- Comms
- Law
- Medic
- News
- Opinion
- Threat Watch
- Training
- Warrior Tools
- Accessories
- Ammo
- Body Armor
- Books
- Clothing
- Commo
- Gear
- Handguns
- Holsters
- Knives
- Long Guns
- ACC
- Accuracy International
- Barrett
- Benelli
- Beretta
- Blaser
- Bushmaster
- Custom
- CZ
- Desert Tactical Arms
- DPMS
- FN
- Forums
- HK
- IWI
- Kel-Tec Long Guns
- LaRue
- LWRC
- McMillan
- Mosin Nagant
- Mossberg
- Para
- Remington
- Rock River Arms
- Ruger Long Guns
- Sabre Defense
- Sako
- SIG Sauer
- SKS
- Smith & Wesson Long Guns
- Springfield
- Styer
- Weatherby
- Wilson Combat
- Winchester
- Magazines
- Maintenance
- Navigation
- Optics
- Sights
- Tech
- Warriors
Posts Tagged network security
Pushing Back Against Surveillance Tech
From Electronic Frontier Foundation:
At work, employee-monitoring “bosswareâ€Â puts workers’ privacy and security at risk with invasive time-tracking and “productivity†features that go far beyond what is necessary and proportionate to manage a workforce. At school, programs like remote proctoring and social media monitoring follow students home and into other parts of their online lives. And at home, stalkerware, parental monitoring “kidware†apps, home monitoring systems, and other consumer tech monitor and control intimate partners, household members, and even neighbors. In all of these settings, subjects and victims often do not know they are being surveilled, or are coerced into it by bosses, administrators, partners, or others with power over them.
The Cyber Security Industrial Complex
Posted by Gary in Comms, News, Threat Watch on 10/Dec/2011 14:07
From: MIT
A claim by Wikileaks that documents it released last week provide evidence of a “secret new industry” of mass surveillance was as breathless as previous pronouncements from Julian Assange’s organization. But the material does provide a stark reminder that our online activities are easily snooped upon, and suggests that governments or police around the world can easily go shopping for tools to capture whatever information they want from us.
The take-home for ordinary computer users is that the privacy and security safeguards they use—including passwords and even encryption tools—present only minor obstacles to what one researcher calls the “cyber security industrial complex.”
“There is no true privacy in any computing systems against determined government-level surveillance,” says Radu Sion, a computer scientist at Stony Brook University who directs its Network Security and Applied Cryptography Laboratory. He says that as computing systems become more complex, and reliant on components from many different suppliers, the number of vulnerabilities that can be exploited by attackers and surveillance tools will grow.
Computer Virus Hits U.S. Drone Fleet
Posted by Gary in News, Threat Watch on 9/Oct/2011 17:53
From: Danger Room
A computer virus has infected the cockpits of America’s Predator and Reaper drones, logging pilots’ every keystroke as they remotely fly missions over Afghanistan and other warzones.
Citi Credit Card Information Stolen
Posted by Brian in Comms, News, Threat Watch on 10/Jun/2011 13:41
Information on 200,000 Citi Credit Card Customers was stolen in an attack on their network.
Citi said no birth dates, Social Security numbers or card security codes were accessed by the hackers last month. They got away with account numbers and e-mail addresses. The financial institution said it would provide new cards to affected customers.
From Wired’s Threat Level
Cyber combat: act of war
Posted by Gary in Comms, Threat Watch on 3/Jun/2011 14:42
From: WSJ via Kurzweil AI
Cyber combat: act of war
June 1, 2011
Source: Wall Street Journal — May 31, 2011
The Pentagon has concluded that computer sabotage coming from another country can constitute an act of war, opening the door for the U.S. to respond using traditional military force.
Pentagon officials believe the most sophisticated computer attacks require the resources of a government. For instance, the weapons used in an assault such as taking down a power grid would likely have been developed with state support.
Defense officials refuse to discuss potential cyber adversaries, although military and intelligence officials say they have identified previous attacks originating in Russia and China.
Topics: Computers/Infotech/UI | Survival/Defense
Iranian hackers obtain fraudulent HTTPS certificates
Posted by Gary in Comms, News, Threat Watch on 28/Mar/2011 18:38
From: EFF
Iranian hackers obtain fraudulent HTTPS certificates: How close to a Web security meltdown did we get?
On March 15th, an HTTPS/TLS Certificate Authority (CA) was tricked into issuing fraudulent certificates that posed a dire risk to Internet security. Based on currently available information, the incident got close to – but was not quite – an Internet-wide security meltdown. These events show why we urgently need to start reinforcing the system that is currently used to authenticate and identify secure websites and email systems.
RSA compromise: Impacts on SecurID
Posted by Gary in Comms, News, Threat Watch on 23/Mar/2011 14:36
From: Dell SecureWorks
RSA is the security division of EMC software, best known for the popular SecurID two-factor authentication tokens used in high-security environments including some government networks. RSA announced that a cyberattack resulted in the compromise and disclosure of information “specifically related to RSA’s SecurID two-factor authentication products”. The full extent of the breach remains publicly unknown. RSA states that “this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack.” Organizations that make use of SecurID should be alert for attempts at circumventing their authentication infrastructure, though no specific attacks are known to be occurring at the time of this publication.
RSA’s breach disclosure
On March 17, 2011, RSA announced [1] that a cyberattack on its systems was successful and resulted in the compromise and disclosure of information “specifically related to RSA’s SecurID two-factor authentication products”. While the full extent of the breach remains publicly undisclosed, RSA states that “this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack.”
Sophisticated Attacks Threaten Major Energy Firms
Posted by Gary in Comms, Threat Watch on 18/Feb/2011 15:29
From: Dark Reading
New advanced persistent threat (APT) attack combines a variety of vectors, seeks to steal sensitive data, McAfee researchers say
By Tim Wilson
Researchers at McAfee yesterday revealed details of a new advanced persistent threat attack that uses a combination of methods in an effort to steal sensitive operations, exploration, and financial data from petroleum and energy companies.The new series of attacks, dubbed “Night Dragon,” may have begun as long ago as 2008, McAfee says in its report about the threat. “Now, new Night Dragon attacks are being identified every day,” the report says. Night Dragon’s creators “appear to be highly organized and motivated in their pursuits,” McAfee says.The attack is “a combination of social engineering and well-coordinated, targeted, cyber attacks using Trojans, remote control software, and other malware.” The report says McAfee has seen evidence of the attacks in virtually every region of the globe, and that it has “identified tools, techniques, and network activities utilized … that point to individuals in China as the primary source. ”
Cyber-Threat Whitepapers
Posted by Gary in Comms, Threat Watch on 9/Dec/2010 14:31
Zeus Trojan Targets Government and Military Workers
Posted by Gary in Comms, Threat Watch on 17/Nov/2010 17:38
From: Angela Moscaritolo
A new campaign of the password-stealing Zeus trojan is targeting workers from government and military departments in the United States and United Kingdom, according to security researchers at Websense. The trojan is being distributed through spoofed emails claiming to come from the U.S. National Intelligence Council. The bogus messages contain subject lines such as “Report of the National Intelligence Council.” The emails aim to lure users into downloading a document about the “2020 project,” which actually is Zeus. — AM
Smartphones, Jailbreaking and the New Battle Front for Enterprise Security
From: IDGA
… So why is this so bad? First and foremost jailbreaking is a hack! Users are inviting a third party developer to hack your device. Plain and simple. Most recent versions of these tools are able to run over a simple webpage that is exploiting a few unpatched vulnerabilities in the smart phone operating system code. This risk was exposed last year when a worm “rick rolled” jailbroken iPhone users, exploiting a default password setting in secure shell daemon installed as part of the jailbreaking process.