The Week(s) that Was (Were) – 8/31/2012

It’s been a tough couple of weeks, sports fans.  I’ve not been good about keeping up on INFOSEC current events and sharing them out with you.  Here is a backlog that has a big blind spot from last week.  Feel free to make any article suggestions I should include from the blind spot and I’ll get them next week.

There was a lot of talk about infrastructure in this batch. [12],[18],[22]  This is always a tricky subject to discuss. You want to discuss the weakness without drawing too much attention to them.  I think we all acknowledge there is much room for improvement in our infrastructure control network.  These are just the latest observations.

The potential attack vector on human brainwaves is a little unnerving, but you can probably find all of that on Facebook anyway. [7], [10]  And speaking of brainwaves, Mr. Jack Daniel has some interesting insight on how to market to us INFOSEC types.  [9]

Link Dump

[1]
E. Chickowski, “ABCs Of Factoring Risk Into Cloud Service Decisions,” Dark Reading. [Online]. Available: http://www.darkreading.com/risk-management/167901115/security/news/240006584/abcs-of-factoring-risk-into-cloud-service-decisions.html. [Accessed: 31-Aug-2012].
[2]
K. Jackson-Higgins, “Crypto Experts Called On To Crack Cyberspy Tool’s Encryption,” Dark Reading, 14-Aug-2012. [Online]. Available: http://www.darkreading.com/advanced-threats/167901091/security/attacks-breaches/240005480/crypto-experts-called-on-to-crack-cyberspy-tool-s-encryption.html. [Accessed: 15-Aug-2012].
[3]
T. Walsh, “Excellence in Risk Management IX: Bridging the Gap: Be Visible, Be Valuable, Be Strategic.” March & McLennan Companies, 16-Apr-2012.
[4]
C. Osborne, “FTC accuses Facebook of misleading developers over security,” ZDNet, 13-Aug-2012. [Online]. Available: http://www.zdnet.com/ftc-accuses-facebook-of-misleading-developers-over-security-7000002528/. [Accessed: 14-Aug-2012].
[5]
B. Krebs, “Inside a ‘Reveton’ Ransomware Operation,” Krebs on Security, 12-Aug-2012. [Online]. Available: http://krebsonsecurity.com/2012/08/inside-a-reveton-ransomware-operation/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+KrebsOnSecurity+%28Krebs+on+Security%29&utm_content=Google+Reader. [Accessed: 14-Aug-2012].
[6]
“iOS Security.” Apple, Inc., May-2012.
[7]
P. F. Roberts, “Leaky web sites provide trail of clues about corporate executives,” IT World, 13-Aug-2012. [Online]. Available: http://www.itworld.com/print/289519. [Accessed: 15-Aug-2012].
[8]
P. C. Pinto, P. Thiran, and M. Vetterli, “Locating the Source of Diffusion in Large-Scale Networks,” Phys. Rev. Lett., vol. 109, no. 6, p. 068702, Aug. 2012.
[9]
J. Daniel, “Marketing to the cynical, skeptical, and jaded (us),” Uncommon Sense Security. 13-Aug-2012.
[10]
J. Schofield, “‘Mind hackers’ could get secrets from your brainwaves,” ZDNet, 27-Aug-2012. [Online]. Available: http://www.zdnet.com/mind-hackers-could-get-secrets-from-your-brainwaves-7000003267/. [Accessed: 28-Aug-2012].
[11]
T. Armerding, “Mysterious font left by malware befuddles -,” CSO Online, 14-Aug-2012. [Online]. Available: http://www.csoonline.com/article/713588/mysterious-font-left-by-malware-befuddles?source=rss_data_protection. [Accessed: 14-Aug-2012].
[12]
D. Goodin, “Mystery malware wreaks havoc on energy sector computers,” Ars Technica. [Online]. Available: http://arstechnica.com/security/2012/08/shamoon-malware-attack/. [Accessed: 17-Aug-2012].
[13]
E. Messmer, “New NIST encryption guidelines may force fed agencies to replace old websites,” Network World, 15-Aug-2012. [Online]. Available: http://www.networkworld.com/news/2012/081512-nist-tls-261670.html. [Accessed: 17-Aug-2012].
[14]
A. Lane, “Pragmatic WAF Management: Policy Management,” Securosis, 13-Aug-2012. [Online]. Available: https://securosis.com/blog/pragmatic-waf-management-policy-management. [Accessed: 14-Aug-2012].
[15]
B. Schneier, “Preventive vs. Reactive Security,” Schneier on Security, 13-Aug-2012. [Online]. Available: http://www.schneier.com/blog/archives/2012/08/preventive_vs_r.html. [Accessed: 14-Aug-2012].
[16]
R. Lemos, “Researchers Hunt Sources Of Viruses, Memes,” Dark Reading, 14-Aug-2012. [Online]. Available: http://www.darkreading.com/advanced-threats/167901091/security/security-management/240005585/researchers-hunt-sources-of-viruses-memes.html. [Accessed: 15-Aug-2012].
[17]
D. Fisher, “Shamoon Malware Steals Data, Overwrites MBR,” ThreatPost, 16-Aug-2012. [Online]. Available: https://threatpost.com/en_us/blogs/shamoon-malware-steals-data-overwrites-mbr-081612. [Accessed: 17-Aug-2012].
[18]
“Simulation: what if digital WMDs attack America?,” KurzweilAl, 11-Aug-2012. [Online]. Available: http://www.kurzweilai.net/simulation-what-if-digital-wmds-attack-america. [Accessed: 14-Aug-2012].
[19]
E. Messmer, “Startup envisions CISO collective to share cyberattack information,” Network World, 14-Aug-2012. [Online]. Available: http://www.networkworld.com/news/2012/081412-securitystarfish-261634.html. [Accessed: 16-Aug-2012].
[20]
S. Garfinkel, “The iPhone Has Passed a Key Security Threshold,” Technology Review, 13-Aug-2012. [Online]. Available: http://www.technologyreview.com/news/428477/the-iphone-has-passed-a-key-security-threshold/?ref=rss&utm_source=buffer&buffer_share=e8512. [Accessed: 13-Aug-2012].
[21]
“The Mystery of the Encrypted Gauss Payload,” securelist.com, 14-Aug-2012. [Online]. Available: http://www.securelist.com/en/blog/208193781/The_Mystery_of_the_Encrypted_Gauss_Payload. [Accessed: 15-Aug-2012].
[22]
R. M. Baum, “U.S. Needs To Spend More On Infrastructure,” Chemical and Engineering News, 16-Jul-2012. [Online]. Available: http://cen.acs.org/articles/90/i29/US-Needs-Spend-Infrastructure.html. [Accessed: 14-Aug-2012].
[23]
S. Baker, “US-China ‘proxy’ talks on cyberweapons,” The Volokh Conspiracy, 02-Jul-2012. [Online]. Available: http://www.volokh.com/2012/07/02/us-china-proxy-talks-on-cyberweapons/?ModPagespeed=off. [Accessed: 13-Aug-2012].

Leave a Reply

%d bloggers like this: