- Threat Watch
- Warrior Tools
- Body Armor
- Long Guns
- Accuracy International
- Desert Tactical Arms
- Kel-Tec Long Guns
- Mosin Nagant
- Rock River Arms
- Ruger Long Guns
- Sabre Defense
- SIG Sauer
- Smith & Wesson Long Guns
- Wilson Combat
Posts Tagged network security
A claim by Wikileaks that documents it released last week provide evidence of a “secret new industry” of mass surveillance was as breathless as previous pronouncements from Julian Assange’s organization. But the material does provide a stark reminder that our online activities are easily snooped upon, and suggests that governments or police around the world can easily go shopping for tools to capture whatever information they want from us.
The take-home for ordinary computer users is that the privacy and security safeguards they use—including passwords and even encryption tools—present only minor obstacles to what one researcher calls the “cyber security industrial complex.”
“There is no true privacy in any computing systems against determined government-level surveillance,” says Radu Sion, a computer scientist at Stony Brook University who directs its Network Security and Applied Cryptography Laboratory. He says that as computing systems become more complex, and reliant on components from many different suppliers, the number of vulnerabilities that can be exploited by attackers and surveillance tools will grow.
From: Danger Room
A computer virus has infected the cockpits of America’s Predator and Reaper drones, logging pilots’ every keystroke as they remotely fly missions over Afghanistan and other warzones.
Information on 200,000 Citi Credit Card Customers was stolen in an attack on their network.
Citi said no birth dates, Social Security numbers or card security codes were accessed by the hackers last month. They got away with account numbers and e-mail addresses. The financial institution said it would provide new cards to affected customers.
From Wired’s Threat Level
From: WSJ via Kurzweil AI
Cyber combat: act of war
June 1, 2011
Source: Wall Street Journal — May 31, 2011
The Pentagon has concluded that computer sabotage coming from another country can constitute an act of war, opening the door for the U.S. to respond using traditional military force.
Pentagon officials believe the most sophisticated computer attacks require the resources of a government. For instance, the weapons used in an assault such as taking down a power grid would likely have been developed with state support.
Defense officials refuse to discuss potential cyber adversaries, although military and intelligence officials say they have identified previous attacks originating in Russia and China.
Topics: Computers/Infotech/UI | Survival/Defense
Iranian hackers obtain fraudulent HTTPS certificates: How close to a Web security meltdown did we get?
On March 15th, an HTTPS/TLS Certificate Authority (CA) was tricked into issuing fraudulent certificates that posed a dire risk to Internet security. Based on currently available information, the incident got close to – but was not quite – an Internet-wide security meltdown. These events show why we urgently need to start reinforcing the system that is currently used to authenticate and identify secure websites and email systems.
From: Dell SecureWorks
RSA is the security division of EMC software, best known for the popular SecurID two-factor authentication tokens used in high-security environments including some government networks. RSA announced that a cyberattack resulted in the compromise and disclosure of information “specifically related to RSA’s SecurID two-factor authentication products”. The full extent of the breach remains publicly unknown. RSA states that “this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack.” Organizations that make use of SecurID should be alert for attempts at circumventing their authentication infrastructure, though no specific attacks are known to be occurring at the time of this publication.
RSA’s breach disclosure
On March 17, 2011, RSA announced  that a cyberattack on its systems was successful and resulted in the compromise and disclosure of information “specifically related to RSA’s SecurID two-factor authentication products”. While the full extent of the breach remains publicly undisclosed, RSA states that “this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack.”
From: Dark Reading
New advanced persistent threat (APT) attack combines a variety of vectors, seeks to steal sensitive data, McAfee researchers say
By Tim WilsonResearchers at McAfee yesterday revealed details of a new advanced persistent threat attack that uses a combination of methods in an effort to steal sensitive operations, exploration, and financial data from petroleum and energy companies.The new series of attacks, dubbed “Night Dragon,” may have begun as long ago as 2008, McAfee says in its report about the threat. “Now, new Night Dragon attacks are being identified every day,” the report says. Night Dragon’s creators “appear to be highly organized and motivated in their pursuits,” McAfee says.
The attack is “a combination of social engineering and well-coordinated, targeted, cyber attacks using Trojans, remote control software, and other malware.” The report says McAfee has seen evidence of the attacks in virtually every region of the globe, and that it has “identified tools, techniques, and network activities utilized … that point to individuals in China as the primary source. ”
From: SC Magazine
From: Angela Moscaritolo
A new campaign of the password-stealing Zeus trojan is targeting workers from government and military departments in the United States and United Kingdom, according to security researchers at Websense. The trojan is being distributed through spoofed emails claiming to come from the U.S. National Intelligence Council. The bogus messages contain subject lines such as “Report of the National Intelligence Council.” The emails aim to lure users into downloading a document about the “2020 project,” which actually is Zeus. — AM
… So why is this so bad? First and foremost jailbreaking is a hack! Users are inviting a third party developer to hack your device. Plain and simple. Most recent versions of these tools are able to run over a simple webpage that is exploiting a few unpatched vulnerabilities in the smart phone operating system code. This risk was exposed last year when a worm “rick rolled” jailbroken iPhone users, exploiting a default password setting in secure shell daemon installed as part of the jailbreaking process.