The best time to start your disaster planning or to update your existing plan is right after you’ve had an outage. Every company should do a thorough postmortem after an outage that entails a forensic analysis leading up to andafter the outage. Understanding what happened and how it can be avoided in the future is critical, but so is asking, “How could we have recovered faster?” . . . #2 Focus on preventing and recovering from outages . . . "

more news below

Saturday, January 12, 2013

Hackers stole personal data at Fort Monmouth

Hackers steal personal data of 36k people at Fort Monmouth | Hacking News | Security updates: "Hackers breached the Army database and gained accessed to personal data of more than 36,000 people connected to Army commands formerly based at Fort Monmouth, according to Asbury Park Press report. An Army spokesperson said the information includes names, birth dates, Social Security numbers, addresses and salaries . . . "

more news below

Thursday, January 10, 2013

Feds Charge Anonymous Spokesperson for Sharing Hacked Stratfor Credit Cards

Feds Charge Anonymous Spokesperson for Sharing Hacked Stratfor Credit Cards | Threat Level | "He has been in prison since he was arrested in dramatic and public fashion three months ago after posting a threatening video to YouTube. Brown was talking with acquaintances during a Sept. 12 TinyChat session when the feds burst in and took him away. The chat session was later posted to the internet. The Anonymous spokesman was charged the next day with threatening a federal officer. This time the charges are are related to a different incident: the 2011 Stratfor hack where credit card numbers and internal e-mail messages were stolen. According to the grand jury indictment, dated Tuesday, Brown posted a link to a zipped version of the documents stolen in the Stratfor hack on Christmas day 2011 — that counts as trafficking in “stolen authentication features,” the indictment claims. He’s also charged with possessing stolen credit card numbers, Card Verification Values, and other information related to those credit card numbers."

more news below

Tuesday, January 8, 2013

You are committing a crime right now

Errata Security: You are committing a crime right now: "Are you reading this blog? If so, you are committing a crime under 18 USC 1030(a) (better known as the “Computer Fraud & Abuse Act” or “CFAA”). That’s because I did not explicitly authorize you to access this site, but you accessed it anyway. Your screen has a resolution of 1366x768. I know this, because (with malice aforethought) I clearly violated 18 USC 1030(a)(5)(A) by knowingly causing the transmission of JavaScript code to your browser to discover this information. So we are all going to jail together. That's silly, you say, because that’s not what the law means. Well, how do you know what the law means? The law is so vague that it’s impossible to tell. The CFAA was written in 1986. Back then, to access a computer, you had to have an explicit user account and password. It was therefore easy to tell whether access was authorized or not. But then the web happened, and we started accessing computers all over the world without explicit authorization. . . "

more news below

Saturday, January 5, 2013

Maritime Security: How to Catch a Pirate

Maritime Security: How to Catch a Pirate: " . . . A host of laws have been formulated to tackle the problem. The UN Convention on the Law of the Sea (UNCLOS) has established the legal definition of piracy in international law. UNCLOS does not, however, provide for investigatory or prosecutorial procedures or guidelines for international co-operation. It accords universal jurisdiction for piracy; any state is authorised to prosecute the crime of piracy committed on the high seas. The Convention for the Suppression of Unlawful Acts against the Safety of Maritime Navigation, 1988 obliges contracting governments to either extradite or prosecute alleged offenders. The 1979 International Convention against the Taking of Hostages requires contracting states to criminalise the taking of hostages. The United Nations Office on Drugs and Crime has published model laws on mutual assistance in criminal matters, witness protection, extradition and money-laundering and financing of terrorism that focus on the substantive obligations arising from international conventions. States may use the model laws as a starting point while drafting their own laws on the subject.
Universal jurisdiction does not apply when crimes are committed in territorial waters. It does not allow authorities to pursue pirates to their sanctuaries within territorial limits or on land. In order to prosecute piracy offences domestically, a state needs to criminalise the offence. Model legislation helps domestic legal systems to reform their substantive law and to prosecute in a manner consistent with international law.
Reports state that hundreds of Somali pirates are currently incarcerated in other countries, awaiting trial. Many of these countries have not yet criminalized piracy and the pirates are charged with general crimes such as armed robbery and attempt to murder. Often, the pirates are quietly released on the high seas to reduce congestion in local jails and the burden on the legal system. Efforts to bring pirates to justice in domestic courts have foundered due to various legal and practical challenges. . . . "

more news below

Thursday, January 3, 2013

Computer Security Predictions For 2013

RSA's Art Coviello: 8 Computer Security Predictions For 2013 - Forbes: "In an age where breaches are probable, if not inevitable, organizations are realizing that static, siloed, perimeter defenses are ineffective against the evolving threat landscape. Only an intelligence-based model that is risk-oriented and situationally-aware can be resilient enough to minimize or eliminate the effects of attacks. So, now comes the good news: . . . 6. Responsible people in organizations from all verticals, industries and governments will move to that newer intelligence-based security model and pressure governments to act on our collective behalf. 7. I also predict a significant uptake in investment for cloud-oriented security services to mitigate the effects of that serious shortage in cyber security skills.
8. Big Data analytics will be used to enable an intelligence-based security model. Big Data will transform security enabling true defense in depth against a highly advanced threat environment. . . ."

more news below

Tuesday, January 1, 2013

Think twice before using a smartphone charging kiosk

PSA: Think twice before using a smartphone charging kiosk | Mobile | " . . . If you find yourself in need of a charging station, the team behind this experiment found that most phones don’t give up information when the phone is powered off. Otherwise, unless you are sure the kiosk is safe, the team recommends using the cable that was included with the smartphone. . . ."

more news below

Cybersecurity - Google News

Malware - Google News

National Security - Google News

"Security Threats" - Google News

Maritime security - Google News

The State of Security

TSA - Google News

Homeland Security - Google News