Monday, December 21, 2015

Infiltrated is not the same as disrupted. Think of it as building roadmaps for later use.
Danny Yadron reports:
Iranian hackers infiltrated the control system of a small dam less than 20 miles from New York City two years ago, sparking concerns that reached to the White House, according to former and current U.S. officials and experts familiar with the previously undisclosed incident.
Read more on WSJ.
[From the article:
Security experts say companies have done little to protect these systems from would-be hackers.
“Everything is being integrated, which is great, but it’s not very secure,” said Cesar Cerrudo, an Argentine researcher and chief technology officer at IOActive Labs, a security-consulting firm. At a hacker conference last year in Las Vegas, Mr. Cerrudo wowed the audience when he showed how he could manipulate traffic lights in major U.S. cities.
Operators of these systems “don’t think about security,” he said.




Not just educating employees, but keeping them alert. What would a serious hacker do?
Robin Sidel reports:
Terrified by a string of recent hacks, banks are spending billions of dollars trying to fend off a faceless army of digital intruders.
But the biggest threats may come from within.
Banks fear a growing number of employees are unwittingly exposing valuable information to hackers or in some cases leaving digital clues that make a breach possible. To boost their defenses, firms are banning workers from using portable devices such as USB drives, warning employees to be careful what they post on social media and even discouraging workers from posting “out-of-office” replies on their emails.
Read more on Nasdaq.




A backgrounder for my Ethical Hacking students.
Juniper Firewall Backdoor Password Found in 6 Hours
Networking and security company Juniper Networks revealed last week that it had identified unauthorized code in ScreenOS, the operating system powering the company’s NetScreen firewalls.
The vulnerabilities have been analyzed by several external researchers. Fox-IT experts said it took them just 6 hours to find the password for the ScreenOS authentication backdoor.
After analyzing the differences between the vulnerable and patched versions of ScreenOS, Rapid7’s HD Moore determined that the authentication backdoor, which can be exploited via SSH or Telnet, involves the default password <<< %s(un='%s') = %u
This backdoor password, which was presumably set this way so that it would be mistaken for one of the many debug format strings present in the code, can be leveraged by an attacker who knows a valid username for the device.
On one hand, it’s difficult to say if this vulnerability has been exploited in the wild since even though an unauthorized access attempt would normally be logged, it’s easy for an attacker to delete the relevant log entries. However, as Moore has highlighted, the logs might be sent to a centralized server, which could result in an alert being triggered.




It's not Hillary's fault. (Bet you never expected to see those words on this Blog) No politicians understand technology and that's Okay. Very few politicians bother to ask the people who do know and that's the problem.
Clueless Hillary Clinton On Encryption, Doesn't Understand The Concept Of The 'Back Door'
… On one hand, Clinton doesn't want back doors, but on the other, she wants law enforcement to be able to gain access to data if needed. She seals the deal with: "I just think there's got to be a way, and I would hope our tech companies would work with government to figure it out." Making matters worse she ponders, "maybe the back door is the wrong door?"
Clinton went on to say that maybe we need a "Manhattan-like project" [Because politicians understand spending lots and lots of money Bob] to accomplish this goal. What she doesn't seem to realize is that what she's effectively asking for is a back door, and as soon as any company (or person, for that matter) deliberately punches a hole in their product's security, it's no longer secure. Period.


(Related)
Tim Cook says there isn't a trade-off between security and privacy
In a strong defense of encryption, Apple's CEO Tim Cook said that there can be no trade-off between privacy and national security when it comes to encryption.
"I think that's an overly simplistic view. We're America. We should have both," he told Charlie Rose on CBS' 60 Minutes program on Sunday, according to a transcript of the interview posted online.




What does this suggest? If it sounds foreign, kill it? (Agrabah is the country from Disney’s “Aladdin”)
PublicPolicyPolling
We asked the Agrabah question to Dem primary voters too. They oppose bombing 'it' 36/19, while GOP supports bombing 'it' 30/13




Perspective. Just because I find it amusing. What would have happened if this was an auction?
Over ten million fans tried to buy tickets to Adele's North American tour
… When tickets for Adele's North American tour went on sale Wednesday morning, the virtual box office was literally crushed when over ten million fans rushed the site. Up for grabs were some 750,000 tickets for her 25 album tour across the continent.
… Just how unprecedented was the demand? Ticketmaster says that the ten million-plus figure represents an "all-time record," and according to Billboard's source, over four million tried to buy tickets for the six shows in New York City alone. Perhaps the craziness isn't so surprising considering sales of Adele's 25, which crushed all single-week records.




Perspective. Another of those “Year End” articles. Some charts are interesting even to me.
Goldman Sachs: 21 of the World's Most Interesting Charts
… While there are loads of billion-dollar startups in the software and internet sectors, education and energy are still a relatively small portion of that space.
… Taking a look at the largest companies in 2005 and comparing it to the largest firms in 2015 shows how important tech has become in the economy.
… the top-earning YouTube channels, with a toy review channel and Taylor Swift's VEVO account earning the most and garnering more than 250 million views per month.




Perspective. Most of my students are over 25.
The first website went online 25 years ago today
Tim Berners-Lee's first World Wide Web page flickered to life at CERN on December 20th, 1990.


No comments: