- Cybersecurity architecture principles
- Security of networks, systems, applications and data
- Incident response
- Security implications related to adoption of emerging technologies
Saturday, April 26, 2014
If Russia (Putin) can't have the Ukraine, and anything else he wants, he'll just use that capitalism thing to “sanction” Europe until they cave in to his demands.
With World Watching Ukraine, Russia Makes Energy Moves in Africa
… Over the past decade, and especially in recent months, the country has been ramping up natural gas exploration and production in Algeria and other corners of the African continent, including Nigeria, Egypt and Mozambique. The country is seeking "a stranglehold on Western Europe" that it could tighten – or threaten to tighten – anytime it wishes, says Assis Malaquias, a defense economics expert at the Africa Center for Strategic Studies in Washington, D.C.
By 2015, experts say, Moscow's control of Europe’s gas supply could leap by as much as 10 percentage points to 40 percent. Moreover, Southern European countries like Italy and Spain, which draw much of their natural gas from North Africa, would join the list of those affected by an increased Russian presence on the continent.
“Western Europe should be very concerned," Malaquias says. "Very."
Perhaps my Ethical Hackers could test your medical devices? (Before some unethical hacker does!) The initial assessment is free, keeping quiet about our findings – pricey. Note: Apparently a lot of this equipment uses hardcoded (written into the software so you can't change them) passwords.
Add this to your MUST-READ list. It should be required reading for all hospital administrators.
Kim Zetter reports:
When Scott Erven was given free rein to roam through all of the medical equipment used at a large chain of Midwest health care facilities, he knew he would find security problems–but he wasn’t prepared for just how bad it would be.
In a study spanning two years, Erven and his team found drug infusion pumps–for delivering morphine drips, chemotherapy and antibiotics–that can be remotely manipulated to change the dosage doled out to patients; Bluetooth-enabled defibrillators that can be manipulated to deliver random shocks to a patient’s heart or prevent a medically needed shock from occurring; X-rays that can be accessed by outsiders lurking on a hospital’s network; temperature settings on refrigerators storing blood and drugs that can be reset, [Yes, they are connected to the Internet. Bob] causing spoilage; and digital medical records that can be altered to cause physicians to misdiagnose, prescribe the wrong drugs or administer unwarranted care.
Erven’s team also found that, in some cases, they could blue-screen devices and restart or reboot them to wipe out the configuration settings, allowing an attacker to take critical equipment down during emergencies or crash all of the testing equipment in a lab and reset the configuration to factory settings.
Read more on Wired.
Explained, without much logic.
Last week Judge William Alsup (N.D. Cal.) released the unredacted version of his ruling in the first-ever challenge to the no-fly list to be decided on the merits – a case that I and others have discussed on this blog here, here, and here. Jeffrey Kahn has already catalogued most of the newly revealed information over at Concurring Opinions. My goal here is to step back a little, examine the especially noteworthy revelations (of which there are several), and put the case in the context of the broader debates about the appropriate balance between secrecy and transparency.
Some put a lot of thought into these opinions, some not so much.
Yesterday’s Washington Post has an interesting story about the increasingly aggressive role some federal magistrate judges are playing in policing criminal investigations involving digital media. In this “Magistrates’ Revolt”, the judges who review and authorize almost all federal search warrants and digital investigation orders are growing more critical of government assertions–and increasingly publishing their opinions so as to educate and inform their colleagues around the country.
(Related) Apparently the courts are ready for a “world government” (i.e. world-wide jurisdiction) So the remedy is, don't use email providers (any digital service) with a US presence?
Joseph Ax reports:
Internet service providers must turn over customer emails and other digital content sought by U.S. government search warrants even when the information is stored overseas, a federal judge ruled on Friday.
In what appears to be the first court decision addressing the issue, U.S. Magistrate Judge James Francis in New York said Internet service providers such as Microsoft Corp or Google Inc cannot refuse to turn over customer information and emails stored in other countries when issued a valid search warrant from U.S. law enforcement agencies.
Read more on Reuters.
'cause someone needs guidance.
Net Neutrality: A Guide to (and History of) a Contested Idea
This week, news broke that the Federal Communications Commission is considering new rules for how the Internet works.
In short: the FCC would allow network owners (your Verizons, Comcasts, etc.) to create Internet "fast lanes" for companies (Disney, The Atlantic) that pay them more. For Internet activists, this directly violated the principle of net neutrality, which has been a hot-button issue in Silicon Valley for a long time.
Net neutrality is the idea that any network traffic—movies, web pages, MP3s, pictures—can move from one place (our servers) to any other place (readers'
computers phones) without
… If you want a speedy explainer, Vox's Timothy Lee has one for you.
For my Computer Security students.
A few weeks ago I wrote about an opportunity for entry-level information security (infosec) professionals to get some training and “skill up” for their careers. (See Cybersecurity Professionals Are in Big Demand as Staffing Shortages Hit Critical Levels). Now there is a new option for people coming into the infosec profession. Today ISACA is launching a comprehensive new program called Cybersecurity Nexus (CSX).
… There is a Cybersecurity Fundamentals Certificate that is aimed at entry level information security professionals with 0 to 3 years of practitioner experience. The certificate is for people just coming out of college and career-changers now getting into IT security. The foundational level knowledge-based exam covers four domains:
A more advanced level certification is planned for 2015.
Something to add to the “Start-up folder?”
Meet Invoiceable: A Free Invoicing Solution For Small Businesses
It doesn’t get cheaper than free. There are some excellent free invoicing tools out there that your small business can benefit from. Invoiceable is one of them.
Because it amuses me... As Brazil moves into the “first world” club, the FCC is taking us to the “third world”
… The FCC is making moves to change the rules surrounding “Net Neutrality,” the idea that the Internet should not give preferential treatment to certain data or certain companies. The new proposal will give communications carriers and content companies “faster lanes.” This could have a major impact on education, as some have already said that schools will get “the slow lane.”
… Meanwhile, Brazil has passed an Internet Bill of Rights that, among other things, protects Net Neutrality.
… It’s official. The data infrastructure project InBloom is dead. After months of struggling to keep its clients in the face of parent protests about privacy issues, the organization announced this week that it would “wind down” over the coming months.
… A new OER platform, panOpen, has officially launched.
… The Gates Foundation has published the results of a survey on what teachers want from digital tools.