CSIA 459

Retina and iris scans, fingerprint and palm logins rely on possession of unique anatomical characteristics that you cannot forget as you might a password. But, Kenneth Revett of the British University in Egypt, in El-Sherouk City, reviews the state of the art in an alternative approach to user authentication in the inaugural issue of the International Journal of Cognitive Biometrics.

Very interesting article Justin. I like the idea of using biometrics as an authentication layer, vs. relying on a CA to issue digital certificates. In my opinion, biometrics should only use functions that can be read or measured when the person is alive.

Biometrics is great for a multi factored authentication. It is a very expensive approach to authenticating as well. I doubt there will be a market for it until the price for implementation drops drastically. I would not use it as a stand alone authentication approach.

I came across Sourcefire when doing research for centralized management solutions. They have some very interesting products and seem to be on the forefront of the industry.

2013 Threat Report

"Flame: Trying to Unravel the Mystery of Spying Malware"

We will see more of this type of modification of Stuxnet and Flame. The bad thing about finding stuff like this, is others who could not have made malware as technically advanced as this, will be able to modify it much easier than if they would have had to design it from scratch.

focused on the comment made by the analyst on the differentiation of cyber "war" vs. cyber "espionage" as it appears that Flame is more on cuber espionage since it is desgined to collect infor from specific targets.

If you like podcasts this is interesting - helping to understand that security does not really exist and instead we are just managing risk.

Scary when the criminals are fighting each other....

Framework for Insider threats

Interesting read, the Dept. of VA breach is a good reminder about physical security. It seems that quite often we focus so much on the technical that the fundamental is overlooked. It find it interesting that they have Stuxnet on this list. It is my understanding that Stuxnet was not really a data breach but more of a process breach.

Interesting article from the NY Times on how some companies are utilizing big data in the work environment.

This was an interesting and informative paper about rootkit design and methodologies to help us better understand their capabilities, and it give ways in which one can spy on the attackers.

Wanted to share even though it is off topic for this week. Definitely something that would be good to have over here in the States - especially at 51 dollars per month.

In relation to this week's Anonymous reading. WBC says they are going to protest the Boston victims.

Thought this was interesting - especially with all the current events involving North Korea.

Here's an interesting article from DHS. They're seeking high school students and college students.

This magazine published by UMUC is all about Cybersecurity. Thought you might enjoy reading it.

Article from the Washington Post about law enforcement's struggle to respond to "smaller" cybercrimes.

Interesting article about an app that has been specifically designed to take control of an airplane.

This paper provides insight into where fake antivirus comes from and how it is distributed, what happens when a system is infected with fake antivirus, and how to stop this persistent threat from infecting your network and your users.

This malware is highly profitable, with as many as 2.9 percent of compromised users paying out.