Coin, Same, Two Sides of... →
Apparently, string theory and loop quantum gravity may be two sides of the same coin, as it were... Astonishing.
Ukranian SCADA Systems Malware Infection Discovered →
News, of reportedly SCADA malware infections have been published via Motherboard; in which, those infections (also reportedly) point to cyberattack vectors).
'“The fact that malware was recovered from the network at all, and the fact that it's newer, gives a high confidence assessment that the cyberattack on Ukraine was legitimate,” Lee told Motherboard in a phone interview. Lee said the malware was “unique,” implying that it likely wasn't something that just happened be on the grid network during the outage.' - Robert M. Lee, a former US Air Force cyber warfare operations officer as well as the founder and CEO of Dragos Security, wrote on the SANS ICS Security Blog
Sophos, Power Grid Workers Expose Sensitive Information →
Originally brought to my beleagured attention by the inimitable Bob Radvanosky at Infracritical's SCADASEC, comes this well-wrought news piece from SOPHOS' NakedSecurity blog author Lisa Vaas. Illuminating the truly idiotic behaviors by workers in the Power Generation business...
National Nuclear Security Administration and Argonne National Laboratory, National Security Work →
Good On Ya! News of mutual cooperation work, undertaken by Argonne National Laboratory and the National Nuclear Security Administration percolated up through the flotsam of mid-winter storms, runs on supermarkets and that ilk, making an impression of positivity in and around Casa Infosecurity this past weekend... Today's Must Read.
Quantum of Weirdness →
Bad DB →
DarkMatters takes us down the slippery-slope of poorly configured Databases, and Database Management Systems. Threats abound, yet little is accomplished to remdiate (until after data loss). Today's Must Read.
'As of this writing, there are more than 27,000 instances of MongoDB and approximately 29,000 instances of Redis on the internet that do not have authorization enabled. Misconfigured databases are just as dangerous as vulnerabilities—they provide the bad guys an easy-access, exploitable front door to user data.' via DarkMatters
Redmond's PAW →
Microsoft Corporation (NasdaqGS: MSFT) has released the Redmond, Washington software leviathan's Privileged Access Workstations.
Essentially, PAWS provisions a workstation to perform high risk-determined activities (SysAdmin work, for example), and permits a user VM on the machine to perform less sensitive, mundane tasks such as normal office tasks.
Seems a might crufty, eh?
'In simplest terms, a PAW is a hardened and locked down workstation designed to provide high security assurances for sensitive accounts and tasks. PAWs are recommended for administration of identity systems, cloud services, and private cloud fabric as well as sensitive business functions.' - via Microsoft Technet
Petard Pinch →
Deux Étape, L'Internet Quantum →
Welcome, my friends, to the show that (evidently) never ends... Of course, I am writing about our beloved interwebs, and in this case, L'internet Quantum.
"The future quantum Internet will need a network of satellites and ground stations, similar to that of the Global Positioning System, in order to exchange quantum keys instantaneously." - via Alexander Hellemans writing at IEEE Spectrum Magazine
Roots, Math of →
PhoneBoy's Existential Threat →
PhoneBoy's thought provoking post, noting the unpreparedness [from a defence perspective] of our society to cybersecurity threats. Quite obviously, today's Must Read.
191 Million
Thomas Fox-Brewster, writing at Forbes, regales us with the latest display of the demise of privacy: The formerly private records of 191,000,000 United States citizen's voting data, apparently yearning to be free, was granted it's wish and published in an on-line database of reportedly unknown origins... Available for consumption on our beloved interwebs. Astounding.