Lenovo and Superfish – What you should know

I would like to believe that this situation with Lenovo and Superfish is an isolated incident, but given the profitability of selling load space at the PC factory level, I would imagine there are several other pieces of malicious software installed on other manufacturer hardware.  These linked articles and the embedded Youtube video can give you a bit more information about this problem and how to address it on your hardware.  At the end of the day, the best practice for any new PC purchase is to re-image the device and start with a clean slate, but this is not always an option for the less technically inclined.

http://www.tripwire.com/state-of-security/security-data-protection/superfish-lenovo-adware-faq/

http://www.forbes.com/sites/thomasbrewster/2015/02/19/superfish-need-to-know/

DHS Cybersecurity Staff Won’t Get Paid During Shutdown

This is disturbing considering the potential impact on financial institutions relying on the US Secret Service for financial fraud investigations and the overall need for protections around our nation’s critical infrastructure.  There are certain fights worth fighting in our nation’s capital, but these are not the chips I would choose to gamble with.

http://www.csoonline.com/article/2885574/cyber-attacks-espionage/dhs-cybersecurity-staff-wont-get-paid-during-shutdown.html

Windows 10 will work with FIDO specs for password-free access, says Microsoft

I am a proponent of the work being done by FIDO and their authentication standard.  That said, I am not sure Microsoft has complete bought in to the process.  They tend to go their own way or only adopt portions of standards to meet their needs.  I hope I am wrong in this case and Microsoft meets or exceeds the new FIDO 2.0 standard.

https://nakedsecurity.sophos.com/2015/02/18/windows-10-will-work-with-fido-specs-for-password-free-access-says-microsoft

Why The USA Hacks

I am particularly intrigued by this article from Dark Reading because of the perspective it provides concerning the US Cyber Spying/Hacking program in the context of the mission statements of the NSA, CIA, and United States Cyber Command.  Regardless of the definitive statements made by many on both sides of this debate, this issue is both complex and nuanced and should not be dismissed off hand.

http://www.darkreading.com/vulnerabilities—threats/advanced-threats/why-the-usa-hacks/a/d-id/1319107

Kaspersky Lab reveals spyware on the world’s most popular hard drives, suspects the NSA

These are a couple of articles detailing a discovery by the team at Kaspersky concerning hard drive embedded malware.  Though unproven, the NSA is suspected, adding to the ongoing debate of exactly how much surveillance tech is embedded into our daily lives by the federal government.  It is certainly an interesting conversation.

http://thenextweb.com/insider/2015/02/17/kaspersky-lab-reveals-spyware-worlds-popular-hard-drives-suspects-nsa/

http://www.tripwire.com/state-of-security/latest-security-news/advanced-threat-actor-linked-to-nsa-uses-spyware-to-infect-the-disk-drive-firmware-of-foreign-targets/

Google’s Project Zero backs off a bit – will now give up to 14 days’ grace

The debate continues around zero-day vulnerabilities and how they should be reported and addressed.  Google has backed off a bit from their initial strict 90-day for remediation and reporting.  Regardless of which side of this argument you support, the debate is worthwhile and is moving the patch process forward for critical software.

https://nakedsecurity.sophos.com/2015/02/16/googles-project-zero-backs-off-a-bit-will-now-give-up-to-14-days-grace/