http://www.govinfosecurity.com/gao-questions-security-census-data-a-5525 By Eric Chabrow GovInfoSecurity.com February 20, 2013 A government audit reveals that the Census Bureau does not do a good enough job protecting the confidentiality of its data – a stinging conclusion, considering the bureau collects personal information about every individual residing in the United States. In the report made public Feb. 20 – entitled Information Security: Actions Needed by Census Bureau to Address Weaknesses – the Government Accountability Office says the bureau has not effectively implemented appropriate information security controls to protect its information systems. Auditors say many of the deficiencies at the Commerce Department agency relate to access controls, the security rules and procedures used to regulate who or what can access the bureau’s systems. As an example, GAO cites the bureau’s failure to adequately: […] ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org
http://news.xinhuanet.com/english/indepth/2013-02/20/c_132181511.htm English.news.cn 2013-02-20 BEIJING, Feb. 20 (Xinhua) — U.S. cybersecurity firm Mandiant on Monday claimed in a report that hackers related to the Chinese military attacked some U.S. websites, once again stirring up the “Chinese hackers threat.” Mandiant put forward as its main evidence a claim that many of the cyber attacks were launched from IP addresses registered in the Chinese metropolis of Shanghai. However, one does not need to be a cybersecurity expert to know that professional hackers usually exploit what is called the botnet in other parts of the world as proxies for attacks, not their own computers. Thus, it is highly unlikely that both the origins of the hackers and the attacks they have launched can be located. That is why China’s foreign ministry and defense ministry both described the firm’s report as “amateurish” when they dismissed Mandiant’s false accusations. However, it is beyond belief that a firm specialized in the field of cybersecurity could be so indiscreetly desperate as to jump to a conclusion so full of loopholes, unless it has a good reason. If one takes a closer look at Mandiant’s report, it is not too difficult to find that it reeks of a commercial stunt. In a statement accompanying the firm’s report, Kevin Mandia, founder and CEO of Mandiant, seems to do nothing but market the products and services of his company. “Given the sheer amount of data this particular group (the hackers) has stolen, we decided it was necessary to arm and prepare as many organizations as possible to prevent additional losses,” he said. Next time, the CEO could simply say: “See the Chinese hackers? Hurry up, come and buy our cybersecurity services.” Moreover, the much-hyped threat can also be attributed to some U.S. politicians and businessmen who always seek to use China to pursue their personal political and commercial interests, especially at a time when the U.S. Congress is about to approve a budget plan for the country’s new fiscal year. Without targeting China as a “presumed enemy,” they might run short of excuses to demand more money to build an even stronger cyber military force or buy cybersecurity hardware and services from a company whose CEO used to serve in the U.S. air force. As the birthplace of the World Wide Web, the United States already has a matchless superiority and ability to stage cyber attacks across the globe. Currently, the U.S. military has established a significant cyber force, including the 780th Military Intelligence Brigade, which is a regular military unit tasked with carrying out cyber missions. Earlier media reports said Iran was once attacked by U.S. military intelligence agencies through the Internet, while, according to China’s foreign ministry, a majority of the cyber attacks against China come from the United States. In fact, the credibility of the United States has already been seriously questioned because of its government’s habit of accusing other nations based on phoney evidence. In 1993, the United States accused “Yinhe,” a Chinese cargo ship, of carrying banned material for making chemical weapons to Iran. However, no suspected goods were found after a joint Chinese-Saudi inspection. Similarly, facts will eventually prove that the cyber attacks accusations are groundless and will only tarnish the image and reputation of the company making them, as well as that of the United States. ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org
Figured I’d actually blog a bit today because I am almost certain of my position here. Many people fear the looming fiscal waterfall at the department of defense or in government spending. But honestly although I do believe there will be some economic effects, the fact is that I’m almost certain 10% or even 20% of the government budget is wasted and easily cut with very little impact to the functioning of these entities. In the business world, a cut of this nature is not unheard of, in fact corporations have long been much more efficient than just about any government entity and honestly been the butt of jokes about wasteful spending for almost my entire lifetime. Personally I don’t see this as a bad thing, if our government uses “Prioritized” cuts, it can easily achieve higher efficiency and reduced costs. The fact that our government spending is out of control contributes to the problems that we are seeing from investment flows all over the globe. Although recently, my opinion of the USA economy has changed to be positive for growth, the growth would certainly be more pronounced if our government debt was reasonable and being paid down. The fact is we’ve run the government without significant reforms in quite some time, I remember as a child during the 80’s hearing the “reform” mantra many times. Isn’t it time we aim to do that again? I can’t imagine if we have a balanced budget and lower debts that investment flows would naturally increase into the United States. I think its time the Gov does the right thing here, and I’m certain that there’s at least 10% of waste lying around here and there that can be shaved. I personally want my government run more like a business and focus on benefiting the populace rather than bolstering government employment on account that we “don’t want to harm the economy”. The fact is that what harms the economy more is massive debts that continue to grow without being paid down, who in their right minds would invest in a sinking ship? Get our finances in order, that’s my expectation of my government and the massive amount of taxes I pay.