Tag Archives: direction

My latest Gartner Research: Cool Vendors in Security for Technology and Service Providers, 2016

The boundaries of information security are fast expanding. These Cool Vendors are pioneering new directions and potential opportunities in the security market. TSP product managers and CMOs looking to partner with these vendors should examine their innovative security technologies.

Gartner customers can read this research by clicking here.


[ISN] A New Material Promises NSA-Proof Wallpaper

www.defenseone.com/technology/2015/10/new-material-promises-nsa-proof-wallpaper/123066/ By PATRICK TUCKER defenseone.com OCTOBER 23, 2015 Your next tinfoil hat will won’t be made of tinfoil. A small company called Conductive Composites out of Utah has developed a flexible material — thin and tough enough for wallpaper or woven fabric — that can keep electronic emissions in and electromagnetic pulses out. There are a few ways to snoop on electronic communications. You can hack into a network or you can sniff out radio emissions. If you want to defend against the latter, you can enclose your electronic device or devices within a structure of electrically conductive, (probably metallic) material. The result is something like a force field. The conductive material distributes the electromagnetic energy away from the target in every direction — think of the *splat* you get when you hurl a tomato at a wall. These enclosures are sometimes called Faraday cages after the 18th-century British scientist who discovered electrolysis. Today, Faraday cages are all over the place. In 2013, as the College of Cardinals convened to elect a new Pope, the Vatican’s Sistine Chapel was converted into a Faraday cage so that news of the election couldn’t leak out, no matter how hard the paparazzi tried, and how eager the cardinals were to tweet the proceedings. The military also uses Faraday cages for secure communications: Sensitive Compartmented Information Facilities or SCIFs are Faraday cages. You’ll need to be in one to access the Joint Worldwide Intelligence Communication System, or JWICS, the Defense Department’s top-secret internet. Conductive Composites has created a method to layer nickel on carbon to form a material that’s light and moldable like plastic yet can disperse energy like a traditional metal cage. […]


[ISN] LogMeIn buying password manager LastPass

www.csoonline.com/article/2991479/application-security/logmein-buying-password-manager-lastpass.html By Peter Sayer IDG News Service Oct 12, 2015 Identity and access management specialist LogMeIn has agreed to buy Marvasol, the company behind online password store LastPass. The companies expect to close the deal, valuing Marvasol at between US$110 million and $125 million, in a matter of weeks. LogMeIn is firmly in the enterprise market, while Marvasol has been steadily extending the LastPass secure password storage tool in that direction, with password sharing and group access functions. LastPass stores an encrypted version of its customers’ passwords in the cloud, allowing them to unlock and access them with a single password from almost any Internet-connected device through either secure browser plugins or a web interface. The company offers apps for Android and iOS, as well as plugins for Internet Explorer, Chrome, Firefox and Safari. Using the service on a single device category is free; multiple categories requires a subscription. […]


[ISN] Hacking Team orchestrated brazen BGP hack to hijack IPs it didn’t own

http://arstechnica.com/security/2015/07/hacking-team-orchestrated-brazen-bgp-hack-to-hijack-ips-it-didnt-own/ By Dan Goodin Ars Technica July 12, 2015 Spyware service provider Hacking Team orchestrated the hijacking of IP addresses it didn’t own to help Italian police regain control over several computers that were being monitored in an investigation, e-sent among company employees showed. Over a six day period in August 2013, Italian Web host Aruba S.p.A. fraudulently announced its ownership of 256 IP addresses into the global routing system known as border gateway protocol, the messages document. Aruba’s move came under the direction of Hacking Team and the Special Operations Group of the Italian National Military Police, which was using Hacking Team’s Remote Control System malware to monitor the computers of unidentified targets. The hijacking came after the IP addresses became unreachable under its rightful owner Santrex, the “bullet-proof” Web hosting provider that catered to criminals and went out of business in October 2013, according to KrebsOnSecurity. It’s not clear from the e-mails, but they appear to suggest Hacking Team and the Italian police were also relying on Santrex. The emails were included in some 400 gigabytes of proprietary data taken during last weekend’s breach of Hacking Team and then made public on the Internet. With the sudden loss of the block of IP addresses, Italy’s Special Operations Group was unable to communicate with several computers that were infected with the Hacking Team malware. The e-mails show Hacking Team support workers discussing how the law enforcement agency could regain control. Eventually, Italian police worked with Aruba to get the block—which was known as in Internet routing parlance—announced in the BGP system as belonging to Aruba. It’s the first known case of an ISP fraudulently announcing another provider’s address space, said Doug Madory, director of Internet analysis at Dyn Research, which performs research on Internet performance. […]


[ISN] Strategic Friendship in Asymmetric Domain)

http://www.pircenter.org/en/blog/view/id/208 By Oleg Demidov PIR Center 09.05.2015 The bilateral intergovernmental Russian-Chinese agreement on cooperation in the field of international information security which was signed on May 8, 2015 during the visit to Moscow of Xi Jinping, General Secretary of the CPC and the President of China, could potentially become an important milestone in Russia’s strategy of pivoting to the East. Though in its current state the agreement rather provides a general cooperation framework, it also provides a broad range of directions for further practical cooperation steps and efforts between the two countries. It primarily focuses on systemic information exchange between special services of the two states, joint monitoring and prevention of escalation of serious incidents and especially conflicts in cyberspace, ensuring and strengthening cybersecurity of critical infrastructures, countering ICT-enabled forms and methods of terrorism, exchange of expertise and academic knowledge on cybersecurity, etc. A strong focus in made on joining efforts in countering the unlawful use of ICTs targeted at “undermining of social order, political and social stability, provoking extremism, hate and social unrest”, and even (and this is something quite new even for Russian doctrines, let alone intergovernmental agreements) “threatening to the spiritual sphere” of the two nations. Noteworthy, the agreement for the first time for a Russian official international document operates with the notion of strategic stability with regard to cyberspace and information security. Previously, a more broad and vague notion of ICT-enabled threats to international peace and security was used. Something distinct from a mere terminological equilibristic, this conceptual update serves as an indicator of the fact that Moscow now truly regards China as a strategic partner in the dialogue on political and military dimension of cybersecurity. The discourse of strategic stability was always linked to the issues of WMD strategic balance and (in Russian view) strategic antimissile defense. Now cybersecurity has a strong presence in this “elite club” of ultimate global security factors in the Russian strategic thinking, and first intergovernmental manifestation of this paradigm is addressed to and agreed with China. Accidentally or not, this aspect reveals interesting intersections with the recently published updated DoD’s Strategy for Cyberspace, which has replaced the previous document from 2011, even having in mind that an intergovernmental agreement and a national strategy are very different documents in terms of their scope and purposes. […]


My latest Gartner research: Cool Vendors in Security for Technology and Service Providers, 2015

When considering partnering with these Cool Vendors, TSP product managers and CMOs interested in the security space should examine their innovative security technologies. These vendors are pioneering new directions and potential opportunities in the security market.

Gartner clients can access this research by clicking here.


[ISN] Cyber cold war likely to continue

http://www.chinadaily.com.cn/opinion/2014-07/18/content_17830716.htm By Colin Speakman China Daily 2014-07-18 Tensions are growing amid claims and counter-claims of cyber espionage by the United States and China. Even the just concluded Sino-US Strategic and Economic Dialogue in Beijing couldn’t ease the tensions. In May, the US charged, albeit without evidence, five Chinese nationals with breaking into US companies’ systems and stealing trade secrets, and called them “military hackers”. On July 11, US Department of Justice officers arrested a Chinese national, Su Bin, for “working with hackers in China” to infiltrate US companies’ networks and steal valuable data on military technology. Su is the owner of Chinese aviation technology company Lode Tech and has been accused of working with two co-conspirators in China to break into the computers of Boeing and other US defense contractors. Raising tensions further, Fox News’ Bob Beckel, who hosts The Five program, said: “Chinese are the single biggest threat to the national security of the US. Do you know what we just did? As usual, we bring them over here and teach a bunch of Chinamen, uh, Chinese people, how to do computers, and then they go back to China and hack us.” His remark has been strongly criticized by many, including Chinese Americans, with California State Senator Ted Lieu demanding Beckel’s immediate resignation. Lieu has said that Americans “should all be alarmed by the racist, xenophobic comments”. Alarming it is indeed, as The Washington Post recently noted that “the US-China relationship is facing its stiffest test since then US president Richard Nixon traveled to Mao Zedong’s China in 1972”, and German Chancellor Angela Merkel again expressed serious concern over the US-sponsored hacking into confidential German data. If the US cannot trust its Western allies, how can it trust China, a country it openly admits to be in a competitive relationship with? China, too, is stepping up its security protection against US surveillance. In May it announced that the Central Government Procurement Center had mandated all “desktops, laptops and tablet PCs purchased by central State organizations must be installed with OS other than Windows 8”. The Chinese media have painted Microsoft, Apple, Facebook, Google, Yahoo and other IT giants as pawns of the US National Security Agency, claiming that foreign technology service providers such as Google and Apple can become cybersecurity threats to Chinese users. That’s why it looked like a retaliatory move when China’s State-run television told iPhone owners that the device is a threat to national security because it tracks users’ movements. The warning was that iOS 7’s “frequent locations” app, which records places users have been to and the time they spend there, can help the IT giant obtain sensitive information, including State secrets. Apple has explained the app’s functionality as designed to learn important locales to provide pre-emptive information, such as directions to a frequently patronized restaurant or the estimated commute time to work. However, Chinese concerns are that Apple’s mobile phone positioning can view users’ addresses and whereabouts, because information will be recorded even if the app is turned off. From this app, someone can get a cell phone user’s occupation, place of work, home address and then obtain all other relevant information on him/her. It is understandable that such permitted culling of information would raise concerns after the “Snowden Effect” – many US technology companies’ relations with foreign governments, including China’s, have come under scrutiny and many big service providers asked the NSA to drastically change its policies before the surveillance program further harms their businesses. Apple is one of the companies at the forefront of this risk. In the first quarter of 2014, Apple said revenue from the “Greater China” region, which included the mainland, Hong Kong and Taiwan, accounted for 20 percent of its total sales, up 13 percent year-on-year. The question is: Will the future see a shutting out of potentially useful US technological advances in China as a response to the lack of trust and dearth of knowledge on what these technologies could be used for? Each side accuses the other of cyber espionage and each side views itself as a victim. China rightly cites the NSA scandal, which revealed widespread surveillance by US intelligence agencies on not only US citizens but also governments and companies worldwide, including Chinese companies. The US, on its part, continues to accuse China of using cyber warfare to steal confidential information, trade secrets and data of national importance. Since most countries engage in some form of spying and can justify it in terms of national interest, a protocol on cybersecurity and boundaries of invasive behavior should be put in place. Unfortunately, such a possibility seems a long way off. At the next Strategic and Economic Dialogue, therefore, a new formula should be brought to the table, and perhaps the economic benefits of cooperation should be allowed to drive the agenda. But whatever is agreed, spying will take place. In some form, the cyber cold war is likely to continue. The author, an economist and international educator, is director of China Programs at CAPA International Education, a US-UK based organization that cooperates with Capital Normal University and Shanghai International Studies University.


[ISN] Cyber warfare research institute to open at West Point

http://www.armytimes.com/article/20140407/NEWS04/304070052/Cyber-warfare-research-institute-open-West-Point By Joe Gould Staff writer Army Times April 7, 2014 The Army’s academy has established a cyber warfare research institute to groom elite cyber troops and solve thorny problems for the Army and the nation in this new warfighting domain. The U.S. Military Academy at West Point, N.Y., plans to build a cyber brain trust unprecedented within the service academies, filling 75 positions over the next three years — including scholars in technology, psychology, history and law, among other fields. The chairman of the organization, called the Army Cyber Institute, will be retired Lt. Gen. Rhett Hernandez, the first chief of Army Cyber Command, according to Col. Greg Conti, the organization’s director. The institution, which aims to take on national policy questions and develop a bench of top-tier experts for the Pentagon, will be defining how cyber warfare is waged, to steer and inform the direction of the Army. […]