Archive for October, 2012
A look at the Russian underground cyber market
Oct 31st
From: InfoSecurity-Magazine.com
“The Russian shadow economy is an economy of scale, one that is service oriented and that has become a kleptocracy wherein crony capitalism has obtained a new lease on life in cyberspace,” says a new report into the cybercriminal Russian underground.
Russian Underground 101 is a Trend Micro study into the cybercriminal underground in Russia. It is based on data gathered from online forums and services and articles written by hackers. What it finds is a complete shadow economy of cybercriminality where virtually every form of online criminal activity can be bought and sold at surprisingly low prices.
Ensuring process cyber security
Oct 31st
From: Engineer Live
Cyber security is becoming an increasingly important aspect of plant management. Here we look at the strategies and technologies being used by suppliers to ensure that process plants minimise their vulnerability to cyber attacks. Eugene McCarthy reports.
Over the past two years, industrial infrastructure has been identified as a key target for hackers and government-sponsored warfare, attracting some of the most sophisticated cyber attacks on record.
Belden, a global leader in signal transmission solutions for mission-critical applications, in coordination with Tofino Security – part of Belden’s Hirschmann brand – has developed a product portfolio and business processes to protect critical infrastructure against these emerging threats.
Personal responsibility, not more government regulations, needed to keep Canada cyber-secure, senator says
Oct 31st
Editor’s Note: Personal responsibility is a necessary but not sufficient condition for cybersecurity.
From: Vancouver Sun
By Jordan Press
OTTAWA — Canadians and the federal government don’t want more regulations over how we use our mobile and Internet-connected devices all in the name of cyber-security, a high-profile Tory senator says.
Sen. Pamela Wallin, who chairs the Senate’s defence committee, told a room full of security experts Tuesday it was up to businesses to be honest with their customers about cyber-security breaches, and an older generation of Canadians to educate a younger generation who are naïve about their safety from hackers about how to stay safe from cyber-criminals.
FBI cybersecurity shift draws skepticism from experts
Oct 31st
Editor’s Note: Law enforcement must continue to be an essential component of cybersecurity. The FBI’s expanded work in this field is critical and appreciated.
From: Network World
Kevin Mitnick, the former hacker turned security consultant, is one who doubts focusing on criminals rather than attacks would slow them
By Antone Gonsalves, CSO
The FBI has changed its cybersecurity strategy to place greater emphasis on identifying the criminals behind attacks, a shift that some experts say won’t make a dent in hacking operations.
In a recent blog post, the bureau said it would dedicate more resources to “who is conducting the attack or the exploitation and what is their motive.”
Georgia publishes photos of alleged Russia-based cyberspy
Oct 30th
From: TechWorld
In an unprecedented move, Georgia reveals startling details of a hacker it says is stealing its confidential information
By Jeremy Kirk
In one of the photos, the dark-haired, bearded hacker is peering into his computer’s screen, perhaps puzzled at what’s happening. Minutes later, he cuts his computer’s connection, realising he has been discovered.
In an unprecedented move, the country of Georgia – irritated by persistent cyber-spying attacks – has published two photos of a Russia-based hacker who, the Georgians allege, waged a persistent, months-long campaign that stole confidential information from Georgian government ministries, parliament, banks and NGOs.
Killing the Computer to Save It
Oct 30th
From: NYT
Profiles in Science Peter G. Neumann
By JOHN MARKOFF
MENLO PARK, Calif. — Many people cite Albert Einstein’s aphorism “Everything should be made as simple as possible, but no simpler.” Only a handful, however, have had the opportunity to discuss the concept with the physicist over breakfast.
One of those is Peter G. Neumann, now an 80-year-old computer scientist at SRI International, a pioneering engineering research laboratory here.
As an applied-mathematics student at Harvard, Dr. Neumann had a two-hour breakfast with Einstein on Nov. 8, 1952. What the young math student took away was a deeply held philosophy of design that has remained with him for six decades and has been his governing principle of computing and computer security.
Boosting data center trust with ISO27001
Oct 30th
From: AsiaCloudForum
By Carol Ko
In the absence of cloud-specific industry standards, cloud data center operators are relying on widely accepted industry standards as the quality seals for the info-security practices at their data centers
One such standard is the ISO27001, short for “ISO/IEC 27001:2005 — Information technology — Security techniques — Information security management systems — Requirements” that was published in 2005 by the International Organization for Standardization.
The ISO27001 certification covers a broad range of security controls from the physical environment in which customer solutions are hosted, accessed and monitored through to the logical system-based controls employed to manage electronic access.
Insecure industrial control systems, hacker trends prompt federal warnings
Oct 30th
From: CSO
By Antone Gonsalves
Security researchers fed up with what they see as the glacial pace with which vendors fix holes in industrial control systems have exposed vulnerabilities that raised concerns among federal officials.
The latest security weaknesses, as well as troubling trends in the hacker underground, led the Department of Homeland Security to warn late last week of an increasing security risk to the control systems used by power utilities, water treatment plants and manufacturing. The latest warning, issued Friday stemmed from a report of a vulnerability found in ICS equipment sold by 261 manufacturers.
GCHQ launches employee scheme to help protect UK from attack
Oct 30th
From: Gloucestershire Echo
CYBER security professionals in the UK are to be assessed under a new scheme launched by GCHQ, to protect the UK from attack.
The CESG Certification for IA (Information Assurance) Professionals scheme is set to help businesses and the Government employ the right people for the job. It has been launched by CESG, the IA arm of GCHQ, for employees in the public and private sectors.
Jonathan Hoyle, GCHQ’s director general for Government & Industry Cyber Security, said: “Cyber Security and Information Assurance expertise is at the heart of protecting the UK from cyber attack and I am delighted that GCHQ’s scheme to certify IA professionals in both the public and private sectors is fully up and running.
You Can’t Terrorist-Proof the Internet, but the UN Wants to Try Anyway
Oct 29th
From: The Philly Post
How this will affect your online world.
by Nick Valdala
If we have too free an Internet, the terrorists win—or at least according to a recent cyber-terrorism report put out by the United Nations. Dubbed “The Use of the Internet for Terrorist Purposes,” the 148-page report essentially urges world governments to surveil Internet users via their service providers all over the planet in an attempt to assuage global terrorism. The Internet in its current form is so free, the argument goes, that those pesky terrorists can more easily get online and spread their extremist messages and propaganda to a wider audience through Internet forums, open wi-fi hotspots and blog posts.