Security experts mostly critical of proposed threat intelligence sharing bill

This fall, the Senate is expected to take another look at the Cybersecurity Information Sharing Act, or CISA, but many security experts and privacy advocates are opposed.Cybersecurity has been in the news a lot this summer, and not just with several new high-profile breaches in government and the in private sector.Last month alone, the Pentagon began requiring defense contractors to report breaches, the White House Office of Management and Budget proposed new cybersecurity rules for contractor supply chains, and a court agreed that the Federal Trade Commission has the authority to enforce cybersecurity standards.MORE ON CSO:Millions of records compromised in these data breaches And many security experts agree that it's important for companies to share cybersecurity information, in real time, without risk of being publicly embarrassed, fined, or sued.To read this article in full or to leave a comment, please click here

10 things to do before you lose your laptop

Whether you’re in the office, at home, in school, or at coffee shops and hotels around the world, laptops are everywhere. The portable computer allows you to stay in touch and do productive work regardless of where you may be physically – especially when you factor in the extended battery life and cloud-based computing applications and services.On the other hand, the sheer portability of the laptop also makes it vulnerable to unauthorized access or outright theft or lost. Gartner recently estimated that a laptop is lost every 53 seconds.MORE ON NETWORK WORLD: 6 simple tricks for protecting your passwords While nobody plans to lose a laptop, there are some things that you can do to reduce both the risk and the potential legal repercussions should your laptop ever be misplaced or stolen. As with most security measures, the best defense is a good offense. Here are 10 things to do before you lose your laptop.To read this article in full or to leave a comment, please click here

Presidential longshot at CTIA 2015 promising nothing less than immortality

I hadn’t come to room 3301 of the Sands Expo to see Zoltan Istvan speak. I had come because the official CTIA Super Mobility 2015 conference app had pinged a notification to me that Mike Tyson – a boxer of some repute – was due to participate in a panel discussion and I wanted to startle my editors by landing a quote from Iron Mike.What I found, instead – I have no notion where Tyson was at the appointed time – was Zoltan Istvan, who is running for president. He is polished, polite and friendly. He was also gracious and patient with a reporter who bumbled into his speech by accident and essentially asked, “What the heck is going on here?”For those unfamiliar with his work, Istvan is a columnist for Vice, former reporter for National Geographic and author of a novel called The Transhumanist Wager, which lays out his hyper-futurist philosophy. In essence, he believes that humanity’s goal must be to create technology so advanced that we become immortal – conquering death with the infinitely sharp sword of logic. Through advances in medical science, the gentle melding of humans and machines and various other technological Continue reading

Apple Keynote 2015 – Enterprise & Personal

Excerpt: I am fascinated by Apple's business strategy and product management. Every year Apple makes a huge multi-billion dollar bet on delivering complex technology products into the hands of untrained users in the one of the toughest computing platforms - the smartphone. Plus they build custom silicon, new materials and software features in every version. And this time, they have an Enterprise product.

The post Apple Keynote 2015 – Enterprise & Personal appeared first on EtherealMind.

Risky Business #382 — Charlie Miller talks car hax, Uber

On this week's show we're checking in with Charlie Miller. We chat car hacking and we also (kind of) find out what he's up to now he's working at Uber.

This week's show is brought to you by HackLabs, an Australian security consultancy. They're a key sponsor of Australia's Cyber Security Challenge, which is basically a CTF for Australian CS students. What makes this one a bit different is it's being run by the Prime Minister's Office, which is, yeah, unexpected. Chris joins us later to discuss the challenge, that's this week's sponsor interview.

read more

North Korea is likely behind attacks exploiting a Korean word processing program

North Korea is likely behind cyberattacks that have focused on exploiting a word processing program widely used in South Korea, security firm FireEye said Thursday in a report.The proprietary program, called Hangul Word Processor, is used primarily in the south by the government and public institutions.The vulnerability, CVE-2015-6585, was patched three days ago by its developer Hancom.FireEye's conclusion is interesting because only a handful of attacks have been publicly attributed to the secretive nation, which is known to have well-developed cyber capabilities.To read this article in full or to leave a comment, please click here

What’s that drama?

The infosec community is known for its drama on places like Twitter. People missing the pieces can't figure out what happened. So I thought I'd write up the latest drama.

It starts with "Wesley McGrew" (@McGrewSecurity), an assistant professor at Mississippi state. He's been a frequent source of infosec drama for years now. Since I, myself, don't shy away from drama, I can't say that he's necessarily at fault, I'm just pointing out that he's been involved in several Big Infosec Drama Blowups.

Then there is "Adrian Crenshaw" (@irongeeek_adc) (aka. "Irongeek") who maintains a website http://irongeek.com, which hosts a lot of infosec videos. He'll work with conferences to make sure talks get recorded and uploaded to his site. A lot of smaller cons host their video there. If you frequently watch infosec videos, then you know the site.


I think this specific drama started back in April, when Irongeek made this April Fool's joke:
https://twitter.com/McGrewSecurity/status/583250910387789824

Many, most especially McGew, criticized Irongeek for this, claiming it was an "unfunny slap to women in security".

I don't know when it happened, but Irongeek punished McGrew by blocking students from McGrew's university, Mississippi State. This was noticed last week.

https://twitter. Continue reading

US defense secretary mulls rapid grants for tech companies

The U.S. Department of Defense is considering offering rapid seed funding to private companies as a way to encourage more work on technology projects with the commercial sector, Secretary of Defense Ashton Carter said Wednesday.The push for greater cooperation with tech companies has been a big theme for the DOD in the last year as it faces a growing and unprecedented threat from private and state actors on the Internet and beyond.That was demonstrated late last year when Sony Pictures suffered a devastating hack of its corporate email system that the U.S. government attributed to North Korea. Hackers based overseas have also been blamed for high-profile attacks on the Department of State and the Office of Personnel Management, the latter of which resulted in personal data on millions of government employees being lost.To read this article in full or to leave a comment, please click here

US defense secretary mulls rapid grants for tech companies

The U.S. Department of Defense is considering offering rapid seed funding to private companies as a way to encourage more work on technology projects with the commercial sector, Secretary of Defense Ashton Carter said Wednesday. The push for greater cooperation with tech companies has been a big theme for the DOD in the last year as it faces a growing and unprecedented threat from private and state actors on the Internet and beyond. That was demonstrated late last year when Sony Pictures suffered a devastating hack of its corporate email system that the U.S. government attributed to North Korea. Hackers based overseas have also been blamed for high-profile attacks on the Department of State and the Office of Personnel Management, the latter of which resulted in personal data on millions of government employees being lost.To read this article in full or to leave a comment, please click here

Video: Virtual networking’s killer use case

A key theme at this year's VMworld conference was the virtualization of the data center, and specifically the network.+MORE AT NETWORK WORLD: Containers key to Cisco's "open" data center OS +VMware entered into the networking market two years ago when it purchased Nicira for more than $1 billion. Since then VMware has rolled out NSX, it’s virtual networking product. Officials say there are already 700 NSX deployments, including 65 customers that have $1 million+ NSX deployments.In the video below, check out what VMware’s Chris King says have been some of the driving factors behind virtual networking, and learn how virtual networking is being used as a security tool, and not just network agility software.To read this article in full or to leave a comment, please click here

Video: Virtual networking’s killer use case

A key theme at this year's VMworld conference was the virtualization of the data center, and specifically the network.+MORE AT NETWORK WORLD: Containers key to Cisco's "open" data center OS +VMware entered into the networking market two years ago when it purchased Nicira for more than $1 billion. Since then VMware has rolled out NSX, it’s virtual networking product. Officials say there are already 700 NSX deployments, including 65 customers that have $1 million+ NSX deployments.In the video below, check out what VMware’s Chris King says have been some of the driving factors behind virtual networking, and learn how virtual networking is being used as a security tool, and not just network agility software.To read this article in full or to leave a comment, please click here

Turla cyberespionage group exploits satellite Internet links for anonymity

A cyberespionage group of Russian origin that targets governmental, diplomatic, military, educational and research organizations is hijacking satellite-based Internet connections in order to hide their servers from security researchers and law enforcement agencies.The group is known as Epic Turla, Snake or Uroburos and even though some of its operations were first uncovered in February 2014, it has been active for at least eight years.To read this article in full or to leave a comment, please click here

New Apple TV: Siri and the App Store are the stars of Apple’s new set-top box

Apple is re-entering the living room with the 2015 Apple TV, a new set-top box that streams video, plays games, and uses Siri to answer your every entertainment whim.+ Find out what Apple did to the new iPad +The last time Apple upgraded its living room hardware was more than two years ago, and even that was a minor refresh of the 2012 Apple TV. The new version is a significant upgrade, packing more powerful hardware and a full-blown app store.Similar look, new apps At first glance, the new Apple TV sports a similar interface to that of its predecessor. A strip of recommendations sit on top, followed by a list of apps underneath. The big difference now is that there’s an entire App Store, rather than a preset list of Apple-curated selections.To read this article in full or to leave a comment, please click here

Some notes on satellite C&C

Wired and Ars Technica have some articles on malware using satellites for command-and-control. The malware doesn't hook directly to the satellites, of course. Instead, it sends packets to an IP address of a known satellite user, like a random goat herder in the middle of the wilds of Iraq. Since the satellites beam down to earth using an unencrypted signal, anybody can eavesdrop on it. Thus, while malware sends packets to that satellite downlink in Iraq, it's actually a hacker in Germany who receives them.

This is actually fairly old hat. If you look hard enough, somewhere (I think Google Code), you'll find some code I wrote back around 2011 for extracting IP packets from MPEG-TS streams, for roughly this purpose.

My idea was to use something like masscan, where I do a scan of the Internet from a fast data center, but spoof that goat herder's IP address. Thus, everyone seeing the scan would complain about that IP address instead of mine. I would see all the responses by eavesdropping on that satellite connection.

This doesn't work in Europe and the United States. These markets use more expensive satellites which not only support encryption, but also narrow "spot Continue reading
1 3,320 3,321 3,322 3,323 3,324 3,835