Saturday, January 09, 2010

NY Jets Advance in NFL Playoffs!

Rookie NY Jets Quarterback, Mark Sanchez


Mark Sanchez leads my New York Jets to a first-round victory in the NFL Playoffs by beating the Cincinnati Bengals (24-14), after beating them decisively last week in the last game of the regular season to get into the NFL Playoffs only to play them again this week.

Another outstanding day for my J-E-T-S!

- ferg

Thursday, January 07, 2010

Go Horns!

I know where I will be beginning at 5 p.m. Pacific Time this afternoon - glued to the television, preparing to cheer on the Texas Longhorns in the BCS National Championship Game.

Go Horns!

- ferg

Wednesday, January 06, 2010

Mark Fiore: Perfectly Safe Airlines

More Mark Fiore brilliance.

Via The San Francisco Chronicle.


- ferg

Cyber Security: Here's What Really Worries the Pentagon

Noah Shachtman writes on Danger Room:

In Washington, “cybersecurity” is a term that’s come to have a thousand meanings, and none at all. Any crime, prank, intelligence operation, or foreign-government attack involving a computer has become a “cyber threat.” But at the Pentagon, they aren’t worried about some kid painting a Hitler moustache on Defense Secretary Robert Gates’ online portrait. They’re not even that concerned about a full-scale attack on the military’s networks – even though the modern American way of war depends so heavily on the free flow of data. In the military, there’s now broad agreement that one cyber threat trumps all others: electronic espionage, the infiltration (and possible corruption) of Defense Department networks.

Well-placed spy software not only opens a window for an adversary to look into American military operations. That window can also be used to extract information — everything from drone video feeds to ammunition requests to intelligence reports. Such an opening also gives that enemy a chance to introduce his own false data, turning American command-and-control systems against themselves. How does a soldier trust an order, if he doesn’t know who else is listening – or who gave the order in the first place? “For a sophisticated adversary, it’s to his advantage to keep your network up and running. He can learn what you know. He can cause confusion, delay your response times – and shape your actions,” says one Defense Department cyber official.

More here.

Certifications Are Not a Panacea for Cyber Security Woes

Daniel Castro writes on

As Congress debates legislation to improve cybersecurity, one problematic idea that appears to have gained some traction is developing a national certification program for cybersecurity professionals.

If certifications were effective, we would have solved the cybersecurity challenge many years ago. Certainly more workforce training, although not a panacea, can help teach workers how to respond to known cyberattacks. However, workforce training is not certification, and organizations, not Congress, are in the best position to determine the most appropriate and effective training for their workers.

Organizations know that simply getting their employees certified will not solve their security challenges. Although a good certification standard might be a measure of a baseline level of competence, it is not an indicator of job performance. Having certified employees does not mean firewalls will be configured securely, computers will have up-to-date patches, and employees won’t write passwords on the backs of keyboards. Nor has the increase in the number of certified cybersecurity workers nationwide resulted in any noticeable decrease in the number of computer vulnerabilities, security incidents or losses from cyber crime. Between 2001 and 2005, although the number of Certified Information Systems Security Professionals in North America quadrupled, the number of vulnerabilities cataloged by the U.S. Computer Emergency Readiness Team more than doubled, the dollar loss of claims reported to the Internet Crime Complaint Center increased more than tenfold, and the number of complaints the center referred to law enforcement increased more than twentyfold.

More here.

Tuesday, January 05, 2010

FBI Investigating Theft of $500,000 from NY School District

Brian Krebs:

The FBI is investigating the theft of nearly a half million dollars from tiny Duanesburg Central School District in upstate New York, after cyber thieves tried to loot roughly $3.8 million from district online bank accounts last month.

On Friday, Dec. 18, thieves tried to electronically transfer $1.86 million from the district’s account at NBT Bank to an overseas account. The following Monday, the attackers attempted to move another $1.19 million to multiple overseas location. It wasn’t until the next day, when transfers totaling $758,758.70 were flagged by a bank representative as suspicious, that the two previous unauthorized transactions were discovered, school officials said.

As of today, Duanesburg and its bank have succeeded in recovering $2.55 million of the stolen funds, but the school district is still out $497,000.

Audrey Hendricks, a communications specialist with Duanesburg Central, said the thieves tried to steal more than a quarter of the district’s annual budget, which stands at less than $15 million. The district services about 1,000 students kindergarten through 12th grade in a rural area about 30 miles west of Albany.

More here.

Hackers May Have Unearthed Dirt on Stanford

Brian Krebs:

In early 2008, while federal investigators were busy investigating disgraced financier Robert Allen Stanford for his part in an alleged $8 billion fraudulent investment scheme, Eastern European hackers were quietly hoovering up tens of thousands customer financial records from the Bank of Antigua, an institution formerly owned by the Stanford Group.

According to a fraud investigator with first-hand knowledge of the break-in, the hackers responsible infiltrated a component of the Stanford Group’s network by exploiting vulnerabilities in the company’s Web servers and databases. On the condition of anonymity, the investigator shared with this author files recovered from the breach, which were stored in plain text for at least several weeks on a Web site controlled by the attackers. This source said he forwarded the same information on to the FBI shortly after discovering it in early 2008.

Once inside of Stanford’s network, the unidentified hackers appear to have swiped the credentials from an internal network administrator, and soon had downloaded the user names and password hashes for more than 1,000 employees of Stanford Financial, Stanford Group, Stanford Trust, and Stanford International Bank Ltd.

More here.

Monday, January 04, 2010

Hacker Hangs Photo of Mr. Bean on European Presidency Website


The Spanish Government has announced it will investigate the hacker incident which saw a picture of Mr Bean hung on its European Presidency website during a number of hours on Monday.

The photo was intended as a reference to the oft-noted resemblance between Spain's president, José Luis Rodríguez Zapatero, and the comic character created by British actor Rowan Atkinson.

The official Spanish Governmental residence, Moncloa, described the sabotage as "minor" and said the incursion had been rectified, although until 2.30 pm GMT on Monday it was impossible to access the site.

More here.

Image source:

Buried Warning Signs

Brian Krebs:

In a year marked by record bank failures and Wall Street swindlers walking away with tens of billions of investor dollars, it’s perhaps not surprising that the activities of organized cyber gangs looting at least $100 million dollars from small to mid-sized businesses went largely unheralded.

The mainstream media could be forgiven for focusing on bigger fish. For one thing, this particular strain of fraud has many moving parts and is challenging to explain to broad audiences. Also, raising awareness about fraud is always tough because the issue almost invariably involves U.S. banks and federal law enforcement, two entities that by their very genetic makeup resist discussing anything that is not tightly scripted and on-message: The FBI is hyper-reluctant to discuss or even acknowledge ongoing investigations (particularly those in which the main actors are overseas), and the banks simply don’t want to spook customers in any way.

But law enforcement and the banking industry appear to have been at odds over how and how much to communicate with the public about the seriousness and impact of these crimes. The following anecdotes offer a peek into some of the struggles I experienced last year trying to extract useful and truthful information from both parties.

More here.

Sunday, January 03, 2010

60 Minutes on Failing Our Veterans: Veterans' Benefit Frustrations

Watch CBS News Videos Online

Via 60 Minutes:

Two wars and a recession have significantly increased the claims handled by the U.S. Dept. of Veteran's Affairs, slowing the large bureaucracy and frustrating many veterans. Byron Pitts reports.

As a U.S. Army Veteran, I am appalled at how we treat our combat veterans. Appalled.

- ferg

NY Jets Advance to Playoffs!

Rookie Jets Quarterback, Mark Sanchez


Mark Sanchez leads my New York Jets to the NFL Playoffs by beating the Cincinnati Bengals in a decisive fashion (37-0), only to play them again in the first round of the playoffs next Saturday.

Outstanding day for my J-E-T-S!

- ferg