Wednesday, May 14, 2014
Perspective. My Computer Security students will not be surprised. NOTE: Imagine how the volumes will increase as the Internet of Things is fully implemented...
Enterprises Generate 10,000 Security Events Per Day on Average: Report
According to a new report provided by threat protection vendor Damballa, the devices in an average company’s network are generating an average of 10,000 security events per day, with the most active generating roughly 150,000 events per day.
Compiled from analysis of 50% of North American ISP Internet traffic and 33% of mobile traffic, along with large volumes of traffic from global ISPs and enterprise customers, the report found that large, globally dispersed enterprises were averaging 97 active infected devices per day and leaking an aggregate average of more than 10GB of data per day.
“Such figures illustrate how daunting it is for security staff to manually trawl through mountains of alerts in order to discover which (if any) constitute a real and present threat,” the Damballa explained in its Q1 2014 State of Infections Report (PDF).
… According to a recent jobs study from Burning Glass Technologies, demand for cyber-security professionals remained high in 2013. Burning Glass identified 209,749 national postings for cyber-security jobs in 2013, and determined that the average salary for a cyber-security posting was $93,028, according to the report, which was compiled by reviewing job postings across 32,000 online sites daily.
(Related) (You can download a PDF version free.)
At the Nexus of Cybersecurity and Public Policy
by Sabrina I. Pacifici on May 13, 2014
“We depend on information and information technology (IT) to make many of our day-to-day tasks easier and more convenient. Computers play key roles in transportation, health care, banking, and energy. Businesses use IT for payroll and accounting, inventory and sales, and research and development. Modern military forces use weapons that are increasingly coordinated through computer-based networks. Cybersecurity is vital to protecting all of these functions. Cyberspace is vulnerable to a broad spectrum of hackers, criminals, terrorists, and state actors. Working in cyberspace, these malevolent actors can steal money, intellectual property, or classified information; impersonate law-abiding parties for their own purposes; damage important data; or deny the availability of normally accessible services. Cybersecurity issues arise because of three factors taken together – the presence of malevolent actors in cyberspace, societal reliance on IT for many important functions, and the presence of vulnerabilities in IT systems. What steps can policy makers take to protect our government, businesses, and the public from those would take advantage of system vulnerabilities? At the Nexus of Cybersecurity and Public Policy offers a wealth of information on practical measures, technical and nontechnical challenges, and potential policy responses. According to this report, cybersecurity is a never-ending battle; threats will evolve as adversaries adopt new tools and techniques to compromise security. Cybersecurity is therefore an ongoing process that needs to evolve as new threats are identified. At the Nexus of Cybersecurity and Public Policy is a call for action to make cybersecurity a public safety priority. For a number of years, the cybersecurity issue has received increasing public attention; however, most policy focus has been on the short-term costs of improving systems. In its explanation of the fundamentals of cybersecurity and the discussion of potential policy responses, this book will be a resource for policy makers, cybersecurity and IT professionals, and anyone who wants to understand threats to cyberspace.”
There are benefits to being a large contributor to Presidential campaigns beyond “civic pride.”
EPIC Obtains Letter Concerning DOJ Non-Investigation of Google Street View
by Sabrina I. Pacifici on May 13, 2014
“Pursuant to the Freedom of Information Act, EPIC has obtained the closing letter from the Department of Justice to Google attorneys in the Street View matter. The letter briefly mentions Google’s interception and collection of private Wi-Fi communications across the United States over several years. The disclosure of the activity occurred after a European data protection authority discovered that Google’s “Street View” vehicles also captured private Wi-Fi data. More than 12 countries subsequently investigated Google’s programs, and at least 9 countries found Google guilty of violating their laws. The letter from the DOJ states that US officials were aware that Google’s “equipment collected ‘payload’ data, including contents of e-mail and Internet addresses typed by users,” but the Department “decided not to seek charges” against Google for violating the Wiretap Act. The Ninth Circuit recently affirmed a federal court’s decision to allow a class action lawsuit against Google to move forward for wiretap violations stemming from the Street View program. For more information, see EPIC: Investigations of Google Street View and EPIC: Joffe v. Google.”
Don't we model this stuff? Would it have been cheaper to raise the bottom of the tax brackets? (i.e. No tax due if you earn less than “X” – and adjust “X” for inflation.) Probably wouldn't allow the bureaucrats to add thousands of new employees...
IRS paid $13b in bogus credits, inspector says
The Internal Revenue Service paid more than $13 billion in tax credits last year to people who may not have qualified, a government investigator said Tuesday.
The agency’s inspector general issued a report Tuesday saying the improper payments for the Earned Income Tax Credits program were between $13.3 billion and $15.6 billion. That’s about a quarter of all EITC payments, which are supposed to go to low-income working families.
… Using IRS statistics, the inspector general’s report provided an estimated range of improper EITC payments from 2003 through 2013. The report says the IRS paid out at least $124.1 billion in improper payments during the period, and perhaps as much as $148.2 billion.
This might help our students...
Learn Everything About Social Media From These 4 Websites & Blogs
Having a Facebook account in the 21st century is almost like having a landline in the 80s. An accepted, ordinary part of everyday life. There’s even a phrase to describe those who have grown up in this wonderful, wired era: digital natives. But even though most people can craft a status update, few actually possess a detailed, intimate knowledge of how social media works.
… Whatever your circumstances, you need to check out these four blogs and websites. They’ll turn you into a better social media user, guaranteed.
For my Computer Forensics students?
– is a free web site intended to provide budding researchers a sample of what can be done with digital photo forensics. Using algorithms, researchers can determine if a picture is real or computer graphics, if it was modified, and even how it was modified. Following the disclosure of these algorithms, many people began recreating them. “Foto Forensics” is one of them.
For my students. If nothing else, this has some potential for gaming...
– lets you leave messages in locations for your friends to discover. When your friends reach the location where you have sent a Drop, they will receive your message, like a virtual sticky note. Set an Upcoming Location to tell your friends where you are headed, so they can leave Drops for you to discover when you arrive. Drop is a whole new way to stay connected.