Tag Archives: something

[ISN] A primer on dealing with the media as a hacker, and dealing with hackers as the media

http://www.csoonline.com/article/2952395/security-awareness/a-primer-on-dealing-with-the-media-as-a-hacker-and-dealing-with-hackers-as-the-media.html By Steve Ragan Salted Hash CSO July 23, 2015 Next month, thousands of hackers will travel to Las Vegas, and hundreds of journalists are going follow them. The adversarial relationship between hackers and the press has existed for years, but there are ways to navigate the playing field and strike a balance The idea for this post came from two places; Twitter and a blog post by Violet Blue over at Rapid7. The Rapid7 post has a lot of great advice for Black Hat and dealing with the media on a corporate level. It’s a smart post, and it’s something you should read either before or after reading this article. I’d also like to point out two additional sources from Uli Ries and The Grugq. For the hackers: Not everyone in the media is your enemy, but – and be real clear about this – they’re not your friends either. They’re working stiffs, and like you they have a job with demands, unique pressures, and stress. For you, hacking is a way of life – it’s who you are. That mindset is the same for journalists. Granted, there’s nothing wrong with having friends in the media, in fact it’s helpful at times, but there needs to be a level of trust that exists in that relationship and trust is earned – even among friends. […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Privacy talk at DEF CON canceled under questionable circumstances

http://www.csoonline.com/article/2947377/network-security/privacy-talk-at-def-con-canceled-under-questionable-circumstances.html By Steve Ragan Salted Hash CSO July 12, 2015 Earlier this month, several news outlets reported on a powerful tool in the fight between those seeking anonymity online, versus those who push for surveillance and taking it away. The tool, ProxyHam, is the subject of a recently canceled talk at DEF CON 23 and its creator has been seemingly gagged from speaking about anything related to it. Something’s off, as this doesn’t seem like a typical cancellation. Privacy is important, and if recent events are anything to go by – such as the FBI pushing to limit encryption and force companies to include backdoors into consumer oriented products and services; or the recent Hacking Team incident that exposed the questionable and dangerous world of government surveillance; striking a balance between law enforcement and basic human freedoms is an uphill struggle. Over the last several years, reports from various watchdog organizations have made it clear that anonymity on the Internet is viewed as a bad thing by some governments, and starting to erode worldwide. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Sony Pictures: Inside the Hack of the Century, Part 1

https://fortune.com/sony-hack-part-1/ By Peter Elkind Fortune.com June 25, 2015 A cyber-invasion brought Sony Pictures to its knees and terrified corporate America. The story of what really happened—and why Sony should have seen it coming. A special three-part investigation. On Monday, Nov. 3, 2014, a four-man team from Norse Corp., a small “threat-intelligence” firm based in Silicon Valley, arrived early for an 11:30 a.m. meeting on the studio lot of Sony Pictures Entertainment, in the Los Angeles suburb of Culver City. They were scheduled to see Sony’s top cybersecurity managers to pitch Norse’s services in defending the studio against hackers, who had been plaguing Sony for years. After a quick security check at the front gate and then proceeding to the George Burns Building on the east side of the Sony lot, the Norse group walked straight into the unlocked first-floor offices of the information security department, marked with a small sign reading info sec. There was no receptionist or security guard to check who they were; in fact, there was no one in sight at all. The room contained cubicles with unattended computers providing access to Sony’s international data network. The visitors found their way to a small sitting area outside the office of Jason Spaltro, Sony’s senior vice president for information security, settled in, and waited. Alone. For about 15 minutes. “I got a little shocked,” says Tommy Stiansen, Norse’s co-founder and chief technology officer. “Their Info Sec was empty, and all their screens were logged in. Basically the janitor can walk straight into their Info Sec department.” Adds Mickey Shapiro, a veteran entertainment attorney who helped set up the meeting and was present that day: “If we were bad guys, we could have done something horrible.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Hacker Drama Mr. Robot Is Scary, Paranoia-Inducing, and Awesome

http://gizmodo.com/hacker-drama-mr-robot-is-scary-paranoia-inducing-and-1713408001 By Bryan Lufkin Gizmodo June 24, 2015 If you could hack into an evil corporation’s bank account and shuffle its wealth to the 99%, would you? That’s the Anonymous-era quandary a young, brilliant hacker grapples with in the new USA drama, Mr. Robot, which premiers tonight at 10 p.m. I got a chance to hang out with the cast as they were filming in New York. The pilot’s been up on YouTube for a few weeks now, though—something unusual and refreshing for a cable show—and if you haven’t watched yet, watch. Here’s the gist: Main character Elliot (Rami Malek) is an antisocial computer genius who works at a cybersecurity firm that protects a sinister, Enron-like megacorp. But he moonlights as a vigilante hacker, busting scum like kiddie porn wranglers for fun. One day, he’s drafted by an underground hacker group that’s led by Mr. Robot, played by a scruffy Christian Slater. He asks Elliot to help him unleash cyber doom on Elliot’s uber-rich client in a digital Robin Hood-like raid of history book proportions. Talking to the cast, it sounds like prepping for their hacker roles scared the crap out of them. They talked about putting tape over their laptop webcams, paranoid that someone could hack into it to look at and listen to them. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] A disaster foretold — and ignored

http://www.washingtonpost.com/sf/business/2015/06/22/net-of-insecurity-part-3/ By Craig Timberg The Washington Post June 22, 2015 The seven young men sitting before some of Capitol Hill’s most powerful lawmakers weren’t graduate students or junior analysts from some think tank. No, Space Rogue, Kingpin, Mudge and the others were hackers who had come from the mysterious environs of cyberspace to deliver a terrifying warning to the world. Your computers, they told the panel of senators in May 1998, are not safe — not the software, not the hardware, not the networks that link them together. The companies that build these things don’t care, the hackers continued, and they have no reason to care because failure costs them nothing. And the federal government has neither the skill nor the will to do anything about it. “If you’re looking for computer security, then the Internet is not the place to be,” said Mudge, then 27 and looking like a biblical prophet with long brown hair flowing past his shoulders. The Internet itself, he added, could be taken down “by any of the seven individuals seated before you” with 30 minutes of well-choreographed keystrokes. The senators — a bipartisan group including John Glenn, Joseph I. Lieberman and Fred D. Thompson — nodded gravely, making clear that they understood the gravity of the situation. “We’re going to have to do something about it,” Thompson said. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Strategic Friendship in Asymmetric Domain)

http://www.pircenter.org/en/blog/view/id/208 By Oleg Demidov PIR Center 09.05.2015 The bilateral intergovernmental Russian-Chinese agreement on cooperation in the field of international information security which was signed on May 8, 2015 during the visit to Moscow of Xi Jinping, General Secretary of the CPC and the President of China, could potentially become an important milestone in Russia’s strategy of pivoting to the East. Though in its current state the agreement rather provides a general cooperation framework, it also provides a broad range of directions for further practical cooperation steps and efforts between the two countries. It primarily focuses on systemic information exchange between special services of the two states, joint monitoring and prevention of escalation of serious incidents and especially conflicts in cyberspace, ensuring and strengthening cybersecurity of critical infrastructures, countering ICT-enabled forms and methods of terrorism, exchange of expertise and academic knowledge on cybersecurity, etc. A strong focus in made on joining efforts in countering the unlawful use of ICTs targeted at “undermining of social order, political and social stability, provoking extremism, hate and social unrest”, and even (and this is something quite new even for Russian doctrines, let alone intergovernmental agreements) “threatening to the spiritual sphere” of the two nations. Noteworthy, the agreement for the first time for a Russian official international document operates with the notion of strategic stability with regard to cyberspace and information security. Previously, a more broad and vague notion of ICT-enabled threats to international peace and security was used. Something distinct from a mere terminological equilibristic, this conceptual update serves as an indicator of the fact that Moscow now truly regards China as a strategic partner in the dialogue on political and military dimension of cybersecurity. The discourse of strategic stability was always linked to the issues of WMD strategic balance and (in Russian view) strategic antimissile defense. Now cybersecurity has a strong presence in this “elite club” of ultimate global security factors in the Russian strategic thinking, and first intergovernmental manifestation of this paradigm is addressed to and agreed with China. Accidentally or not, this aspect reveals interesting intersections with the recently published updated DoD’s Strategy for Cyberspace, which has replaced the previous document from 2011, even having in mind that an intergovernmental agreement and a national strategy are very different documents in terms of their scope and purposes. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] The People Who Risk Jail to Maintain the Tor Network

http://motherboard.vice.com/read/the-operators BY JOSEPH COX Motherboard.vice.com April 27, 2015 Richard* had a long drive ahead of him. About an hour earlier, at 5:30 AM, his wife Lisa* had phoned. “The house is filled up,” she said in a calm but audibly tense voice. Richard, having just woken up and now trying to make sense of the call, thought there must have been another water leak in the basement. Instead, his wife told him, the house was full of FBI agents and they wanted to talk to Richard. “Okay, I’m on my way,” Richard said. He threw on some clothes, grabbed his laptop and phone as requested by the FBI, and stepped out into the night. The interstate drive from Milwaukee, where he was working as a software engineer, back to his home in Indianapolis would take a good five hours, more than enough time to figure out what this was all about. It was something to do with computers, Lisa had said. The only thing Richard thought may be linked to that was his Tor exit node. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] NSA veteran chief fears crippling cyber-attack on Western energy infrastructure

http://www.telegraph.co.uk/news/worldnews/northamerica/usa/11563746/NSA-veteran-chief-fears-crippling-cyber-attack-on-Western-energy-infrastructure.html By Ambrose Evans-Pritchard Houston Telegraph.co.uk 26 Apr 2015 The West is losing the worldwide fight against jihadist terrorism and faces mounting risks of a systemic cyber-assault by extremely capable enemies, the former chief of the National Security Agency has warned. “The greatest risk is a catastrophic attack on the energy infrastructure. We are not prepared for that,” said General Keith Alexander, who has led the US battle against cyber-threats for much of the last decade. Gen Alexander said the “doomsday” scenario for the West is a hi-tech blitz on refineries, power stations, and the electric grid, perhaps accompanied by a paralysing blow to the payments nexus of the major banks. “We need something like an integrated air-defence system for the whole energy sector,” he said, speaking at a private dinner held by IHS CERAWeek in Texas. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail