Posts Tagged OPSEC

LAPD Bails on Google Apps Because of Security & Privacy Concerns

From: Cloudline

LAPDMicrosoft’s Office 365 isn’t the only cloud service losing high-profile customers to security and privacy concerns. Google got a dose of the same medicine on Wednesday, with the LA Timesreporting that the LAPD is now backing out of its contract with Google so it can stick with its on-premises Novell platform for e-mail.

The LAPD and the city attorney’s office ultimately decided, some two years after deciding to move their e-mail systems to the cloud in order to save costs, that no cloud computing solution is really compatible with the federal security guidelines that the departments are required to follow.

“It will be difficult for law enforcement to move to a cloud solution until the [security requirements] and cloud are more in line with each other,” LAPD’s CIO told the LA Times.

more

, , , , , , ,

No Comments

Computer Virus Hits U.S. Drone Fleet

From: Danger Room

A computer virus has infected the cockpits of America’s Predator and Reaper drones, logging pilots’ every keystroke as they remotely fly missions over Afghanistan and other warzones.

Computer Virus Hits U.S. Drone Fleet

, , ,

No Comments

Citi Credit Card Information Stolen

Information on 200,000 Citi Credit Card Customers was stolen in an attack on their network.

Citi said no birth dates, Social Security numbers or card security codes were accessed by the hackers last month. They got away with account numbers and e-mail addresses. The financial institution said it would provide new cards to affected customers.

From Wired’s Threat Level

, , , ,

No Comments

How To Think About Security

Bruce Schneier gives an excellent presentation on how security affects us and how we think about it.

, , , , , ,

No Comments

USB Drives left at Dry Cleaners on the Rise

Encrypt your USB Drives

From: SC Magazine UK

A survey of dry cleaners in the UK has found that more than 17,000 USB sticks were left behind in 2010.

More than 500 dry cleaners and launderettes in the UK were asked during December 2010 and January 2011 about removable media that was left behind. Estimated figures suggested that there was an increase on the number of USB sticks left in dry cleaners of more than 400 per cent when compared with figures from 2009, and almost double from what was found in 2008.

…With the best intentions in the world, the reality is devices are often left behind and the information they contain could be devastating if disclosed. Organizations need to plan for this when developing their security strategies.”

more

, , , , ,

No Comments

Using the Evolved Cyber Range – Free Webinar

From: IDGA

Using the Evolved Cyber Range to Arm and Train U.S. Warriors to Win Cyber War

This FREE webinar will be on:
Tuesday, April 5, 2011, 2:00 PM – 3:00 PM ET
Presenter: Scott Register
Register

How are military and intelligence organizations such as the U.S. Defense Information Systems Agency (DISA), the U.S. European Command (EUCOM), and Northrop Grumman (U.S. and U.K.) deploying cyber range technology? What are these organizations doing to develop the expertise of personnel and then equipping them with the advanced tools needed to fulfill cyber security missions?

Join BreakingPoint Systems, the global leader in cyber range technology, and learn how U.S. government and military can properly train personnel with the skills to defend against cyber terrorism, espionage, and theft of intellectual property.

Listen to the best practice case studies of DISA, EUCOM, and Northrop Grumman as they use the latest technology and establish a turnkey system to deliver a complete, scalable, and operational cyber range.

Learn how to use technology to simulate Internet-scale cyber war conditions in a controlled environment in order to establish IT certification methods and curriculum needed for assessing, training, and qualifying cyber warrior personnel.

View the Whitepaper

View the Whitepaper

After attending this webinar you will know how to:

  • Deploy and use a modern cyber range machine to create an operationally relevant environment that precisely mirrors the Global Information Grid (GIG), enabling sophisticated simulation of real-world cyber conditions
  • Optimize and harden the resiliency—the performance, stability, and security—of next-generation deep packet inspection (DPI) devices to carry out effective Lawful Intercept programs and related missions
  • Model and research advanced cyber threats including Stuxnet and botnet-driven distributed denial of service (DDoS) attacks
  • Implement a scalable approach for training and certifying cyber warriors in critical Information Assurance (IA), Information Operations (IO), and Mission Assurance (MA) skills.
  • Establish centralized command and control to monitor and manage a distributed network of remote cyber ranges

, ,

No Comments

Protect Your Smartphone

Over at ArsTecnica, a technology site, there is a good article about how and why you should want to protect the data on your smartphone. Here is a snippet:

Exhaustive cell phone searches aren’t exactly commonplace today, but they’re growing more and more frequent as law enforcement begins to realize how much incriminating information modern smartphones tend to contain. The rapidly growing digital forensics industry already offers a range of tools to law enforcement designed for pulling data off of mobile phones, and entire books have been written on such topics as the forensic analysis of the iPhone operating system.

Unfortunately, few consumer-grade smartphones support full device encryption. While there are numerous smartphone apps available for encrypting particular types of files, such as emails (i.e. NitroDesk TouchDown), voice calls (i.e. RedPhone), and text messages (i.e. Cypher), these “selective” encryption tools offer insufficient protection unless you’re confident that no incriminating evidence exists anywhere on your smartphone outside of an encrypted container.

,

No Comments

Car Theft by Remote Control

From: MIT

Ketless Access AttackCar thieves of the future might be able to get into a car and drive away without forced entry and without needing a physical key, according to new research that will be presented at the Network and Distributed System Security Symposium next month in San Diego, California.

The researchers successfully attacked eight car manufacturers’ passive keyless entry and start systems—wireless key fobs that open a car’s doors and start the engine by proximity alone.

More

,

No Comments

Cyber-Threat Whitepapers

From: SC Magazine

, , , ,

No Comments

Net Centric Warfare Webinar

Coevolution of NCW: Challenges with Cyberspace and Organizational Development

This FREE webinar will be on:
Thursday, December 16, 2010, 2:00 PM – 3:00 PM ET
Presenter: Maj. Trisha Carpenter

The U.S. military is facing an entire new front in warfare, the cyber domain. Controlling and dominating this new technological theater is becoming critically important as U.S. Military leadership relies heavily on computer networks to communicate, gather INTEL, and even launch weapons and coordinated strikes. At the same time the military is striving to perfect the concept of Net Centric Warfare to effectively use technology to gain advantage and superiority over enemy forces. Two main obstacles may stand in the way of a successful transformation from the current haphazard state of cyberspace operations to a more productive future state required of Network Centric Warfare (NCW). The first obstacle is the military’s lack in knowledge of cyberspace operations. The second obstacle is the difficulty in understanding organizational change. This Webinar first presents a working definition of NCW to show how cyberspace and organizational change are related in the form of coevolution. It then discusses the organizational growth challenges faced by any organization operating in this domain, with a focus on the security missions likely to be given to cyber commands.

In this webinar participants will learn:

• An Operational Illustration of NCW

• Key Challenges in Cyberspace:

• Technical Environment: Cyber Triad

• Non-Technical Environment: Organizational Design

, , , ,

No Comments

Zeus Trojan Targets Government and Military Workers

From: Angela Moscaritolo

A new campaign of the password-stealing Zeus trojan is targeting workers from government and military departments in the United States and United Kingdom, according to security researchers at Websense. The trojan is being distributed through spoofed emails claiming to come from the U.S. National Intelligence Council. The bogus messages contain subject lines such as “Report of the National Intelligence Council.” The emails aim to lure users into downloading a document about the “2020 project,” which actually is Zeus. — AM

, , , , ,

No Comments

ZeuS Can Defeat Mobile Phone 2-factor Authentication

From: S21sec and Dave Jevans

It appears now that the criminals have developed malicious software for various mobile smart phones, than can capture these (one-time password)  banking text messages, and forward them to the criminals so that they can  log into the user’s bank account.

In his blog posting, David describes analyzing such a mobile phone malware that was designed for Symbian phones.

He calls this attack, “Man-in-the-mobile”.

, , , ,

No Comments

Car-Hacking

From: MIT Tech Review

Taking Over a Car

Researchers “break in” with software and a laptop.

By Erica Naone

Car-HackingCars are becoming more computerized, an evolution that could have an unintended side effect: vulnerability to attacks. Researchers at the University of Washington and the University of California, San Diego, led by Tadayoshi Kohno and Stefan Savage, recently showed that by taking over a car’s computers, they could disable the brakes, stop the engine, and control the door locks. For now, most of the attacks require access to a port inside the car. But wreaking havoc could get easier as carmakers add more wireless connectivity. The researchers hope their work will motivate manufacturers to add security features.

,

No Comments

Apple Seeks Patent to Spy on Customers

From: EFF

While users were celebrating the new jailbreaking and unlocking exemptions, Apple was quietly preparing to apply for a patent on technology that, among other things, would allow Apple to identify and punish users who take advantage of those exemptions or otherwise tinker with their devices. This patent application does nothing short of providing a roadmap for how Apple can — and presumably will — spy on its customers and control the way its customers use Apple products.

More

,

No Comments