http://www.csoonline.com/article/2982494/data-protection/mit-scores-worst-in-cybersecurity.html By Maria Korolov CSO Sep 10, 2015 In a cybersecurity survey of 485 large colleges and universities, the Massachusetts Institute of Technology came in at the bottom of the list. In a report released today, SecurityScorecard analyzed the educational institutions based on web application security, network security, endpoint security, IP reputation, patching, and other security indicators. SecurityScorecard’s chief research officer Alex Heid said they have a feeling that MIT’s low scores were due in part to its cybersecurity research efforts. “They do their own malware research,” he said. “They run honeypots. They’re running TOR exit nodes.” But that’s only part of the story, he added. […]
http://www.thesun.co.uk/sol/homepage/features/6613428/Secrets-of-MI6-spy-found-dead-in-bag-revealed.html EXCLUSIVE by TOM MORGAN The Sun August 30, 2015 THE MI6 spy found dead in a holdall had illegally hacked into secret data on Bill Clinton, The Sun on Sunday can reveal. Gareth Williams, 31, dug out the guestlist for an event the former American president was going to as a favour for a pal. The codebreaker — who had breached his security clearance — handed the list to the friend, who was also to be a guest. MI6 bosses raged over the data breach amid growing tensions with US security services over Mr Williams’s transatlantic work. Today, just over five years since his body was found inside a padlocked bag, his death remains one of Britain’s most mysterious unsolved cases. The Sun on Sunday can reveal that voicemail messages Mr Williams left for family and pals were deleted in the days after his death. And a rival agent may also have broken into the flat to destroy or remove evidence. The inquest was barred from discussing Mr Williams’s work in public. But sources say he was helping on the joint monitoring network Echelon, which uses sophisticated programs to eavesdrop on terrorists and criminal gangs, particularly those in Russia. […]
http://www.csoonline.com/article/2977193/disaster-recovery/the-disaster-recovery-lessons-we-learned-after-katrina.html By Tony Bradley CSO Aug 28, 2015 A decade ago New Orleans and the Gulf Coast of the United States were devastated by the sixth strongest Atlantic hurricane ever recorded. The National Oceanic and Atmospheric Administration claims Hurricane Katrina was the most destructive storm to ever strike the United States. The destruction from the hurricane itself, and the subsequent flooding that put most of New Orleans underwater knocked many businesses out of commission—and more than a few completely out of existence. Thankfully, we have learned a lot of hard lessons in the wake of Hurricane Katrina that businesses can use to be better-prepared for the next major disaster. An article from USA Today in 2007—two years after Hurricane Katrina—estimates that 7,900 businesses in New Orleans and southeast Louisiana went out of existence as a result of Katrina. Some of those businesses failed as a result of lost revenue resulting from nearly half a million people displaced from the region, but many of those businesses failed as a direct result of the destruction and impact the storm had on their ability to continue operating. For some of the smallest businesses there really is no solution—no way to guard against a catastrophe like Katrina or prepare to handle the next major disaster. Companies that are dependent on physical location or rely exclusively on revenue from local customers will always by heavily impacted by an event like Katrina. However, many businesses did learn the hard way that there are things that can and should be done to increase resiliency and facilitate business continuity during a major catastrophe. […]
http://www.theregister.co.uk/2015/08/19/bruce_schneier_linuxcon/ By Neil McAllister The Register 19 Aug 2015 LinuxCon 2015 Security guru Bruce Schneier says there’s a kind of cold war now being waged in cyberspace, only the trouble is we don’t always know who we’re waging it against. Schneier appeared onscreen via Google Hangouts at the LinuxCon/CloudOpen/ContainerCon conference in Seattle on Tuesday to warn attendees that the modern security landscape is becoming increasingly complex and dangerous. “We know, on the internet today, that attackers have the advantage,” Schneier said. “A sufficiently funded, skilled, motivated adversary will get in. And we have to figure out how to deal with that.” Using the example of last November’s crippling online attack against Sony Pictures, Schneier said it was clear that many of these new attacks were the work of well-funded nation-states. “Many of us, including myself, were skeptical for several months. By now it does seem obvious that it was North Korea, as amazing as that sounds,” he said. […]
http://www.nextgov.com/cybersecurity/2015/08/pentagon-researchers-will-wage-counterattack-crippling-ddos-cyber-strikes/119192/ By Aliya Sternstein Nextgov.com August 17, 2015 The Pentagon has in mind a three-pronged counterattack against a decades-old form of cyber assault that continues to paralyze government and industry networks, despite its low cost of sometimes $10 a hit. Beginning next spring, military-funded researchers are scheduled to produce new tools that would quickly enable organizations to bounce back from so-called distributed denial-of-service attacks. A recovery rate of at most 10 seconds is the goal, according to the Defense Department. Today, attackers have a relatively easy time aiming bogus traffic at computer servers to knock them offline. One reason is that computer systems often are consolidated, making for a wide target area. Another weakness is the predictable behavior of systems that support Web services. And finally, certain types of DDoS attacks that evince little malicious traffic go undetected. […]
http://krebsonsecurity.com/2015/08/how-not-to-start-an-encryption-company/ By Brian Krebs Krebs on Security August 18, 2015 Probably the quickest way for a security company to prompt an overwhelmingly hostile response from the security research community is to claim that its products and services are “unbreakable” by hackers. The second-fastest way to achieve that outcome is to have that statement come from an encryption company CEO who served several years in federal prison for his role in running a $210 million Ponzi scheme. Here’s the story of a company that managed to accomplish both at the same time and is now trying to learn from (and survive) the experience. Thanks to some aggressive marketing, Irvine, Calif. based security firm Secure Channels Inc. (SCI) and its CEO Richard Blech have been in the news quite a bit lately — mainly Blech being quoted in major publications such as NBC News, Politico and USA Today — talking about how his firm’s “unbreakable” encryption technology might have prevented some of the larger consumer data breaches that have come to light in recent months. Blech’s company, founded in 2014 and with his money, has been challenging the security community to test its unbreakable claim in a cleverly unwinnable series of contests: At the Black Hat Security conference in Las Vegas last year, the company offered a new BMW to anyone who could unlock a digital file that was encrypted with its “patented” technology. At the RSA Security Conference this year in San Francisco, SCI offered a $50,000 bounty to anyone who could prove the feat. When no one showed up to claim the prizes, SCI issued press releases crowing about a victory for its products. […]
https://blogs.oracle.com/maryanndavidson/entry/no_you_really_can_t Mary Ann Davidson Blog By User701213-Oracle Aug 10, 2015 I have been doing a lot of writing recently. Some of my writing has been with my sister, with whom I write murder mysteries using the nom-de-plume Maddi Davidson. Recently, we’ve been working on short stories, developing a lot of fun new ideas for dispatching people (literarily speaking, though I think about practical applications occasionally when someone tailgates me). Writing mysteries is a lot more fun than the other type of writing I’ve been doing. Recently, I have seen a large-ish uptick in customers reverse engineering our code to attempt to find security vulnerabilities in it.
http://krebsonsecurity.com/2015/07/windows-10-shares-your-wi-fi-with-contacts/ By Brian Krebs Krebs on Security July 29, 2015 Starting today, Microsoft is offering most Windows 7 and Windows 8 users a free upgrade to the software giant’s latest operating system — Windows 10. But there’s a very important security caveat that users should know about before transitioning to the new OS: Unless you opt out, Windows 10 will by default share your Wi-Fi network password with any contacts you may have listed in Outlook and Skype — and, with an opt-in, your Facebook friends. This brilliant new feature, which Microsoft has dubbed Wi-Fi Sense, doesn’t share your WiFi network password per se — it shares an encrypted version of that password. But it does allow anyone in your Skype or Outlook or Hotmail contacts lists to waltz onto your Wi-Fi network — should they ever wander within range of it or visit your home (or hop onto it secretly from hundreds of yards away with a good ‘ole cantenna!). I first read about this disaster waiting to happen over at The Register, which noted that Microsoft’s Wi-Fi Sense FAQ seeks to reassure would-be Windows 10 users that the Wi-Fi password will be sent encrypted and stored encrypted — on a Microsoft server. According to PCGamer, if you use Windows 10’s “Express” settings during installation, Wi-Fi Sense is enabled by default. […]