Information Security News
Microsoft will publish 9 bulletins next patch tuesday, withÂ 7 important and 2 critical bulletins. More information at https://technet.microsoft.com/library/security/ms14-aug
Infosecurity Magazine Home » Interviews » Lay Your Chips Down: An Infosec ...
Even just a few short years ago, infosecurity firms were far from the top of most venture capitalists' investment list. Security vendors, the argument went, were too slow-burning to interest the VC community. Investors wanted growth companies, and ...
SCADA systems are not composed the same way as regular IT systems. Therefore, the risk and vulnerability assessment cannot be performed as it is done for any other IT system. The most important differences are:
|Digital Control Unit|
|DER||DER Managed generation and storage devices|
|Customer Energy Management System|
|Remote Fault Indicators|
|WAMPAC||Phasor Measurement Units|
|Device which includes Phasor Measurement Unit capabilities|
|Field Deployed Phasor Data Concentrator|
|Field Deployed Phasor Gateways|
Table 1: Devices in the Smartgrid Network
This means we need to considering a specific methodology for this type of infrastructure that leads to effective risk mitigation for proper detection of vulnerabilities in the smartgrid system. I want to recommend one today named Guide to Penetration Testing for Electric Uitilities created by the National Electric Sector Cybersecurity Organization Resource (NESCOR). This metodology is composed by the following steps:
Let's explain the steps a little bit:
by Lee Hutchinson
Yahoo Chief Information Security Officer Alex Stamos announced today at Black Hat 2014 that starting in the fall of this year, the purple-hued company will begin giving users the option of seamlessly wrapping their e-mails in PGP encryption. According to Kashmir Hill at Forbes, the encryption capability will be offered through a modified version of the same End-to-End browser plug-in that Google uses for PGP in Gmail.
The announcement was tweeted by Yan Zhu, who has reportedly been hired by Yahoo to adapt End-to-End for use with Yahoo Mail. Zhu formerly worked as an engineer at the Electronic Frontier Foundation, an organization that has consistently been outspoken in its call for the widespread use of encryption throughout the Web and the Internet in general.
In an interview with the Wall Street Journal, Stamos acknowledged that the introduction of encryption will require some amount of education for users to make sure their privacy expectations are set appropriately. For example, he explained that PGP encryption won’t cloak the destination of your e-mail. "We have to make it clear to people it is not [a] secret you’re emailing your priest, but the content of what you’re e-mailing him is secret," Stamos said.
Hundreds of thousands of websites running a popular WordPress plugin are at risk of hacks that give attackers full administrative control, a security firm warned Thursday.
The vulnerability affects Custom Contacts Form, a plugin with more than 621,000 downloads, according to a blog post by researchers from Sucuri. It allows attackers to take unauthorized control of vulnerable websites. It stems from a bug affecting a function known as adminInit(). Hackers can exploit it to create new administrative users or modify database contents.
"The vulnerability was disclosed to the plugin developer a few weeks ago, they were unresponsive," Sucuri researcher Marc-Alexandre Montpas wrote. "The developers were unresponsive so we engaged the WordPress Security team. They were able to close the loops with the developer and get a patch released, you might have missed it."
In a shift aimed at fostering wider use of encryption on the Web, Google is tweaking its search engine to favor sites that use HTTPS to protect end users' privacy and security.
Sites that properly implement the transport layer security (TLS) protocol may be ranked higher in search results than those that transmit in plaintext, company officials said in a blog post published Wednesday. The move is designed to motivate sites to use HTTPS protections across a wider swath of pages rather than only on login pages or not at all. Sites that continue to deliver pages over unprotected HTTP could see their search ranking usurped by competitors that offer HTTPS. Facebook is also getting more serious about encryption, with plans to acquire PrivateCore, a company that develops encryption software to protect and validate data stored on servers.
In Wednesday's post, Google Webmaster Trends Analysts Zineb Ait Bahajji and Gary Illyes noted that Google was among the first sites to offer end-to-end HTTPS protection by default across virtually all of its properties. It has also offered a variety of tools to help sites detect and recover from security breaches. They went on to write:
Black Hat 2014 Keynote: What InfoSec Needs to Do
In a far-ranging speech, Geer outlined 10 policy proposals “on a suite of pressing current topics,” such as government surveillance, embedded systems security, net neutrality, the right to be forgotten, and the state of vulnerability research and ...
CIA infosec guru: US govt must buy all zero-days and set them free
Black Hat 2014: Dan Geer says system dependencies threaten security