SECURITY
Humans are the weakest link in the security ecosystem
and yet many corporations fail to recognize that.
We always use a VPN
If You need need to be free then use
Encrypted VPN Virtual Private Network
Blackburn, a George W. Bush appointee, ruled that the Fifth Amendment posed no barrier to his decryption order. The Fifth Amendment says that nobody may be "compelled in any criminal case to be a witness against himself," which has become known as the right to avoid self-incrimination. "I find and conclude that the Fifth Amendment is not implicated by requiring production of the unencrypted contents of the Toshiba Satellite M305 laptop computer," Blackburn wrote in a 10-page opinion today. He said the All Writs Act, which dates back to 1789 and has been used to require telephone companies to aid in surveillance, could be invoked in forcing decryption of hard drives as well. The Department of Justice is relying on the All Writs Act, which dates back to 1789. It doesn't seem intended to address this situation.
Dubois: It wasn't intended to address this. It was basically: If the judge orders someone to transfer title of property, he can also order whatever else is necessary to make that happen. It was pretty clearly necessary to allow judges to enter orders they've always been able to enter anyway. It wasn't designed to expand the judge's power or the government's power. This is the place where technology has bumbled right on ahead of the law, as it always does.
http://news.cnet.com/8301-31921_3-57364330-281/judge-americans-can-be-forced-to-decrypt-their-laptops/
George Carlin said, "they're not Constitutional 'rights' they're 'privileges' that can be revoked at any time."
ARE YOU Cranky, SKANKY AND INFECTED?? |
ARTICLES |
||
| COPYRIGHT / COPYLEFT | CHILDREN'S PRIVACY RIGHTS | |||
| September 11th World Trade Center SECURITY CRISIS CURRICULUM RESOURCES |
|||
| LISTS, RESOURCES, ROBOTS, TROUBLE FINDERS | |||
| ABOUT THAT WORD "TRUSTED" CREDIT CARD FRAUD | |||
| Learn about "URIICA" Union for Representative International Internet Cooperation and Analysis |
|||
Protect yourself, avoid all censorship, keep your search, and email private.
IN A DISASTER
Command and Control Communications always breaks down;
"Hello? Hello, Dimitri?
Listen, I can't hear too well, do you suppose you could turn the music down just a little? Oh, that's much better. Yes. Fine, I can hear you now, Dimitri. Clear and plain and coming through fine. I'm coming through fine too, eh? Good, then. Well then as you say we're both coming through fine." ~ Dr. Strangelove
The real goal of Cyber War, is the theft of national secrets, intellectual property from corporate R&D labs, corporate M&A deal documents, government policy, plans, negotiating terms and the ultimate concession of our nation's competitiveness to other countries. The year 2011 will be remembered as the year that the fundamental underpinnings of Internet security fell. Military Networks ‘Not Defensible,’ Says General Who Defends Them. It is cyber espionage and theft akin to the spy vs. spy efforts of the Cold War, but on a massive and pervasive scale. Easily forgotten are spectacular breaches across every major industrial sector this year, including "Operation Shady RAT", which was disclosed by McAfee in August. This disclosure identified over 70 companies in 6 different sectors targeted in a single campaign. Similarly, the “Nitro” campaign,disclosed by Symantec, targeted chemical companies and industrial manufacturing concerns. Secure Sockets Layer (SSL), Certificate Authorities, and two-factor authentication were all compromised. SSL, long considered the bastion of online secure protocols, was broken by a couple of researchers with a prototype called BEAST. The SSL protocol is today the most widely used Web-based protocol for securing online transactions, including banking and e-commerce. Certificate Authorities (CAs) have been the subject of repeated compromise this year, mainly for the purpose of forging legitimate certificates subsequently used in attacks on both SSL sessions and also software authentication.
http://www.forbes.com/sites/ciocentral/2011/11/18/cyber-spies-are-winning-time-to-reinvent-online-security/
US hypocrisy in China cyberwar says Mr Ranum, chief security officer of Tenable Network Security Expert.
Defcon's Jeff Moss on cybersecurity, government's role by Elinor Mills
As a hacker and organizer of Defcon, at event at which computer security vulnerabilities and exploits are routinely unveiled, Jeff Moss seemed an unusual choice when he was named to the Homeland Security Advisory Council in June. But his background and lack of government experience brings a fresh, outsider's perspective to a public sector plagued by a fast-changing threat landscape, perpetual turf wars, and bureaucratic inertia.
Secure Computers Are Not Secure. The time it takes to store data in memory, fluctuations in power consumption, even the sounds your computer makes can betray its secrets. MIT researchers centered at the Computer Science and Artificial Intelligence Lab's Cryptography and Information Security Group (CIS) study such subtle security holes and how to close them. Complete extraction of the private key, Tromer says, “takes merely seconds, and the measurements that are needed, of the actual cryptographic process being attacked, can be carried out in milliseconds.” Clouds - By spying on the caches of the servers hosting their software, they could determine which were also trying to keep pace with their fake traffic spikes. Once they'd identified the target site's servers, they could use cache monitoring to try to steal secrets. Any information at all about a computer's internal workings “is actually fairly damaging,” Rohatgi says. “In some sense, some of these cryptographic algorithms are fairly brittle, and with a little extra information, you can break them.”
P2P networks has become a "substantial issue for government [agencies] and for banks and for large corporate enterprises.Millions of documents, both governmental and private, containing sensitive and sometimes classified information, are floating about freely on file-sharing networks after being inadvertently exposed by individuals downloading peer-to-peer (P2P) software on systems that held the data. Also found the board minutes of one of the world's largest financial services organizations, the entire foreign exchange trading backbone of a financial company and a comprehensive launch plan -- complete with growth targets -- of yet another financial company that was diversifying into a new region.
The Ultimate Lock Picker Hacks Pentagon, Beats Corporate Security for Fun and Profit
The Smart Card Detective: a hand-held EMV interceptor by Omar Choudary
Abstract Several vulnerabilities have been found in the EMV system (also known as Chip and PIN). Saar Drimer and Steven Murdoch have successfully implemented a relay attack against EMV using a fake terminal. Recently the same authors have found a method to successfully complete PIN transactions without actually entering the correct PIN.
Technology Quotes
"Whenever you have a secret, you have a vulnerability." ~ Whitfield Diffie
"There are no secrets in the world. The only hard part is finding the right person to ask," "If you have a phone, you can find out anything you want in under 60 minutes. With the Internet, it's even faster."
"We are Anonymous. We are Legion. We do not forgive. We do not forget. Expect Us."
"Mrs. Robinson: "We'd like to know a little bit about you for our files, we'd like to help you learn to help yourself "
"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor saftey."
" Security is mostly a superstition. It does not exist in nature."
PRIVACY
Freedom Box gets off the ground
While providing "safe social networking" is one of the aims of the Freedom Box, it is only part of the picture. The project wants to protect users' data as well as their communications, including internet traffic, email, and voice. Beyond that, Freedom Box is specifically targeted at routing around ISPs' restrictions on the types of traffic they will carry, as well as attempts by governments to do similar traffic restrictions. In short, the goals of the Freedom Box live up to Moglen's original vision, as spelled out in his February 2010 talk at the New York branch of the Internet Society, as well as those outlined in a more recent talk at FOSDEM 2011: it is geared towards restoring users' freedoms.
Those freedoms are best guarded by keeping our data safe within the walls of our homes, because there are typically more legal protections there than there are when storing data on some company's servers. We have already seen that companies will often bow to governmental pressure in ways that would be more difficult to orchestrate when the data is spread out across the net. To that end, Freedom Box also plans to provide ways to securely back up encrypted data on friends' and neighbors' servers. In addition, it will provide ways for those under repressive regimes to anonymously publish information, such that those regimes will find it difficult to stop or track down the publishers. If the FreedomBox is going to handle all of these kinds of things, obviously the security of the device itself is paramount, but it is also targeted at protecting other systems in the home that live "behind" the Freedom Box. Eben strongly recommended reading the Top Secret America articles published by the Washington Post. It is eye-opening to see just how many Google-like operations there are, all under the control of the government.
Privacy of Consumer Information and Devices in the Electric Power Industry Executive Overview PDF October 2009
The Energy Independence and Security Act of 2007 mandated that NIST report to Congress on cyber security for the electricity grid. NIST established a Smart Grid Cyber Security Coordination Task Group and is issuing position papers. Privacy is an important adjunct to security and uses some of the same data tools. However, privacy goes beyond data tools and confidentiality. How personal information is collected, used, shared, stored, retained, and disposed of all impact privacy. Stringent and effective security can be in place and still result in egregious privacy breaches that fall outside of security controls. The Smart Grid Cyber Security Coordination Task Group sought input about home-to-grid issues from Home-to-Grid Domain Expert Working Group members and was consulted in the development of this paper on privacy.
Trusting cell phones to work in many emergency situations can be dangerous or fatal.
Depending on the Breaks
One of the best scenes in movie/comedy history. Peter Sellers plays 2 roles in this scene and George C. Scott is brilliant as Buck Turgidson. The back and forth dialogue is true genius. Dr. Strangelove or How I Learned to Stop Worrying and Love the Bomb (c) Stanley Kubrick
Turgidson: Ahh, am I to understand the Russian Ambassador is to be admitted entrance to the War Room?
Muffley: That is correct. He is here on my orders.
Turgidson: I... I don't know exactly how to put this, sir, but are you aware of what a serious breach of security that would be? I mean... [begins closing his notebooks] he'll see everything. He'll See The Big Board!
Muffley: That is precisely the idea, General.
Stains, get Premier Kissov on the Hotline.
Social Engineering
"Why do hackers use social engineering? It's easier than exploiting a technology vulnerability. You can't go and download a Windows update for stupidity... or gullibility."
People are trusting of other people, especially if there is a request for help. One of the biggest things that worked was asking "Can you please help me with this?" Asking people for help, the human vulnerability, has not changed. There is an inherent desire for people to help other people. There are trends of a positive nature, but they still get exploited.
Now people use social media to such an extent that their whole lives are on the Web. With sites like Blippy which people can tie into their Twitter and Facebook accounts and it in essence tweets every time you use a credit card or bank account, and it tweets what you've purchased and the amount. So you can go to these sites, find someone on Twitter, link them to a Blippy account and to Facebook and now you have their pictures, what they like to buy, what restaurants they go to, when they leave the house, when they work. And within an hour you can have a very detailed profile of a company or an individual based on the amount of social media they use.
Q. How many security engineers would it take to design a system for ATM security today?
A. I don't think it could be done.
We would be debating biometric-enabled smartcards, assurance, protection profiles, denial of service, non-repudiation, viruses and buffer-overflow attacks till we were blue in the face. There is no way that such a system with "good enough" security could be designed and built today on the basis of conventional security wisdom. ~
In 1985, the federal government published the first set of computer security criteria that computer professionals could understand and integrate into systems.
"A trusted computer system must provide authorized personnel with the ability to audit any action that can potentially cause access to, generation of, or effect the release of classified or sensitive information. The audit data will be selectively acquired based on the auditing needs of a particular installation and/or application. However, there must be sufficient granularity in the audit data to support tracing the auditable events to a specific individual (or process) who has taken the actions or on whose behalf the actions were taken."
WAIT! I thought YOU were in charge of security!!!
The General Services Administration is the federal agency responsible for procuring equipment and services, including computer security technology, making the lapse all the more striking.
The General Services Administration has shut a Web site for government contractors after a computer industry consultant reported that he was able to view and modify corporate and financial information submitted by vendors.
OK GO "The system relies, rather stupidly, on making it difficult to get in in the first place, by forcing you to get a client certificate for your browser," a mechanism for establishing the user's identity, said Mark Seiden, a security consultant who perform tests for corporations....
In filing an electronic application to become a government contractor, Mr. Greenspan was forced to repeat the process several times. After doing so, he noticed that the file's identifying number had been changed to a number one digit higher. 1/2006 QUOTE
"Good-Enough Security: Toward a Pragmatic Business-Driven Discipline", Ravi Sandhu,IEEE Internet Computing, Vol.5, No.3 (January/February 2003), p.66 The author offers three design principles for good-enough security:
1. Good enough is good enough.
2. Good enough always beats perfect.
3. The really hard part is determining what is good enough.
This page contains a Flash video. To view it requires that the Flash plugin is installed and Javascript enabled.
SECURING THE INTERNET
"A lot of the security stuff is designed by crypto geeks [and] because of a lack of usability, people can't apply them correctly," Peter Gutmann said, adding usability is just as important as "having a bunch of crypto and let people figure it out from there". Gutmann said "the protocols were designed without usability and even if a user-friendly GUI could be put over it, it is unlikely the original developers would accept it. They would rather have 100 percent perfect software that's unusable than 99 percent perfect software that is usable. It will take 20 to 30 years to educate people about computer security, you wouldn't give your house key to someone, so why do the same with your password." [1]
A fragment from the archives, to remind us of how much we owe to people like Mina Rees, who stood up for Science in times when Security was being misused...
John von Neumann to J. Robert Oppenheimer, June 15, 1950:
I had a telephone call from Dr. Mina Rees, Chief of the Mathematical Sciences Section of ONR. She informed me of the following facts:
Dick Feynman and the mathematician, J. McShane, had been invited by the Institute for Numerical Analysis, which is a joint enterprise of the Bureau of Standards and the University of California at Los Angeles, to spend the summer months there, that is, at UCLA. The Department of Commerce, which apparently exercises a direct supervision over the Bureau of Standards' activities in such matters, did not approve of these appointments for security or loyalty reasons (I understand, however, that the appointments are purely scientific and do not involve classified matters).
After Mina Rees learned this, she caused ONR to inquire from the FBI about the causes for withholding Feynman's and McShane's clearance. The FBI did not make the relevant files available, and Mina Rees thinks that they are still in the hands of the Commerce Department. After this, she turned to Condon, who inquired of Mr. Gladier, Assistant Secretary of Commerce in charge of Administration, who informed him that the immediately available evidence on McShane and Feynman provided no basis for their clearance, so that a full investigation would have to effected in order to appoint them. I have heard from other sources that a full investigation is undesirable, firstly, because it is very expensive, and secondly, because it may take too much time. In view of all this, Mina Rees suggested that Feynman and McShane be appointed to the ONR mathematical contract at the IAS and sent to UCLA.
CYBERWARFARE
Cyberspace covers almost everything electrical or electromechanical, from the simplest direct-current applications to the slickest, fastest space-age GPS gadgets off to things that haven't been invented. The scale of invention and development over the decades "means the further ... you go on the electromagnetic spectrum ... the energy moves faster and it's greater. ... the higher the scale of effects you can deliver." Lani Kass
The history of modern warfare has been one of adding domains in which people can fight and lose, be the controllers or the controlled, she said. For decades, the traditional domains were land and sea. In the 20th century, air and space were added, along with the recognition that if you control air and space, you can dictate to a great degree the control of land and sea.
But it has only been in the past few years that cyberspace, the realm that links the four war domains, has been recognized as an area of combat and control in its own right, she said. "We have been using the electromagnetic spectrum longer than we have been using air and space," she said, noting that the telegraph, one of the most bedrock aspects of cyberspace, was developed around the time of the Civil War.
What makes cyber different from the other realms, she said, is that it doesn't take a lot to fight in it. You don't have to build or buy expensive ships, airplanes, tanks or spacecraft. All you need is a laptop or a link to the Internet. "For the first time, perhaps ever, we are dealing with a domain where the level of investment is disproportionate to the kind of effects you can deliver," she said. [source]
BANNED BOOKS ONLINE openculture.com free banned books for banned books week
PODCASTING Journalists vs. Blogger War
Podcast Information and How To AudioBlog by Phone, and RSS Instructions.
The DARPA Information Awareness Office (IAO) will imagine, develop, apply, integrate, demonstrate and transition information technologies, components and prototype, closed-loop, information systems that will counter asymmetric threats by achieving total information awareness useful for preemption; national security warning; and national security decision making. Is the IAO datamining Facebook?
Electronic Frontier Foundation
EFF is a respected voice for the rights of users of online technologies. We feel that the best way to protect your rights on the Net is to be fully informed and to make your opinions heard. JOHN PERRY BARLOW is cofounder of the Electronic Frontier Foundation, a former lyricist for the Grateful Dead, and a former Wyoming cattle rancher. Read More
FBI - Freedom of Information Act
Blue Ribbon Campaign The campaign for online freedom of expression
2005
The Department of Homeland Security is monitoring inter- library loans. Agents look for books on a "watch list". President Bush has authorized the National Security Agency to spy on as many as 500 people at any given time since 2002 in this country. The eavesdropping was apparently done without warrants. 1
President Bush acknowledged on Saturday that he had ordered the National Security Agency to conduct an electronic eavesdropping program in the United States without first obtaining warrants, and said he would continue the highly classified program because it was "a vital tool in our war against the terrorists." 2
Keep your K12 Schools Safe. Security at Schools.
"640K ought to be enough for anybody." - Bill Gates in 1981
IT'S SO SECURE I CAN'T LOG IN !