Tag Archives: problem

[ISN] The Ambassador who worked from Nairobi bathroom to avoid State Dept. IT

http://arstechnica.com/information-technology/2015/03/the-ambassador-who-worked-from-nairobi-bathroom-to-avoid-state-dept-it/ By Sean Gallagher Ars Technica March 8, 2015 The current scandal roiling over the use of a private e-mail server by former Secretary of State Hillary Clinton is just the latest in a series of scandals surrounding government e-mails. And it’s not the first public airing of problems with the State Department’s IT operations—and executives’ efforts to bypass or work around them. At least she didn’t set up an office in a restroom just to bypass State Department network restrictions and do everything over Gmail. However, another Obama administration appointee—the former ambassador to Kenya—did do that, essentially refusing to use any of the Nairobi embassy’s internal IT. He worked out of a bathroom because it was the only place in the embassy where he could use an unsecured network and his personal computer, using Gmail to conduct official business. And he did all this during a time when Chinese hackers were penetrating the personal Gmail inboxes of a number of US diplomats. Why would such high-profile members of the administration’s foreign policy team so flagrantly bypass federal and agency regulations to use their own personal e-mail to conduct business? Was it that they had something they wanted to keep out of State’s servers and away from Congressional oversight? Was it that State’s IT was so bad that they needed to take matters into their own hands? Or was it because the department’s IT staff wasn’t responsive enough to what they saw as their personal needs, and they decided to show just how take-charge they were by ignoring all those stuffy policies? The answer is probably a little bit of all of the above. But in the case of former ambassador Scott Gration, the evidence points heavily toward someone who wanted to work outside the system because he just couldn’t stand it. […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Cyber Collaboration in Government Still a Work in Progress

http://www.nextgov.com/cybersecurity/2015/02/cyber-collaboration-government-still-work-progress/106071/ By Hallie Golden Nextgov.com Feb 25, 2015 Amid the onslaught of cyberthreats faced by federal agencies, the potential for an even larger and more sustained catastrophic version of a digital attack has become an increasingly real possibility. If such a scenario were to took take place, the Defense Department would certainly play a lead role in the response. But it likely couldn’t do it alone, according to Lt. Gen. Edward Cardon, commanding general of the Army Cyber Command. “It’s not solely going to be a DOD problem,” he said this week at a New America Foundation event on cybersecurity. Despite the fact that his organization increased exponentially in a year


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Three Months Later, State Department Hasn’t Rooted Out Hackers

http://www.wsj.com/articles/three-months-later-state-department-hasnt-rooted-out-hackers-1424391453 By DANNY YADRON The Wall Street Journal Feb. 19, 2015 Three months after the State Department confirmed hackers breached its unclassified email system, the government still hasn’t been able to evict them from the department’s network, according to three people familiar with the investigation. Government officials, assisted by outside contractors and the National Security Agency, have repeatedly scanned the network and taken some systems offline. But investigators still see signs of the hackers on State Department computers, the people familiar with the matter said. Each time investigators find a hacker tool and block it, these people said, the intruders tweak it slightly to attempt to sneak past defenses. It isn’t clear how much data the hackers have taken, the people said. They reaffirmed what the State Department said in November: that the hackers appear to have access only to unclassified email. Still, unclassified material can contain sensitive intelligence. The episode illustrates the two-way nature of high-technology sleuthing. For all of the U.S. government’s prowess at getting into people’s computers through the NSA and the military’s Cyber Command, the government faces challenges keeping hackers out of its own networks. The discrepancy points to a commonly cited problem with defending computers: Playing offense almost is always easier than playing defense. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Surprise! America Already Has a Manhattan Project for Developing Cyber Attacks

http://www.wired.com/2015/02/americas-cyber-espionage-project-isnt-defense-waging-war By Kevin Poulsen Threat Level Wired.com 02.18.15 “What we really need is a Manhattan Project for cybersecurity.” It’s a sentiment that swells up every few years in the wake of some huge computer intrusion—most recently the Sony and Anthem hacks. The invocation of the legendary program that spawned the atomic bomb is telling. The Manhattan Project is America’s go-to shorthand for our deep conviction that if we gather the smartest scientists together and give them billions of dollars and a sense of urgency, we can achieve what otherwise would be impossible. A Google search on “cyber Manhattan Project” brings up results from as far back as 1997—it’s second only to “electronic Pearl Harbor” in computer-themed World War II allusions. In a much-circulated post on Medium last month, futurist Marc Goodman sets out what such a project would accomplish. “This Manhattan Project would help generate the associated tools we need to protect ourselves, including more robust, secure, and privacy-enhanced operating systems,” Goodman writes. “Through its research, it would also design and produce software and hardware that were self-healing and vastly more resistant to attack and resilient to failure than anything available today.” These arguments have so far not swayed a sitting American president. Sure, President Obama mentioned cybersecurity at the State of the Union, but his proposal not only doesn’t boost security research and development, it potentially criminalizes it. At the White House’s cybersecurity summit last week, Obama told Silicon Valley bigwigs that he understood the hacking problem well—“We all know what we need to do. We have to build stronger defenses and disrupt more attacks”—but his prescription this time was a tepid executive order aimed at improving information sharing between the government and industry. Those hoping for something more Rooseveltian must have been disappointed. On Monday, we finally learned the truth of it. America already has a computer security Manhattan Project. We’ve had it since at least 2001. Like the original, it has been highly classified, spawned huge technological advances in secret, and drawn some of the best minds in the country. We didn’t recognize it before because the project is not aimed at defense, as advocates hoped. Instead, like the original, America’s cyber Manhattan Project is purely offensive. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Capture the Flag: Meet the team bossing one of the toughest hacking competitions around

http://www.zdnet.com/article/capture-the-flag-meet-the-team-bossing-one-of-the-toughest-hacking-competitions-around/ By Michiel van Blommestein February 2, 2015 Nobody doubts that the amount of tech talent that Poland has at its disposal is substantial and a team of security specialists’ triumph in the recent Capture the Flag series of hacking contests seems to confirm it’s not short of ability, even when some parts of the country’s own cybersecurity could use some improvement. Poland’s winning team was Dragon Sector, a group which currently consists of 13 active members from organisations including Google, the Polish CERT, as well as students. In a whole series of events, Dragon Sector competed in various tasks to show their hacking prowess and cyberdefence skills. Among the challenges were solving a number of problems within a set time period, and gaining access to opposing servers while trying to keep their own network safe. Out of the total 33 on-site events they attended, Dragon Sector won seven and took runner-up or third place for a further 18. Other recent high-profile wins for Dragon Sector include last year’s Positive Hack Days Capture the Flat (CTF) in Moscow and Hack.lu CTF in Luxembourg. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Northrop Grumman Foundation Congratulates Top 28 Teams Advancing to CyberPatriot National Finals Competition

http://www.globenewswire.com/newsarchive/noc/press/pages/news_releases.html?d=10116947 FALLS CHURCH, Va. – Jan. 26, 2015 – The Northrop Grumman Foundation, presenting sponsor for CyberPatriot VII, is proud to congratulate the top 25 high school and three middle school teams advancing to the national finals competition on March 13 in Washington, D.C. CyberPatriot, established by the Air Force Association, is the National Youth Cyber Education Program that’s inspiring students toward careers in cybersecurity and other science, technology, engineering, and mathematics (STEM) disciplines critical to our nation’s future. The program features the National Youth Cyber Defense Competition, cyber camps, and an elementary school education program. This year’s finalists represent schools and other organizations from Alabama, California, Colorado, Florida, Iowa, Louisiana, Massachusetts, Michigan, Missouri, New Jersey, New Mexico, Oklahoma, South Dakota, Texas, Virginia, and Manitoba, Canada. Click here for a complete listing of finalists. “We are so proud of all the students who participated this year and we wish the top 28 finalists all the best as they prepare for the big showdown,” said Sandra Evers-Manly, president of the Northrop Grumman Foundation and vice president of Northrop Grumman Global Corporate Responsibility. “CyberPatriot has proven to be an innovative way to inspire young people to pursue a career in cybersecurity. It is filling the much-needed pipeline of qualified cyber talent and we couldn’t be more pleased with its success. CyberPatriot is a true example of how a hands-on, STEM initiative can make an impact by addressing a national imperative.” A record 2,175 teams, up 40 percent from the previous year, competed this year in a series of online rounds where students were given a set of virtual images that represent operating systems and were tasked with finding vulnerabilities and hardening the system while maintaining critical services. Students competed from across the U.S. and in other parts of the world to be among the top finalists that receive an all-expenses-paid trip to the CyberPatriot National Finals in Washington, D.C. “The need for cyber defenders has never been more relevant, or urgent,” said Diane Miller, director, CyberPatriot Programs, Northrop Grumman. “To address the increasingly complex threat requires diversity of education, experience, and approach to problem solving. CyberPatriot is inspiring our youth at every level and from every pocket of the country to cultivate a cyber workforce with a strong ethical foundation, the requisite technical skills and life skills in communications, leadership and teamwork so important to potential employers. These students are career-ready and poised to take on this national and global challenge.” In its fifth year as presenting sponsor, the Northrop Grumman Foundation and Northrop Grumman Corporation continue to devote time, talent and resources to support CyberPatriot. In addition to the foundation’s financial support, Northrop Grumman awards annual scholarship funds to the top winning teams and contributes employee volunteers and mentors. The company also provides internships to CyberPatriot competitors, as do other industry and government organizations. Northrop Grumman also partnered this year with Cyber Security Challenge UK to bring CyberPatriot to the U.K.. Known as CyberCenturion, this youth cyber defense competition will hold its finals competition on April 17 at Bletchley Park in London. The CyberPatriot VII Teams will compete face-to-face in a one-day event to defend virtual networks and mobile devices from a professional aggressor team. The National Finalists will also face-off in four additional competition components: the Digital Cyber Crime Scene Challenge from the Digital Forensic Consortium, the Cisco Networking Challenge, the Leidos Digital Forensics Challenge, and a Mobile Application Challenge hosted by AT&T. These extra challenges expose teams to new elements and skillsets of the many career opportunities available to them. As a global provider of cybersecurity solutions, Northrop Grumman is committed to grooming tomorrow’s cyber workforce and is engaged in supporting numerous cybersecurity education, training and technology initiatives. For more information on Northrop Grumman in cyber, go to www.northropgrumman.com/cyber. The Northrop Grumman Foundation supports diverse and sustainable programs for students and teachers. These programs create innovative education experiences in science, technology, engineering and mathematics. For more information please visit www.northropgrumman.com/foundation. CONTACT: Marynoele Benson Northrop Grumman Corporation 703-556-1651 marynoele.benson@ngc.com


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Startup finds malware intrusions by keeping an eye on processor radio frequencies

http://www.networkworld.com/article/2875517/security0/startup-finds-malware-intrusions-by-keeping-an-eye-on-processor-radio-frequencies.html By Tim Greene Network World Jan 26, 2015 PFP Cybersecurity, a startup with roots in academia and the military, seeks out malware by analyzing the performance of hardware – not software and not the behavior of devices on the network. PFP’s system compares ongoing radio-frequency output from processors to a baseline that is established when the device is known to be performing legitimate tasks. When it detects anomalies that might represent malicious activity, it triggers alarms. Then it’s up to other tools to figure out what exactly is behind the problem. The system could be used to keep an eye on a large number of similar devices all performing the same task, such as those found in supervisory control and data acquisition (SCADA) networks that support power grids, chemical plants and the like. Savannah River National Laboratory is considering the gear for to protect its smart-grid relays. The system could also be used to check new devices as they are delivered from the plants where they are made in order to find faulty ones or ones that have been tampered with, the company says. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] About the infosec skills shortage

http://3vildata.tumblr.com/post/109188919632/about-the-infosec-skills-shortage By https://twitter.com/addelindh and https://twitter.com/0xtero http://3vildata.tumblr.com/ Jan 26th, 2015 Today I got into an argument on Twitter that started with me saying something sarcastic in reference to a recent statement by a vendor and ended with a discussion about the skills shortage in security. Twitter can be a difficult medium sometimes and I don’t really feel that I got my point across, so this is my attempt to correct that. Before I start I would like to point out that in no way do I think that this is the only reason there is a skills shortage in security, but that I do consider it a large contributing factor. In the beginning, there was firewalls Enterprise investment in security has traditionally been in products such as firewalls, anti-virus, IPS/IDS, and so on. Security products has in turn been marketed and sold as “solutions” rather than tools; heavily automated and not really much to work with. Because of this, they have been considered as infrastructure components rather than applications, you just install and configure them and then let them do their magic. Automation is great, until it isn’t The thing about buying automated solutions is that it removes the incentive to invest in knowledge of the problem the solution was supposed to solve. Why pay money so that someone can learn how to solve a problem that has already been solved, right? For an enterprise, this makes perfect sense, and for a while it worked. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail