Sunday, November 4, 2012

@tqbf First they came for the small round rare-earth magnet sets

Thomas Ptacek posted this on Twitter. I was not sure of the context."First they came for the small round rare-earth magnet sets, and I said nothing." Then I read this news story about Mother Russia's new Internet Surveillance system:

"Most importantly, however, the new Roskomnadzor system introduces DPI (deep packet inspection) on a nationwide scale. Although DPI is not mentioned in the law, the Ministry of Communications — along with the biggest internet corporations active in Russia — concluded in August that the only way to implement the law was through deep packet inspection."

Stolen cell phone pictures, a cautionary tale

The Register carried an article about a woman with revealing pictures of herself that were stolen by two Verizon employees working on her phone. They then distributed the pictures.

Anything on the Internet is going to be around forever. Use caution. "the two men worked at a Verizon store in Bartow, Florida, where one, Joshua Stuart, 24, helped a nubile local waitress transfer her data from her old handset to a new smartphone. Unbeknownst to her, he also took a copy of some of the pictures from the phone's memory for his personal perusal, it's alleged, as well as for a colleague."

NBC gets it on Guy Fawkes Day

According to ZDNET, "NBC had its Web sites hacked on November 4th. The sites are now coming back up, but hours after the initial Sunday morning attacks, there are still dead pages and others that aren't working properly."

"The hacker, who called himself, "pyknic," replaced the Websites with a simple page displaying scrolling text saying, “Remember, remember the fifth of November. The gunpowder treason and plot. I know of no reason why the gunpowder treason should ever be forgot.”"

According to Time, "In recent years, Fawkes' legacy has broadened. He provided the inspiration for the tile character in the Wachowski brothers' V for Vendetta, in which a masked crusader embarks on a terrorist campaign against a totalitarian British dystopia."

Thursday, November 1, 2012

Apple IOS 6.0.1

I first heard about this release from the Internet Storm Center, a great source of news. So, I did a few Google searches and nobody seemed to be screaming that it brick'd their iPhone or iPad. I just finished updating my iPad. Then I saw this article from Sophos saying you really should for security reasons.

From the article: "But you ought to have grabbed it with both hands for security reasons: iOS 6 patched a whopping 197 CVE-numbered vulnerabilities in 41 system components"

Give em heck, Mr. Gary McGraw

Oh yeah! If you have not read Gary's article on "active defense" you really should.

One quote from the article, "When the Washington Post publishes a story hyping an ill-considered notion of cyber-retaliation misleadingly called "active defense" as a rational idea, we should all worry."

Another take on this from the HP Blog, says: "s a strategy for an enterprise, "going on the offensive" is, I believe, small-minded. here's why. With so many difficult factors to consider which I'll discuss in a minute, it's really hard to allocate resources to offensive strategy. Let's take even one more step backwards, first. When thinking about offensive security measures as a means of digital defense, we have to ask ourselves what the return on effort is. What is there to gain?"

This may all be about guerrilla marketing, an article in Reuters quotes former FBI agent Shawn Henry, how has joined CloudStrike: ""Not only do we put out the fire, but we also look for the arsonist," said Shawn Henry, the former head of cybercrime investigations at the FBI who in April joined new cyber security company CrowdStrike, which aims to provide clients with a menu of active responses.

Let's give HBGary, the last word. I think their approach to Active Defense is a bit more sane. "Armed with advanced enterprise threat intelligence provided by Active Defense, organizations can quickly gather critical evidence to contain the threat, locate compromised machines, and assess damage. For example, one can use its IDS to detect additional infected machines, data exfiltration can be blocked at the egress firewall, and malware can be cut off from Command and Control servers."

Physical security, Amy Weber laptop stolen

WWE Amy Weber had her laptop stolen so she is preemptively posting naked pictures of herself according to this article.

No, I am not going to go get the NSFW links for you,and we have to give her some credit, she must have had backups.

Judge OKs warrantless cameras on private property

Bit by bit the United States seems to be headed towards being a police state. So sad. Read the story here.

According to the CNET article, "That recommendation said that the DEA's warrantless surveillance did not violate the Fourth Amendment, which prohibits unreasonable searches and requires that warrants describe the place that's being searched."

COOP, NYC Data Centers

Slashdot has a nice concise article on the fight to keep data centers running. Apparently after ConEd pulled the plug, they went to generators which were located in the basements. Enter the record storm surge and the generators drowned. They brought in alternate generators ( that has to be a story all by itself, delivering industrial generators in a hurricane ) and so now they are pumping their basements and trying to keep their generators fueled.

The Wall Street Journal blog, has a great photo of the Verizon basement and an in-depth story as well.

Verizon is continuing updates on their blog. This has a really cool picture of their 18 wheeler mobile communications center serving Nassau county.

My brain is screaming one thing over any other. SLAs. Gawker and the other web sites that went down, almost certainly had Service Level Agreements with the ISPs and data centers. Time for someone to write a check I suspect.