Thursday, September 17, 2015

Breaches

Fairfax media journalist Natalie Obrien Vodafone employee accessed my text messages

Prevention as a security strategy is inherently flawed- business need to walk in the footsteps of their attacker to make their system smarter and leaner
Why understanding the lifecycle of a cyber attack is better than trying to stop it

Data manipulation is a bigger problem than data theft.


The IRS has divulged few details about the data breach, but thanks to some amateur sleuthing by Kasper, who is a software engineer with a specialty in computer security, we’re able to fill in some of the blanks.
Inside the Massive IRS Data Breach

Soaring Eagle above Cliffs in Jervis Bay Sep 2014



The New Money-Laundering Sting: Come to the U.S., Get Arrested  





The register, 24 Aug 2015.  Long-time – and by now somewhat despondent – privacy advocate Roger Clarke says successive Australian governments have ignored the privacy impacts of nearly every national security measure passed by parliament since 2001.
 
Eagles in the sky chasing mice Jervis Bay Sep 2014
According to a security researcher for Linux distributer Red Hat, network hardware sold by several manufacturers failed to properly implement a widely used cryptographic standard, a data-leaking shortcoming that can allow adversaries to impersonate HTTPS-protected websites using the faulty equipment. A nine-month scan that queried billions of HTTPS sessions from millions of IP addresses was able to obtain leaked data for 272 keys, reports Red Hat security researcher Florian Weimer in a research paper published this week. Because the scan surveyed only a very small percentage of the overall number of transport layer security protocol handshakes, many more keys and manufacturers are likely to be affected by the leakage. 

Serious bug causes “quite a few” HTTPS sites to reveal their private keys


Cactus Blossom in Winter - One Day Wonder


$100 Million Checks Shouldn't Be in the Mail, IRS Says
TNT, 8/9/15. Beginning in 2016, the IRS will reject any check in the amount of $100 million or more.

An explosion in the number of new Internet addresses has created a wealth of opportunities for criminals exploiting shady domains such as .zip, .kim or .party, according to an industry study published on Tuesday. Attackers are constantly in search of new domains for links to lead users to download malware, divulge personal data or spam their friends, and a liberalization of the Web has expanded the number of top-level domains tenfold in the past two years. An analysis of tens of millions of websites by enterprise security company Blue Coat found the most dangerous top-level domains (TLDs) were .zip, .review and .country, while the safest new ones were .london, .tel and .church.
Web Address Explosion Is Bonanza for Cyber-Criminals: Study
 
RS Agent Charged With Sexual Battery During Audit