Usability guru Jakob Nielsen opened up a can of worms when he made the case for unmasking passwords in his blog. I chimed in that I agreed. Almost 165 comments on my blog (and several articles, essays, and many other blog posts) later, the consensus is that we were wrong. I was certainly too glib. Like any security countermeasure, password…
 Sky News |
Helicopter Crash Kills 26 Security Personnel in Pakistan
Wall Street Journal AP ISLAMABAD — A military official said 26 security personnel were killed in a helicopter crash in northwestern Pakistan. The official says the crash took … 26 security personnel embraced shahadat in helicopter crash Helicopter Crashed in Orakzai Security Personnel Dead Helicopter crash kills 26 in NW Pakistan |
 Washington Post |
Russia tightens security ahead of Obama visit
Times of India 3 Jul 2009, 2016 hrs IST, PTI MOSCOW: Russia will put its fighter jets on high alert and the airspace over Moscow will be a no-fly zone as part of security … Russia stepping up security ahead of Obama visit Moscow takes unprecedented security measures for US President's visit Text of Obama's AP interview |
Good essay — “The Staggering Cost of Playing it ‘Safe’” — about the political motivations for terrorist security policy. Senator Barbara Boxer has led an effort to at least put together a public database of ash storage sites so that people can judge the risk to the areas where they live. However, even this effort has been blocked not by…
 WISH |
Trade and the American Clean Energy and Security Act of 2009
Truth about Trade & Technology The US House of Representatives passed the American Clean Energy and Security Act of 2009 to address climate change issues by establishing a carbon … Boccieri Stops By WMFD To Discuss New Bill LETTER: Bill should be strengthened, then passed What better way to declare America's independence than by … |
|
US cyber security system project is troubled
Inquirer In the final phase Einstein is supposed to detect and deflect security breaches. However to do that its filtering technology will have to read the contents … AP Technology NewsBrief at 5:31 am EDT |
 Seattle Post Intelligencer |
AU summit starts on agriculture, food security
Xinhua And it can increase food and nutritional security." "African ministers rightly called for a sustainable green revolution earlier this year in Windhoek," she … AU Summit: Security, Piracy Top Agenda African Union summit focuses on economic growth and food security Food security tops agenda at AU summit |
 International Middle East Media Center |
Palestinians detain rivals to strengthen grip
The Associated Press RAMALLAH, West Bank (AP) — Palestinian President Mahmoud Abbas' security forces have significantly widened a crackdown on Hamas in the West Bank in the past … Why Obama should fire General Dayton Hamas cell arrested in West Bank plotted to kill Abbas: report PA: Arrested Hamas activists planned to assassinate Abbas |
Development tool flaws targetted.
No organisation is sacred in the eyes of online scammers.
My 6th edition of Traffic Talk, titled Wireshark 1.2 tutorial: Open source network analyzer’s new features has been posted. From the article:
Wireshark is a staple of any network administrator’s toolkit, and it can be equally useful for any network solution providers or consultants who troubleshoot business networks. Most of the readers of this tutorial have probably used Gerald Combs’ open source protocol analyzer for years. In this edition of Traffic Talk, I’d like to discuss a few new features of Wireshark as present in the 1.2 version released on June 15, 2009. I use Windows XP SP3 as my test platform.
If you have any questions on the article, please post them here. Thank you.
When I announced I would join General Electric as Director of Incident Response in June 2007, I had to post a follow-up titled I’m Not Dead. That issue even made it onto Bill Brenner’s radar. Two years later I’m still at GE, glad that as of 1 January this year we have a functional and growing Computer Incident Response Team (CIRT) manned by the best incident handlers and support staff you’ll find anywhere.
Sometimes work occupies time I would have previously spent blogging, reading, or writing. That’s why you’ll often see a flurry of blog posts when I have time on a weekend (or now, before a Company holiday). I’ve fallen far behind in my reading, and my writing is limited to articles. However, I will be collaborating with Keith Jones and team for Real Digital Forensics Volume 2, which should be cool. I don’t have a schedule for other books beyond RDF2 at the moment.
The registration process for my TCP/IP Weapons School 2.0 class at Black Hat USA 2009 continues to be active, with seats almost gone in the weekday version. The weekend version has open seats. If you’d like more details, please see my post Black Hat Class Outline Posted.
I was invited to be a panelist for The Laws of Vulnerabilities Research Version 2.0: Comparing Critical Infrastructure Industries, a description of which is posted at the Black Hat Briefings speaker list. Because I’m busy during the 10 am panel time on day 1, I won’t have to make the decision about which great talk I’ll miss at that time! I mean, Billy Hoffman, FX, Rod Beckstrom, Dino Dai Zovi, and Chris Gates all at the same time?
Amazon.com just posted my four star review of Hacking Exposed: Windows, 3rd Ed. Better late than never! From the review:
I’ve been reading and reviewing Hacking Exposed (HE) books since 1999, and I reviewed the two previous Windows books. Hacking Exposed: Windows, 3rd Ed (HEW3E) is an excellent addition to the HE series. I agree with Chris Gates’ review, but I’d like to add a few of my own points. The bottom line is that if you need a solid book on Windows technologies and how to attack and defend them, HEW3E is the right resource.
Employee use of social networking is now widely accepted by IT professionals, although security is expected to be increased, according to a new survey.
In my Predictions for 2008 I wrote Expect greater military involvement in defending private sector networks. Today I read a great Washington Post story titled Obama Administration to Involve NSA in Defending Civilian Agency Networks. It says in part:
The Obama administration will proceed with a Bush-era plan to use National Security Agency assistance in screening government computer traffic on private-sector networks, with AT&T as the likely test site…
President Obama said in May that government efforts to protect computer systems from attack would not involve “monitoring private sector networks or Internet traffic” and Department of Homeland Security officials say that the new program will only scrutinize data going to or from government systems…
Under a classified pilot program approved during the Bush administration, NSA data and hardware would be used to protect the networks of some civilian government agencies. Part of an initiative known as Einstein 3, the pilot called for telecommunications companies to route the Internet traffic of civilian government agencies through a monitoring box that would search for and block malicious computer codes…
The internal controversy reflects the central tension in the debate over how best to defend the nation’s mostly private system of computer networks. The most effective techniques, experts say, require the automated scrutiny of e-mail and other electronic communications content — something that commercial providers already do.
Proponents of involving the government said such efforts should harness the NSA’s resources, especially its database of computer codes, or signatures, that have been linked to cyberattacks or known adversaries. The NSA has compiled the cache by, for example, electronically observing hackers trying to gain access to U.S. military systems, the officials said.
“That’s the secret sauce,” one official said. “It’s the stuff they have that the private sector doesn’t.“
But it is also the prospect of NSA involvement in cybersecurity that fuels concerns of unwarranted government snooping into private communications…
The classified NSA system, known as Tutelage, has the ability to decide how to handle malicious intrusions — to block them or watch them closely to better assess the threat, sources said. It is currently used to defend military networks.
You’re thinking, “this article says NSA will not monitor purely private networks. What’s the fuss?” Imagine you’re the CEO, CIO/CTO, or CISO of a big company. You say “why is my company and our employees paying taxes so that the government can protect itself while my company is left outside the circled wagons?” The higher you go in corporate management, the more likely the only “security” that will be recognized will be “firewalls.” So, you’re going to have big-league corporate leaders telling the government that they want their companies “protected” too. This isn’t really what is happening, but at that level it really doesn’t matter.
The bottom line is that first the military protected itself, and now the military is going to help protect civilian government agencies. Critical private infrastructure will be next, followed by economically important companies — think “too big to be 0wned.” This will be interesting.
A US judge has moved to overturn the conviction of a woman accused of cyber-bullying a teenager who later committed suicide.
 MiamiHerald.com |
US wants privacy in new cyber security system
The Associated Press But the Department of Homeland Security is still pulling the plan together, according to senior administration officials. Einstein 3 has triggered debate … Obama Cybersecurity Plan To Involve NSA, Probably AT&T -Report Troubles Plague Cyberspy Defense Obama Administration Plans to Use NSA to Defend Civilian Agency … |
A security researcher has unveiled a new iPhone SMS vulnerability, according to reports out of the SyScan Conference in Singapore.
 Telegraph.co.uk |
Withdrawal symptoms
Al-Ahram Weekly US combat troops pulled out of the capital and other cities and towns in a move that should, under the security accord signed between Baghdad and Washington … Iraq ramps up security before US withdrawal Iraqis celebrate as American troops pull out after 6 years As US troops move on, Iraqis fear the coming turmoil |