Forwarded from: Vic Vandal
Forwarded from: Vic Vandal
Forwarded from: Vic Vandal
www.computerworld.com/article/3006360/security/us-government-wants-in-on-the-public-cloud-but-needs-more-transparency.html By Blair Hanley Frank IDG News Service Nov 18, 2015 The federal government is trying to move more into the cloud, but service providers’ lack of transparency is harming adoption, according to Arlette Hart, the FBI’s chief information security officer. “There’s a big piece of cloud that’s the ‘trust me’ model of cloud computing,” she said during an on-stage interview at the Structure conference in San Francisco on Wednesday. That’s a tough sell for organizations like the federal government that have to worry about protecting important data. While Hart said that the federal government wants to get at the “enormous value” in public cloud infrastructure, its interest in moving to public cloud infrastructure is also tied to a need for greater security. While major providers like Amazon and Microsoft offer tools that meet the U.S. government’s regulations, not every cloud provider is set up along those lines. In Hart’s view, cloud providers need to be more transparent about what they do with security so the government and other customers can verify that their practices are sufficient for protecting data. […]
www.telegraph.co.uk/culture/film/jamesbond/11874457/Real-life-James-Bonds-Actual-spooks-reveal-what-a-job-in-MI6-is-really-like.html By Frank Gardner telegraph.co.uk 25 Oct 2015 It’s slick, it’s fast-paced and it’s sexy. But that’s the cinema. SPECTRE, the latest James Bond thriller starring Daniel Craig opens in cinemas on Monday to critical acclaim. Pure fantasy? Or are there any similarities with the work of a real-life operative in Britain’s Secret Intelligence Service (SIS), better known as MI6? I’ve gone to meet two serving SIS officers to find out. I don’t notice them at first, there are so many people in the room. Are they part of the camera crew? A couple of people sent up from hotel reception perhaps, to check we have everything we need? But then we are introduced. “Kamal” – and I’m going to go out on a limb here and guess that is probably not his real name – is 30-something, unshaven, quietly confident. “Kirsty” is only slightly older. Neatly dressed, she looks like she could be running a medium-sized IT company. In fact, she is in recruiting, having already done the hard yards in the field overseas. Kamal speaks first. “I’m what people would classify as an agent-runner,” he tells me. “Our job is to find individuals with access to secret intelligence of value to the UK government. My job [within MI6] is to build a relationship with these individuals and work with them to obtain the secrets they have access to, securely.” And bang, up in smoke goes one of the biggest misnomers about espionage and spies. James Bond, and all the true-life men and women who work inside those sandstone and emerald-coloured headquarters at Vauxhall Cross on the banks of the Thames are not “secret agents”. They are intelligence officers. The people overseas who they persuade to spy for them are the actual agents. […]
http://www.csoonline.com/article/2986763/security-awareness/salted-hash-live-from-derbycon-5-0-day-1.html By Steve Ragan Salted Hash CSO Online Sept 25, 2015 DerbyCon 5.0 has officially started, and it didn’t take long before the halls were flooded with hackers looking to catch-up with their peers as they headed to the first talk of the day. On Thursday, I had the chance to catch-up with a number of people who resonated with the thought process of yesterday’s post. The point being, insider threats aren’t what you think they are, and the core issue isn’t a malicious user – it’s a clueless user. In addition, when dealing with insider-based issues, policies that prohibit or hinder workflow will create more problems than they solve. Today, the topic is threat intelligence. I learned something interesting recently, if you gather a group of hackers and researchers around a table and ask them to define threat intelligence, the conversation will quickly spins into a rage fueled discussion about sales-driven security (meaning InfoSec products that are pitched and sold with no real security value). […]
http://www.bankinfosecurity.com/guilty-plea-in-morgan-stanley-insider-breach-a-8546 By Tracy Kitten @FraudBlogger Bank Info Security September 22, 2015 A former wealth management adviser at Morgan Stanley pleaded guilty this week to stealing confidential information linked to more than 700,000 client accounts over a period of several years. Some fraud-prevention experts say the investment banking firm could have taken steps to detect the suspicious insider activity sooner. Galen Marsh, who worked for the firm’s Manhattan office until he was fired in January 2015, told the U.S. District Court for the Southern District of New York on Sept. 21 that he illegally accessed account holders’ names, addresses and other personal information, along with investment values and earnings, from computer systems used by Morgan Stanley to manage confidential data, according to court records. Between June 2011 and December 2014, Marsh conducted nearly 6,000 unauthorized searches of confidential client information and then uploaded the information on 730,000 clients to a server at his home in New Jersey, the court documents show. […]
https://blogs.oracle.com/maryanndavidson/entry/no_you_really_can_t Mary Ann Davidson Blog By User701213-Oracle Aug 10, 2015 I have been doing a lot of writing recently. Some of my writing has been with my sister, with whom I write murder mysteries using the nom-de-plume Maddi Davidson. Recently, we’ve been working on short stories, developing a lot of fun new ideas for dispatching people (literarily speaking, though I think about practical applications occasionally when someone tailgates me). Writing mysteries is a lot more fun than the other type of writing I’ve been doing. Recently, I have seen a large-ish uptick in customers reverse engineering our code to attempt to find security vulnerabilities in it.
http://freebeacon.com/national-security/cybercom-big-data-theft-at-opm-private-networks-is-new-trend-in-cyber-attacks/ By Bill Gertz Washington Free Beacon July 27, 2015 The commander of U.S. Cyber Command said last week that the Office of Personnel Management hack of millions of records of federal workers shows a new trend toward using Big Data analytics for both nation-state and criminal cyber attacks. “One of the lessons from OPM for me is we need to recognize that increasingly data has a value all its own and that there are people actively out there interested in acquiring data in volumes and numbers that we didn’t see before,” said Adm. Mike Rogers, the Cyber Command commander and also director of the National Security Agency. The theft of 22.1 million federal records, including sensitive background information on millions of security clearance holders, will assist foreign nations in conducting future cyber attacks through so-called “spear-phishing,” Rogers said, declining to name China as the nation state behind the OPM hacks. Additionally, China is suspected in the hack uncovered in February of 80 million medical records of the health care provider Anthem, which would have given it access to valuable personal intelligence that can be used to identify foreign spies and conduct additional cyber attacks. […]
http://www.theregister.co.uk/2015/06/04/mad_mcafee/ By Alexander J Martin The Register 4 June 2015 Infosec 2015 – John McAfee delivered a surprisingly non-controversial keynote speech to the London Infosec Conference on Wednesday afternoon, lauding the value of privacy, doing so – to the concern of his bewildered audience – whilst seemingly tickling himself through the cloth of his pocket. McAfee’s talk was essentially a rant against governments’ security-compromising activities, summed up by his statement: “We cannot allow a fearful government to create weaknesses in the very software we are trying to protect. By putting backdoors in the software, we have given hackers the access we are trying to prevent.” Easily the rockstar of infosec, McAfee took to the stage fashionably late – though his audience had remained comfortable, being plied with free alcohol, free food and an enjoyable musical set (wasted on Infosec’s more senior attendees) during their wait. The man himself, a young 70-year-old in a handsome navy suit, looking and seeming much like a millionaire version of Matthew McConaughey’s Rust Cohle, was quick to address what he regarded as the major political influences upon security and explicitly criticised governments’ notions of backdooring software. A strong approach to a conference which has always had plenty of government security bods attending. “Take control of your lives,” McAfee urged Infosec. “Say ‘I am going to be responsible for myself, at least to some extent.’ Governments cannot protect you.” […]
This management book focuses on the crucial knowledge you'll need to become a great manager and leader. It will teach you the important management and leadership skills so others will call you "great"!