Tag Archives: oh

[ISN] Symantec to incubate security startups with new VC partnership

http://www.techworld.com/news/security/symantec-incubate-security-startups-with-new-vc-partnership-3619807/ By John E Dunn Techworld.com July 15, 2015 Symantec believes the future of security is out there somewhere and has set up a new partnership with VC firm Frost Data Capital to try and find it in the form of early-stage security startups. Security firms have a long track for acquiring startups for intellectual property as well as seeding the occasional spin-off. What they still struggle to do is to tap into early-stage technology in an affordable and sustainable way. Now the pair plan to incubate up to ten startups per year in the Internet of Things, big data analytics and healthcare sectors in an attempt to shorten the time it takes for the4se technologies to reach thr market. While no investment sums have been revealed it’s an obvious tryout for an emerging ‘non-traditional’ model in which venture firms provide the entrepreneurial support and a security firm such as Symantec sanity checks the security technologies and engineering […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Unit 8200: Israel’s cyber spy agency

http://www.ft.com/cms/s/2/69f150da-25b8-11e5-bd83-71cb60e8f08c.html By John Reed FT.com July 10, 2015 In a searingly hot afternoon at a campuslike new science park in Beer Sheva, southern Israel, I watched as a group of bright, geeky teenagers presented their graduation projects. Parents and uniformed army personnel milled around a windowless room packed with tables holding laptops, phones or other gadgets. There was excited chatter and a pungent smell of adolescent sweat. This was a recent graduation ceremony for Magshimim (which roughly translates as “fulfilment”), the three-year after-school programme for 16 to 18-year-old students with exceptional computer coding and hacking skills. Magshimim serves as a feeder system for potential recruits to Unit 8200, the Israeli military’s legendary high-tech spy agency, considered by intelligence analysts to be one of the most formidable of its kind in the world. Unit 8200, or shmone matayim as it’s called in Hebrew, is the equivalent of America’s National Security Agency and the largest single military unit in the Israel Defence Forces. It is also an elite institution whose graduates, after leaving service, can parlay their cutting-edge snooping and hacking skills into jobs in Israel, Silicon Valley or Boston’s high-tech corridor. The authors of Start-up Nation, the seminal 2009 book about Israel’s start-up culture, described 8200 and the Israeli military’s other elite units as “the nation’s equivalent of Harvard, Princeton and Yale”. With a female IDF minder at my side, I listened as the teenagers described their projects. More than half were boys but there were girls too, and 8200 is open to both. Omer, 19, had designed a USB key that can suck information out of one computer and organise it on another: essentially, a hacking tool. “We made it appear like a keyboard so you can infiltrate any company in the world,” he told me. “It’s a proof of concept.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Senator Sasse: The OPM Hack May Have Given China a Spy Recruiting Database

http://www.wired.com/2015/07/senator-sasse-washington-still-isnt-taking-opm-breach-seriously/ By Senator Ben Sasse Security Wired.com 07.09.15 AS A NEWLY elected Senator, I am here to tell you a hard truth: Washington does not take cybersecurity seriously. But you probably already knew that if you’ve read anything about the massive OPM data breach. To recap today’s news from OPM, since 2013, a malicious attacker—likely the Chinese government—breached government databases and stole information on some 21 million federal employees. This included personal information like addresses and Social Security numbers. Most of these people held security clearances and for them it also included nearly 150 pages of material in what are called Standard Form 86s (SF-86), which detail nearly every aspect of their lives. Here’s the kicker: despite today’s jaw-dropping news, the attackers were in our networks so long that it may still be a while before we figure out everything they stole. Most news coverage has centered on federal employees. But that’s an incomplete picture because it’s now clear many victims never worked for the federal government. When applying for a security clearance with the SF-86, applicants list their family members, neighbors, co-workers, foreign contacts, and even college roommates. What this means is that not only do the hackers know lots of sensitive information about millions of government employees, they also know a great deal about many of the people they know and love. The implications for threats, intimidation, and blackmail are chilling. “Oh, you don’t want to sell out your country? OK, we get it. By the way, your parents still live at 2911 Rainbow Drive, right?” China may now have the largest spy-recruiting database in history. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Lizard Squad Hacker Who Shut Down PSN, Xbox Live, And An Airplane Will Face No Jail Time

http://www.forbes.com/sites/insertcoin/2015/07/09/lizard-squad-hacker-who-shut-down-psn-xbox-live-and-an-airplane-will-face-no-jail-time/ By Paul Tassi Contributor Forbes.com 7/09/2015 Last Christmas, a hacking collective known as the “Lizard Squad” managed to take down PSN and Xbox Live right as everyone was attempting to play their consoles during holiday, creating one of the worst outages in the history of either network. The attacks soon evolved into a more personal nature, targeting then-president of Sony Online Entertainment, John Smedley, which included posting his personal details and actually grounding an American Airlines flight he was on with a Twitter TWTR -1.15%-issued bomb threat. Since then, everyone has been wondering just who the members of Lizard Squad were and if they’d ever be brought to justice. Recently, one individual, 17 year-old Julius “zeekill” Kivimaki was identified, and after standing trial in his native Finland, has just been convinced of an incredible 50,700 charges of computer-related crimes. He will serve a two-year suspended sentence, and effectively face no jail time. If you imagine the general public might be upset about such a lax sentence, you’d be right, but no one is more angry than John Smedley himself, now leading Daybreak, the studio responsible for games like H1Z1 and Planetside 2. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] A disaster foretold — and ignored

http://www.washingtonpost.com/sf/business/2015/06/22/net-of-insecurity-part-3/ By Craig Timberg The Washington Post June 22, 2015 The seven young men sitting before some of Capitol Hill’s most powerful lawmakers weren’t graduate students or junior analysts from some think tank. No, Space Rogue, Kingpin, Mudge and the others were hackers who had come from the mysterious environs of cyberspace to deliver a terrifying warning to the world. Your computers, they told the panel of senators in May 1998, are not safe — not the software, not the hardware, not the networks that link them together. The companies that build these things don’t care, the hackers continued, and they have no reason to care because failure costs them nothing. And the federal government has neither the skill nor the will to do anything about it. “If you’re looking for computer security, then the Internet is not the place to be,” said Mudge, then 27 and looking like a biblical prophet with long brown hair flowing past his shoulders. The Internet itself, he added, could be taken down “by any of the seven individuals seated before you” with 30 minutes of well-choreographed keystrokes. The senators — a bipartisan group including John Glenn, Joseph I. Lieberman and Fred D. Thompson — nodded gravely, making clear that they understood the gravity of the situation. “We’re going to have to do something about it,” Thompson said. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Hard to Sprint When You Have Two Broken Legs

http://carnal0wnage.attackresearch.com/2015/06/hard-to-sprint-when-you-have-two-broken.html By Valsmith June 14, 2015 Now as a disclaimer, I don’t work for the government so there is a lot I don’t know but I have friends who do or who have in the past and you hear things. I also pay attention and listen to questions I get in my training classes and conference talks. This directive from the White House is laughable for a number of reasons and demonstrates just how out of touch decision makers in the Government are on these issues. 1.) Technically skilled people have been BEGGING to improve cyber security in the government for well over 15 years. I don’t think this is any kind of secret, just google for a bit or talk to anyone who works in government in the trenches. Asking for staff, tools, budget, authority, support and getting little of it. In a way, this directive is insulting to them after years of asking, trying and failing suddenly someone says: “oh hey I have an idea, why don’t you go and secure stuff!”. Right. Unless you are going to supply those things they need RIGHT NOW, they will fail. And government procurement and hiring organizations are notoriously slow so the chances of that happening are slim. 2.) IT Operations. The first thing that has to be in place for there to be any real chance is solid IT operations. Organizations have to be able to push out images and patches quickly, orderly, and with assurance. Backup recovery, knowledge of inventory, well managed systems, etc. are all paramount. Do you know how most government IT operations are managed? By contractors, aka the lowest bidder. These are the Raytheons, Booz Allens, Boeings, Lockheeds, etc. who bid on large omnibus support contracts, win them, and THEN try to fill the staffing requirements. How do you win the lowest bid in services / support contracts? By keeping staffing costs down, aka paying the lowest possible salaries. This results in some of the most piss-poor IT operations in the world. You want to know why Hilary Clinton, former Secretaries of Defense, and numerous other government staff run their own private mail servers? Most likely its because their work provided email DOESN’T work. Slow systems, tiny inbox quotas, inability to handle attachments, downtime, no crypto or crypto incompatible with anyone else, these are just a few of the issues out there. And its not just email. I have personally seen a government conference room system take 15-20 minutes to log in at the windows login prompt, due too poor IT practices. I was told that most of the time people resorted to paper hand outs or overhead projectors. Yeh like the ones you had in highschool in the 90s with the light bulbs and transparencies. Essentially what this directive is saying: “Hey you low end IT staff, winners of the lowest bid, who can barely keep a network up or run a mail server, make sure you become infosec experts and shore up our defenses, and you have 30 days to do it.” Right. I have heard horror stories from acquaintances in the government of waiting 6 months for an initial account setup ticket to get performed. Weeks to get a new desktop deployed. It is idiotic to think that current IT operations can support this kind of request. But that is who typically manages servers, network and desktops, and who would have to deploy whatever security tools would be needed to do this in support of pitifully small infosec teams. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Mad John McAfee: ‘Can you live in a society that is more paranoid than I’m supposed to be?’

http://www.theregister.co.uk/2015/06/04/mad_mcafee/ By Alexander J Martin The Register 4 June 2015 Infosec 2015 – John McAfee delivered a surprisingly non-controversial keynote speech to the London Infosec Conference on Wednesday afternoon, lauding the value of privacy, doing so – to the concern of his bewildered audience – whilst seemingly tickling himself through the cloth of his pocket. McAfee’s talk was essentially a rant against governments’ security-compromising activities, summed up by his statement: “We cannot allow a fearful government to create weaknesses in the very software we are trying to protect. By putting backdoors in the software, we have given hackers the access we are trying to prevent.” Easily the rockstar of infosec, McAfee took to the stage fashionably late – though his audience had remained comfortable, being plied with free alcohol, free food and an enjoyable musical set (wasted on Infosec’s more senior attendees) during their wait. The man himself, a young 70-year-old in a handsome navy suit, looking and seeming much like a millionaire version of Matthew McConaughey’s Rust Cohle, was quick to address what he regarded as the major political influences upon security and explicitly criticised governments’ notions of backdooring software. A strong approach to a conference which has always had plenty of government security bods attending. “Take control of your lives,” McAfee urged Infosec. “Say ‘I am going to be responsible for myself, at least to some extent.’ Governments cannot protect you.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Industry cyber info-sharing body to launch new ‘ISAO’ for insurers

http://insidecybersecurity.com/Cyber-General/Cyber-Public-Content/industry-cyber-info-sharing-body-to-launch-new-isao-for-insurers/menu-id-1089.html Inside Cybersecurity May 13, 2015 The information-sharing entity for industrial control system operators is being folded into Webster University’s “Cyberspace Research Institute” and will announce next week that it is launching a new information sharing and analysis organization, or ISAO, for the insurance sector. Webster’s Cyberspace Research Institute, known as the CRI, will also bid to be selected by the Department of Homeland Security as the private-sector standards-setting body for ISAOs, according to Chris Blask, the ICS-ISAC executive director. DHS is expected to release a “grant opportunity notice” in the near term. Blask will continue to lead the ICS-ISAC within the Webster cyber institute, and the existing info-sharing body will keep its name. Blask has been an active promoter of info-sharing initiatives and the framework of cybersecurity standards developed by the National Institute of Standards and Technology. Webster’s cybersecurity program was launched in 2014 and is the brainchild of Tom Johnson, chief of strategic initiatives at the school and a pioneer in cybersecurity education. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail