[ISN] State responsibility for network security

http://www.qstheory.cn/kj/yjsk/201309/t20130930_275945.htm [Translated by Google – WK] By Wang Minghua China Science News 2013.09.30 National cyberspace security responsibilities can be divided into four parts: the national defense, space management, network diplomacy, comprehensive deterrence. Cyberspace security is mainly reflected in two aspects, one is the network level, two levels of information, namely, information protection and information regulation. Network level is divided into two angles of attack and defense, so the network level, including network defense and network deterrence. The first half of this year, according to sample monitoring found that China was controlled by Trojans and botnets hosts reached 693 million units, although this figure has dropped significantly over last year, but still very alarming. More than 600 million computers in the end is which machines to control it? Most control servers are located outside, 15,000 Trojans and botnets control server, the United States addresses accounted for 1/3. Our country has a large number of websites have been implanted “back door”, “dark chain” and other covert attacks. Overseas 16000 IP via implanted “back door” way of controlling our 33000 sites, a very large number. This year on August 25 morning, the country. Cn domain suffered large-scale attacks, resulting in Sina microblogging not work properly. Attacker’s intention is to attack a game PW domain, to achieve their own ends. A few days ago the hacker has been arrested in Qingdao, Shandong. This is the year occurred a typical network events. Well, the state of network security incidents in these what are my responsibilities? State, enterprises and individuals how to divide responsibilities? If the attacker is a hacker organization, and involves the national government or critical infrastructure defense only when the need for national defense; if the attacker is a national, attack objects whether government, business or personal, this time the defender must be a national power. State assumes responsibility related network security What level? If the attacker is a common hacker attacks targeted individuals, small audience, as cold as the individual who who treat colds. If the attacker is a hacker organization, the object is a personal attack, the audience more, like the flu, the state needs concerns. If the attack target is a national, even personal, like SARS, as the nation will start senior response. National cyberspace security responsibilities can be divided into four parts: The first is national defense, mainly for foreign organized on the overall operation of the Internet in China, critical infrastructure and national security threat defense; second is the spatial governance to safeguard China’s economic development as a starting point, causing large-scale damage to the interests of users and impact of the operational security of critical infrastructure to handle the event and coordination; third is the network diplomacy, the need to establish a broad network security mechanisms for cross-border cooperation in the international manifestation of our right to speak and influence; fourth is a comprehensive deterrence, enhance our monitoring their ability to build defensive tools and ability to make others afraid, you can not attack us. This is the state assumes responsibility for the four aspects. Of course, the state requires specific entities assume responsibility, China has such a principle, who is in charge who is responsible, who operate who is responsible, who is who is responsible for access. When the network security incidents occurred in which the entity, specifically in relation to who is responsible. Currently, our overall network security environment there are many problems. For example, in business, industry level, many of the security company’s products are difficult to integrate, it is difficult to form together; in the academic research community, the security of our country the number of papers published has been ranked first in the world, but the article and more, use less, the lack of guidelines and Prospects . In such circumstances, China’s urgent need to establish a comprehensive security ecosystem, hoping national cyberspace, governments, businesses, organizations and individuals in the network security and defense can be a positive interaction, thereby forming a self-running, self-improvement and self-cycle organic whole. In a virtuous cycle, so that every aspect of every business in which their most valuable form of a ring, to form a good ecological chain. (Author: National Internet Emergency Center Operations Management Division Director)




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Your Privacy Is Not Our Responsibility, Says Verizon Exec

http://www.tomsguide.com/us/marcus-sachs-verizon-interview,news-17618.html By Jill Scharr Tom’s Guide SEPTEMBER 30, 2013 “If you’re worried about it, do something about it. Take security on yourselves, and don’t trust anybody else to do it.” At a recent security conference in New York City, that was the advice Marcus Sachs, Verizon’s vice president of national security policy, had for people upset about Verizon’s connections to the U.S. National Security Agency (NSA). Verizon is one of the large U.S. telecommunications providers closely linked to the National Security Agency’s widespread surveillance and data collection programs, according to documents leaked by former NSA contractor Edward Snowden. News that Verizon supplies the NSA with customer phone records on an “ongoing, daily basis” broke in June 6, 2013. It was the first story to examine the top-secret NSA documents Snowden had recently handed to documentary filmmaker Laura Poitras and journalist Glenn Greenwald. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Another New iPhone Security Flaw Offers A Reminder: Turn Off Siri On Your Lockscreen

http://www.forbes.com/sites/andygreenberg/2013/09/30/another-new-iphone-security-flaw-offers-a-reminder-turn-off-siri-on-your-lockscreen/ By Andy Greenberg Forbes Staff Security 9/30/2013 Apple watchers have been warning for years that Siri’s loose lips can leak secrets from a locked iPhone. Now a new security bug offers a more pressing reason than ever to turn her off on the phone’s lockscreen. Late last week Israeli security researcher Dany Lisiansky spotted another in a growing series of bugs in iOS 7’s lockscreen on the iPhone that allows anyone to bypass the security code or fingerprint reader to access the phone’s calling application, contacts, and voicemail. This trick works by using Siri to make a phone call and then triggering a glitch in the phone’s Facetime function. Lisiansky explains in his step-by-step instructions accompanying the video: […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] My brother, my hero

http://publicaddress.net/8822 by Amberleigh Jack Speaker – Public Address September 30, 2013 “So tell me, someone that’s known him your whole life, who was Barnaby Jack?” It’s a question I’ve been asked countless times by countless reporters over the past few months. It should be the easiest of all questions I’ve been asked about my brother, but it’s the one I find the toughest to answer. Every time, though, that someone’s asked it, I find myself thinking of a chat we had about a year ago about work, relationships and life in general. “Honestly, I’m okay at stuff,” he wrote about his job. “I just picked a field and got in early.” That’s who my brother was. He was one of the smartest people I’ve ever met. A genius. He was a pioneer in the computer security field. He was a rock star with “fans” in every corner of the world. He spent his days saving potential lives. But none of that ever changed him. He was successful while remaining as humble as they came. He’d be stoked to see how much his work meant to so many people. But he’d also be embarrassed by the media frenzy that hit when he passed away. He was, “okay at stuff”. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Data Broker Hackers Also Compromised NW3C

http://krebsonsecurity.com/2013/10/data-broker-hackers-also-compromised-nw3c/ By Brian Krebs Krebs on Security Oct 1, 2013 The same miscreants responsible for breaking into the networks of America’s top consumer and business data brokers appear to have also infiltrated and stolen huge amounts of data from the National White Collar Crime Center (NW3C), a congressionally-funded non-profit organization that provides training, investigative support and research to agencies and entities involved in the prevention, investigation and prosecution of cybercrime. Last week, KrebsOnSecurity reported that entrepreneurs behind the underground criminal identity theft service ssndob[dot]ms also were responsible for operating a small but powerful collection of hacked computers exclusively at top data brokers, including LexisNexis, Dun & Bradstreet and HireRight/Kroll. A closer analysis of the Web server used to control that collection of hacked PCs shows that the attackers also had at least one infected system for several months this summer inside of the NW3c. Core to the NW3C’s mission is its Investigative Support division, which according to the organization’s site “provides timely, relevant and effective services to member agencies involved in the prevention, investigation and prosecution of economic and high-tech crimes. The section has no investigative authority but can provide analytical assistance and perform public database searches.” The NW3C said its analysts are frequently called upon to assist in establishing financial transaction patterns, developing possible links between criminal targets and associated criminal activity and providing link charts, timelines and graphs for court presentations. “Information obtained through public database searches can assist investigations by locating suspects, establishing property ownership and finding hidden assets, just to name a few of the benefits,” the organization’s Web site explains. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Shortcuts Seen by Firm Doing Security Checks

http://www.nytimes.com/2013/09/28/us/pressure-reported-in-rush-to-meet-security-clearances-including-edward-snowden-and-aaron-alexis.html By TRIP GABRIEL The New York Times September 27, 2013 The calls and e-mails from top executives came toward the end of each month, former managers at USIS recalled. The company needed to swiftly complete investigating security clearances for the government in order to reach its monthly revenue goal, the managers said they were told. Finally, there was an order: “Flush” everything you’ve got. The directive to give quick final approval of background investigations without reviewing them for quality


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Chief Minister stresses importance of cyber security

http://www.thehindu.com/news/cities/Thiruvananthapuram/chief-minister-stresses-importance-of-cyber-security/article5182027.ece By Staff Reporter The Hindu September 29, 2013 Chief Minister Oommen Chandy on Saturday said that the State Police Department’s cyber security hub, Cyberdome, scheduled to come up at Technopark would be a model in public private partnership. Delivering the valedictory address at the International Cyber Security and Policing Conference-2013, he said the public and the government were becoming increasingly dependent on the cyber world and its security was of paramount importance to the polity. It was a resource, which, in the hands of the wrong people, could be turned into an awesome weapon against the State. Information Technology secretary, P. H. Kurien, said public service delivery systems in Kerala were fast becoming digitised. e-commerce and e-banking were on the rise. Kerala had one of the largest number of internet, computer and mobile phone users in the country. Cyber security was the State’s primary concern, he said. Bessie Pang, executive director, the Society for the Policing of Cyber Space, Canada, said international cooperation was essential among cyber security agencies and professionals to restrict the use of cyber space for criminal and disruptive purposes. State Police Chief K. S. Balasubramanian said it was the duty of the police to create user awareness to insulate the citizenry as best as possible from internet and computer related crimes. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Virus sends data from Belgian leader’s computer to servers in Hong Kong

http://www.scmp.com/news/hong-kong/article/1320250/virus-sends-data-belgian-leaders-computer-servers-hong-kong Reuters and Lana Lam SCMP.com 29 September, 2013 Hong Kong has been linked to new computer hacking allegations after the Belgian government revealed that its prime minister had been the target of a cyberattack using a virus that sent data to servers in the city. Security experts investigating the computer network at the offices of the prime minister, Elio Di Rupo discovered the virus. “A virus was detected on a number of computers of the federal office that was communicating with a server in Hong Kong,” the prime minister’s office said on Friday. “Currently, there is no proof that the hacking was carried out by a state authority.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail