A Week of Rage Against the NSA

If you are like me you completely discount official protests as posturing. In this age of suspicion of all politicians there is not much to be read into the President of Brazil, angry about spying,  canceling a state visit to the United States, or the governments of  Germany, Spain and France summoning their respective US Ambassadors. What I look for are reactions…

Details

MIT Researchers Uncover Security Flaws in C and C++ Software

MIT researchers have produced a new paper that uncovers security flaws in C and C++ software, generated by compiler optimizations that discard ambiguous code or code, which produce undefined behavior. Some of that code includes security-relevant checks and the paper includes examples of null pointer checks and pointer overflow checks that the GCC compiler optimizes away, leaving…

Details

Two Secure Email Systems Shut Down in the Wake of Snowden Affair Announce Formation of Dark Mail Alliance

Two secure email services, Lavabit and Silent Circle, on Wednesday announced the formation of the Dark Mail Alliance. The announcement at the Inbox Love email conference in Mountain View, California, follows the shuttering of the services in August. At that time Lavabit founder Ladar Levison said he was forced to close after pressure was exerted to hand over…

Details

FirstNet Board Chooses Virginia for HQ, Boulder for Technical Center

Speaking at the Michigan Cybersecurity Summit on October 25, Thomas MacLellan, Director, Homeland Security and Public Safety Division, National Governors Association (NGA) Center for Best Practices, called FirstNet  the “largest network deployment in US history.” FirstNet was established by The Middle Class Tax Relief and Job Creation Act of 2012 as the First Responder Network…

Details

Floundering Frameworks: NIST as a Case in Point

Thanks to a directive from President Barak Obama, NIST has released its Preliminary Cybersecurity Framework for critical infrastructure. Like most security frameworks it is fatally flawed. The framework is poisoned with Risk Management thinking, a nebulous concept borrowed from the world of finance and actuarial tables that simply does not work for cyber security. The…

Details

Michigan Cyber Security Summit Opens

Michigan’s Cyber Summit 2013 opens on Wednesday as part of the National Cyber Security Awareness Month. Michigan Governor Rick Snyder is hosting the Summit, held last in 2011. It includes speakers on the state and national level with the acting assistant secretary, Department of Homeland Security Office of Cybersecurity and Communications and the chief security…

Details

Defending Against Custom Malware: The Rise of STAP

How do you defend against something that’s never been seen before?  That’s the key question organizations struggle with.  A decade ago, the first victims of any worm or virus outbreak had difficulty defending against a brand-new threat, leaving resources vulnerable until the attack could be detected and signatures created.  Today the ultimate problem is the…

Details

Skeptical of Biometrics? Have a Backup Plan

So whoopie-do, the new iPhone has a fingerprint reader to unlock the phone as a market differentiator,  and to open new authentication applications and developer opportunities – assuming Apple opens up the appropriate APIs.  This is based on the technology  Apple bought last year when it acquired AuthenTec which has encryption technology, fingerprint sensors and…

Details

CIOs Distracted by Compliance Requirements

CIOs are often distracted by their efforts to keep up with specific regulations according to Gartner, Inc. “CIOs must stop being rule followers who allow compliance to dominate business decision making and become risk leaders who proactively address the most severe threats to their enterprises,” John A. Wheeler, research director at Gartner, was quoted in…

Details