Security
Privacy about to punted again when 'balanced' against need for govt spying
With the cyber-world such as it is now, constant breaches because companies are careless and lax about protecting our personal information, it might be true what the Office of Inadequate Security pointed out, "Maybe all companies should add 'check Pastebin' to their daily security to-do list." As if there's not enough personal info dumped about us all to invade privacy, any time there is talk about security and you hear the word 'balance' being used, citizens' privacy is about to be punted. This time it was in regard to online spying Read more
Feds nuke 150 website domains for selling fake goods
In its second annual Cyber Monday bust-fest, US law enforcement today said it seized 150 domain names from commercial websites it said engaged in the sale and distribution of counterfeit goods and copyrighted works.
The 150 seized domains are now custody of the federal government and site visitors will see a banner that notifies them that the domain name has been grabbed by federal authorities. Read more
DARPA to banish “geeky, formal” way code defects are eradicated
For every 1,000 lines of code, one to five bugs are introduced. And getting those bugs out of the millions of lines of software code that run today's complex systems is costly and only performed by highly specialized researchers with deep knowledge of software and mathematical theorem-proving techniques. Read more
Nine successful, effective IT project tips
Most often when the watchdogs at the Government Accountability Office are called into to check out an agency, process or project they are looking for something that has gone wrong. This week, however the group took a look at some government IT projects that have gone right and came up with some best practices other government agencies or in public corporations could emulate to achieve success in their own IT projects. Read more
Google, Facebook part of FTC facial recognition technology assessment
The Federal Trade Commission has set the lineup for its workshop next month that will examine the privacy and security impact of facial recognition technology. Read more
MalCon: Malware Hacking Conference for Twisted Pen Testers
While most Americans will be lulled into a Turkey coma, or perhaps fighting Black Friday crowds, a MalCon conference in Mumbai will be kicking off with a wicked 'muhahaha' from malware and information security researchers as they dive into twisted pen testing. It's a bit like the anti-antivirus crowd. While MalCon said it does not promote malware creation, it also laughs and answers "no" to the question of if it's a trap to profile malcoders. Read more
Monkey, Dragon, football and the rest of 2011's worst passwords
Maybe people go with passwords like 123456 and the very tricky 12345678 because they think they're so obvious that hackers won't guess them?
Anyway, SplashData, a maker of password management and other mobile apps, has released its list of the 25 worst passwords of 2011 (in other words, most common) and they're mostly predictable, with a few oddballs tossed in. Read more
Raytheon gets $10.5M to develop "serious games"
These aren't your basic video gaming systems here. The US government gave Raytheon BBN Technologies a $10.5 million today to develop what it called "serious games" that result in better decision-making by teaching players to recognize and diminish the effects of their own biases when analyzing information used to make decisions. Read more
Hacker takes aim at Homeland, posts 'proof' of hacking SCADA for Houston's water supply
What would make you nibble, take the bait, and open an email? Because you think you know the sender is trusted, or because it appears to be related to something that happened in real time in our physical world like an earthquake or a hurricane? Read more
Too much social media networking: Paranoia of Big Brother surveillance may destroy ya
If you think 24/7 connectivity is nothing new for you, and you constantly check in on Foursquare, use location-aware apps, update Facebook or other social media statuses with your geo-tagged photos, then you probably have no location-awareness sharing issues and are not overly concerned if you lose locational privacy. In the year 2014, your futuristic automated smart home can update statuses for you; even more personal data will be logged coming from emerging technology; interaction with the power grid, smart meters, IP TVs, smart appliances, movie theaters harvesting emotions, robots, GPS in cars and smartphones, and products that stalk you will create a life-log. By 2014 there will be a plethora of programs, mobile apps and devices to track you that will create and store records of your movements, activities and behaviors; this is the scene that Europe's biggest cybersecurity agency studied "to predict positive and negative effects of online 'life-logging' on citizens and society." Read more
"There Would Be No Cloud Without Open Source" - Simon Crosby
I first became aware of cloud security issues listening to Simon Crosby, fresh off of taking in millions and millions of Citrix dollars when they bought XenSource, speak with my friend Chris Hoff at several conferences, podcasts and blog posts. In many ways Crosby and Hoff brought cloud security and even cloud computing itself to the forefront in many peoples minds. Read more
Busted! DOJ says you might be a felon if you clicked a link or opened email
We may be doomed and you are probably a felon if you ever used a fake name online, used a bogus birthday to register on a site, or fibbed about your height or weight on an online dating profile, named a different town or city in a profile, or basically didn't tell the exact truth anywhere online. Never done that? Read more
IBM: Analytics, mobile, cloud, social applications will drive future IT development
It's clear by the increasing use of analytics software that companies are struggling to get their hands around the huge amounts of data it takes to run a successful business. But developing social, mobile, cloud computing and other applications are also driving the need for new technical skills. Read more
Do you give up a reasonable expectation of privacy by carrying a cell phone?
Tracking via mobile devices continues to be a popular, yet extremely invasive means of electronic location surveillance with law enforcement. We looked at secret sessions that teach government and law enforcement how to hack and conduct surveillance on the masses. At that same ISS World Americas conference, there were several teaching sessions devoted to mobile devices and vendors promoting surveillance tech and cell phone capturing equipment. Read more
Shipping-related spam rises as holidays near
I just received this alert from my company's IT department, and, while I'm sure all of you regular readers are already on your toes regarding this stuff, it might be a good time to offer a reminder to your end users ... at work and at home: Read more
Secret Snoop Conference for Gov't Spying: Go Stealth, Hit a Hundred Thousand Targets
Forget passive monitoring for government spying; go stealth to hit your target says the Hacking Team which sells hacking techniques and tools for invasive surveillance of the masses. Better yet, hit a hundred thousand targets. We looked at legal means, with a Trojan horse warrant for remote computer searches. But what about those areas of mass surveillance without a warrant that seem shaded grey and lawfully questionable to many of us concerned about privacy? There are interesting conferences in which the doors are locked to Joe and Jane Doe, but thrown wide open for intelligence agencies and law enforcement. So what goes on behind those doors that are shut to the general public? IIS World Americas is open only to "law enforcement, intelligence, homeland security analysts and telecom operators responsible for lawful interception, electronic investigations and network intelligence." There are many vendors of products that assist the government in spying, but the Hacking Team should send an eerie eavesdropping chill up your spine. Read more
DARPA to detail program that radically alters security authentication techniques
Researchers from the Defense Advanced Research Projects Agency will next week detail a new program it hopes will develop technology to dramatically change computer system security authorization. Read more
US snapshot of broadband world finds disparity and dial-up
Almost seven of 10 households in the United States subscribe to broadband service while 68% of American households used broadband Internet in 2010, up from 64% in 2009 and only 3% of households still rely on dial-up access to the Internet in 2010, down from 5 percent in 2009.
Those were but a few of the interesting facts found in a snapshot of broadband use in the US released this week by the Department of Commerce and National Telecommunications and Information Administration (NTIA). Read more
FBI takes out $14M DNS malware operation
US law enforcement today said it had smashed what it called a massive, sophisticated Internet fraud scheme that injected malware in more than four million computers in over 100 countries while generating $14 million in illegitimate income. Of the computers infected with malware, at least 500,000 were in the United States, including computers belonging to U.S. government agencies, such as NASA. Read more
4th Amendment vs Virtual Force by Feds, Trojan Horse Warrants for Remote Searches?
If you missed part one, Fourth Amendment's Future if Gov't Uses Virtual Force and Trojan Horse Warrants, then please go catch up with the rest of us. This time we'll look at Remote Access Trojans (RAT) which are nothing new, yet assume that this government-injected malware/spyware was not detected by antivirus. Also in this case, we are not assuming the target is a SE (social engineering) victim who opens an email or clicks on a link that installs the backdoor into their digital life. This isn't about if I agree or if I think that sort of privacy invasion is right (if you are wondering, then you've never read this blog huh?); this is about an interesting paper that discussed if the government/law enforcement can legally get around your Fourth Amendment rights and secretly install software for remote searches. Read more
-
Network World, Inc
The Connected Enterprise