Pages

Tuesday, September 18, 2018

The five radical types

“I was brought up to respect my elders, so now I don't have to respect anybody.”
- George Burns


The five radical types: democrats, Manicheans, identitarians, propagandists, and technocrats. We need more of the first and the last. Cass Sunstein explains

William Taubman, Khrushchev: The Man and His Era.  Winner of a Pulitzer, this remains one of the essential takes on mid-20th century Soviet history and is highly readable as well.


Schneider on Security: “Some of us — myself included — have proposed lawful government hacking as an alternative to backdoors. A new report from the Center of Internet and Society looks at the security risks of allowing government hacking. They include:
  • Disincentive for vulnerability disclosure
  • Cultivation of a market for surveillance tools
  • Attackers co-opt hacking tools over which governments have lost control
  • Attackers learn of vulnerabilities through government use of malware
  • Government incentives to push for less-secure software and standards
  • Government malware affects innocent users.

Sharpest jello kitchen knife in the world


Pussy Riot’s Producer’ In Critical Condition After Suspected Poisoning


Pyotr Verzilov, who has collaborated extensively with the Russian feminist punk collective for years (one member is his partner, another his ex) and took part in the group's protest at the World Cup final, started to feel ill after a court hearing on Tuesday; within a few hours, he became unable to see, then to speak, then to walk. … [Read More]





Nextgov
September 13, 2018
As the 2019 appropriations process wraps up, lawmakers will have one last chance to add money to the Technology Modernization Fund or effectively cap it at 2018 levels. Congressional appropriators from the House and Senate met

The Hill
September 13, 2018
Rep. Jacky Rosen (D-Nev.) on Thursday unveiled legislation to create a Department of Labor grant program for apprenticeships in cybersecurity.

Nextgov
September 13, 2018
In the long run, agencies’ heavy reliance on software patching could create more problems than it solves, according to one tech-savvy lawmaker. And with billions of internet-connected devices expected to flood government facilities in the years ahead, he said, the situation is only going to get worse

The Hill
September 13, 2018
The House Homeland Security Committee on Thursday advanced a pair of bills addressing cyber vulnerabilities at the Department of Homeland Security (DHS). Only minor amendments were offered for both bills, which were passed during what is expected to be the committee’s final markup of the legislative session. Rep. John Ratcliffe (R-Texas) introduced an amendment to make technical changes to House Majority Leader Kevin McCarthy’s (R-Calif.) bill, which would create a cyber vulnerability policy at DHS.

CyberScoop
September 12, 2018
The State Department must do more to shore up its cybersecurity posture, according to a bipartisan group of senators. The department is woefully behind on hitting various federal cybersecurity benchmarks, and it is weak on basic measures to protect against phishing, hacks and other cyberattacks, wrote Ron Wyden, D-Ore., Cory Gardner, R-Colo.

FCW
September 11, 2018
The federal government is nearing an Oct. 16 deadline to comply with a Department of Homeland Security directive on email and website security. One U.S. Senator believes that date should mark the beginning -- not the end -- of the department's work with the trove of data that the order has produced. Last year, DHS issued a binding operational directive requiring federal agencies to implement a series of tools to protect public-facing federal websites and email from spoofing.

Inside Cybersecurity
September 10, 2018
A scaled-down breach-notification bill applying only to the financial industry could be marked up “imminently” in the House Financial Services Committee, a panel GOP source said, while stressing that the effort to move a narrow, sector-specific measure shouldn't be interpreted as a surrender on eventually passing comprehensive data security and consumer notice legislation.

ADMINISTRATION

CyberScoop
September 13, 2018
A top State Department official says President Donald Trump’s new executive order to combat foreign election-meddling serves as a check on the optics of the Helsinki Summit in July, where Trump questioned whether the Russian government interfered in the 2016 U.S. election.

FCW
The Defense Department's newest combatant command is nearly a decade old but still doesn't steer its own acquisitions. That could change in fiscal 2019, however, as U.S. Cyber Command staffs up its contracting office and seeks a bigger acquisition budget. "Acquisition authority is limited at the moment.

CyberScoop
September 13, 2018
Another cybersecurity expert at the FBI is headed for the private sector. Trent Teyema, the FBI’s section chief for cyber readiness and chief operating officer of the bureau’s Cyber Division, has been named senior vice president and chief technology officer for the government-focused wing of Parsons Corporation.

Nextgov
September 13, 2018
Military combatant commands were inadequately resourcing their cyber missions and not effectively communicating about cyber requirements as recently as 2014, according to an investigative report.

SP
September 12, 2018
A federal judge who's considering whether Georgia should have to switch from electronic voting machines to paper ballots for the November election called the situation "a catch-22." Voting integrity groups and individuals sued state and county election officials, arguing that the touchscreen voting machines Georgia has used since 2002 are vulnerable to hacking and provide no way to confirm that votes have been recorded correctly because they don't produce a paper trail.

Gov Info Security
September 12, 2018
The Food and Drug Administration should increase its scrutiny of the cybersecurity of networked medical devices before they're approved to be marketed, a new government watchdog agency report says. FDA says it will carry out the report's recommendations. The Department of Health and Human Services' Office of Inspector General's report recommends that FDA better integrate the review of cybersecurity in the agency's processes for premarket assessments of medical devices.

Nextgov
September 12, 2018
Half of government and military employees were using easily crackable passwords as of 2012, according to a report released Wednesday. That’s only slightly better than the 52 percent of the general public that was using passwords that were far too weak at the time, according to the report from the cybersecurity firm WatchGuard.

Nextgov
September 10, 2018
As the government barrels toward an Oct. 1 deadline for contractors to have Kaspersky Lab software completely scrubbed from their networks, technologists and acquisition experts worry contractors aren’t prepared. In some cases, contractors may not even be aware that Kaspersky, a Russian anti-virus provider, is running on their networks because it came pre-installed with unrelated software, cyber watchers said


INDUSTRY

Vice Motherboard
September 14, 2018
In 2016, Apple’s head of security surprised the attendees of one of the biggest security conference in the world by announcing a bug bounty program for Apple’s mobile operating system iOS. .

Ars Technica
September 14, 2018
In May of 2017, the WannaCry attack—a file-encrypting ransomware knock-off attributed by the US to North Korea—raised the urgency of patching vulnerabilities in the Windows operating system that had been exposed by a leak of National Security Agency exploits. WannaCry leveraged an exploit called EternalBlue, software that leveraged Windows' Server Message Block (SMB) network file sharing protocol to move across networks, wreaking havoc as it spread quickly across affected networks.

Nextgov
September 14, 2018
Attorneys for Kaspersky Lab faced tough questioning Friday from a three-judge federal appeals court panel in what could mark the Russian anti-virus company’s last chance to make a public case against a U.S. governmentwide ban. That December 2017 congressional ban came after months of alarms across government that Kaspersky software might be used as a spying tool for the Russian government or that the company might be compelled to collect and turn over U.S. government information under Russian law.

Gov Info Security
September 14, 2018
Intel has had a challenging time lately on the vulnerability front. Computer security researchers have dug deeply into the chip manufacturer's wares, finding vulnerabilities such as Meltdown, Spectre and Foreshadow, all of which proved to be difficult to fix or mitigate.

The Telegraph
September 13, 2018
Two thirds of German manufacturers have fallen victim to cyber attacks costing the industry $50bn, according to IT experts. Small and medium-sized companies (SMEs), often described as "the backbone of German business", are the most vulnerable to threats from hackers, according to a survey of cyber security chiefs by German IT industry body Bitkom.

CyberScoop
September 13, 2018
wo companies that provide enterprises with privileged access management (PAM) services are coming together in an acquisition announced Thursday. Atlanta-based Bomgar is acquiring Phoenix-based BeyondTrust in a deal expected to close in October, the terms of which the companies did not disclose.

The Wall Street Journal
September 12, 2018
Two years before Equifax Inc. stunned the world with the announcement it had been hacked, the credit-reporting company believed it was the victim of another theft, only this time at the hands of Chinese spies, according to people familiar with the matter.

Krebs on Security
September 12, 2018
The four major U.S. wireless carriers today detailed a new initiative that may soon let Web sites eschew passwords and instead authenticate visitors by leveraging data elements unique to each customer’s phone and mobile subscriber account, such as location, customer reputation, and physical attributes of the device.

Wired
September 11, 2018
On Friday, British Airways disclosed a data breach impacting customer information from roughly 380,000 booking transactions made between August 21 and September 5 of this year. The company said that names, addresses, email addresses, and sensitive payment card details were all compromised. Now, researchers from the threat detection firm RiskIQ have shed new light on how the attackers pulled off the heist. RiskIQ published details tracking the British Airways hackers' strategy on Tuesday, also linking the intrusion to a criminal hacking gang that has been active since 2015.

Wired
September 10, 2018
Tesla has taken plenty of innovative steps to protect the driving systems of its kitted-out cars against digital attacks. It's hired top-notch security engineers, pushed over-the-internet software updates, and added code integrity checks

INTERNATIONAL

The Washington Post
September 14, 2018
North Korea accused the United States on Friday of circulating “preposterous falsehoods” after Washington charged an alleged hacker for the North Korean government in connection with major cyberattacks, including a 2014 assault on Sony Pictures Entertainment.

Gov Info Security
September 14, 2018
Less than four months after GDPR enforcement began, Europe has arguably entered - if at times screaming and stumbling - into the modern data breach notification era. In the U.K. last week, British Airways warned that it had been hacked and up to 380,000 customers' payment card details stolen.

AP
September 14, 2018
Dutch authorities arrested and expelled two suspected Russian spies months ago for allegedly trying to hack a Swiss laboratory that conducts chemical weapons tests, Switzerland’s government confirmed Friday as it summoned the Russian ambassador to protest an “attempted attack.”

CyberScoop
September 14, 2018
highly-active hacking group known for targeting Middle Eastern governments is updating its tools. OilRig, a hacking group that has been linked by researchers to Iran, has been observed using an updated version of the BONDUPDATER malware to target a Middle Eastern government in spearphishing attacks, according to new research from the U.S. cybersecurity firm Palo Alto Networks.

BBC
September 14, 2018
A security analysis of cyber-attacks against universities and colleges in the UK has discovered staff or students could often be responsible, rather than organised crime or hacking groups. A government-funded agency that provides cyber-security has examined the timing of 850 attacks in 2017-18.

The Economist
September 13, 2018
On September 6th, President Donald Trump tweeted his gratitude to Kim Jong Un for the North Korean leader’s “unwavering faith” (in Donald Trump). “We will get it done together!”

Gov Info Security
September 13, 2018
A Romanian court has ruled that the notorious hacker "Guccifer," who discovered the existence of Hillary's Clinton's private email server, will be extradited to the U.S. to serve a 52-month prison sentence after he finishes serving a seven-year sentence in his home country. Guccifer - a portmanteau of Gucci and Lucifer - was the hacker handle used by Romanian Marcel Lehel Lazar, 46, a former taxi driver who has admitted to perpetrating a string of email and social media account compromises.

CyberScoop
September 12, 2018
Russian national Peter Levashov pleaded guilty in a U.S. court to controlling one of the world’s largest-ever botnets, known as Kelihos.

Australian Broadcasting Corporation
September 12, 2018
Lego is normally associated with child's play rather than cyber security, but more than 70 government and private sector hackers are currently bunkered down in Canberra attacking and defending a plastic brick city.

CyberScoop
September 12, 2018
A Latvian hacker was sentenced to 33 months in prison on Wednesday after earning over $150,000 in a “scareware” scheme that infected computers after visiting the Minneapolis Star Tribune’s website in 2010.

The Irish Times
September 11, 2018
Insurers in Ireland do not have adequate data to price cybersecurity insurance, despite it becoming “as prevalent as all other insurance” products, PwC has said.

The Times
September 8, 2018
Britain may have to resort to helpful cyberhacking in retaliation against Russia as the authorities cannot risk an escalation to attacks on the country’s infrastructure, security experts said.


Ars Technica
September 13, 2018
Cold boot attacks, used to extract sensitive data such as encryption keys and passwords from system memory, have been given new blood by researchers from F-Secure.

CyberScoop
September 11, 2018
When it comes to protecting faith-based organizations from hackers, divine intervention will only get you so far. Congregations, like any other collection of people, can benefit from trading threat intelligence to mitigate the spread of malware. W