Pentagon Plan: 'Eliminate' Space, Cyberspace Threats
Noah Shachtman writes on Danger Room:
The Pentagon's spies are looking to "eliminate" opponents' abilities to strike from space, or online. A new plan from the Undersecretary of Defense for Intelligence, retired Gen. James Clapper, warns that the "current patchwork of passive defense" in cyberspace "is likely to fail in the face of greater vulnerabilities and more sophisticated threats. Defense intelligence must do its part to defeat this critical threat."
In recent months, military officials have been issuing shrill warnings about attacks from space and cyberspace -- and darkly promising massive and devastating retribution, if the United States is struck. A recently-luanched Air Force program is searching for "full control" of "any and all" computers. "Every potential adversary, from nation states to rogue individuals... should be compelled to consider... an attack on U.S. systems resulting in highly undesirable consequences to their own security," a recent Defense Department report notes.
More
here.
SANS Contributes $1M, Expertise to Global Cyber Security Group
Wilson P. Dizard III writes on GCN.com:
The SANS Institute has announced a $1 million contribution to the International Multilateral Partnership Against Cyber-Terrorism (IMPACT) and started sharing technical information with the organization.
The two groups plan to expand developing countries’ online security resources, they said yesterday in an announcement issued at the IMPACT World Cyber Security Summit in Kuala Lumpur, Malaysia.
IMPACT and SANS plan to start by launching the Improved Cyber Defenses Though Cybersecurity Training and Skills Development activity. That project will conduct hands-on courses in core cybersecurity activities such as forensics, intrusion detection and penetration testing, they said.
The training project is aimed at providing world-class training to cybersecurity specialists working in every country, regardless of income level.
More
here.
Boondoogle: Plan to Reduce Cell Phone Cancellation Fees Draws Criticism
An AP newswire article, via The Los Angeles Times, reports that:
A proposal for the government to help cell phone customers avoid expensive fees when they cancel contracts with wireless companies may go down in flames after consumer advocates protested today that it isn't generous enough.
Cell phone companies routinely charge customers $175 or more for quitting their service early. Under a proposal to the Federal Communications Commission, the wireless industry would give consumers the opportunity to cancel service without any penalty for up to 30 days after they sign a cell phone contract or until 10 days after they receive their first bill, among other provisions.
In exchange for the government's approval, the agreement would let cell phone companies off the hook in state courts where they are being sued for billions of dollars by angry customers. If approved by the FCC, the proposal also would take away the authority of states to regulate the charges, known as early termination fees.
More
here.
SCADA Watch: U.S. Lawmakers See Cyber Threats to Electrical Grid
Grant Gross writes on PC World:
The U.S. electrical grid remains vulnerable to cyber attacks that could cripple the economy, and the organization responsible for regulating electrical suppliers doesn't appear to be serious about fixing the problems, some U.S. lawmakers said Wednesday.
U.S. Representative James Langevin and other members of the House of Representatives Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology questioned whether the North American Electric Reliability Corp. (NERC), an electric industry group tasked with ensuring electric reliability, is doing its job.
NERC officials last October painted a "misleading" and rosy picture of the U.S. electric system's readiness for cyber attacks, said Langevin, a Rhode Island Democrat and chairman of the subcommittee. But Langevin has "little confidence" that the U.S. electrical grid has fully addressed the so-called Aurora vulnerability, a cyber attack aimed at shutting down electric utilities' generators or other equipment, he said.
More
here.
OECD: U.S. Sinks to 15th Place Worldwide in Broadband
Jacqueline Emigh writes on BetaNews:
In broadband access, the United States has now slipped from twelfth to fifteen place versus other countries, according to new research released this week by the Organisation for Economic Cooperation and Development.
The OECD study points to factors ranging from pricing to download speeds as possible reasons why the US may be losing ground, at least compared against other countries. Unlike some other broadband studies, which compare access rates across wider numbers of countries, the OECD research looks only at penetration rates among its own 30 member nations.
The US actually placed first in terms of total numbers of broadband subscribers. But the OECD's penetration rates are based on numbers of broadband subscribers per 100 inhabitants.
By these statistics, the US has continued a comparative slide for the past six years, ranking in fourth place in 2001, twelfth place in 2006, and now, according to the OECD's latest figures, fifteenth place by the end of 2007.
More
here.
Consumers Have Great Expectations for Online Security
Paula Damiano writes on Bank Systems & Technology:
Despite banks' best efforts to improve online security, their defenses are only as strong as their customers' security habits. Unfortunately, even though consumers recognize their role in keeping their sensitive information safe, they often don't take the necessary precautions — and still hold their financial institutions responsible for a security breach, according to a new Accenture study.
The global consulting firm's survey of U.S. and U.K. consumers' Internet security perceptions reveals that consumers have a Jekyll and Hyde attitude toward online security. While 88 percent of survey respondents believe that personal irresponsibility (i.e., the improper sharing or disposing of sensitive information) is the cause of identity theft, nearly half admit to laxness in password security practices — such as using the same password on multiple accounts. Still, one in four respondents would close a bank account immediately if a security breach occurred.
More
here.
Australia Crumbles Under Cyber Storm II Attack
Liam Tung writes on ZDNet.com.au:
The 55 Australian organisations that took part in Australia's cyberwar games, Cyber Storm II [.pdf], suffered "death by a thousand cuts", according to the head of Australia's Cyber Storm II effort.
Speaking at day three of the AusCERT 2008 security conference, Steven Stroud, head of Australia's Cyber Storm effort and director of e-security exercises at the Attorney General's Department, told delegates that the incident response teams of participating organisations often became short-sighted under the simulated attacks, leading to chains of command crumbling, careless mistakes, and the loss of vital information.
"A lot of organisations wanted to exercise senior incident response (IR) boards, and to do that they had to create a crisis on the shop floor. What they found out was, that it was very hard to get people to escalate. The IR teams were putting out spot fires here and there and no one took a step back to see the whole house was on fire," he told delegates.
More
here.
'Phishing Piers' - Phishers Turn to Legit Sites to Steal Information
Dan Kaplan writes on SC Magazine US:
Phishers have discovered a new way in which to launch phishing attacks that will allow the assaults to persist for much longer than usual.
They are turning to infiltrating legitimate websites on which to host their attacks -- a technique known as "hack-and-pier," according to Finnish anti-virus firm F-Secure.
Normally, internet service providers take down fraudulent websites within 24 hours, according to research, but when an authentic site is the culprit, much more work is involved.
"The site cannot simply be pulled offline without collateral damage to the legitimate business," Sean Sullivan, a technical specialist at F-Secure, said Wednesday on the company's blog. "So the website's administrator must be contacted to repair the damage."
More
here.
