Please accept with no obligation, implied or implicit, my best wishes for an environmentally conscious, socially responsible, low-stress, non-addictive, gender-neutral celebration of the winter or in some locations summer solstice holiday, practiced within the most enjoyable traditions of the religious persuasion of your choice, or secular practices of your choice, with respect for the religious/secular persuasion and/or traditions of others, or their choice not to practice religious or secular traditions at all. I also wish you a fiscally successful, personally fulfilling and medically uncomplicated recognition of the onset of the generally accepted calendar year 2018, but not without due respect for the calendars of choice of other cultures whose contributions to society have helped make America great. Not to imply that America is necessarily greater than any other country nor the only America in the Western Hemisphere. Also, this wish is made without regard to the race, creed, color, age, physical ability, religious faith or sexual preference of the wishee.
Information security, network and communications practitioners must implement specific best practices to prevent, detect and mitigate advanced threats. These practitioners should leverage both existing and emerging security technologies in their security architectures. … …
Gartner customers can access this research by clicking here.
Information security practitioners must implement specific strategic and tactical best practices to detect and mitigate advanced persistent threats and targeted malware by leveraging both existing and emerging security technologies in their security architectures. Management silos between network, edge, endpoint and data security systems can restrict an organization’s ability to prevent, detect and respond to advanced attacks. Adversaries continue to use social engineering and social networks to target sensitive roles or individuals within …
Gartner clients can access this research by clicking here.
http://arstechnica.com/security/2015/02/psa-your-crypto-apps-are-useless-unless-you-check-them-for-backdoors/ By Dan Goodin Ars Technica Feb 4, 2015 At the beginning of the year, I did something I’ve never done before: I made a new year’s resolution. From here on out, I pledged, I would install only digitally signed software I could verify hadn’t been tampered with by someone sitting between me and the website that made it available for download. It seemed like a modest undertaking, but in practice, it has already cost me a few hours of lost time. With practice, it’s no longer the productivity killer it was. Still, the experience left me smarting. In some cases, the extra time I spent verifying signatures did little or nothing to make me more secure. And too many times, the sites that took the time to provide digital signatures gave little guidance on how to use them. Even worse, in one case, subpar security practices of some software providers undercut the protection that’s supposed to be provided with digitally signed code. And in one extreme case, I installed the Adium instant messaging program with no assurance at all, effectively crossing my fingers that it hadn’t been maliciously modified by state-sponsored spies or criminally motivated hackers. More about those deficiencies later—let’s begin first with an explanation of why digital signatures are necessary and how to go about verifying them. By now, most people are familiar with man-in-the-middle attacks. They’re waged by someone with the ability to monitor traffic passing between an end user and a website—for instance, a hacker sniffing an unsecured Wi-Fi connection or the National Security Agency sniffing the Internet backbone. When the data isn’t encrypted, the attacker can not only read private communications but also replace legitimate software normally available for download with maliciously modified software. If the attack is done correctly, the end user will have no idea what’s happening. Even when Web connections are encrypted with the HTTPS standard, highly skilled hackers still may be able to seed a website with malicious counterfeit downloads. That’s where digital signatures come in. A prime candidate for such an attack is the OTR plugin for the Pidgin instant messenger. It provides the means to encrypt messages so (1) they can’t be read by anyone monitoring the traffic sent between two parties and (2) each party can know for sure that the person on the other end is, in fact, who she claims to be. Fortunately, the OTR installer is provided through an encrypted HTTPS connection, which goes a long way to thwarting would-be man-in-the-middle attackers. But strict security practices require more, especially for software as sensitive as OTR. That’s why the developers included a GPG signature users can check to verify that the executable file hasn’t been altered in any way. […]
Forwarded from: Vic Vandal
http://www.jamaicaobserver.com/news/OAS-hails-Jamaica-s-cyber-security-efforts_18310037 By Balford Henry Senior staff reporter jamaicaobserver.com January 30, 2015 ASSISTANT secretary general of the Organisation of American States (OAS), Ambassador Albert Ramdin, says that Jamaica has made a sound choice of a model for its National Cyber Security Strategy (NCSS). Speaking at the official launch of the strategy at the Jamaica Pegasus hotel in New Kingston on Wednesdayy, Ramdin congratulated the government on drafting and approving its NCSS in just under a year, and appointing a “dedicated multi-stakeholder”, the National Cyber Security Task Force, to develop the strategy. He said that the group, working with the OAS and other experts from partner institutions, has committed significant effort and time to develop a strategy that has met and followed international best practices and recommendations. “I am sure that your experiences and approach will be valuable learning lessons for other Caribbean countries to take into consideration in drafting their own security strategies,” he said. […]
http://arstechnica.com/tech-policy/2015/01/obama-talks-cybersecurity-but-federal-it-systems-breaches-increase/ By David Kravets Ars Technica Jan 20, 2015 Update: This post was updated Tuesday evening to reflect comments the president made during his State of the Union address: President Barack Obama urged Congress and the American public to embrace cyber security legislation during his State of the Union address Tuesday evening. The Cyber Intelligence Sharing and Protection Act, known as CISPA, was unveiled by Obama a week ago and is controversial because it allows companies to share cyber threat information with the Department of Homeland Security—data that might include their customers’ private information. “No foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets, or invade the privacy of American families, especially our kids. We are making sure our government integrates intelligence to combat cyber threats, just as we have done to combat terrorism. So tonight, I urge this Congress to finally pass the legislation we need to better meet the evolving threat of cyber-attacks, combat identity theft, and protect our children’s information. That should be a bipartsan effort. If we don’t act, we’ll leave our nation and our economy vulnerable. If we do, we can continue to protect the technologies that have unleashed untold opportunities for people around the globe,” the president said without identifying his CISPA proposal and others by name. New research out earlier Tuesday from George Mason University, however, calls into question how effective Obama’s proposal would be. That’s because the federal government’s IT professionals as a whole have “a poor track record in maintaining good cybersecurity and information-sharing practices.” What’s more, the federal bureaucracy “systematically” fails to meet its own federal cybersecurity standards despite billions of dollars in funding. According to a paper by Eli Dourado, a George Mason research fellow, and Andrea Castillo, manager of the university’s Technology Policy Program: […]