jump to navigation

Oh My!! More than 6 Million LinkedIn Passwords Stolen! June 6, 2012

Posted by Chris Mark in cybersecurity, Data Breach, Industry News.
Tags: , , , , , , ,
add a comment

Change your LinkedIn password now!  According to an article on CNN, over 6 million LinkedIn passwords were stolen by Russian hackers.  LinkedIn also confirmed in their own blog post that some of the posted passwords did match LinkedIn accounts. According to the story: “The 6.5 million leaked passwords were posted Monday on a Russian online forum, camouflaged with a common cryptographic code called SHA-1 hash. It’s a format that’s considered weak if added precautions aren’t taken. Roughly half of the “hashed” passwords have already been decoded and posted online in human-readable text.”  You can read more about how Hashes are cracked using Rainbow tables in the awesome post here.

Combining Blog Content (GlobalRiskInfo / DrHeatherMark) May 31, 2012

Posted by Chris Mark in News, Politics.
Tags: , , , , , , ,
add a comment

In the near term I will begin integrating blog content from Dr. Heather Mark’s privacy and payments blog. This will give new information and insight into privacy, regulatory, and information security issues. We will be combing both blogs into GlobalRiskInfo. Please stay tuned and, in the meantime,take a spin through Heather’ blog!

 

“Flame On!”- New CyberWeapon Discovered in Middle East May 28, 2012

Posted by Chris Mark in cyberespionage, cybersecurity, InfoSec & Privacy, News, terrorism.
Tags: , , , , , , , , , , ,
1 comment so far

Complementing the post CyberEspionage, researchers have discovered a new cyberweapon.  First there was Stuxnet, then there was Duqu..now there is Flame.  Called by a researcher: “…the most complex piece of malicious software discovered to date…” the recently discovered virus is designed to capture data but can also change computer setting and turn on integrated microphones to record what is being said in the room.  Kapersky labs discovered the virus, dubbed “Flame”,  which has been lurking undetected inside of thousands of computers in the Middle East for as long as 5 years.  According to Kapersky, the countries with the most infections include Iran with the most infections followed by Israel/Palestine area, Syria, and Sudan.  According to Kapersky senior researcher Roel Schouwenberg: “The virus contains about 20 times as much code as Stuxnet, which attacked an Iranian uranium enrichment facility, causing centrifuges to fail. It has about 100 times as much code as a typical virus designed to steal financial information”(more…)

“Use of Force” Webcast – Nexus Consulting Group May 16, 2012

Posted by Chris Mark in Industry News, Laws and Leglslation, terrorism, weapons and tactics.
Tags: , , , , , ,
add a comment

Nexus Consulting Group is scheduling a webcast for the week of May 21- 25 on the topic of the Use of Force in Maritime Security.  Recently, a video surfaced of a maritime security company firing on Somali Pirates.  While the topic has been debated, Nexus was mistakenly identified as the company that took action.  If you are interested in learning about Use of Force and the legal issues, then contact Nexus at info@ncga.us and note your interest in attending the webcast and we will advise which sessions are available.  You can download the Use of Force Primer and follow along document here.

Having previously worked for a maritime security company,  I felt pretty informed on the Use of Force and Maritime issues.  After speaking to Kevin on numerous occasions, it was apparent that Kevin is an expert on Maritime Security and the industry at large.  I always come away from a discussion with Kevin impressed and having learned something new about maritime security.  Any knuckle-dragger can carry a gun and use it indiscriminately.  It is appropriate, disciplined use of a weapon that separates professional security from amateurs.  There are few security companies that I would recommend and that have the expertise to protect  ships while minimizing risk to ship owners. Use of force is an critical yet complex subject.  I recommend you take the opportunity to listen to an expert on maritime security and definitely take the opportunity to ask questions.

“Semper Fi?” – Marines Convicted of Selling Weapons to Gangs & China May 15, 2012

Posted by Chris Mark in News, terrorism, weapons and tactics.
Tags: , , , , , , , , ,
1 comment so far

As a former Marine, this is a difficult story for me to write. It does however highlight the importance of the concept of “trust but verify” within security.  As reported in the Jacksonville Daily News, a 2 year investigation by the Naval Criminal Investigation Service (NCIS) has uncovered an operation where 49 Marines and 21 civilians stole and then sold almost $2 million worth of weapons and equipment.  Many of the Marines were stationed at Camp Lejeune, NC and much of the gear was sold on eBay, Craigslist or in face to face meetings.    One of the Marines was a member of the elite Marines Special Operations Command and served with the 3rd Special Operations Battalion.  As stated in the article: “Sgt. Daniel Adam Reich, a former member of 3rd Marine Special Operations Battalion, was convicted of selling and attempting to sell military property and conspiracy. He was sentenced to 40 months in prison and a dishonorable discharge, MarSOC spokesman Maj. Jeff Landis said.” The investigation has since extended into the Air Force and Army. 

The point of this blog post is to show that even our military folks who take an oath of honor and are subject to very stiff penalties for violation of that oath are vulnerable to the same temptations as everyone.  It is not enough to blindly trust people to do the right thing.  While 99% may be honest and have integrity, there is always a small percentage that will give in to temptation.  This is why it is so critical to “trust but verify” in security.