Forwarded from: bluknight
Forwarded from: bluknight
Forwarded from: bluknight
http://focustaiwan.tw/news/aall/201304270016.aspx By Wen Kuei-hsiang and Elizabeth Hsu Focus Taiwan 2013/04/27 The National Security Bureau (NSB) believes that the Chinese military has shifted the emphasis of cyberattacks on Taiwan from government institutions to civilian think tanks, telecommunications service providers, Internet node facilities and traffic signal control systems, according to an NSB report. The report on Taiwan’s measures to stem attacks by China’s Internet army and hackers was prepared for lawmakers’ reference ahead of a planned legislative hearing on the issue on April 29 that will be attended by NSB, Ministry of National Defense, and Criminal Investigation Bureau officials. In the report, the NSB said Chinese hackers are trying to break Taiwan’s defense mechanisms by engaging in massive “social engineering” practices (which fool people into divulging confidential information or giving access to their computers) on key persons in targeted organizations. Their goal is to acquire as much control as possible over the unit’s internal Internet system before moving to steal or forge information, or paralyze Internet communication. […] ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org
http://www.washingtonpost.com/world/national-security/us-response-to-bank-cyberattacks-reflects-diplomatic-caution-vexes-bank-industry/2013/04/27/4a71efe2-aea2-11e2-98ef-d1072ed3cc27_story.html By Ellen Nakashima Washington Post April 27, 2013 The United States, concerned that Iran is behind a string of cyberattacks against U.S. banking sites, has considered delivering a formal warning through diplomatic channels but has not pursued the idea out of fears that doing so could escalate hostilities, according to American officials. At the same time, the officials said, the disruptive activity against the Web sites has not yet reached a level of harm that would justify a retaliatory strike. The internal discussion reflects the complex nature of deciding when and how the United States should respond to hostile cyber-actions from other countries. It also reflects the pressure the administration is under from banking industry officials, who want to know what amount of pain or damage will justify a government response. “We don’t have a clear view of what are the triggers — and we’ve asked,” said one industry official who has been involved in discussions with the administration and who spoke on the condition of anonymity. “They’ve just been very coy about it.” […] ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org
http://www.itnews.com.au/News/341328,nato-conducts-annual-cyber-defence-exercise.aspx By Juha Saarinen ITnews.co.au Apr 29, 2013 The Western European and North American mutual defence pact organisation NATO has concluded an annual cyber defence exercise, defending a fictitious network against incoming attacks. Called Locked Shields 2013, the exercise involved 250 people in eleven locations around Europe, under the auspices of the NATO Cooperative Cyber Defence Centre of Excellence (CCD-COE), the Finnish and Estonian Defence Forces and two government IT security organisations in the Baltic country. This year’s exercise took place between Thursday and Friday last week, Australian time. A spokesperson for the CCD-COE told iTnews the exercise involved defending a partially pre-built network against attacks. “For two days the Red Team launched attacks against the Blue Teams’ networks and they had to defend, report and keep their systems running. […] ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org
http://arstechnica.com/security/2013/04/why-livingsocials-50-million-password-breach-is-graver-than-you-may-think/ By Dan Goodin Ars Technica Apr 27, 2013 Update: A few hours after this article was published, the LivingSocial FAQ was updated to say the company was switching its hashing algorithm to bcrypt. This is a fantastic move by LivingSocial that adds a significant improvement to its users. Bravo! LivingSocial.com, a site that offers daily coupons on restaurants, spas, and other services, has suffered a security breach that has exposed names, e-mail addresses and password data for up to 50 million of its users. If you’re one of them, you should make sure this breach doesn’t affect other accounts that may be impacted. In an e-mail sent Friday, CEO Tim O’Shaughnessy told customers the stolen passwords had been hashed and salted. That means passcodes were converted into one-way cryptographic representations that used random strings to cause each hash string to be unique, even if it corresponded to passwords chosen by other LivingSocial users. He went on to say “your Living Social password would be difficult to decode.” This is a matter for vigorous debate, and it very possibly could give users a false sense of security. As Ars explained before, advances in hardware and hacking techniques make it trivial to crack passwords that are presumed strong. LivingSocial engineers should be applauded for adding cryptographic salt, because the measure requires password cracking programs to guess the plaintext for each individual hash, rather than guessing passwords for millions of tens of millions of hashes all at once. But a far more important measure of protection, password cracking experts say, is the hashing algorithm used. SHA1, the algorithm used by LivingSocial, is an extremely poor choice for secure password storage. Like MD5 and even the newly adopted SHA3 algorithms, it’s designed to operate quickly and with a minimal amount of computing resources. A far better choice would have been bcrypt, scrypt, or PBKDF2. […] ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org
This management book focuses on the crucial knowledge you'll need to become a great manager and leader. It will teach you the important management and leadership skills so others will call you "great"!