Bundle Security blogs

Here's Your Big Shot!

Security blogs - Vie, 03/15/2013 - 08:21

Many often ask how they can be involved in DEF CON. After all, The thing that makes DEF CON great is the contribution of the community. If you're so inclined, here are a few ways you can get involved with DEF CON 21!

HHV Call for Volunteers https://forum.defcon.org/showthread.php?t=13228

DEF CON Call for Music https://forum.defcon.org/showthread.php?t=13225

DC101 wildcard speaking slot https://forum.defcon.org/showthread.php?t=13230

A ton of opportunies just like these will be popping up over the next weeks and months, and a great place to keep watch for them is the DEF CON Forums. Keep your eyes peeled if you're looking for a way to help out!

(author unknown)
Categorías: Bundle Security blogs

Electric Power 2013

Security blogs - Jue, 03/14/2013 - 19:00
05/13/2013 - Learn. Network. Explore. ELECTRIC POWER is all about connecting industry professionals with the information, tools and resources they need to more...(author unknown)
Categorías: Bundle Security blogs

Puzzle box: The quest to crack the world’s most mysterious malware warhead

Security blogs - Jue, 03/14/2013 - 11:00
Aurich Lawson

It was straight out of your favorite spy novel. The US and Israel felt threatened by Iran's totalitarian-esque government and its budding nuclear program. If this initiative wasn't stopped, there was no telling how far the growing conflict could escalate. So militaries from the two countries reportedly turned to one of the most novel weapons of the 21st century: malware. The result was Stuxnet, a powerful computer worm designed to sabotage uranium enrichment operations.

When Stuxnet was found infecting hundreds of thousands of computers worldwide, it was only a matter of time until researchers unraveled its complex code to determine its true intent. Today, analysts are up against a similar challenge. But they're finding considerably less success taking apart the Stuxnet cousin known as Gauss. A novel scheme encrypting one of its main engines has so far defied attempts to crack it, generating intrigue and raising speculation that it may deliver a warhead that's more destructive than anything the world has seen before.

Gauss generated headlines almost immediately after its discovery was documented last year by researchers from Russia-based antivirus provider Kaspersky Lab. State-of-the-art coding techniques that surreptitiously extracted sensitive data from thousands of Middle Eastern computers were worthy of a James Bond or Mission Impossible movie. Adding to the intrigue, code signatures showed Gauss was spawned from the same developers responsible for Stuxnet, the powerful computer worm reportedly unleashed by the US and Israeli governments to disrupt Iran's nuclear program. Gauss also had links to the highly advanced Flame and Duqu espionage trojans.

Read 23 remaining paragraphs | Comments

Categorías: Bundle Security blogs

Nationalism on the Internet

Security blogs - Jue, 03/14/2013 - 09:11

For technology that was supposed to ignore borders, bring the world closer together, and sidestep the influence of national governments the Internet is fostering an awful lot of nationalism right now. We've started to see increased concern about the country of origin of IT products and services; U.S. companies are worried about hardware from China; European companies are worried about cloud services in the U.S; no one is sure whether to trust hardware and software from Israel; Russia and China might each be building their own operating systems out of concern about using foreign ones.

I see this as an effect of all the cyberwar saber-rattling that's going on right now. The major nations of the world are in the early years of a cyberwar arms race, and we're all being hurt by the collateral damage.

A commentator on Al Jareeza makes a similar point.

Our nationalist worries have recently been fueled by a media frenzy surrounding attacks from China. These attacks aren't new-cyber-security experts have been writing about them for at least a decade, and the popular media reported about similar attacks in 2009 and again in 2010-and the current allegations aren't even very different than what came before. This isn't to say that the Chinese attacks aren't serious. The country's espionage campaign is sophisticated, and ongoing. And because they're in the news, people are understandably worried about them.

But it's not just China. International espionage works in both directions, and I'm sure we are giving just as good as we're getting. China is certainly worried about the U.S. Cyber Command's recent announcement that it was expanding from 900 people to almost 5,000, and the NSA's massive new data center in Utah. The U.S. even admits that it can spy on non-U.S. citizens freely.

The fact is that governments and militaries have discovered the Internet; everyone is spying on everyone else, and countries are ratcheting up offensive actions against other countries.

At the same time, many nations are demanding more control over the Internet within their own borders. They reserve the right to spy and censor, and to limit the ability of others to do the same. This idea is now being called the "cyber sovereignty movement," and gained traction at the International Telecommunications Union meeting last December in Dubai. One analyst called that meeting the "Internet Yalta," where the Internet split between liberal-democratic and authoritarian countries. I don't think he's exaggerating.

Not that this is new, either. Remember 2001, when the governments of the UAE, Saudi Arabia, and India demanded that RIM give them the ability to spy on BlackBerry PDAs within their borders? Or last year, when Syria used the Internet to surveil its dissidents? Information technology is a surprisingly powerful tool for oppression: not just surveillance, but censorship and propaganda as well. And countries are getting better at using that tool.

But remember: none of this is cyberwar. It's all espionage, something that's been going on between countries ever since countries were invented. What moves public opinion is less the facts and more the rhetoric, and the rhetoric of war is what we're hearing.

The result of all this saber-rattling is a severe loss of trust, not just amongst nation-states but between people and nation-states. We know we're nothing more than pawns in this game, and we figure we'll be better off sticking with our own country.

Unfortunately, both the reality and the rhetoric play right into the hands of the military and corporate interests that are behind the cyberwar arms race in the first place. There is an enormous amount of power at stake here: not only power within governments and militaries, but power and profit amongst the corporations that supply the tools and infrastructure for cyber-attack and cyber-defense. The more we believe we are "at war" and believe the jingoistic rhetoric, the more willing we are to give up our privacy, freedoms, and control over how the Internet is run.

Arms races are fueled by two things: ignorance and fear. We don't know the capabilities of the other side, and we fear that they are more capable than we are. So we spend more, just in case. The other side, of course, does the same. That spending will result in more cyber weapons for attack and more cyber-surveillance for defense. It will result in move government control over the protocols of the Internet, and less free-market innovation over the same. At its worst, we might be about to enter an information-age Cold War: one with more than two "superpowers." Aside from this being a bad future for the Internet, this is inherently destabilizing. It's just too easy for this amount of antagonistic power and advanced weaponry to get used: for a mistaken attribution to be reacted to with a counterattack, for a misunderstanding to become a cause for offensive action, or for a minor skirmish to escalate into a full-fledged cyberwar.

Nationalism is rife on the Internet, and it's getting worse. We need to damp down the rhetoric and-more importantly-stop believing the propaganda from those who profit from this Internet nationalism. Those who are beating the drums of cyberwar don't have the best interests of society, or the Internet, at heart.

This essay previously appeared at Technology Review.

schneier
Categorías: Bundle Security blogs

(IN)SECURE Magazine 37, marzo 2013

Security blogs - Jue, 03/14/2013 - 01:20
Becoming a malware analyst Review: Nipper Studio Five questions for Microsoft's Chief Privacy Officer Application security testing for AJAX and JSON Penetrating and achieving persistence in highly secured networks Report: RSA Conference 2013 Social engineering: An underestimated danger Review: Hacking Web Apps Improving information security with one simple question Security needs to be noreply@blogger.com (Seguridad de la Información)
Categorías: Bundle Security blogs

The New Way to Work: Social Intranet

Security blogs - Mié, 03/13/2013 - 23:48
03/26/2013 - To remain relevant and improve service levels in the face of substantial across-the-board budget and personnel cuts, state agencies require a new w...(author unknown)
Categorías: Bundle Security blogs

99 Percent Of Tested Applications Are Vulnerable To Attacks

Security blogs - Mié, 03/13/2013 - 17:22
Cenzic Trends Report for 2012 also includes a study of mobile security threats(author unknown)
Categorías: Bundle Security blogs

Cost Estimating and Contract Pricing

Security blogs - Mié, 03/13/2013 - 16:04
04/30/2013 - Attend an upcoming National Contract Management Association (NCMA) National Education Seminar! Cost Estimating and Contract Pricing This seminar of...(author unknown)
Categorías: Bundle Security blogs

Red Hat Summit

Security blogs - Mié, 03/13/2013 - 15:33
06/11/2013 - The world is more connected now than ever before. From smart phones to the cloud, we have the information we need, whenever we need it. We can comm...(author unknown)
Categorías: Bundle Security blogs

Failure To Comply - Mitigating a Records Management Disaster

Security blogs - Mié, 03/13/2013 - 15:02
04/30/2013 - Failure To Comply - Mitigating a Records Management Disaster. The management of the most important records and information assets is part of a Fede...(author unknown)
Categorías: Bundle Security blogs

FOIA Exemptions

Security blogs - Mié, 03/13/2013 - 14:32
04/16/2013 - FOIA Exemptions. The Freedom of Information Act, or FOIA (5 U.S.C. 552, as amended), generally provides any person with the statutory right to obta...(author unknown)
Categorías: Bundle Security blogs

Leveraging Technology and E-Discovery Tools for Use in Records and FOIA

Security blogs - Mié, 03/13/2013 - 14:25
04/09/2013 - Leveraging Technology and E-Discovery Tools for Use in Records and FOIA. The President, the Department of Justice, and NARA have prioritized modern...(author unknown)
Categorías: Bundle Security blogs

Telework- Managing Work Away From Work

Security blogs - Mié, 03/13/2013 - 14:11
04/09/2013 - Telework- Managing Work Away From Work. Telework programs have become increasingly widespread throughout the Federal Government over the past decad...(author unknown)
Categorías: Bundle Security blogs

Discounted Room Rate Available

Security blogs - Mié, 03/13/2013 - 13:47

Get your LayerOne 2013 hotel room at a discounted rate by following this link. This offer is available until May 10th, 2013!

LayerOne Staff

Categorías: Bundle Security blogs

SEI Career Fair

Security blogs - Mié, 03/13/2013 - 12:57
04/11/2013 - Join Us at Our Invitational Hiring Event
 Thursday & Friday, April 11-12, 2013
 Pittsburgh, PA The SEI Career Fair is by appointmen...(author unknown)
Categorías: Bundle Security blogs

For first time, US military says it would use offensive cyberweapons

Security blogs - Mié, 03/13/2013 - 12:29

For the first time ever, the Obama administration has publicly admitted to developing offensive cyberweapons that could be aimed at foreign nations during wartime.

According to an article published Tuesday night by The New York Times, that admission came from General Keith Alexander, the chief of the military's newly created Cyber Command. He said officials are establishing 13 teams of programmers and computer experts who would focus on offensive capabilities. Previously, Alexander publicly emphasized defensive strategies in electronic warfare to the almost complete exclusion of offense.

"I would like to be clear that this team, this defend-the-nation team, is not a defensive team," Alexander, who runs both the National Security Agency and the new Cyber Command, told the House Armed Services Committee on Tuesday. "This is an offensive team that the Defense Department would use to defend the nation if it were attacked in cyberspace. Thirteen of the teams that we’re creating are for that mission alone."

Read 3 remaining paragraphs | Comments

Categorías: Bundle Security blogs

Three Transitions Driving Net-Centric Security

Security blogs - Mié, 03/13/2013 - 12:00
Cisco Senior Vice President and Chief Security Officer, John Stewart, kicks off a series of video blogs focused on the topic of Net-Centric Security.John Stewart
Categorías: Bundle Security blogs

CHP Webinar: Enabling Resilient Energy Infrastructure

Security blogs - Mié, 03/13/2013 - 11:51
04/03/2013 - Natural disasters such as Hurricane Katrina in 2005, Hurricane Ike in 2008, and Superstorm Sandy in 2012 have highlighted the need to protect criti...(author unknown)
Categorías: Bundle Security blogs

National Logistics Forum

Security blogs - Mié, 03/13/2013 - 11:36
06/12/2013 - The National Logistics Forum will bring together senior Pentagon-based logistics policy officials and senior government logistics practitioners and...(author unknown)
Categorías: Bundle Security blogs

2013 Training and Simulation Industry Symposium (TSIS)

Security blogs - Mié, 03/13/2013 - 11:28
06/12/2013 - Preeminent Training and Simulation opportunity to hear the latest requirements and learn about procurement opportunities from the Army, Marine Cor...(author unknown)
Categorías: Bundle Security blogs