North Dakota To Permit Armed Police Drones →
News, via Cyrus Farivar, writing at ArsTechnica, of the end of civilization, this time in North Dakota, where a new law has been passed, permitting armed law enforcement drones. In this case, with a reportedly less-than-lethal payload. Today's unequivocal MustRead.
NIST Slates Cybersecurity Innovation Forum in September 2015 →
NIST 2015 Cybersecurity Innovation Forum has been scheduled for September 9, 2015 through September 11, 2015, at the Walter E. Washington Convention Center in Washington, D.C. The three day forum is sectioned into four tracks icluding Security Automation, Trusted Computing, Information Sharing and Cybersecurity Research. Register for the 2015 Cybersecurity Innovation Forum here.
Web Application Developers Put Millions At Risk →
Well crafted and insightful piece, written by Jai Vijayan, detailing developer security foibles - and in this case - discovered by researchers at the LOEWE Center for Advanced Security Research Darmstadt (CASED). Of which, an astounding number has emerged (56,000,000), of unsecured data resident in cloud systems (in this case PARSE and AWS). Phenomenal.
Hayden, Useless Change →
Superb screed from Cyrus Farivar writing at ArsTechnica, of General Hayden's view on this summers' modifications of the Freedom Act.
Naval OPSEC of the Future →
The United States Navy OPSEC of the future, is Tuesday's MustRead. Via the Navy's Office of the Chief of Information, comes this fascinating glimpse of the future.
Mozilla Privacy and Security Settings →
via gHacks, comes this superlative compendium of Mozilla's Firefox Security and Privacy related settings. All conveniently packaged for ease of deployment. And, as with any modification of the platform you have chosen, examine the settings thoroughly, test exhaustively, and deploy with mindful caution. Enjoy.
ISOC, 2015 Jonathan B. Postel Service Award Goes To Rob Blokzijl
The Internet Society has awarded the Jonathan B. Postel Service Award to Rob Blokzijl, Ph.D. for his tireless labor and over 25 years as the Founding Member, and Retired Chair (retired in May 2014) at (Réseaux IP Européens] aka RIPE. That work coupled with the critically important labor of assisting other European policy makers, engineers and scientists to spread the Internet across Europe informed the selection of Dr. Blokzijl!.
'During the 1980s, Dr. Blokzijl was active in building networks for the particle physics community in Europe. Through his experience at the National Institute for Nuclear and High Energy Physics (NIKHEF) and CERN, he recognized the power of collaborating with others building networks for research and travelled worldwide to promote cooperation across networkers. In the 1990s, Dr. Blokzijl was influential in the creation of the Amsterdam Internet Exchange, one of the first in Europe. His most widely recognized contribution is as founding member and 25-year chairman of RIPE, the European open forum for IP networking. Dr. Blokzijl was also instrumental in the creation of RIPE NCC in 1992, the first Regional Internet Registry in the world.' - via the Internet Society
US to Train Iran in Nuclear Security Best Practice - Including Cybersecurity
Likely one of the more blatantly misguided stipulations in the corporeal abomination known as the 'Joint Comprehensive Plan of Action', lies a component of the agreement, in Annex III. Within the Civil Nuclear Cooperation area, and in Section D that apparently commits the United States of America to enter unilateral defense training (think cybersecurity folks) of the Islamic Republic of Iran against all others (in this case the all others would be defined as to the State of Israel):
'10. Co-operation in the form of training courses and workshops to strengthen Iran's ability to prevent, protect and respond to nuclear security threats to nuclear facilities and systems as well as to enable effective and sustainable nuclear security and physical protection systems;' - Joint Comprehensive Plan, Annex III, Civil Nuclear Cooperation, Section D, within Nuclear Safety, Safeguards and Security
Redmond's Chatty Cathy
In Microsoft Corporation (NasdaqGS: MSFT) Windows 10*all-your-pc-are-belong-to-us* news, ArsTechnica writer Peter Bright regales us with a revelation of the largish trove of data the Redmond software leviathan is collecting from it's users, notwithstanding those users' expressed desire not to be tracked, by modifying the settings in the new OS'es Privacy settings.
Image Credit: ArsTechnica
Just one more nail in the coffin for X Fenestras, you ask? Probably not, as the vast majority of users simply don't possess the capability to determine what, if anything, they are sharing through the new Windows OS (actually as cruft-laden as anything Bill, Ballmer or Satya have produced) shipped on July 29th, 2015.
"...Windows 10 will periodically send data to a Microsoft server named ssw.live.com. This server seems to be used for OneDrive and some other Microsoft services. Windows 10 seems to transmit information to the server even when OneDrive is disabled and logins are using a local account that isn't connected to a Microsoft Account. The exact nature of the information being sent isn't clear—it appears to be referencing telemetry settings—and again, it's not clear why any data is being sent at all. We disabled telemetry on our test machine using group policies. Enlarge / We have no idea what's going on here. And finally, some traffic seems quite impenetrable. We configured our test virtual machine to use an HTTP and HTTPS proxy (both as a user-level proxy and a system-wide proxy) so that we could more easily monitor its traffic, but Windows 10 seems to make requests to a content delivery network that bypass the proxy...." via > ArsTechnica's*> Peter Bright*
Mobile Telephony, First Cut Is The Deepest
Apparently, the United States Supreme Court has been asked (via Petition) to weigh-in on the Department of Homeland Security's Standard Operating Procedure 303, originally developed by the National Security Telecommunications Advisory Committee. My take on it - Not Going To Happen.
Class Action Suit Targets FIAT-Chrysler and Harman International Over Jeepgate
Perhaps the preferred method to take vehicle manufacturers to task for their lackadaisical interest in mitigating the security vulnerabilites in their moving conveyances is a legal battle. Fiat Chrysler and Harman International Industries are about to become acquainted with the wrath of Jeep owners via the proverbial Class Action Lawsuit process. Regardless of the company's voluntary recall, they will, evidently, pay-the-piper for the previous 18 months of inaction, when they decided to take no action after being informed. Big. Mistake.