Not Even Close: The State of Computer Security: Microsoft's James Mickens gives us a light-hearted survey of the bleak, hideous security present and why things are going to get much, much - much - worse in the future. [more inside]
We Should All Step Back from Security Journalism. I’ll Go First. Quinn Norton (previously) responds to the sentencing of Barrett Brown (previously.) [Via]
"I had a rare Twitter username, @N. Yep, just one letter. I’ve been offered as much as $50,000 for it. People have tried to steal it. Password reset instructions are a regular sight in my email inbox. As of today, I no longer control @N. I was extorted into giving it up."—Naoki Heroshima explains how his accounts were hacked in order to force him to give up his single-letter Twitter handle. [more inside]
Russia’s Top Cyber Sleuth Foils US Spies, Helps Kremlin Pals. 'Between 2009 and 2010, according to Forbes, retail sales of Kaspersky antivirus software increased 177 percent, reaching almost 4.5 million a year—nearly as much as its rivals Symantec and McAfee combined. Worldwide, 50 million people are now members of the Kaspersky Security Network, sending data to the company’s Moscow headquarters every time they download an application to their desktop. Microsoft, Cisco, and Juniper Networks all embed Kaspersky code in their products—effectively giving the company 300 million users.' [more inside]
An unauthorized certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. This issue affects all supported releases of Microsoft Windows.
"Flame" is the name of a newly-identified malware program which utilizes a previously unknown MD5 collision attack to successfully spoof Microsoft Terminal Services, and install itself as a trusted program using Windows Update, Microsoft has confirmed. The program appears to have targeted computers in the Middle East, and specifically Iran; analysts have alleged it is likely created by the same entity that designed Stuxnet. Flame has been live and actively spying since 2010, but went undetected until recently, due to sophisticated anti-detection measures. [more inside]
Journalist Ben Hammersley gives the UK's cybersecurity specialists his view of how the Internet is changing the world: "We expect everything. And we expect it on our own terms."
In-depth pieces in Vanity Fair and Wired detail the structure and impact of the Stuxnet worm, and what it means for the future of cybersecurity. (Previously)
High profile cybercrime researcher and blogger Dancho Danchev has been missing since September. Many in the security community fear for his safety, and a recent report (google translate) has placed him in a psychiatric hospital since December 11th. (via)
Symantec’s “Hack Is Wack,” And Cybersecurity’s Most Embarassing Marketing Campaigns: Hack is Wack previously Jackie Chan - Kaspersky 2010 Antivirus Commercial. Ex Gang member turns Computer Hacker. Don't Copy That Floppy. & Don't Copy That Floppy 2.0.
According to an article posted in today's Wall Street Journal, the electricity grid in the U.S. has been compromised by foreign spies, leaving it vulnerable to disruption. Last year, the CIA acknowledged that the system had been compromised and that the goal had been extortion. In response, the Federal Electric Regulatory Commission issued new cybersecurity specs for the power grid, to which companies such as GE have begun responding. But could it be that the new security efforts are motivated by government officials who stand to gain by this attempt at drastically increasing government control over the Internet? [more inside]
Attention, Wi-Fi users: The Department of Homeland Security sees wireless networking technology as a terrorist threat.
Attention, Wi-Fi users: The Department of Homeland Security sees wireless networking technology as a terrorist threat. That was the message from experts who participated in working groups under federal cybersecurity czar Richard Clarke and shared what they learned at this week's 802.11 Planet conference. Wi-Fi manufacturers, as well as home and office users, face a clear choice, they said: Secure yourselves or be regulated. Is this reasonable? Is this really a threat to security? (via boingboing )
Is state government finally doing something right? Who knows? this seems legit enough. Apparently, if you register you can get cyber security alerts delivered to your mailbox. Can I register if I'm from say, Nebraska? Furthermore, how real is the threat to Florida's cyber infrastructure anyways?