Landmark Leadership Conferences for IT Executives
 

The IT Blog



by Fred F. Farkel, Friday, November 29th, 2013

 

Guest editorial by Stan Stahl, Ph.D.

_________________________

I publish 6 or so essays a year in honor of the Fourth of July, Memorial Day, Thanksgiving, etc. My objective is to write in ways that bring us together around the ideals of America, rather than in ways that separate us. I am proud that readers often tell me they find my essays inspiring, for it means that I have captured that inspiration which is America.

 

My website The Agnostic Patriot provides a platform for my essays, which, as my readers know, are about America’s search for common ground as we the people continually co-create America’s more perfect union.

Why the name The Agnostic Patriot? My sole axiom is the Declaration’s self-evident assertion that we are all created equal. On all other matters, I strive to be politically agnostic.

America to me is not about “winning;” it is in steering that course of liberty between the tyranny of the King and the tyranny of the mob.

Like my essays, The Agnostic Patriot is a work in progress. In addition to holding all of my essays since 2005. I continue to populate a “Favorites” page, containing various writings and links that I find particularly meaningful. I also have a “News & Commentary” page which contain my “Let Freedom Ring” Twitter feeds broken into categories ranging from politics to philosophy. I have recently added a page to hold the writings of my son, Jonathan, as he thanks the veterans of the vietnamese war, one soldier to another. His is a reminder that freedom is never free.

This essay begins my 13th year of writing these freedom essays. I wrote my first essay on the Thanksgiving after 9/11, giving thanks to the the fundamental principles of the American dream: freedom, liberty and a civil body politic.

I hope you find this essay of interest. If you do, I encourage you to forward this email to your friends and colleagues. If you don’t, please don’t hesitate to unsubscribe. (A link for doing so is located at the bottom of this email.)

Cheers –

Stan
@stanstahl


 If you want the truth to stand clear before you, never be for or against.
The struggle between “for” and “against” is the mind’s worst disease.

– Sent ts’an, c. 700 C. E.

_________________________

Thanksgiving, 2013

Stan Stahl, Ph.D.

Thanksgiving and Chanukah coincide this year. As Chanukah is a story of mankind’s struggle for freedom, it’s only right and proper that freedom be high on the list of things to be thankful for this Thanksgiving.

And I am. … I am very thankful this Thanksgiving for the opportunity to live free in a free country in an increasingly free world.

I am also painfully aware of how far we still have to go.

Too many of us – men, women and children throughout America – throughout the world – will go to bed hungry on a day when others, surrounded by family and friends, eat way too much. Abstractions like freedom don’t mean much when your belly is empty.

For too many others, the joy of Thanksgiving will be tempered by the empty chair where a loved one no longer sits. A husband or wife killed serving his country. A friend who died after a long illness. A son or daughter murdered by a mad man with a gun. A favorite Uncle who passed away after a long and fruitful life. Empty chairs where there used to be life.

And if you’re a Washington watcher like me, any joy in Thanksgiving is tempered by the antagonism and gridlock in our Nation’s capital.

It helps to take a longer term view. After all, Chanukah was 2,000 years ago.

*****

Rita and I were in London in September where we had a guided tour of the British Houses of Parliament. The building – the Palace of Westminster – has its origins in the 11th century. Standing in the main hall, walking through the House of Lords, seeing where the Prime Minister defends his government, I felt a part of an unbroken 900 year experiment in self-government.

Across the street from the Houses of Parliament is Parliament Square, a small park with statues of Abraham Lincoln and Nelson Mandela. Rita and I talked about how interesting it was that England with 600 years more experience in the journey for freedom and self-government than us would have statues of Lincoln and Mandela in this park; the British recognizing that freedom and self-governance are not the province of this country or that country but an aspiration of people everywhere.

Our trip to London was the culmination of a trip that had begun nearly 3 weeks earlier in Bruges, Belgium. Bruges received its city charter in 1128 and, like England, represents nearly 900 years of this experiment in self-government.

Between Bruges and London, Rita and I visited Normandy, a moving reminder that freedom is never free, that there are those who would destroy freedom, that preserving freedom requires sacrifice. We walked the beaches of Omaha and Utah and visited the American Memorial and Cemetery. On this Thanksgiving as on all Thanksgivings, we have a duty to be thankful for their courage and sacrifice.

Our last day in Normandy, Rita and I visited the Caen Memorial and Peace Museum. The city of Caen had been destroyed in the 6 weeks after D-Day. Of the city’s 60,000 residents on the morning of June 6, 1944, more than 15,000 were killed, another 20,000 or more were evacuated and 10,000 buildings were destroyed. The Museum serves as both a warning and an inspiration.

*****

Go back to the beginning, to our very earliest experiments in governance that have been a part of our species since we started living together in cities.

When we take the long-term view we see a trend away from autocratic single-person or single-group political decision making and a trend towards increased expanded self-government, a trend towards more freedom for more people, not less. 

From even before that first Chanukah 2,000 years ago to the origins of Parliament 1100 years later to that first Thanksgiving in 1621 to our own independence in 1776 to the Emancipation Proclamation and Lincoln’s Gettysburg Address four score and seven years later to D-Day in 1944 to the March on Washington a short 50 years ago in 1963, the long-term trend is towards increased freedom and an expansion of who gets to participate in self-government.

Lincoln captured the essence of this trend 150 years ago at Gettysburg: we are dedicated to the proposition that all of us are created equal and committed to government of the people, by the people and for the people.

While in London, Rita and I visited the UK Supreme Court, across Parliament Square from the Houses of Parliament. Written on a glass panel above the entrance to the Court’s library is the famous quotation from Martin Luther King’s Letter from Birmingham Jail, written in the same year as the March on Washington: Injustice anywhere is a threat to justice everywhere. We are caught in an inescapable network of mutuality tied in a single garment of destiny. Whatever affects one directly affects all indirectly.

As commerce and technology continue to shrink our world, we are increasingly

caught in an inescapable network of mutuality tied in a single garment of destiny.

Let us be thankful this Thanksgiving that we are a part of this great garment of destiny. Our lives are its threads, woven together in rich patterns of family and community.

Let us give thanks to those who came before us, thankful for their struggles and efforts and sacrifices on behalf of freedom, doing their best in their time to meet the challenges of self-government.

Let us be thankful this Thanksgiving for the Blessings of Liberty that those who came before bequeathed to us and let us commit to bequeathing them to our posterity.

Our species is on a journey into a future in which increasing numbers of us will be able to live out their lives in accord with their inalienable right to life, liberty and the pursuit of happiness.

Let us be thankful for how far we have come and mindful of how far we still have to go.

Let Freedom Ring.

_________________________

Copyright © 2013. Stan Stahl, Ph.D. All Rights Reserved. Permission is granted to republish this essay provided the essay is reproduced unedited and in its entirety, its source is identified as The Agnostic Patriot at www.agnosticpatriot.org and this copyright notice is included.

Read More | Comments Off on Essay on Freedom: In Honor of Thanksgiving

by Fred F. Farkel, Monday, November 25th, 2013

 

Guest column by Citadel Information Group

Weekend Vulnerability and Patch Report

The following software vulnerabilities and updates were announced last week. Citadel Information Group strongly recommends that readers update their computers and take other action as indicated.

Important Security Updates

Apple Airport: Apple has released firmware updates for AirPort Extreme and AirPort Time Capsule. Updates are available at Apple’s website.

Dropbox: Dropbox has released updates for its file hosting program. Updates are available at Dropbox’s website.

Current Software Versions

Adobe Flash  11.9.900.152 [Windows 7: IE9, Firefox, Mozilla, Netscape, Opera]

Adobe Flash  11.9.900.152 [Windows 8: IE]

Adobe Flash  11.9.900.152 [Macintosh OS X: Firefox, Opera, Safari]

Adobe Reader 11.0.05

Dropbox 2.4.7 [Citadel warns against relying on Dropbox security. We recommend files containing sensitive information be independently encrypted with a program like Axcrypt; encryption keys be at least 15 characters long; and the Dropbox password be at least 15 characters long and different from other passwords.]

Firefox 25.0.1 [Windows]

Google Chrome 30.0.1599.101

Internet Explorer 11.0.9600.16428 [Windows 7: IE]

Internet Explorer 11.0.9600.16384 [Windows 8: IE]

Java SE 7 Update 45 [Citadel recommends removing or disabling Java from your browser. Java is a major source of cyber criminal exploits. It is not needed for most internet browsing. If you have a particular web site that requires Java, Citadel recommends using a two-browser approach to minimize risk. If you normally browse the Web with Firefox, for example, disable the Java plugin in Firefox and use an alternative browser – such as Chrome, IE9, Safari, etc – with Java enabled to browse only the sites that require it.]

QuickTime 7.7.4

Safari 5.1.7  [Windows]

Safari 6.1 [Mac OS X]

Skype 6.10.0.104

Newly Announced Unpatched Vulnerabilities

None 

For an updated list of previously announced Unpatched Vulnerabilities, please see the resources section of Citadel’s website.

For Your IT Department

Cisco Multiple Products: Secunia reports that Cisco has released many updates for multiple products, including Cisco Cloud Portal,  IOS, IOS XE, Wireless LAN Controller (WLC),  Server Provisioner and others. Apply appropriate updates.

RSA Data Protection Manager: Secunia reports that RSA has released an update to fix two vulnerabilities in its Protection Manager in previous versions. Update to version 3.2.4.2 or 3.5.1. 


If you are responsible for the security of your computer, Citadel’s Weekend Vulnerability and Patch Report is for you. We strongly urge you to take action to keep your workstation patched and updated.

If someone else is responsible for the security of your computer, forward our Weekend Vulnerability and Patch Report to them and follow up to make sure your computer has been patched and updated.

Vulnerability management is a key element of cyber security management. Cyber criminals take over user computers by writing computer programs that "exploit" vulnerabilities in operating systems (Windows, Apple OS, etc) and application programs (Adobe Acrobat, Office, Flash, Java, etc). When software companies find a vulnerability, they usually issue an update patch to fix the code running in their customer’s computers.

 

Citadel Information Group publishes our Weekend Vulnerability and Patch Report to alert readers to some of the week’s important updates and vulnerabilities. Our focus is on software typically found in the small or home office (SOHO) or that users are likely to have on their home computer. The report is not intended to be a thorough listing of updates and vulnerabilities.

Citadel Information Group … Delivering Information Peace of Mind ® to Business and the Not-for-Profit Community


The IT Summit would like to thank Citadel Information Group for allowing us to provide this information to you.

Read More | Comments Off on Weekend Vulnerability and Patch Report, November 24, 2013

by Fred F. Farkel, Monday, November 25th, 2013

 

Guest column by Citadel Information Group

Cyber Crime

Cupid Media Hack Exposed 42M Passwords: An intrusion at online dating service Cupid Media earlier this year exposed more than 42 million consumer records, including names, email addresses, unencrypted passwords and birthdays, according to information obtained by KrebsOnSecurity. KrebsOnSecurity, November 20, 2013

Mass. police department pays $750 ransom to open computer files locked by hackers; payment is made in virtual currency bitcoins: Swansea police say they were forced to pay $750 in ransom earlier this month to hackers after a virus locked all of their computer files. Boston.com, November 19, 2013

Vendor Breach Exposes Card Data, PII: The breach of an Ireland-based loyalty marketing company, which authorities confirm exposed payment card data on more than 376,000 consumers plus other personally identifiable information about more than 1 million, illustrates, yet again, the privacy vulnerabilities third parties pose, experts say. BankInfoSecurity, November 14, 2013

Cyber Attack

Hackers Broke Into Syria’s Secret Police Computers And Found… Porn: An exiled Syrian hacker has claimed to have cracked the systems of the country’s brutal secret police to find evidence that intelligence officers spent their working days watching pornography. Fobes, November 20, 2013

Cyber Privacy

UPDATE: Encrypt the Web Report: Who’s Doing What: We’ve asked the companies in our Who Has Your Back Program what they are doing to bolster encryption in light of the NSA’s unlawful surveillance of your communications. We’re pleased to see that four companies-Dropbox, Google, SpiderOak and Sonic.net-are implementing five out of five of our best practices for encryption. In addition, we appreciate that Yahoo! just announced several measures it plans to take to increase encryption, including the very critical encryption of data center links, and that Twitter has confirmed that it has encryption of data center links in progress. See the infographic. Electronic Frontier Foundation, November 20, 2013

LG investigates Smart TV ‘unauthorised spying’ claim: LG is investigating allegations that some of its TVs send details about their owners’ viewing habits back to the manufacturer even if the users have activated a privacy setting. BBC, November 20, 2013

Health Care Website Has Security Bugs, Expert Warns: The website at the center of President Barack Obama’s health care overhaul has security flaws that put user data at "critical risk" despite recent government assurances it is safe to use, a respected security expert said Tuesday. Daily Finance, November 19, 2013

LG Smart TVs logging USB filenames and viewing info to LG servers: Earlier this month I discovered that my new LG Smart TV was displaying ads on the Smart landing screen. DoctorBeet’s Blog, November 18, 2013

Cyber Warning

Evernote Is Telling Users To Change Their Passwords – And Blaming Adobe By Name: Evernote is warning thousands of its users to change their passwords immediately. Business Insider, November 22, 2013

Hackers actively exploiting JBoss vulnerability to compromise servers: Attackers are actively exploiting a known vulnerability to compromise JBoss Java EE application servers that expose the HTTP Invoker service to the Internet in an insecure manner. PC World, November 18, 2013

vBulletin Breach Prompts Password Reset: Forum software maker vBulletin is urging users to change their passwords following a recent breach of its networks. The attackers who claimed responsibility for the intrusion say they broke in using a zero-day flaw that is now being sold in several places online, but vBulletin maintains it is not aware of any zero-day attacks against current versions of its product. KrebsOnSecurity, November 18, 2013

Cyber Security Management – Cyber Defense

Introducing Office 365 Message Encryption: Send encrypted emails to anyone!: We’re pleased to announce the upcoming release of Office 365 Message Encryption, a new service that lets you send encrypted emails to people outside your company. No matter what the destination-Outlook.com, Yahoo, Gmail, Exchange Server, Lotus Notes, GroupWise, Squirrel Mail, you name it-you can send sensitive business communications with an additional level of protection against unauthorized access. There are many business situations where this type of encryption is essential. We’ve listed just a few. Office 365 Technology Blog, November 21, 2013

Don’t Like Spam? Complain About It: Cynical security experts often dismiss anti-spam activists as grumpy idealists with a singular, Sisyphean obsession. The cynics question if it’s really worth all that time and effort to complain to ISPs and hosting providers about customers that are sending junk email? Well, according to at least one underground service designed for spammers seeking to avoid anti-spam activists, the answer is a resounding "yes!" KrebsOnSecurity, November 19, 2013

Tech giants turn to encryption to deter NSA spying: Google, Facebook and Yahoo are fighting back against the National Security Agency by using harder-to-crack code to shield their networks and online customer data from unauthorized U.S. spying. Concord Monitor, November 17, 2013

Cyber Defenders

FBI as cyber crime sleuth: Is it any match for computer bad guys?: The FBI’s evolution into a cyber-crime-fighting agency, a decade in the works, has made the bureau ‘one of the best in the world’ at cracking computer crime. Cyber threats are poised to rival terrorism as the primary danger to US, says FBI’s director. Christian Science Monitor, November 18, 2013

National Cyber Security

Pentagon Beefs Up Contractor Information Security Requirements: WASHINGTON, Nov. 19, 2013 – An amendment published yesterday to the Defense Federal Acquisition Supplement will require defense contractors to incorporate established information security standards on their unclassified networks and to report cyber-intrusion incidents that result in the loss of unclassified controlled technical information from these networks. US Department of Defense, November 19, 2013

Cyber Survey

Online threats: survey shows impact of cybercrime: Internet users in the EU are very concerned about cyber-security, according to a Eurobarometer survey published today. 76% agree that the risk of becoming a victim of cybercrime has increased in the past year, more than in a similar study from 2012. 12% of Internet users have already had their social media or email account hacked. European Comission, November 22, 2013

McAfee Labs Sees New Threats Subverting Digital Signature Validation: SANTA CLARA, Calif.-(BUSINESS WIRE)-McAfee Labs today released the McAfee Labs Threats Report: Third Quarter 2013, which found new efforts to circumvent digital signature app validation on both PCs and Android-based devices. The McAfee Labs team identified a new family of mobile malware that allows an attacker to bypass the digital signature validation of apps on Android devices, which contributed to a 30% increase in Android-based malware. At the same time, traditional malware signed with digital signatures grew by 50% to more than 1.5 million samples. Less surprising but no less daunting was a 125% increase in spam. Dark Reading, November 20, 2013

Cyber Misc

More bitcoins, more problems: How hackers are targeting bitcoins: Bitcoin has a lot going for it these days. Its price is soaring, mainstream businesses are increasingly adopting it as a form of payment and venture capitalists are pouring money into bitcoin start-ups. CNBC, November 20, 2013

Cyber Sunshine

Six arrested in $45 million global cybercrime scheme: (Reuters) – Six people were arrested and charged on Monday for participating in a worldwide ATM heist that stole $45 million from two Middle East banks. Reuters, November 18, 2013

Massive cybercrime case unfolding in Las Vegas: The Carder.su organization was about as big as any criminal syndicate could get until an undercover Las Vegas federal agent put a crimp in its worldwide operations. Las Vegas Review-Journal, November 17, 2013

Members Of New York Cell Of Cybercrime Organization Plead Guilty In $45 Million Cybercrime Campaign: Cyberattacks employed by the defendants and their co-conspirators known in the cyberunderworld as "Unlimited Operations" DarkReading, November 13, 2013


The IT Summit would like to thank Citadel Information Group for allowing us to provide this information to you.

Read More | Comments Off on Cyber Security News of the Week, November 24, 2013

by Fred F. Farkel, Monday, November 18th, 2013

 

Guest column by Citadel Information Group

Weekend Vulnerability and Patch Report

The following software vulnerabilities and updates were announced last week. Citadel Information Group strongly recommends that readers update their computers and take other action as indicated.

Important Security Updates

Adobe Flash Player: Adobe has released version 11.9.900.152 to fix 2 highly critical vulnerabilities of its Flash Player for the Windows, Mac, Linux and Android versions. Updates are available from Adobe’s website. Updates are also available for Adobe AIR.

Apple iOS: Apple  has released version 7.0.4 of its iOS for several versions of the iPhone, iPad and version iOS 6.1.5. The update is available through the device or through Apple’s website.

Google Chrome: Google has released Google Chrome 31.0.1650.57 for Windows, Mac, Linux and Google Frame to fix highly critical vulnerabilities in previous unpatched versions. Updates are available from within the browser or from Google Chrome’s website.

Microsoft Patch Tuesday: Microsoft released several updates addressing at least 19 security vulnerabilities, some of which are highly critical, in Windows, Office (2003, 2007, 2010, 2013), Internet Explorer and more. Updates are available via Windows Update or from Automatic Update.

Mozilla Firefox: Mozilla has released version 25.0.1 of Firefox to fix at least 14 highly critical unpatched vulnerabilities in previous versions. Updates are available through Firefox browser.

Current Software Versions

Adobe Flash  11.9.900.152 [Windows 7: IE9, Firefox, Mozilla, Netscape, Opera]

Adobe Flash  11.9.900.152 [Windows 8: IE]

Adobe Flash  11.9.900.152 [Macintosh OS X: Firefox, Opera, Safari]

Adobe Reader 11.0.05

Dropbox 2.0.25 [Citadel warns against relying on Dropbox security. We recommend files containing sensitive information be independently encrypted with a program like Axcrypt; encryption keys be at least 15 characters long; and the Dropbox password be at least 15 characters long and different from other passwords.]

Firefox 25.0.1 [Windows]

Google Chrome 30.0.1599.101

Internet Explorer 11.0.9600.16428 [Windows 7: IE]

Internet Explorer 11.0.9600.16384 [Windows 8: IE]

Java SE 7 Update 45 [Citadel recommends removing or disabling Java from your browser. Java is a major source of cyber criminal exploits. It is not needed for most internet browsing. If you have a particular web site that requires Java, Citadel recommends using a two-browser approach to minimize risk. If you normally browse the Web with Firefox, for example, disable the Java plugin in Firefox and use an alternative browser – such as Chrome, IE9, Safari, etc – with Java enabled to browse only the sites that require it.]

QuickTime 7.7.4

Safari 5.1.7  [Windows]

Safari 6.1 [Mac OS X]

Skype 6.10.0.104

Newly Announced Unpatched Vulnerabilities

Google Chrome for Android: Secunia reports several highly critical unpatched vulnerabilities in Google’s Chrome for Android in versions prior to 31.0.1650.59. Upgrade to version 31.0.1650.59 when available.

For an updated list of previously announced Unpatched Vulnerabilities, please see the resources section of Citadel’s website.

For Your IT Department

BlackBerry Link for Windows: Secunia reports a vulnerability in BlackBerry’s Link for Windows. Update to a fixed version.

Cisco Multiple Products: Secunia reports that Cisco has released many updates for multiple products, including Cisco IOS, Nexus 4000 Series,  Content Services Gateway (CSG2), ASA Software and others. Apply appropriate updates.

Microsoft Windows Hyper-V: Secunia reports that Microsoft has released updates for a vulnerability in Windows 8 and Server 2012. Apply updates.

Symantec Workspace Streaming: Secunia reports a moderately critical unpatched vulnerability in Symantec’s Workspace Streaming. No official solution is available.

VMware Workstation and VMware Player: Secunia reports that VMware has released updates to fix a vulnerability in VMware Workstation and VMware Player. Update to a fixed version.


If you are responsible for the security of your computer, Citadel’s Weekend Vulnerability and Patch Report is for you. We strongly urge you to take action to keep your workstation patched and updated.

If someone else is responsible for the security of your computer, forward our Weekend Vulnerability and Patch Report to them and follow up to make sure your computer has been patched and updated.

Vulnerability management is a key element of cyber security management. Cyber criminals take over user computers by writing computer programs that "exploit" vulnerabilities in operating systems (Windows, Apple OS, etc) and application programs (Adobe Acrobat, Office, Flash, Java, etc). When software companies find a vulnerability, they usually issue an update patch to fix the code running in their customer’s computers.

 

Citadel Information Group publishes our Weekend Vulnerability and Patch Report to alert readers to some of the week’s important updates and vulnerabilities. Our focus is on software typically found in the small or home office (SOHO) or that users are likely to have on their home computer. The report is not intended to be a thorough listing of updates and vulnerabilities.

Citadel Information Group … Delivering Information Peace of Mind ® to Business and the Not-for-Profit Community


The IT Summit would like to thank Citadel Information Group for allowing us to provide this information to you.

Read More | Comments Off on Weekend Vulnerability and Patch Report, November 17, 2013

by Fred F. Farkel, Monday, November 18th, 2013

 

Guest column by Citadel Information Group

Cyber Crime

A New Army Of Chinese Hackers Is Stealing Secrets From U.S. Companies, Researchers Say:Researchers at security vendor FireEye say they’ve uncovered a disturbing scheme: what looks like random hack attacks against a variety of U.S. companies is really an organized group of Chinese hackers stealing intellectual property. Business Insider, November 13, 2013

Cybercrime’s bottom line: $500 billion: No one knows the true cost of cybercrime. Annual loss estimates for U.S. corporations range from $70-140 billion in a recent report from the Center for Strategic and International Studies (CSIS) to $400 billion quoted by U.S. House of Representatives Intelligence Committee leaders who introduced the Rogers-Ruppersberger Cybersecurity Bill. USA TODAY, November 8, 2013

Now, Your Reward for Being a Loyal Customer: Identity Theft: They signed up to receive discounts on vacation travel and other perks. Instead, more than 1.5 million Europeans who had enrolled in customer-loyalty programs learned this week that their personal data, including credit-card details in some instances, had been stolen in a cyber attack on an Irish company they’d never heard of. BusinessWeek, November 13, 2013.

Hackers Take Limo Service Firm for a Ride: A hacker break in at a U.S. company that brokers reservations for limousine and Town Car services nationwide has exposed the personal and financial information on more than 850,000 well-heeled customers, including Fortune 500 CEOs, lawmakers, and A-list celebrities. KrebsOnSecurity, November 4, 2013

Cyber Attack

Anonymous-Linked Hackers Accessed U.S. Government Computers, FBI Reportedly Warns: BOSTON/SAN FRANCISCO (Reuters) – Activist hackers linked to the collective known as Anonymous have secretly accessed U.S. government computers in multiple agencies and stolen sensitive information in a campaign that began almost a year ago, the FBI warned this week. Huffington Post, November 15, 2013

Indonesian hackers crash Australian intelligence agency’s site: The hacking comes one week after a wave of cyberattacks against over 170 Australian sites, mainly belonging to small businesses. The attacks were in retaliation against Australia for reportedly using its Jakarta embassy for spying. ZDNet, November 11, 2013

Cyber Warning

CryptoLocker Crew Ratchets Up the Ransom: Last week’s article about how to prevent CryptoLocker ransomware attacks generated quite a bit of feedback and lots of questions from readers. For some answers – and since the malware itself has morphed significantly in just a few day’s time – I turned to Lawrence Abrams and his online help forum BleepingComputer.com, which have been following and warning about this scourge for several months. KrebsOnSecurity, November 6, 2013

Microsoft Warns of Zero-Day Attack on Office: Microsoft warned today that attackers are targeting a previously unknown security vulnerability in some versions of Microsoft Office and Windows. The company also has shipped an interim “Fix-It” tool to blunt attacks on the flaw until it has time to develop and release a more comprehensive patch. KrebsOnSecurity, November 5, 2013

Cyber Security Management

Cybersecurity Threats Are Rising – EY: Cyber security has moved from operations to a concern of the C-suite and the board, EY (formerly known as Ernst & Young before getting carried away with hip rebranding), the consultancy, has found in its work across industries. Forbes, November 11, 2013

Western Union: Their bold new approach to awareness training (and why it’s working): ‘ve been involved with security awareness training for several years now, and I can’t remember one single compliment on any of our previous courses,” sighed Alex Yokley, Director of Corporate Information Security at Western Union. CSO, November 6, 2013

Cyber Security Management – Cyber Update

Zero-Days Rule November’s Patch Tuesday: Microsoft today issued security updates to fix at least 19 vulnerabilities in its software, including a zero-day flaw in Internet Explorer browser that is already being actively exploited. Separately, Adobe has released a critical update that plugs at least two security holes in its Flash Player software. KrebsOnSecurity, November 12, 2013

Microsoft: IE Zero Day Patch Among November Patch Tuesday Updates: Microsoft announced this afternoon that the zero-day vulnerability being exploited in a watering hole attack against an unnamed U.S.-based NGO website was already scheduled to be patched in a cumulative Internet Explorer update tomorrow. Threatpost, November 11, 2013

Cyber Security Management – Cyber Defense

Next-gen HTTP 2.0 protocol will require HTTPS encryption (most of the time): Sending data in plain text just doesn’t cut it in an age of abundant hack attacks and mass metadata collection. Some of the biggest names on the Web-Facebook, Google, Twitter, etc.-have already embraced default encryption to safeguard your precious data, and the next-gen version of the crucial HTTP protocol will only work for URLs protected by HTTPS. PCWorld, November 13, 2013

Tenable Joins AWS Marketplace To Provide On-Demand AMI Vulnerability Scanning: Tenable Network Security, Inc., the leader in real-time vulnerability management, today announced that Amazon Web Services (AWS) customers can now leverage Nessus to scan, audit, and monitor software vulnerabilities on all of their Amazon Machine Images (AMI). Together, the collaboration between Tenable and AWS provides added security through unparalleled vulnerability, configuration and patch assessment- for enterprise customers looking to build, operate or maintain their applications in the AWS cloud. DarkReading, November 13, 2013

The quest for weak links in information security: A widely accepted definition of information security risk is the potential of a specific threat exploiting the vulnerabilities of an information asset, with the following formula used to represent information security risks: Risk = Likelihood x Impact. CSO, November 12, 2013

Cyber Underworld

Silk Road 2.0 Launches, Promising A Resurrected Black Market For The Dark Web: The Silk Road is dead. But the dark web dream lives on. Forbes, November 6, 2013

Securing the Village

Microsoft’s new Cybercrime Center combines tactics against hacking groups: (Reuters) – The maker of the most popular computer operating system in the world is launching a new strategy against criminal hackers by bringing together security engineers, digital forensics experts and lawyers trained in fighting software pirates under one roof at its new Cybercrime Center. Reuters, November 14, 2013

Major Banks, Card Schemes, Retailers And Vendors Launch The World’s First Association Dedicated To Wireless Biometric Authentication: Lille, 13th November, 2013 – Pioneering standard-setter, Natural Security has today announced the launch and newly elected governing board of the world’s first open Alliance dedicated to secure transactions based on wireless and biometrics. DarkReading, November 13, 2013

Facebook Warns Users After Adobe Breach: Facebook is mining data leaked from the recent breach at Adobe in an effort to help its users better secure their accounts. Facebook users who used the same email and password combinations at both Facebook and Adobe’s site are being asked to change their password and to answer some additional security questions. KrebsOnSecurity, November 11, 2013

National Cyber Security

Russian draft UN resolution on information security winning support thanks to Snowden: A Russian-proposed draft UN resolution calling for an international code of conduct for information security is beginning to win support as Washington loses moral authority in the wake of Edward Snowden’s revelations. The Voice of Russia, November 11, 2013

Obama’s Portable Zone of Secrecy (Some Assembly Required): WASHINGTON – When President Obama travels abroad, his staff packs briefing books, gifts for foreign leaders and something more closely associated with camping than diplomacy: a tent. The New York Times, November 9, 2013

Cyber Law

Cybersecurity Legislation Gets Renewed Push From Financial Firms: WASHINGTON- Top financial-industry lobbyists pressed senators to move forward with cybersecurity legislation, part of an effort to re-energize a campaign that has lost steam amid revelations about the National Security Agency’s extensive domestic surveillance. The Wall Street Journal, November 13, 2013

Cyber Misc

Big Data’s Little Brother: Start-Ups Are Mining Hyperlocal Information for Global Insights. The New York Times, November 10, 2013

Cyber Sunshine

Feds Charge Calif. Brothers in Cyberheists: Federal authorities have arrested two young brothers in Fresno, Calif. and charged the pair with masterminding a series of cyberheists that siphoned millions of dollars from personal and commercial bank accounts at U.S. banks and brokerages. KrebsOnSecurity, November 14, 2013

Cyber Calander

ISSA-LA November Lunch Meeting: Topic: Using Hackers’ Own Methods & Tools to Defeat Persistent Adversaries – In today’s world of advanced cyber threats, security professionals need to implement new methods and strategies to gain the upper hand in protecting their business. Thinking like an attacker isn’t really good enough. However, incorporating hacker methodologies & tools will give security teams the situational awareness and intelligence needed to respond quickly to new & previously unknown threats. The security industry is changing. For some, it’s a good thing, and for others, they’re watching their antiquated ways of failing to prevent exploits become irrelevant for smart security teams. ISSA-LA, Event Date: November 20, 2013


The IT Summit would like to thank Citadel Information Group for allowing us to provide this information to you.

Read More | Comments Off on Cyber Security News of the Week, November 17, 2013

by Fred F. Farkel, Monday, November 11th, 2013

 

Guest column by Citadel Information Group

Weekend Vulnerability and Patch Report

The following software vulnerabilities and updates were announced last week. Citadel Information Group strongly recommends that readers update their computers and take other action as indicated.

Important Security Updates

Apple iTunes: Apple has released version 11.1.3 of iTunes and iTunes for Windows (64-bit). Updates are available through iTunes or Apple’s iTunes website and Apple’s iTunes for Windows (64-bit) website.

Skype: Skype has released version 6.10.0.104. Updates are available through the program or Skype’s website.

Current Software Versions

Adobe Flash  11.9.900.117 [Windows 7: IE9, Firefox, Mozilla, Netscape, Opera]

Adobe Flash  11.9.900.117 [Windows 8: IE]

Adobe Flash  11.9.900.117 [Macintosh OS X: Firefox, Opera, Safari]

Adobe Reader 11.0.05

Dropbox 2.0.25 [Citadel warns against relying on Dropbox security. We recommend files containing sensitive information be independently encrypted with a program like Axcrypt; encryption keys be at least 15 characters long; and the Dropbox password be at least 15 characters long and different from other passwords.]

Firefox 25.0 [Windows]

Google Chrome 30.0.1599.101

Internet Explorer 10.0.9200.16721 [Windows 7: IE]

Internet Explorer 10.0.9200.16519 [Windows 8: IE]

Java SE 7 Update 45 [Citadel recommends removing or disabling Java from your browser. Java is a major source of cyber criminal exploits. It is not needed for most internet browsing. If you have a particular web site that requires Java, Citadel recommends using a two-browser approach to minimize risk. If you normally browse the Web with Firefox, for example, disable the Java plugin in Firefox and use an alternative browser – such as Chrome, IE9, Safari, etc – with Java enabled to browse only the sites that require it.]

QuickTime 7.7.4

Safari 5.1.7  [Windows]

Safari 6.1 [Mac OS X]

Skype 6.10.0.104

Newly Announced Unpatched Vulnerabilities

Microsoft Multiple Products: Secunia reports an unpatched extremely critical vulnerability in multiple Microsoft Products, including Microsoft Server 2008, Microsoft Windows Vista, Lync, Lync Basic 2013, Office 2003, Professional Edition, Office 2003 Small Business Edition, Office 2003 Standard Edition, Office 2033 Student and Teacher Edition, Office 2007 and 2010. No official solution is currently available.

For an updated list of previously announced Unpatched Vulnerabilities, please see the resources section of Citadel’s website.

For Your IT Department

Cisco Multiple Products: Secunia reports that Cisco has released many updates for multiple products, including Cisco Prime Central for HCS Assurance, Wide Area Application Services (WAAS) Mobile, IOS SIP Messages, and others. Apply appropriate updates.

McAfee ePolicy Orchestrator / Java: Secunia reports that McAfee has released version 4.6.7 and 5.1 to fix at least 7 moderately critical vulnerabilities in a bundled version of Java. Update to the latest version.


If you are responsible for the security of your computer, Citadel’s Weekend Vulnerability and Patch Report is for you. We strongly urge you to take action to keep your workstation patched and updated.

If someone else is responsible for the security of your computer, forward our Weekend Vulnerability and Patch Report to them and follow up to make sure your computer has been patched and updated.

Vulnerability management is a key element of cyber security management. Cyber criminals take over user computers by writing computer programs that "exploit" vulnerabilities in operating systems (Windows, Apple OS, etc) and application programs (Adobe Acrobat, Office, Flash, Java, etc). When software companies find a vulnerability, they usually issue an update patch to fix the code running in their customer’s computers.

 

Citadel Information Group publishes our Weekend Vulnerability and Patch Report to alert readers to some of the week’s important updates and vulnerabilities. Our focus is on software typically found in the small or home office (SOHO) or that users are likely to have on their home computer. The report is not intended to be a thorough listing of updates and vulnerabilities.

Citadel Information Group … Delivering Information Peace of Mind ® to Business and the Not-for-Profit Community


The IT Summit would like to thank Citadel Information Group for allowing us to provide this information to you.

Read More | Comments Off on Weekend Vulnerability and Patch Report, November 10, 2013

by Fred F. Farkel, Monday, November 11th, 2013

 

Guest column by Citadel Information Group

Cyber Privacy

Apple releases its first transparency report: (CNN) – Apple is opening up about how many government requests it gets for customer information. CNN, November 6, 2013

States Take on Privacy: Tired of waiting for Congress to pass comprehensive privacy legislation, state lawmakers are taking matters into their own hands, and not a moment too soon. Legislatures across the country have enacted laws to regulate the kinds of information that companies and law enforcement agencies can collect about individuals and how it can be done. The New York Times, November 2, 2013

Financial Fraud

Overlooked Anti-Fraud Investments: Despite upticks in account takeover fraud, small business owners still aren’t doing enough to enhance their ACH fraud defenses, say Michelle Di Gangi and David Pollino of Bank of the West. BankInfoSecurity, November 1, 2013

Reasonable Security: Changing the Rules: Article 4A of the Uniform Commercial Code, which deals with reasonable security measures for banks, needs a major update, says attorney Dan Mitchell, who represented PATCO Construction in a high-profile account takeover dispute. BankInfoSecurity, October 28, 2013

Cyber Security Management

Phishing Messages Trick One in Five Employees Into Clicking: Survey: In a study of employee susceptibility to phishing attacks, security-awareness training firm ThreatSim finds that an average of 18 percent open phishing messages and click on the malicious link inside. eWeek, November 7, 2013

Gender gap: Why information security needs more women: A new report on infosec spotted significant differences in how men and women prioritize needed skills. Here’s why greater diversity in the field matters. TechRepublic, November 4, 2013

Enterprise defenses lag despite rising cybersecurity awareness: Organizations are showing more interest in cybersecurity through executive involvement and higher spending. Nevertheless, the added attention is new and more resources need to be directed at defending against cyberattacks, a study shows. CSO, November 2, 2013

Cyber Security Management – Cyber Update

Microsoft: XP End of Life an Important Security Milestone: Forget for a moment the impending cryptoapocalypse because of aging and/or subverted encryption standards and algorithms. Microsoft this week put out the word on the scourge that is Windows XP. ThreatPost, November 1, 2013

Cyber Security Management – Cyber Defense

Monitoring Where Search Engines Fear To Tread: The deepweb – anonymized networks that are not indexed by search engines – are hard to monitor, yet companies should seek out signs in their networks. DarkReading, November 1, 2013

How To Avoid CryptoLocker Ransomware: Over the past several weeks, a handful of frantic Microsoft Windows users have written in to ask what they might do to recover from PC infections from "CryptoLocker," the generic name for an increasingly prevalent and nasty strain of malicious software that encrypts your files until you pay a ransom. Unfortunately, the answer for these folks is usually either to pay up or suck it up. This post offers a few pointers to help readers avoid becoming the next victim. KrebsOnSecurity, November 1, 2013

Google Updates ReCAPTCHA Technology, Moves Away From Distorted Text: Google announced a change to its reCAPTCHA authentication system late Friday wherein the company will begin creating different types of puzzles for different users, use numeric CAPTCHAs and move away from more obscure, hard-to-read distorted letters. ThreatPost, October 28, 2013

Cyber Security Management – HIPAA

Google agrees to sign BAA as means to HIPAA compliance: In September 2013, Google offered for the first time to sign a HIPAA Business Associate Agreement (BAA) available for Google Apps. That’s good news for organizations unwilling to deploy Google Apps without such an agreement. It is also a smart competitive move, as it matches Microsoft, which offers to sign a BAA for Office365. TechRepublic, October 2, 2013

Securing the Village

World Cybersecurity Leaders Call for Cooperation: Governments and businesses spend $1 trillion a year for global cybersecurity, but unlike wartime casualties or oil spills, there’s no clear idea what the total losses are because few will admit they’ve been compromised. Cybersecurity leaders from more than 40 countries are gathering at Stanford University this week to consider tackling that information gap by creating a single, trusted entity that would keep track of how much hackers steal. Time, November 5, 2013

New command center will protect L.A. infrastructure from cyberattacks: Los Angeles Mayor Eric Garcetti has set up a new command center to minimize the threat that hackers, terrorists or foreign enemies will disrupt water, power, transportation and public safety systems. LA Times, November 2, 2013

OWASP-LA wins 2013 Global People of the Year Awards: The WASPY Award election has completed. Congratulations to the winners! WASPY Awards, 2013

National Cyber Security

NSA’s Top Lawyer Says Debate Started By Edward Snowden Could Be ‘Good Thing’: The National Security Agency’s general counsel, Rajesh De, defended his agency’s massive phone and Internet surveillance programs during a Monday hearing of the Privacy and Civil Liberties Oversight Board, but also said public debate about the programs could be a good thing. US News and World Report, November 4, 2013

No Morsel Too Minuscule for All-Consuming N.S.A.: When Ban Ki-moon, the United Nations secretary general, sat down with President Obama at the White House in April to discuss Syrian chemical weapons, Israeli-Palestinian peace talks and climate change, it was a cordial, routine exchange. The New York Times, November 2, 2013

Cyber Law

Adobe cyber attack to trigger flood of legal action, forecast lawyers: A welter of legal action could tumble out of Adobe’s admission yesterday that it had suffered a far greater breach of data security in a cyber attack earlier this month, leading technology lawyers warn. The Lawyer, October 31, 2013

Cyber Misc

3D-Printing ‘Encryption’ App Hides Contraband Objects In Plain Sight: If 3D printing companies and government agencies hope to police the spread of dangerous or pirated digital shapes, their task is about to get much more complicated. Forbes, November 4, 2013

Clutter in the airwaves: Mobile payment security:  While already ubiquitous in much of the world, mobile payment options are gaining traction in the United States, reports Stephen Lawton. Dr. Stahl QuotedSC Magazine, November 1, 2013

Cyber Calendar

ISSA-LA November Lunch Meeting – Beating Hacker’s With Their Own Tools: In today’s world of advanced cyber threats, security professionals need to implement new methods and strategies to gain the upper hand in protecting their business. Thinking like an attacker isn’t really good enough. However, incorporating hacker methodologies & tools will give security teams the situational awareness and intelligence needed to respond quickly to new & previously unknown threats. The security industry is changing. For some, it’s a good thing, and for others, they’re watching their antiquated ways of failing to prevent exploits become irrelevant for smart security teams. ISSA-LA, Event Date: November 20, 2013


The IT Summit would like to thank Citadel Information Group for allowing us to provide this information to you.

Read More | Comments Off on Cyber Security News of the Week, November 10, 2013

by Fred F. Farkel, Tuesday, November 5th, 2013

 

We’ve been hearing for years that The Internet of Things (IOT) is the “next big thing”. The Internet of Things (IOT) is the term for the concept that physical devices such vehicles, commercial and industrial equipment, medical devices, remote sensors, et cetera, and the people who utilize those devices are connected to networks that are in turn connected to the Internet. There are those who agree and those who don’t, but all agree that The Internet of Things poses security concerns which heretofore have not been a concern. As home to more than 1,200 software and computer services firms, CyberTECH/CyberHIVE is understandably concerned about security. To help foster awareness for, and promote, security as companies move forward to develop The Internet of Things CyberTECH/CyberHIVE is sponsoring their forums “Securing the Internet of Things”. These forums are opportunities for leading innovators, investors, and executives to discuss the security implications for individuals, business and governments of the effect of such massive connectivity and exchanges of data that would result.

Visit CyberTECH San Diego‘s San Diego site more information about the 2014 “Securing the Internet of Things” forums. You can also view or download the following information:

CyberTECH Presents: Securing the Internet of Things, February 2014: Save The Date brochure

CyberTECH Presents: Securing the Internet of Things, February 2014: Agenda and Sponsorship Opportunities brochure

CyberTECH Presents: Securing the Internet of Things, August 2014: Las Vegas Black Hat: Save The Date brochure

Read More | Comments Off on CyberTECH Presents: Securing the Internet of Things

by Fred F. Farkel, Monday, November 4th, 2013

 

Guest column by Citadel Information Group

Weekend Vulnerability and Patch Report

The following software vulnerabilities and updates were announced last week. Citadel Information Group strongly recommends that readers update their computers and take other action as indicated.

Important Security Updates

Mozilla Firefox: Mozilla has released version 25.0 of Firefox to fix at least 14 highly critical unpatched vulnerabilities in previous versions. Updates are available through Firefox browser. Updates are also available for SeaMonkey and Thunderbird.

Current Software Versions

Adobe Flash  11.9.900.117 [Windows 7: IE9, Firefox, Mozilla, Netscape, Opera]

Adobe Flash  11.9.900.117 [Windows 8: IE]

Adobe Flash  11.9.900.117 [Macintosh OS X: Firefox, Opera, Safari]

Adobe Reader 11.0.05

Dropbox 2.0.25 [Citadel warns against relying on Dropbox security. We recommend files containing sensitive information be independently encrypted with a program like Axcrypt; encryption keys be at least 15 characters long; and the Dropbox password be at least 15 characters long and different from other passwords.]

Firefox 25.0 [Windows]

Google Chrome 30.0.1599.101

Internet Explorer 10.0.9200.16721 [Windows 7: IE]

Internet Explorer 10.0.9200.16519 [Windows 8: IE]

Java SE 7 Update 45 [Citadel recommends removing or disabling Java from your browser. Java is a major source of cyber criminal exploits. It is not needed for most internet browsing. If you have a particular web site that requires Java, Citadel recommends using a two-browser approach to minimize risk. If you normally browse the Web with Firefox, for example, disable the Java plugin in Firefox and use an alternative browser – such as Chrome, IE9, Safari, etc – with Java enabled to browse only the sites that require it.]

QuickTime 7.7.4

Safari 5.1.7  [Windows]

Safari 6.1 [Mac OS X]

Skype 6.7.0.102

Newly Announced Unpatched Vulnerabilities

Netgear WNDR3700: Secunia reports an unpatched moderately critical security bypass issue in NetGear’s WNDR3700 dual band gigabit router. No official solution is currently available.

For an updated list of previously announced Unpatched Vulnerabilities, please see the resources section of Citadel’s website.

For Your IT Department

Cisco Multiple Products: Secunia reports that Cisco has released many updates for multiple products, including Cisco’s Unifed Computing Manager,  Identity Services Engine (ISE), IOS XE Aggregation Services Routers (ASR),  and others. Apply appropriate updates.

McAfee Firewall Enterprise: Secunia reports McAfee released version 8.3.1P04 of McAfee Firewall Enterprise to address 4 vulnerabilities in previous versions. Update to version 8.3.1P04.


If you are responsible for the security of your computer, Citadel’s Weekend Vulnerability and Patch Report is for you. We strongly urge you to take action to keep your workstation patched and updated.

If someone else is responsible for the security of your computer, forward our Weekend Vulnerability and Patch Report to them and follow up to make sure your computer has been patched and updated.

Vulnerability management is a key element of cyber security management. Cyber criminals take over user computers by writing computer programs that "exploit" vulnerabilities in operating systems (Windows, Apple OS, etc) and application programs (Adobe Acrobat, Office, Flash, Java, etc). When software companies find a vulnerability, they usually issue an update patch to fix the code running in their customer’s computers.

 

Citadel Information Group publishes our Weekend Vulnerability and Patch Report to alert readers to some of the week’s important updates and vulnerabilities. Our focus is on software typically found in the small or home office (SOHO) or that users are likely to have on their home computer. The report is not intended to be a thorough listing of updates and vulnerabilities.

Citadel Information Group … Delivering Information Peace of Mind ® to Business and the Not-for-Profit Community


The IT Summit would like to thank Citadel Information Group for allowing us to provide this information to you.

Read More | Comments Off on Weekend Vulnerability and Patch Report, November 3, 2013

by Fred F. Farkel, Monday, November 4th, 2013

 

Guest column by Citadel Information Group

Cyber Crime

Adobe Breach Impacted At Least 38 Million Users: The recent data breach at Adobe that exposed user account information and prompted a flurry of password reset emails impacted at least 38 million users, the company now says. It also appears that the already massive source code leak at Adobe is broadening to include the company’s Photoshop family of graphical design products. KrebsOnSecurity, October 29, 2013

Cyber Attack

Syrian hackers claim to hack Obama’s Twitter account: For a short time on Monday, the website and Twitter account of BarackObama.com were breached by a group of hackers going by the name Syrian Electronic Army. CBS, October 28, 2013

AP Exclusive: Israeli tunnel hit by cyber attack: HADERA, Israel (AP) – When Israel’s military chief delivered a high-profile speech this month outlining the greatest threats his country might face in the future, he listed computer sabotage as a top concern, warning a sophisticated cyberattack could one day bring the nation to a standstill. USA Today, October 27, 2013

Cyber Threat

Social Engineers Pwn The ‘Human Network’ In Major Firms: To provide some perspective on just how poorly corporate America is able to combat social engineering attacks today, consider this: Famously secretive Apple fared the worst in a recent social engineering contest. DarkReading, Octobe 30, 2013

Cyber Warning

New Vulnerability Found in Apps Using Wi-Fi: Public Wi-Fi networks are notoriously insecure, and now there’s this: Mobile security researchers have discovered a new way for attackers to access mobile phone apps from Wi-Fi networks. The New York Times, October 29, 2013

Researchers Flag Security Flaws In New LinkedIn Offering: A new LinkedIn feature designed to familiarize users with their email partners could introduce a slew of security problems to enterprises and individuals who use it, researchers said this week. DarkReading, October 25, 2013

Security Expert Warns about Using App that Emails Money: Dr. Stahl featured – A service by a company called Square Inc. will allow you to e-mail money to your friends free-of-charge. But a nationally recognized IT security expert, Stan Stahl, Ph.D., says the concept is fraught with danger. The Biz Coach, October

Cyber Privacy

N.S.A. Said to Tap Google and Yahoo Abroad: WASHINGTON – The National Security Agency and its British counterpart have apparently tapped the fiber-optic cables connecting Google’s and Yahoo’s overseas servers and are copying vast amounts of email and other information, according to accounts of documents leaked by the former agency contractor Edward J. Snowden. The New York Times, October 30, 2013

What You Need to Know About Privacy, Email, and Particularly Gmail: Unless you take special precautions, nothing you send by email is secure. That’s doubly true with Gmail, since Google uses the content of your messages to target advertising. CIO, October 21, 2013

Financial Fraud

Victorian Trolling: How Con Artists Spammed in a Time Before Email: In May of 1978, a computer tech named Carl Gartley typed the following message into the flickering, black-and-green screen of an early computer terminal. The company he worked for, Digital Equipment Corporation, was eager to publicize its new computers to the users of Arpanet, the network that would grow into the Internet. The recipients of the email were a catalog of the digital elite (at places like UCLA, PARC, and the Rand Corporation) who possessed the mainframe computers and access privileges necessary to be on the web in the late 1970s. The Atlantic, October 29, 2013

ATM malware may spread from Mexico to English-speaking world: A malicious software program found in ATMs in Mexico has been improved and translated into English, which suggests it may be used elsewhere, according to security vendor Symantec. PCWorld, October 28, 2013

Cyber Security Management

Cyber-crime is ‘greatest threat’ to companies survival: EY: Companies see cyber-crime as an increasing threat with a third of organizations reporting a rise in attacks in the past year, a study reveals. CNBC, October 30, 2013

IBM Assessment: How Information Security Leaders Can Do Better: A quarter of all company security leaders have deployed mobile security in the past month, but they’re still playing "catch-up" as they try to wrap policies and technology around the Bring Your Own Device (BYOD) trend. That’s one of the findings in the second annual IBM assessment of Chief Information Security Officers (CISOs). CMS Wire, October 23, 2013

Generation Y Users Say They Will Break Corporate BYOD Rules: Most young employees are so dependent on their mobile devices that they are prepared to break any policy that restricts their use, according to a new study. DarkReading, October 22, 2013

Cyber Security Management – Cyber Update

Mozilla Fixes 10 Vulnerabilities with Firefox 25: Mozilla released the 25th version of its mobile and desktop Firefox browser yesterday, fixing 10 vulnerabilities, five of them critical. ThreatPost, Octobe 30, 2013

NETGEAR READYNAS STORAGE VULNERABLE TO SERIOUS COMMAND-INJECTION FLAW: A popular NETGEAR network-attached storage product used primarily in medium-sized organizations has a gaping vulnerability that puts any data moving through a network in jeopardy. ThreatPost, October 22, 2013

Cyber Security Management – Cyber Defense

Web app security best practices and the people who love them: When a website is attacked, the results can be devastating to an organization – both financially and from a brand perspective. Given modern society’s ever-increasing reliance on the Web, the impact of a breach and the associated costs are going up, and fast. Adding more "robust" firewalls or allocating more budget to anti-virus protection is not the answer. It’s still an important step, sure, but these controls provide nearly zero protection against today’s web-based attacks. CSO, October 30, 2013

Google Project Shield To Protect Sensitive Sites From DDOS Attacks: DDoS attacks have been a problem for nearly as long as the Internet has been a thing, but they’re difficult to visualize and understand on a practical level. A whole bunch of traffic is going to a Web site. So what? Now, Google and Arbor Networks are collaborating on a project that shows exactly how large and damaging some of these attacks are, and who’s attacking who at any given moment. ThreatPost, October 22, 2013

How To Avoid Breaches Where You Least Expect Them:In the real world of constrained budgets and limited personnel, prioritization of security resources is a must. Many departments prioritize practices based on the severity of vulnerabilities, the value of a target, and the likelihood of a threat hitting said target. However, the flip side of that is to remember the real world is also a connected one. And as many security experts can attest, enterprises often forget to account for how attacks against the vulnerabilities in less critical systems can jeopardize the crown jewels. DarkReading, October 21, 2013

Securing the Village

Seeking Comments on the Preliminary Cybersecurity Framework: America must also face the rapidly growing threat from cyber-attacks. We know hackers steal people’s identities and infiltrate private e-mail. We know foreign countries and companies swipe our corporate secrets. Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, and our air traffic control systems. We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy. The White House Blog, October 29, 2013

NIST’s latest cybersecurity framework reveals a lot of goodwill amidst continued criticism: After delays due to the government shutdown, the National Institute of Standards and Technology (NIST) released on October 22 its latest version of a comprehensive cybersecurity framework for critical infrastructure as mandated by President Obama’s February cybersecurity executive order (EO). This preliminary framework is subject to a 45-day public comment period, after which NIST will make revisions and then produce a final framework for publication in February. CSO, October 24, 2013

Critical Infrastructure

‘White Hat’ Hackers Expose Flaws of U.S. Stock Market: Ethical "white hat" hackers, intentionally looking to expose the cyber vulnerabilities of U.S. equity markets, were able to directly impact market performance in a test last month-forcing a mock market close. Fox News, October 23, 2013

Months Later, EAS Equipment Still Vulnerable: More than three months ago, a researcher from IOActive published details of some serious problems he’d found with equipment used to run the Emergency Alert System, which is used to send out notifications in the case of a natural disaster or other serious situation. The researcher notified the equipment manufacturers affected by the bugs, one of which could enable an attacker to send out a fake alert, and the vendors updated their software. However, it appears that those fixes didn’t actually solve the problems. ThreatPost, October 22, 2013

Cyber Research

DARPA Announces $2 Million Prize In Self-Patching Software Competition: The mad scientist wing of the Pentagon known as the Defense Advanced Research Projects Agency announced Tuesday that it’s planning to hold a new "Grand Challenge" competition with a $2 million prize. The goal of that seven-figure bakeoff: To build a "fully automated cyber defense system" that protects itself from hackers, responding to attacks and even updating its own code in real-time, without the assistance of humans. Forbes, October 23, 2013

Cyber Misc

Twitter Illiterate? Mastering the @BC’s: Using Twitter sounds so simple. Type out no more than 140 characters – the maximum allowed in a single tweet – and hit send. That’s all, right? The New York Times, October 23, 2013

Cyber Calander

ISSA-LA November Lunch Meeting: In today’s world of advanced cyber threats, security professionals need to implement new methods and strategies to gain the upper hand in protecting their business. Thinking like an attacker isn’t really good enough. However, incorporating hacker methodologies & tools will give security teams the situational awareness and intelligence needed to respond quickly to new & previously unknown threats. The security industry is changing. For some, it’s a good thing, and for others, they’re watching their antiquated ways of failing to prevent exploits become irrelevant for smart security teams. ISSA-LA, Event Date: November 20, 2013


The IT Summit would like to thank Citadel Information Group for allowing us to provide this information to you.

Read More | Comments Off on Cyber Security News of the Week, November 3, 2013