CSIA 459

An interesting review of the different attack vectors threatening tomorrow's automobiles.

The World Economic Forum (WEF) is a Geneva-based non-profit organization best known for its Annual Meeting in Davos, Switzerland, the Annual Meeting of New Champions in China (Summer Davos) and the Summit on the Global Agenda in Dubai. It also releases research reports such as the Competitiveness Reports and Risk Reports and engages with its members in sector-specific initiatives.

Independent security company Mandiant releases a report on one of China's cyber espionage units. The report is a little over 70 pages and describes, in detail, the five W's on an active persistent threat. The appendix also shows the tools available from the Mandiant to conduct the same type of "research". In all it is a great read.

Update: Apple restored the password resets on Friday night. Apple suspended the password-reset functionality for its iCloud and iTunes services following a published report that hackers could exploit it to hijack other people's accounts. The password reset page stopped loading a few hours after The Verge reported there was an online tutorial that provided detailed instructions for taking unauthorized control of Apple accounts.

This video is 90 minutes long. However, if you open the link, the video is separated by nine chapters. You can put your cursor on the bottom of the video and see each of the chapters and the topic. Find at least one chapter of interest to you and watch it. Each chapter tells you how long it is after you start it.

What I found most interesting in this video was the research being conducted regarding students who multitask, and their perceived ability of doing it well. In fact, as the experiments and testing show, the researchers are proving just the opposite. The younger generation that believe they are multitasking well are only able to work in small chunks, and their work tends to show this. Students are unable to carry out long tasks, they get bored, and they put together papers in sections which directly correlates to their on and off study habits. I also found myself relating to the discussion of needing to satisfy a thought at the moment it pops, and change from doing one thing say, watching the video, into another, listening to the video, and looking at the photographs I took today. In either case, not accomplishing either with the same effectiveness that I would have had I completed them one at a time. The internet, and multiple monitors, helps feed this addiction.

Does this article from 1998 still hold true today?

I believe this article is still very relevant. After reading Bruce Schneier's article, one of the things I took away was his comment regarding the inherent lack of security created by implementers of tamper resistant methodologies, such as smart cards, and biometric technologies. If these systems fail, we want to make sure that we can still access the resource which is being protected, so we tend to build insecure systems in place to bypass the tamper resistant security. In the end, things like biometrics and smart cards seem to be built more for convenience, instead of security. A similar affect is pointed out in the article when users give their access tokens to others so they can do their work. As long as the human element has control in the implementation of security, the risk of failure will always be there, no matter how great the security method is.

WASHINGTON - The C.I.A. drone strike that killed Anwar al-Awlaki, the American-born propagandist for Al Qaeda's rising franchise in Yemen, was one more demonstration of what American officials describe as a cheap, safe and precise tool to eliminate enemies. It was also a sign that the decade-old American campaign against terrorism has reached a turning point.

You might have heard about the "kill list." You've certainly heard about drones. But the details of the U.S. campaign against militants in Pakistan, Yemen, and Somalia -- a centerpiece of the Obama administration's national security approach - remain shrouded in secrecy. Here's our guide to what we know-and what we don't know.

This ranking of cloud start ups could be helpful to you for your research project.

Very interesting report. People voted, not technicians, nor security agencies, just people who use the system. It seems a lot like how the personal computer came and the internet was created. Just get it up and running and security will come later. How can that be? A countries banking system just got compromised. No inspection standard to say this cloud solution is safe, just a group of people who say they can access that information when they want and the company saying it is perfectly safe. Little do they know it could also be accessed by others just as quickly - just my opinion, not quite facts yet.

For your cloud computing assignment

I liked this article very much and understand his concerns. It is very hard to trust something that you can't examine. How do cloud computing agencies validate their systems, with there be a GOP security report that tells us what agencies are legitimate. I have to read that top 10 cloud reporting article to see exactly how that was determined.

Researcher uncovers hundreds of different custom malware families used by cyberspies -- and discovers an Asian security company conducting cyberespionage

This article raises some serious questions in my opinion. As we move more into an environment where cyber warfare is to be used against different countries, where are the lines drawn between declaring war. As this article discusses, it is not as easy to see who actually was behind the attack, and an attack coming from Chinese, or some other countries IP space, is not neccessarily a state sponsored attack, nor is it neccessarily coming from someone inside the country. In a hack back scenario, it could be determined after the fact that whatever country was thought to initiate the first move, was actually a victim of a "zombie/bot" type of controlled attack that was actually initiated in another country. Can you say, Wargames? Edited 3222013: as I spoke yesterday, today guess what? http://news.yahoo.com/skorea-misidentifies-china-cyberattack-origin-071350510.html

Evaluating technologies

How can you tell who is servicing your systems if they are in the clouds? Should the ATM network be placed in the clouds? Something to ponder about

This website gives information about Cyber Threats to Mobile Phones. The US-CERT provides valuable information on this site concerning recent threats.

Article supports drones as being an emerging technology. ASSignment1, Part1 Support

Interesting article, It seems to me that this is just another one of those cases about flexing the "muscle" of the Freedom of Information Act. In my opinion it is pretty common knowledge that targeted drone strikes are being used to eliminate enemies; so why is it so important here that the C.I.A. has to acknowledge these attacks? What would that accomplish? The media outlets already report on successful drone strikes and now there are even military medals to recognize drone pilots. http://www.fsunews.com/article/20130318/FSVIEW0303/130317001/New-military-medal-stirs-controversy-?odyssey=mod|newswell|text|frontpage|s

I just wonder how long it's going to take before something comes out of these attacks. Using these drones to fly into other countries like Pakistan, and "take out" suspected enemies is pretty borderline in my opinion. If this were to happen in America, we would certainly not stand for it, and would declare war on the country that carried out the action. Pushing the button from California on a drone missle is alot like conducting cyber warfare from one country to another. The damage that can be done is becoming greater and greater every day as technology is starting to tie together national infrastructures. In my opinion, drones are the some of the first of the cyber warfare machines.

Read and explore this NIST website. Do you see any products that are you are familar with? Can you determine how this program enhances the security of these products?

After looking through the website, I found the Vendor list for 140-2, which provides what I would think is the complete product list of Vendors and products which meet the standard. A couple items which meet the standard are Microsoft Windows 7 Bitlocker Drive Encryption, and Research In Motions Blackberry Cryptographic Kernel. It is important that the CMV Program is in place within the U.S. If we are going to rely on encryption to keep our secrets safe, then the products we use to encrypt our data, need to be checked to ensure they are secure.

I wonder if they had cake... DoD/DISA's email system signed-up its 1 millionth user last week. Now that's a lot of Exchange mailboxes. This article has it listed as a cloud service... is it? It's true that DISA doesn't keep it's cloud presence a secret, a quick google search will tell you the URL is https://web.disa.mil - but since you can't get very far without a CAC.. is this truly cloud? What is the definition of cloud?

I don't know how fancy we are supposed to be with sharing these web resources, but I enjoy twitter because of how fast and easy current events are presented.