Information Security News
Full Cyber Security program approved at Huntsville City Schools Career ...
Infosec 1 would be available for 9th graders. That class is already going this semester, through a pilot program. “They're going to learn about areas of vulnerability. And it is the basis of our cybersecurity program,” said Moon. Fall of 2015 will ...
The chairman of the youth wing of the Swedish Pirate Party successfully fooled attendees at a major Swedish security and defense conference into connecting to an open Wi-Fi network that he controlled—as a way to protest mass digital surveillance.
According to The Local, an English-language newspaper in Sweden, Gustav Nipe watched earlier this week as around 100 politicians, military officers and journalists logged into a network called “Open Guest” and proceeded to search for various non-work-related things including “forest hikes” and monitor eBay auctions.
Previously Nipe was involved in the Pirate Party’s efforts to create its own ISP in 2010, and founded the Church of Kopimism, which was formally recognized by Swedish tax authorities in 2011.
Toolswatch published today the best 2014 security tools according to their readers. I like to use From that list I like OWASP ZAP, BeEF, OWASP Xenotix and PeStudio. However, I definitely miss some tools like the one contained in REMnux Distro for malware analysis, DFF and the SANS SIFT 3 distro for forensics, not to mention Wireshark and tcpdump, which I find unique for anomaly detection.
Which security tool is your favorite? Do you agree with the tools listed? Let us know via contact form or comment to this diary.
It was a mistake for the National Security Agency to support a critical cryptographic function after researchers presented evidence that it contained a fatal flaw that could be exploited by US intelligence agents, the agency's research director said.
The comments by NSA Director of Research Michael Wertheimer were included in an article headlined The Mathematics Community and the NSA published this week in a publication called Notices. The article responds to blistering criticism from some mathematicians, civil liberties advocates, and security professionals following documents provided by former NSA subcontractor Edward Snowden showing that the agency deliberately tried to subvert widely used crypto standards. One of those standards, according to The New York Times, was a random number generator known as Dual EC_DRBG, which was later revealed to be the default method for generating crucial random numbers in the BSAFE crypto toolkit developed by EMC-owned security firm RSA.
NSA officials shepherded Dual EC_DRBG through the National Institute of Standards and Technology (NIST) in 2006. A year later, researchers from Microsoft presented evidence that the number generator contained a type of backdoor known to cryptographers as a "trap door." The weakness, the researchers said, allowed those who knew the specific NSA-generated points on the standard's elliptic curve to work backward to guess any crypto key created by the generator. Despite widespread coverage of the research and concern expressed by security experts, the NSA continued to support Dual EC_DRBG. It wasn't until September 2013—six years after the research came to light—that RSA advised customers to stop using the NSA-influenced code. Last year, NIST also advised against its use.
New report: DHS is a mess of cybersecurity incompetence
The report says (and echoes the sentiments of many civilian infosec professionals) that the DHS approach on vuln mitigation is nothing but a losing strategy. "The nature of cybersecurity threats -- and the ability of adversaries to continuously develop ...
US feds failing to protect govt buildings from cyber threats
Human factor problems persist with EHRs Updated numbers have CMS more ...
CIO leader outlines an InfoSec strategy in HealthcareInfoSecurity: http://bit.ly/1KGcdBj. How hospitals are tackling costs in 2015 — special report by Healthcare IT News: http://bit.ly/1wb6IzR. ** A message from the Leidos Partnership for Defense ...
Scholarships available for Johnson County students
Johnson County students are eligible for the Gail Clay Scholarship, the Johnson County Educational Growth Scholarship, the Johnson County Scholarship, the James K. Goldston INFOSEC Scholarship, and the Debbie Van Cleave Scholarship. For further ...