“Cloud computing ha…

View full post on Help Net Security – News

I want to highlight some of the ideas being presented in this bill and how they are going to be a huge win for the cyber security community. These are just a few of the items being discussed, but these will pay huge dividends in the security effort.

The coordination and sharing of information between the civilian and government agencies is one of the topics some of the bills being considered address, and is a critical component in the cybersecurity effort. As it is written in PrECISE SEC. 2. Sec.226 (2) foster the development, in conjunction with other governmental entities and the private sector, of essential information security technologies and capabilities for protecting Federal systems and critical infrastructure information systems, including comprehensive protective capabilities and other technological solutions. Organizations that have previously developed implementation strategies for information systems have a leg up on organizations that have not. The Black Hat community has excelled at this type of sharing, and has been an excellent vehicle for their efforts. They are not impeded by corporate policy, federal guidelines, or other governing regulations.

The silos of information that exist in the enterprise today have also led to silos of security information. The production, collection, and correlation of that information is often difficult because different vendor technologies, implemented at different stages, lead to disparate systems. PrECISE SEC. 2, Sec 226 Para. (3) states the need to acquire, integrate, and facilitate the adoption of new cybersecurity technologies and practices in a technologically and vendor-neutral manner to keep pace with emerging terrorist and other cybersecurity threats. There are many great minds and methods to approach this, and the solution will not be easy. It is a critical solution that needs to be addressed.

User awareness and education is critical for every aspect of information security. With the increase of reliance on technology throughout, the importance of user education increases accordingly. PrECISE SEC. 2, Sec 226 Para.(6) states and

-(C) training opportunities to support the development of an effective national cybersecurity workforce and educational paths to cybersecurity professions
User education and awareness training, coupled with the information sharing efforts mentioned in Para. (2) will go a long way towards improving the overall security of the information and systems we use every day.

I am excited to see the governments taking cybersecurity seriously, and hope the politicians can produce something that is useable and applicable to the world today. The implementation of some of the ideas discussed in this bill will be a huge undertaking, and needs to be done.As a society we have moved beyond the point where cybersecurity is merely desirable by the people who rely on technology. it is a fundamental need, and in some instances, desperately.
Tony Carothers
tony d0t carothers at g_mail

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

View full post on SANS Internet Storm Center, InfoCON: green

Researchers at the Ruhr-University Bochum have managed to extract the secret encryption algorithmns used by satellite phones, and discovered that it’s a lot less secure than one might hope.…

View full post on The Register – Security

View full post on Help Net Security – News

The OS X Lion 10.7.3 Upda…

View full post on Help Net Security – News

View full post on Help Net Security – News

Apple’s FileVault disk encryption can be circumvented in less than an hour, according to a computer forensics firm.…

View full post on The Register – Security

Members of Anonymous have released an intercept of a conference call between investigators at the FBI and Scotland Yard during which operations against hacktivist group were discussed.…

View full post on The Register – Security

- Major data breaches and targeted attacks on high-profile companies and agencies

- Hacktivism – A shift from hacking for money to hacking as a form of protest or to prove a point

- Conficker worm is still the most commonly encountered pieces of malicious software seen is Sophos customers

- Fake antivirus software is still the most common type of malware but in second half of the year appears to be on the decline

- Spearphishing attacks on the rise
Despite all this, some successes On March 16, 2011 a coordinated effort known as Operation b107 between Microsoft, FireEye, U.S. federal law enforcement agents and the University of Washington knocked Rustock offline. [1] The entire report available here.
Handler Mark published a diary on some of the things to take in consideration When your service provider has a breach. [3]
[1] http://www.sophos.com/en-us/security-news-trends/reports/security-threat-report/html-07.aspx

[2] http://www.sophos.com/en-us/security-news-trends/reports/security-threat-report/html-01.aspx

[3] https://isc.sans.edu/diary.html?storyid=10651

[4] http://www.sophos.com/medialibrary/PDFs/other/SophosSecurityThreatReport2012.pdf
Data breach diaries reported by ISC in 2011:
[1] WordPress.com https://isc.sans.edu/diary.html?storyid=10729

[2] RSA Breach https://isc.sans.edu/diary.html?storyid=10609

[3] Lockheed Marting https://isc.sans.edu/diary.html?storyid=10939

[4] Sega Pass https://isc.sans.edu/diary.html?storyid=11065

[5] SonyPictures https://isc.sans.edu/diary.html?storyid=10996

[6] DigiNotar SSL Breach (result = bankruptcy) https://isc.sans.edu/diary.html?storyid=11479

[7] GlobalSign https://isc.sans.edu/diary.html?storyid=12205

[8] Stratfor Global Intelligence https://isc.sans.edu/diary.html?storyid=12271
———–
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

View full post on SANS Internet Storm Center, InfoCON: green

Jon Callas, CTO for E…

View full post on Help Net Security – News