Group items tagged

This is my blog post for the week regarding online security, in this blog I discuss who security is truly intended for when the issue of national security is presented regarding the Internet.

A short and sweet introduction in to the developing cyber security threat and the vision behind Barack Obamas Cyber security plan launched in May 2009.

n remarks at a news conference Thursday, Clinton said the United States will hold talks with the United Arab Emirates over its decision to suspend some BlackBerry services due to security concerns. "We are taking time to consult and analyze the full the range of interests and issues at stake because we know that there is a legitimate security concern," she said. "But there is also a legitimate right of free use and access. So I think we will be pursuing both technical and expert discussions as we go forward."

This article is dealing with the recent disclosure by Google that it had fallen victim to a cyber attack. It renews the growing sentiment that a global response to the issue of cybersecurity is needed with particular emphasis on the cooperation between the government and business sectors.

Interesting comparison was made in this article regarding President Obama's priorities. It stated that "Obama has made cyber security a top priority for his administration, and has listed the threat from cyber weapons along with other weapons of mass destruction - such as nuclear, chemical and biological weapons." Is it fair to make a comparison between the threat of nuclear weapons and threats which exist within the world of computers?

It's a well-known fact that small businesses are more susceptible to cyber-crime than many of their larger counterparts. A lack of funding and resources means that few small to medium-sized businesses can afford to pay for vulnerability assessments or penetration testing of their network security.

With an increasing number of critical systems being placed within virtual environments, security is now understandably a prime concern. Systems can be attacked, and valuable information and assets can be compromised. maybe looking at a Vulnerability management system?

This article discusses the terminology "cyber" versus "online" as a method to frighten people. The manner in which we speak on the Internet has changed greatly, and as a result, this article ponders the legitimacy of the use of this word, for example, "cyberbully," "cyberwar," are terms or tactics to instill some sense of fear into the masses regarding the security on the Internet. "When that kind of fear-mongering is needed to loosen the purse strings for computer security, only one word will do...Cyber."

This article discusses how a simulated war game called "Cyber ShockWave" can turn any electronic item, for example, cell phone or computer can be "weapons" used to shut down the Internet during terrorist attack. The notion of privacy and civil liberties, should expect to be ceased for Americans during a crisis of that level. During this mock scenario, it was revealed that "[The United States] don't have the authority in this nation as a government to quarantine people's cellphones." Which during a state of emergency brings to question if Internet carriers should allow their networks to be monitored. How secure is online security, and who is the enemy, becomes difficult to discern, as any threat to national security arises.

The internet community has long been waiting for ICANN to deal with the evolving DNS issues inherent in the decentralised system. The appointment of Whit Diffie as Vice President for Information Security and Cryptography at ICANN should bode well amidst the criticisms of ICANN not doing enough in responding to domain name security hacks and attacks. The Canadian Press has said "While ICANN does not run many of these domain name servers directly, it can press for the use of a security protocol that is meant to verify that the directory information is authentic. The technology uses mathematical techniques similar to encryption.".

The US government is being encouraged by various committees and "experts" to increase regulation of the Internet. The Internet is compared industry to the car industry before regulation was introduced to make cars safer. Apparently the "Internet Wild West" is over!

Cybersecurity - just as soon as there is new technology to help prevent crime and terrorism that technology is then subverted and becomes a tools for the criminal.

It's quite interesting that the term "hackers" was often deemed negative. However, in this following article, the discussion of "White hat" hackers vs. "Black hat" introduces the idea that cyber security/cyber espionage in the online world can also be saved by the same breed that seek to do criminal activies. These white hat hackers were able to uncover a Chinese-based espionage ring that had been gleaning sensitive information: visa applications. People no longer simply hold posters chanting and marching against the "man," rather, they stick it to them, by strengthening the masses in the online world.

As per DeNardis, the first question is who is the board, then what are their interests, how are they funded, who do they represent, by what process are decisions made and implemented, are objections public etc. If, as the press release suggests, this is the first of many more simple and stringent security and safety features, then what are they and who decides? "The Facebook Safety Advisory Board comprises five leading Internet safety organizations from North America and Europe that serve in a consultative capacity to the company on issues related to online safety. The organizations on the board are Common Sense Media, ConnectSafely, WiredSafety, Childnet International and The Family Online Safety Institute (FOSI). "

The year was 2008. The person was Dan Kaminsky. The discovery: DNS has security flaws. Translation: the website you are visiting may not actually be the genuine site. This might take you 15 minutes to read through, and perhaps longer to absorb....but I highly recommend spending time on learning about the technicalities of DNS and the vulnerabilities of its functionality. The discovery of its weak points is what DNS security is addressing. Briefly, it covers the distributed nature of DNS, how cache poisoning occurs and patch recommendations to provide a 'fix'.

The cybersecurity threat in India is demonstrated in Symantec's Internet Security Threat Report that outlined the latest threat for computers which involves the Trojan viruses sending confidential data to a host server. This information is then used by cyber mafia to carry out financial transactions in various countries resulting in identity theft.

A phisher from Nigeria was discovered to be responsible for creating 1,100 phishing sites over 15 months. By studying the guy's online activity, it was obvious that he treated it like a 9-5 job. It is estimated that he earns $4 million a year with this scam!

Ofcom has conducted a survey in the UK on the handling of personal data online. The result: In the light of recent news about privacy issues online (Facebook for example) people have become more weary about Internet privacy. The Scottish are the least worried. Also interesting: "about a quarter of internet users say they 'lack confidence' in installing filerting software or security features."

India's government is planning to develop its own OS due to security reasons. They do not want to rely on foreign operating systems as they believe this makes them more susceptible to cyber attacks. 

blog entry: the security concern for cloud computing.