This article brings to light another wrinkle in the ongoing debate around offensive countermeasures in cyber warfare. What role should private industry play when foreign entities attack or manipulate US commercial institutions? Do American businesses have the right to defend themselves or retaliate when attacked? What role can/should the federal government play in these situations?
Month: December 2014
Krebs – Banks: Card Breach at Some Chick-fil-A’s
This is yet another concerning breach at a fast food restaurant. Obviously the scope of this breach is still under investigation, but it will still likely lead to another round of card re-issues and general consumer angst.
http://krebsonsecurity.com/2014/12/banks-card-breach-at-some-chick-fil-as/
4 Infosec Resolutions For The New Year
Interesting read heading into the new year…
http://www.darkreading.com/attacks-breaches/4-infosec-resolutions-for-the-new-year-/a/d-id/1318219
Microsoft Could Kill Internet Explorer; New Spartan Browser Coming Soon
This rumor/development has been floating around for some time. I believe this is a necessary step for Microsoft to continue its transition to a services company and away from the legacy PC footprint. This type of browser development should also ultimately fuel a mobile/tablet/cloud strategy.
http://thehackernews.com/2014/12/microsoft-windows-spartan-browser.html
20 Startups to Watch
Interesting list of companies to read through with a heavy lean toward big data analysis targeted at APT. I was also glad to see some funding targeted at IAM and end user education solutions. I know I have added a few new companies to explore during conference season this spring.
http://www.darkreading.com/20-startups-to-watch-in-2015/d/d-id/1318410
New Documents Reveal What Security Measures the NSA Can and Can’t Crack
Interesting breakdown of the functionality possessed by the US and other major players in decrypting significant Internet traffic including HTTPS and IPSEC.
Krebs on Security – Who’s in the Lizard Squad?
More content by Krebs on Lizard Squad and their pathetic antics over the Christmas holiday…there is nothing remotely impressive about these children. This is not cyber security in any form.
http://krebsonsecurity.com/2014/12/whos-in-the-lizard-squad/
Cowards Attack Sony PlayStation, Microsoft xBox Networks
Krebs said it well. This was a pathetic and cowardly act. As a father simply hoping to enjoy watching his wife and children play their new gaming platform only to be turned away by a network failure, I was seriously annoyed to hear it was a DDOS attack. This cowardly act should be shared with the public and these sad little thugs should be called out just as Krebs has done.
http://krebsonsecurity.com/2014/12/cowards-attack-sony-playstation-microsoft-xbox-networks/
Why Digital Forensics In Incident Response Matter More Now
This content is particularly true in the context of SIEM and overall log retention and correlation. The decision making process around incident response is multifaceted and is something all organizations should actively consider, plan around, and practice.
Apple Releases Security Patch for NTP Vulnerability in OS X
This type of vulnerability demonstrates the need to consider all aspects of a system and to have a patching strategy for all OS’s. Many people discount NTP and even more people completely discount OSX. Keep Calm and Patch On.