Information Security News
Review: The X-Files is back, but the fight for the future is over
Fear of surveillance gave way to active participation in one's own surveillance The X-Files nods to infosec — Mulder has a post-it over the camera on his computer — though it's clearly inexpert (neither Mulder nor Scully remove the batteries from ...
On 11 Jan, a Python script was posted on the full-disclosure mailing list that took advantage of a hardcoded ssh password in some older versions of various products from Fortinet (see complete list in Ref  below). Looking at our collected ssh data, weve seen an increase in scanning for those devices in the days since the revelation of the vulnerability. Nearly all of this scanning has come from two IPs in China (126.96.36.199 and 188.8.131.52). So if you haven" />
Jim Clausing, GIAC GSE #26
jclausing --at-- isc [dot] sans (dot) edu
Trust in Enterprise Security Drops as Budgets Tighten
If you accept both the Cisco 2016 Annual Security Report (registration required) and the HPE 2016 State of Security Operations Report (registration required) with equal weight, here's what you learn: As companies' security policies mature, their ...
A company that supplies audio-visual and building control equipment to the US Army, the White House, and other security-conscious organizations built a deliberately concealed backdoor into dozens of its products that could possibly be used to hack or spy on users, security researchers said.
Members of Austria-based security firm SEC Consult said they discovered the backdoor after analyzing the AMX NX-1200, a programmable device used to control AV and building systems. The researchers first became suspicious after encountering a function called "setUpSubtleUserAccount" that added an highly privileged account with a hard-coded password to the list of users authorized to log in. Unlike most other accounts, this one had the ability to capture data packets flowing between the device and the network it's connected to.
"Someone with knowledge of the backdoor could completely reconfigure and take over the device and due to the highest privileges also start sniffing attacks within the network segment," SEC Consult researcher Johannes Greil told Ars. "We did not see any personal data on the device itself, besides other user accounts which could be cracked for further attacks."
How to be a tech security Jedi, Part 3: Three Security Lessons from 'The Force ...
With that covered, let's get down to the business of dissecting what you can learn about information security from TFA. However—spoiler warning—I can't discuss the movie's infosec learnings without pointing out some of its scenes or plot points. If ...
A second state lawmaker has now introduced a bill that would prohibit the sale of smartphones with unbreakable encryption. Except this time, despite very similar language to a pending New York bill, the stated rationale is to fight human trafficking, rather than terrorism.
Specifically, California Assemblymember Jim Cooper’s (D-Elk Grove) new bill, which was introduced Wednesday, would "require a smartphone that is manufactured on or after January 1, 2017, and sold in California, to be capable of being decrypted and unlocked by its manufacturer or its operating system provider."
If the bill passes both the Assembly and State Senate and is signed into law by Gov. Jerry Brown (D), it would affect modern iOS and Android devices, which enable full-disk encryption that neither Apple nor Google can access. AB 1681’s language is nearly identical to another bill re-introduced in New York state earlier this month, but Cooper denied that it was based on any model legislation, saying simply that it was researched by his staff. He also noted that the sale of his own iPhone would be made illegal in California under this bill.
PECB Signs Partnership Agreement with Infosec Skills Ltd
PR.com (press release)
Therefore, teaming up with Infosec Skills to provide Lead Implementer and Lead Auditor courses for ISO 27001 is an exciting development for our company and we are determined to make a renewed and positive contribution; together we can build a strong ...