How to Bury a Major Breach Notification
Amid the hustle and bustle of the RSA Security Conference
in San Francisco last week, researchers at RSA released a startling report that
received very little press coverage relative to its overall importance. The report detailed a malware campaign
that piggybacked on a popular piece of software used by system administrators
at some of the nation’s largest companies. Incredibly, the report did not name the
affected software, and the vendor in question has apparently chosen to bury its
breach disclosure. This post is an
attempt to remedy that.
Something to keep my Computer Security students busy.
Netflix Releases Open Source Security Tool
"Stethoscope"
Netflix this week released
Stethoscope, an open source web application that gives users specific
recommendations for securing their computers, smartphones and tablets.
Stethoscope was developed by Netflix as part of its “user
focused security” approach, which is based on the theory that it is better to
provide employees actionable information and low-friction tools, rather than
relying on heavy-handed policy enforcement.
Netflix
believes employees are more productive when they don’t have to deal
with too many rules and processes.
… The Stethoscope source code,
along with instructions for installation and configuration, are available on
GitHub.
Consider this: Self-driving cars will be more “software
complex” than the cars in this article.
Technology Hangups Drive Car-Durability Complaints
… In its annual
Vehicle Dependability Study, J.D. Power & Associates saw the average number
of problems increase for the second year in a row, with the audio, communication, entertainment and navigation
issues being the most commonly reported.
I wonder which parts of town they are surveilling?
GE, Intel, AT&T team up to put cameras, mics in San Diego
General Electric will put cameras, microphones and sensors
on 3,200 street lights in San Diego this year, marking the first large-scale
use of "smart city" tools GE says can help monitor traffic and
pinpoint crime, but raising potential privacy concerns.
Based on technology from GE's Current division,
Intel Corp and AT&T Inc, the system will use sensing nodes on light poles
to locate gunshots, estimate crowd sizes, check vehicle speeds and other tasks,
GE and the city said on Wednesday. The
city will provide the data to entrepreneurs and students to develop
applications.
Companies expect a growing
market for such systems as cities seek better data to plan and run their
operations. San Diego is a test of "internet of things" technology
that GE Current provides for commercial buildings and industrial sites.
… A 2014
estimate by Frost & Sullivan predicted the market for cities could be
valued at $1.5 trillion by 2020, she said.
Why is this a bad thing?
Should the NSA not use tools that analyze Big Data?
… Palantir
has never masked its ambitions, in particular the desire to sell its services
to the U.S. government — the CIA itself was an early investor in the startup
through In-Q-Tel, the agency’s venture capital branch.
… Palantir
Gotham (formerly Palantir Government) is designed for the needs of
intelligence, law enforcement, and homeland security customers. Gotham works by importing large reams of
“structured” data (like spreadsheets) and “unstructured” data (like images)
into one centralized database, where all of the information can be visualized
and analyzed in one workspace. For
example, a 2010 demo
showed how Palantir Government could be used to chart the flow of weapons
throughout the Middle East by importing disparate data sources like equipment
lot numbers, manufacturer data, and the locations of Hezbollah training camps. Palantir’s chief appeal is that it’s not
designed to do any single thing in particular, but is flexible and powerful
enough to accommodate the requirements of any organization that needs to
process large amounts of both personal and abstract data.
Interesting change in approach. Cheapest is not always bestest?
Federal IT Acquisition Worth $50B Cleared for Takeoff
… Under the
"lowest price technically acceptable" (LPTA) method, agencies focused
provider selections on cost, as long as the vendor displayed a minimum
technical competency.
GSA specifically ruled out the LPTA method with Alliant 2.
Instead, GSA appeared to flip the LPTA
concept around and instead focused on vendor quality with a selection criteria
based on "highest technically rated, with fair and reasonable price."
What that means is that under Alliant 2, GSA first will
rank vendors using a quality rating scale for various categories of IT and
organizational competency. Then, after
developing a list of qualified vendors, GSA will assess whether the prices are
fair and reasonable.
I may have my students design a LEGO datacenter.
… Building LEGO in
the real world is great, but it can be a pain if you don’t have the right
bricks to realize your imagination. Enter LEGO Digital Designer, an entirely free and official tool
that allows you to build virtual LEGO creations. You select bricks from the vast sets and can
build whatever your heart desires. You
can stack, align, rotate and color the bricks, giving you almost endless
options.
No comments:
Post a Comment