jump to navigation

BitDefender: “Anonymous is ‘good’ for security” – REALLY?! March 28, 2012

Posted by Chris Mark in InfoSec & Privacy, Laws and Leglslation, Risk & Risk Management.
Tags: , , , , , ,
add a comment

A March 14th, 2012 article on ZDNetAsia sums up one of the major problems with security.  Specifically, it is the victims that are consistently blamed for the crime and the belief (very arrogant, I might add) that companies simply don’t care about security and this is why they are victimized.  According to the article:

“Alexandu Catalin Cosoi, chief security researcher at BitDefender, for one, said that hacktivist group Anonymous has been “good” for security. This is because even though it had disclosed people’s personal information publicly online, the security breaches it organized had a positive impact, he added. Now, more companies are willing to secure their networks and private data, which is good news, he stated.”  (more…)

“We Can’t Live in Castles” – FBI Official Concedes; CyberSecurity Policy is a Failure March 28, 2012

Posted by Chris Mark in Industry News, InfoSec & Privacy, Laws and Leglslation.
Tags: , , , , , ,
add a comment

In my Google alerts  today was an article from Foxnews titled: “Retiring FBI Official Says Current US CyberSecurity Strategy ‘Unsustainable'”  Shawn Henry, the FBI’s Assistant Director for CyberSecurity refers to the increasing cyber attacks on government and corporate targets and says: “We are not winning”.  All I can say at this point is…WOW..again we are beating a dead horse!  In 2010, I said the same thing at an InfraGard event in Salt Lake City, and RSA has said the same thing.  We sound like broken records at this point.  This post will likely be a bit more pointed and blunt than most but my frustration is mounting on the subject. For a shameless plug on my own research brief, please read: “A Failed State of Security” now published by IDGA.

CyberAttacks against corporates, committed by individuals are crimes.  Crimes are human acts undertaking by living, breathing, thinking human beings.  CyberSecurity, at its core, is about more than building castles to keep the princess protected.  It is also about changing human behavior to deter the criminal behavior.

“deterrence is ultimately about decisively influencing decision making.  Achieving such decisive influence requires altering or reinforcing decision makers’ perceptions of key factors they must weigh in deciding whether to act counter to (our interests) or to exercise restraint.”[1] (more…)

France’s PATROIT Act? – “Visit Website; Go to Jail” March 23, 2012

Posted by Chris Mark in Industry News, Laws and Leglslation, terrorism.
Tags: , , , , , , , ,
add a comment

In the aftermath of the murder of 7 people in France by a self-proclaimed Al Qaeda militant, France’s president Nicolas Sarkozy has proposed a sweeping law that would jail those who visit extremist websites.  “Anyone who regularly consults Internet sites which promote terror or hatred or violence will be sentenced to prison,” he told a campaign rally in Strasbourg, in eastern France. “What is possible for pedophiles should be possible for trainee terrorists and their supporters, too” 

The murders of 7 people in Toulouse were horrific.  Among those killed were a Rabbi and several children at a Jewish school.  The murderer, 23 year old Mohamad Merah, was killed by French police after a standoff.  (more…)

“Failed State of Security”- Published by IDGA March 21, 2012

Posted by Chris Mark in InfoSec & Privacy, Laws and Leglslation, Risk & Risk Management.
Tags: , , , , , , ,
add a comment

The Institute for Defense and Government Advancement (IDGA) has published the whitepaper “Failed State of Security”; A Rational Analysis of Deterrence Theory & Its Effect on Cybercrime. Check it out!

Abstract  “In reviewing the literature on criminology and information security it appears that, while they share many common themes, there is a disconnect between the criminological theory and its application in information security.  Information security, as a field, is focused on the protection of information assets.  Criminology is focused on the prevention of criminal behavior.  As most information security practitioners will likely attest, there is little overlap between the two fields and there has been little research or focus on the use of crime theories on the prevention of cybercrimes.   This paper attempts to bridge the gap between the fields and highlight the deficiencies in the current approach of compelling victims to prevent cybercrime as opposed to deterring the criminals from committing cybercrimes.” 

“Warren & Brandeis Cringe”- Identification through Typing March 21, 2012

Posted by Chris Mark in InfoSec & Privacy, Laws and Leglslation.
Tags: , , , , , , , ,
add a comment

Several years ago a few researchers demonstrated that the way in which people type is unique enough to be used to identify that person with a high degree of confidence.  It is not simply speed but includes cadence, time between particular keystrokes and other aspects.  This week DARPA announced that they are working to make the solution a reality.   Due to the uniqueness of a person’s typing DARPA says: “mimicking keystroke dynamics is physiologically improbable,” This means that it would increase the challenge of masquerading as another person.  I mark this up as “good in theory and terrifying in practice”.  In a talk last year a DARPA representative explained the process as such: “is move to a world where you sit down at a console, you identify yourself, and you just start working, and the authentication happens in the background, invisible to you, while you continue to do your work without interruptions.”  This is precisely where the issue comes to life. (more…)