Cybersecurity
C&A Now Weightless at NASA
Neil Armstrong said it best when he touched the moon's surface for the first time: "One small step for man, one giant leap for mankind." Here we are over 40 years later, and NASA is <a href="http://www.nextgov.com/nextgov/ng_20100519_6677.php?oref=topstory">setting the tone</a> all over again--in cybersecurity.
Cybersecurity
Before You Pay, Pray
An interesting but confused (to put it nicely) <a href="http://finance.yahoo.com/banking-budgetingk/article/109549/could-online-hackers-steal-your-cash">article</a> covering online banking prompted a pretty saucy <a href="http://righteousit.wordpress.com/2010/05/17/not-news-is-bad-news/">response</a> from an industry expert Monday.
Cybersecurity
Coose Up To Bat for FISMA
Two weeks ago, <a href="http://www.cio.com/podcasts/awards/coose_dhs_otw.mp3">Matt Coose</a>, director of federal network security at the Homeland Security Department, was charged with enabling 110 federal agencies to do <a href="http://cybersecurityreport.nextgov.com/2010/04/white_house_heroes.php">continuous monitoring</a> based on the new Federal Information Security Management Act requirements.
Cybersecurity
Targeting Administrative Interfaces
Years ago, vendors pushed to make administrative interfaces manageable with Web browsers, unknowingly making large enterprises more vulnerable to security risks.
Cybersecurity
EastWest - Pretender or Contender?
It's estimated that 75 percent of cyberattacks against the U.S. come from outside its borders.
Cybersecurity
Computers and Stock Market Mayhem
In a span of <a href="http://www.washingtonpost.com/wp-dyn/content/article/2010/05/06/AR2010050604545.html?hpid=topnews">5 minutes</a> yesterday, the Dow Jones index tumbled faster than ever before. <a href="http://voices.washingtonpost.com/economy-watch/2010/05/lesson_of_todays_stock_market.html?hpid=topnews">The culprit</a>? It's still unclear, but it appears as if computer issues played an integral part alongside the economic crisis in Greece and the oil spill in the Gulf of Mexico. The point of emphasis here is that computers have become so embedded in our financial institutions that it's not even considered unreasonable to hypothesize the massive financial ramifications of a simple data entry error. The event's shock and awe almost demands that we consider how a cybersecurity breach could have a similar, if not far worse, impact.
Cybersecurity
Cyber Lesson from Oprah?
Oprah Winfrey kicked off the campaign "<a href="http://www.oprah.com/packages/no-phone-zone.html">No Phone Zone</a>" to combat texting while driving. I'm no O, but I've got a public service announcement of my own. It's called "Report Wicked Websites."
Cybersecurity
Senators Cross the Line on Facebook
Four senators put a scare into <a href="http://www.facebook.com">Facebook</a> last week, issuing a public letter <a href="http://www.schumer.senate.gov/record.cfm?id=324175&">lambasting</a> the company for its privacy policy changes. <a href="http://en.wikipedia.org/wiki/Mark_Zuckerberg">Facebook Chief Executive Officer Mark Zuckerberg</a> had to see the day coming; the changes to the privacy controls are somewhat hidden and confusing.
Cybersecurity
Facebook Attacks X's and O's
If the Internet is <a href="http://www.forbes.com/forbes/2010/0301/rebuilding-paller-america-internet-give-me-your-hackers.html">God's gift to espionage</a>, Facebook is like a cruel joke. And it appears the latest Facebook fix is in, an attack referred to by experts as social engineering.
Cybersecurity
Crumbling Global Security Ties?
There's a lot of talk in cybersecurity about what we need to do, but not always talk about what we have done. And that might be because the global response hasn't been sufficient enough.
Cybersecurity
Mass SQL Injection's Evolution
<a href="http://www.f-secure.com/weblog/archives/00001427.html">Mass SQL Injection</a> is like a bad cold. It probably won't kill you, but it comes with a cough, a headache, a stuffy nose and a sore throat. It's also the next most dangerous attack vector on Ed Skoudis's list. It resides there because of its evolution.
Cybersecurity
White House Heroes
The White House is close to requiring agencies to do continuous security monitoring. I always thought I'd see the day, but now that's its finally arrived it seems surreal. The White House made the <a href="http://www.nextgov.com/nextgov/ng_20100421_5175.php">announcement</a> on Wednesday, a proud day for <a href="http://cybersecurityreport.nextgov.com/2010/04/state_dept_success_revealed.php">John Streufert and company</a>, the State Department's Chief Information Security Officer (CISO) who successfully implemented the first federal government continuous monitoring model.
Cybersecurity
McAfee Update Goes Bad
A ton of reports filtered into <a href="http://isc.sans.org/">SANS' Internet Storm Center</a> on Wednesday about a bad McAfee Antivirus update. Turns out McAfee antivirus is identifying "svchost.exe" as a virus, a critical systems file in Windows that it can run properly without. As a result of the antivirus misidentification, McAfee attempts to remove it, or prevent it from running. Systems that are infected will keep rebooting, or networking will no longer work, according to SANS Chief Research Officer Johannes Ullrich.
Cybersecurity
State Dept. Success Revealed
In March 2009, the U.S. State Department <a href="http://www.nextgov.com/nextgov/ng_20091030_4029.php?oref=rss">implemented</a> a bold strategy to continuously monitor cyberspace for malicious computer attacks. Chief Information Security Officer <a href="http://www.govinfosecurity.com/articles.php?art_id=1934">John Streufert</a> led the effort.
Cybersecurity
Most Dangerous -- Browser Hooking
Browser hooking -- the next attack vector on Ed Skoudis's <a href="http://cybersecurityreport.nextgov.com/2010/03/most_dangerous_attacks_-_day_1.php">most dangerous list</a> -- is stealthy, damaging and found all over the place.
Cybersecurity
GAO Talks FDCC Failures
Usually when the Government Accountability Office releases a <a href="http://gao.gov/products/GAO-10-202">report</a>, there's a bit of finger wagging going on inside the Beltway. But with two new reports highlighting the lack of compliance by major federal agencies to meet the requirements of both the <a href="http://docs.google.com/viewer?a=v&q=cache:DGK-eVhgZWcJ:www.whitehouse.gov/omb/memoranda/fy2008/m08-05.pdf+Trusted+Internet+Connection&hl=en&gl=us&pid=bl&srcid=ADGEESi1jLZL7ngbvJD6AS0LLOkEJM8Y_F1LPxuRw6mV4McfMoVAPGrpfkjWZnjtfZam54tLx23rxax9C7Zh4HxhQsh1f04bEU1fB6nz1I3odlR-sbX0mwtYXWIZygs9dapMwGCThyL6&sig=AHIEtbT5zbBYfwH4DT38Tf1ctUE1OAxPcA">Trusted Internet Connection</a> (TIC) and the <a href="http://nvd.nist.gov/fdcc/index.cfm">Federal Desktop Core Configuration</a> (FDCC) White House initiatives, it's more like finger pointing.
Cybersecurity
Apache.org and Attack Soup
This morning, a <a href="http://isc.sans.org/diary.html?storyid=8623">story</a> from the Internet Storm Center caught my eye. The piece, about an attack launched against the <a href="http://en.wikipedia.org/wiki/Bug_tracking_system">bug tracking system</a> used by <a href="http://apache.org/">Apache.org</a>, was pretty technical, so I asked Johannes Ullrich, chief research officer for SANS, to break it down.
Cybersecurity
Navy's World Class Cyber Command
When it comes to cybersecurity, the U.S. Navy is way ahead of its time, says Alan Paller, director of research for the SANS Institute, where I work as managing editor.
Cybersecurity
Experts Debate Cyberwar Defense
<a href="http://www.ranum.com/">Marcus Ranum</a> and <a href="http://csis.org/experts">James Lewis</a> wrote competing op-eds on cyberwar last week, but I think they agree on more than they let on.
Cybersecurity
'Most Dangerous' -- Spear Phishing
<a href="http://www.ehow.com/how_4892992_recognize-spear-phishing-scams.html"></a>Ed Skoudis calls <a href="http://en.wikipedia.org/wiki/Phishing">spear phishing</a> "an oldie-but-goodie attack," but I can't figure out what's good about it. Spear phishing is a highly targeted e-mail with either an appended malicious attachment or a dangerous Web site link to client-side exploits. Strangely, the attack was birthed in the most inauspicious of ways; clumsy grammar and preposterous scenarios. How's that for irony? Imagine some e-mail, laden with broken English, lands in your inbox from halfway across the world detailing a half-baked scenario. And, what do we do? We click. I've done it. You've probably done it. <a href="http://voices.washingtonpost.com/securityfix/2009/06/spear-phishing_gang_resurfaces.html">We all regret it</a> (you won't regret the link).
Almost There!
Help us tailor content specifically for you: