AgitProp de la Journée: PRC PLA Focuses on Cyberwar →
Apparently, The Hill's Cory Bennett possesses a strong belief the PRC PLA are putting a 'new' focus on their cyber-this-or-that.
Humble →
"Being involved in information security is intimidating. Not just because you are dealing with complex technology with serious implications if you fail, but everyone around you is going to be smarter than you. Even your adversaries. Especially your adversaries. Get used to it." - via Tripwire's Ken Westin
Twenty One Forty →
Yes, Bunky, hindsight truly is 20/140...
"The seven young men sitting before some of Capitol Hill’s most powerful lawmakers weren’t graduate students or junior analysts from some think tank. No, Space Rogue, Kingpin, Mudge and the others were hackers who had come from the mysterious environs of cyberspace to deliver a terrifying warning to the world." - via The Washington Post's Craig Timberg
Le Bots Émerger →
La Fin de Twitter est Proche, otherwise known as The End of Twitter, Inc. (NasdaqGS: TWTR) is Near... via The Harvard Business Review, and written by Alexandera Samuel, comes this tell-all on the rise of 'bots infecting Twitter, and not necessarily the 'bots you may think. Entitled "How Bots Took Over Twitter". Congratulations, you have discovered Today's Must Read.
All Your Automatonic Security Are Not Belong To Us →
Well crafted thought piece appearing over at Darkmatters, a Norse blog, written by the inimitable Pete Herzog, regaling us with the truth of robotic security. Today's MustRead.
"The problem is that automating security creates a paradox. You see, in security, automation works best as a tool and not a wielder of tools. You see, your security automation is in charge of making periodic and systematic changes to controls and then verifying those changes." via Darkmatters, a Norse Security blog, by Pete Herzog
Cyberwarfare, Not Game of Thrones... →
The Badness Continues, Flaws in iOS and OS X →
"The consequences of such attacks are devastating, leading to complete disclosure of the most sensitive user information (e.g., passwords) to a malicious app even when it is sandboxed," the researchers warned. "Such findings, which we believe are just a tip of the iceberg, will certainly inspire the follow-up research on other XARA hazards across platforms." - via Dan Goodin, writing at Ars Technica
Smells Like Incompetence
via journalist Malena Carollo reporting for the eponymous Christian Science Monitor, comes an astonishing news item of what is perhaps the single most egregious failure in federal information security this century (so far...).
"Moving forward, Archuleta assured the committee that OPM would continue to improve their cybersecurity efforts and work on the recommendations given by the Inspector General "to the best of our ability." "That’s what frightens me, Mrs. Archuleta," said Rep. Mick Mulvaney (R) of South Carolina, "that this is the best of your ability." - via Malena Carollo reporting at the Christian Science Monitor
...to the Battlements, Yonder!
RAND Corporation, has published a not-entirely-surprising study targeting what appears to be the highly unsuccessful security postures of organizations under scrutiny. Entitled "The Defender's Dilemma: Charting a Course Toward Cybersecurity". Apparently, the notion of "Come And Take It" is not a particularly successful stratagem in modern electronic warfare...
Citation Libicki, Martin C., Lillian Ablon and Tim Webb. The Defender's Dilemma: Charting a Course Toward Cybersecurity. Santa Monica, CA: RAND Corporation, 2015. http://www.rand.org/pubs/research_reports/RR1024. Also available in print form.
Steganography, In the Round →
A more complete explanation, via Sophos security blog Naked Security author Paul Ducklin, of steganography in-the-round, as it were...